lumma | hxxps://download2296[.]mediafire[.]com/q9ke3sxvw4pgKuP5FJso5DKOMwTI5V2YVtj-rW_UWWTGMRZb1MECbEklw2jrhi1mo6-Qq6H-xFKeYOBW-4z2tDS2XvlcYm_u2889le4C3eO02z9SUQScrzgQLsA3aLBY1Kknq5szREZDAuqiWcqLN0AQLPtx4U2hN14V8CGWmqoa/ci94jd9m3ktvj4j/%5B1[.]1[.]0%5D-A%D1%80%D1%80-UNC-x64[.]zip

Analysis

max time kernel
125s
max time network
123s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2296.mediafire.com/q9ke3sxvw4pgKuP5FJso5DKOMwTI5V2YVtj-rW_UWWTGMRZb1MECbEklw2jrhi1mo6-Qq6H-xFKeYOBW-4z2tDS2XvlcYm_u2889le4C3eO02z9SUQScrzgQLsA3aLBY1Kknq5szREZDAuqiWcqLN0AQLPtx4U2hN14V8CGWmqoa/ci94jd9m3ktvj4j/%5B1.1.0%5D-A%D1%80%D1%80-UNC-x64.zip

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://paymom/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
5296	New[v1.1.0].exe
5560	New[v1.1.0].exe
4388	New[v1.1.0].exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5296 set thread context of 1428	5296	New[v1.1.0].exe	125
PID 5560 set thread context of 3208	5560	New[v1.1.0].exe	128

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\14758006-7016-489e-b809-8dd8ea2d4863.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250106224035.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New[v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New[v1.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BitLockerToGo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	New[v1.1.0].exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1228	msedge.exe
1228	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
5956	msedge.exe
5956	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeRestorePrivilege	6120	7zG.exe
Token: 35	6120	7zG.exe
Token: SeSecurityPrivilege	6120	7zG.exe
Token: SeSecurityPrivilege	6120	7zG.exe
Token: SeRestorePrivilege	4352	7zG.exe
Token: 35	4352	7zG.exe
Token: SeSecurityPrivilege	4352	7zG.exe
Token: SeSecurityPrivilege	4352	7zG.exe
Token: SeBackupPrivilege	5828	svchost.exe
Token: SeRestorePrivilege	5828	svchost.exe
Token: SeSecurityPrivilege	5828	svchost.exe
Token: SeTakeOwnershipPrivilege	5828	svchost.exe
Token: 35	5828	svchost.exe
Token: SeDebugPrivilege	2968	taskmgr.exe
Token: SeSystemProfilePrivilege	2968	taskmgr.exe
Token: SeCreateGlobalPrivilege	2968	taskmgr.exe
Token: 33	2968	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2968	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe
2968	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4252	1228	msedge.exe	82
PID 1228 wrote to memory of 4252	1228	msedge.exe	82
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 3544	1228	msedge.exe	83
PID 1228 wrote to memory of 1440	1228	msedge.exe	84
PID 1228 wrote to memory of 1440	1228	msedge.exe	84
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85
PID 1228 wrote to memory of 1328	1228	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download2296.mediafire.com/q9ke3sxvw4pgKuP5FJso5DKOMwTI5V2YVtj-rW_UWWTGMRZb1MECbEklw2jrhi1mo6-Qq6H-xFKeYOBW-4z2tDS2XvlcYm_u2889le4C3eO02z9SUQScrzgQLsA3aLBY1Kknq5szREZDAuqiWcqLN0AQLPtx4U2hN14V8CGWmqoa/ci94jd9m3ktvj4j/%5B1.1.0%5D-A%D1%80%D1%80-UNC-x64.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffafd4146f8,0x7ffafd414708,0x7ffafd414718
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff79d9d5460,0x7ff79d9d5470,0x7ff79d9d5480
    3⤵
    PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,11318710443411002010,14297612446925201133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5624

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\" -spe -an -ai#7zMap11418:100:7zEvent18663
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6120

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\PA$$.txt
1⤵
PID:3988

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\" -an -ai#7zMap21757:116:7zEvent190
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4352

C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe
"C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5296
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1428

C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe
"C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5560
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5828

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2968

C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe
"C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58ff5a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73af7c5478b3e859efe897b61f629c72

