lumma | hxxps://app[.]mediafire[.]com/4mnoy8tqbct4q

Resubmissions

15-01-2025 05:06

250115-frrhsatnfj 10

15-01-2025 05:03

250115-fp586atnbj 3

15-01-2025 05:01

250115-fnk7latmem 10

Analysis

max time kernel
1048s
max time network
1050s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-01-2025 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/4mnoy8tqbct4q

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 4148 set thread context of 3164	4148	Loader.exe	120
PID 2148 set thread context of 3412	2148	Loader.exe	135
PID 4716 set thread context of 912	4716	Loader.exe	139

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
1096	msedge.exe
1096	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
2144	msedge.exe
2144	msedge.exe
3416	msedge.exe
3416	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe
1996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2932	1096	msedge.exe	78
PID 1096 wrote to memory of 2932	1096	msedge.exe	78
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 644	1096	msedge.exe	79
PID 1096 wrote to memory of 4884	1096	msedge.exe	80
PID 1096 wrote to memory of 4884	1096	msedge.exe	80
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81
PID 1096 wrote to memory of 2860	1096	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.mediafire.com/4mnoy8tqbct4q
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff96bc3cb8,0x7fff96bc3cc8,0x7fff96bc3cd8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,16078181695076152397,4089716107367924812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2924

C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4148
- C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
  "C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:8

C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2148
- C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
  "C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3412

C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
"C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4716
- C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
  "C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
  2⤵
  PID:4860
- C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe
  "C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\GalaxyPr00j33ct2.53v\Loader.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
83KB

MD5
7be9bf0c5d475fffbe01b5f16ee52fb7

SHA1
10434bef9b3bf4cb743ef14b204db85a145daee5

SHA256
ee39359b4611ad74f482c4988ddc707a5656aae4c022f8d45ae662e36a2505ee

SHA512
e9404a4ddf12bb34cf77fcdd9901c6abf41d5e1eb591a8ba768b4e6e837427215defacfccb837215c1d1496f6475eee7fa1089e1efd6ea0e38193836bb604d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
115KB

MD5
4c0b72f736c5800fdf26adf4e8cc99ce

SHA1
f935ac4c773108729c200ca90cbf199ee3ff76c6

SHA256
596d530896bc525d79623387c97e15609851b467f209f1ef7bf630bf58f64516

SHA512
b6380165f4b8556c79baf63512d6a7a5326e22a58a4b963065e48c1c884825537c9ce0bc4d81527e2aedd5c6d291b4e7caa98b5afdfe001ae34adc61dbf25314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
123KB

MD5
e62c5065694ca4c6d7155dfc1a16363e

SHA1
a33dc5ebcbe5acb89f4bfc5240bb1e775e2e3705

SHA256
5f44e42843303066390a0336683e26dc145c16fb0496d72982ad9ef73d9864a5

SHA512
51eac517a1cd3fd51adafc47ab37e8392650fb7de4b177ba555e2fe0a351ae192278aca40974d938c223331bcaae53e1b34171f83d5e0962c13a1c73dae8bd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
1.6MB

MD5
33498ba8d995f95bcfab51a6f1daf017

SHA1
7c981b11d3189804945ad4af64d9370647589770

SHA256
fd31b959ca16a0d8588011b5f9217ba19281e02db49beea4f3b202e28a66cf50

SHA512
adcf78d12f7924fbe528eb7286276b608003329ff341cd5e813a7711e29abe510e34716b0be0f95b8981fe5633f5bd5713c87da1f46f8f949c6583a17d70bd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
125KB

MD5
66db5782fe7b2a5bfa2ac06ad9f9bf32

SHA1
143113723afb81fbe79f84f6d1183fe232a6f7af

SHA256
feedba8fc7569fc23e262c7a1d9cde3127a402b3554c96d9228d0de836f46558

SHA512
4d9911f625c12d9820aeb81cd7f528c071bfc234f559f38efb23013c827e8833ac404ad5954af5f905ad5d2460f11a890ee8958ef4a794b6ca07056a1f404cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
36KB

MD5
2f1294e61e7c84b1976b406429650dbb

SHA1
14de025b54856c8326ff3de6d33e4698a0684dbd

SHA256
4e9d95d4cb0fd6a0c521c022aa90ff20b3800f6d0a45eb50f49c6f0d3c7e3e73

SHA512
dbf9858534c6e0c744514d2962fc2bc2ad158179ce1771e3d4407ea906fb3d26961f0140b7d113328cffc1be1f8ba41451b8d3d7eb651a45ed59e07d11ed4f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
33KB

MD5
f20d8515feed73a8b92424c2b9c67a6c

SHA1
01642c9b975538b3b219d95adde840c09a40e7d9

SHA256
fc6bfc6de25f96e31c0fa01b6c746ef9035900e6a0a1bbde6477617310d41a19

SHA512
5334172