SHA1
f95b2aaf9eae6f38097094753c95cb70741d93e8

SHA256
6375c895afd746224d46d0e2343c74d886e330e7b445614736cb13a34085be78

SHA512
3864fbf1faf7d72384be801413c07d57faf0888c78bb4087f38151084d2af1514fad393512e15e2c8bd92307fc0ee5adca6d4f5fead73d5ba80de8028ee19fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f43ee3a591ac9968b059e80158ef9e96

SHA1
b33e1e61dc94a7eb4412230f9d3ac8c40dabc2cf

SHA256
ecbb00254f319629653ba0ae8eef8c7c6f7f480c23ff26d510b76a2f17c0c52f

SHA512
48c00a40d4170e603cf08101bba1509df98b95f5d096f92a32a17cd9db3e74953a63b3c87e41b6efe1bfb82dcf933d84cb363b33863166786aca4782956d20c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f2c4c5ef2000241e9e40479b423fa87

SHA1
7cc9cc605a14245fd02288eb4c6033c14d52771e

SHA256
86b7c307817a64ecb29200e0069452b2dd889169699f18b3283b13c266f54f17

SHA512
e0a2e17394daf25235d8a515b6cecbcc66c0feaf1ca1fe5137d40633042695611b566f72c22dd1ea1595d2a79cc067321331991bf53e67b35ef9f85e478318b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9d117d86559063117ecb1c56c2d5497

SHA1
1b19e6097959ba590ca799ea7e13e9d33c4c0c11

SHA256
5e4f478467d4320bf01f70f93e7e9c67ceb0d3cef74f2b0a4487dbb71de439de

SHA512
a97599575fdb163db5f3903b11df06ab2a2ed05221387fb7892cd76ce2fcc5cee3cad03a59d65567f26da750ae5c464df7c9f4df31098c8692fbe02e4583ce6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99a7edf9124dba808b6d025b14aea278

SHA1
f1de2fdd81ea87ee78e8afdc1a7cdffcf62a92ef

SHA256
9d38a8d193a503b9be7b39be5d150bcf22038c84fbf3d53979e2f075a35b9089

SHA512
fc371b7ad5606a9948ba4a315e40a0a93592f57103be4a3712020977b43e4277d95d74ff35e490239dbce1cc475fe1d1746764f5970d2e9f04483c985268f5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
97c244e748fd62ce51bcd8587cd55c6f

SHA1
1c602db9a60b91b2b686102c54e0aa71d398e01f

SHA256
c974c41135e8d1528fb3374cc3c65e70b659d9bae4472084e7a0cf1f54cd5cc9

SHA512
e5303e9fbd493dff7768b9c7917025cd3dcb334a5acf92f69b93f4d75b44e7bd0712e1dc82b76bffe95789e08b1e4ac52ae1cd548e016ea32e7669af01566271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75c5e4d27a9e1901103f1ba63d32fa4d

SHA1
03a97f38b487d5a6e0449aef9b16d7be4884def1

SHA256
8cea87fefd2768d3a1522f5e2a3ddcf583bbaf1f5281a035a1774b3343e9ae5b

SHA512
5e90b8c05ad3f14620d5e7c498052270e8cd689429ee4503b0736462e6d6086f3bb995b3b0f40909113f3c5e8d9f3dffed46049af5ac3c584a1e54426f14efd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
708c56d2dd28b33431481d3bfcb18b9e

SHA1
596bbfc1d2c30444e94756a1d1585040335e6998

SHA256
f405cc6a8ac2a9cbae135e534954e6120292bf9efe614f7c0068ad99233add58

SHA512
352a381e8b1ba46f22dfa78d255ced13f03f38117488da11c26983f03b4f3eb21958d62560e3f1a0231010f82f0049c3bcf5f25989bc35976d59d33b51339373

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
673df7acc9442668b4b2ae2a0dfe9605

SHA1
5ee12af55a79e6e27a6bebf61b5660afa38e7fb0

SHA256
706fbce36adca8a44a0ee7ef70f559b2c37197a6a8b1f2f539a7088c03f8b308

SHA512
6a900ff9f84373ef229b9f453281339d0482e3f20a3dbcad661dade4f19a322ae55fef74247d63504a0a45124c8d113ee5f2398a5faff039fe8fb0dd03afc28c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
55df32a3b1908cef09ca5558fb4c2327

SHA1
0f413f9a3fc3e5907615d38ef35e2b65fd4d1ece

SHA256
d12cf41102d1054c6f010b45b26c6f58996a8ebb65a978973373387fe7e6bde3

SHA512
fc3e73b824b0b21a696fd61cbeb5ed6dce50341defee1b4b15aec7b1855d6e07bd528810d01b33adadfed4d4b707845aa71bcc215dcbdbe02def6cd9ef71fd6a

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64.zip

Filesize
25.6MB

MD5
629a6f5b201b24559cf22275d62c2590

SHA1
e2a3827c19d6e8ace223f0e25eca93e0e9411ed0

SHA256
d9083248bbf3b9335e69e634651a87ba6ac4348e14e3fc91d8ff27043554b364

SHA512
31bd73f6431db6677c1dd2a56f2ce379e3909b720b3d68da48922704bf1ed1eeaf19308487df0b7f092d3025c9e83a5a18d8bc1f2ccc91e2f254557221de0f0c

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\PA$$.txt

Filesize
108B

MD5
16425d556ec985d4b7274a64d9fae302

SHA1
9a4d83064add1751609589192ab76a607a173d31

SHA256
8e8adf11390a893269e764ac61aa3feadcad4f58d4e048451f938b49d7f89711

SHA512
e5e07f067af91676364e23d9529f97987e5155ed5a61a720c8e93b96103df9e276a34b20fd8cca2b376a11a9368996738d371d99b376ca78cb1573749d0f61b6

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release.zip

Filesize
25.6MB

MD5
6a2a94cbfe62732c4a39508e9d203636

SHA1
34cca6fbc9ae56b8f34929c26ec333ac010c8bb2

SHA256
aac33d15b35ddbe378376f8a8cbabfb1e02582d79821e7889df3c44662527ce7

SHA512
6b4f01fe364ad7a68801a465706ba0a6143d792153b4ee5f03a2fcabf14a256bf4bdb5412822ba2fab6fc4d54e770742c0b0081a8d8e4af3354ff21b9674f979

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\New[v1.1.0].exe

Filesize
5.2MB

MD5
808d19bb17547448cd7544ae23227f2a

SHA1
2d4dbd2cb1848a2ffafbf47f6041310fe3995975

SHA256
5104cdc6d23e96ac12c04e7b63b517ea5ee3129fb0dd6afc4649c91a61f1063d

SHA512
e6969e7015b94552a458802038cd05bb0254ae098108b590459cd78058793f02de86924deedd90448344973c7a8f3fdaa5f7861042ed7ae9831297c6df452a55

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\.tests\isfile.txt

Filesize
7B

MD5
260ca9dd8a4577fc00b7bd5810298076

SHA1
53a5687cb26dc41f2ab4033e97e13adefd3740d6

SHA256
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

SHA512
51e85deb51c2b909a21ec5b8e83b1cb28da258b1be227620105a345a2bd4c6aea549cd5429670f2df33324667b9f623a420b3a0bdbbd03ad48602211e75478a7

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
e0bc286abc4324d4a1d512ad7bf74963

SHA1
0707382c27ea19cbae796f2d503a1f14733234f9

SHA256
71a35f5a79e4dc30508baf0fb5687b537cc06590484a9e2e002b26d5b3bbc5f8

SHA512
a72e4b8bc8bf8165c41b5bde0ccea16feedfa14404c8694f9329ff12a3cdd0312946e85e3eccb31e3110326f562c61924964ab60f0f5cf10d1e43f4d95e2f013

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\Downloads\[1.1.0]-Aрр-UNC-x64\Release\workspace\Xeno.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
memory/1428-933-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1428-934-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2968-942-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-936-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-935-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-937-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-947-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-946-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-945-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-944-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-943-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/2968-941-0x000001C4E25C0000-0x000001C4E25C1000-memory.dmp

Filesize
4KB

Download
memory/3208-949-0x0000000000620000-0x0000000000677000-memory.dmp

Filesize
348KB

Download
memory/3208-952-0x0000000000620000-0x0000000000677000-memory.dmp

Filesize
348KB

Download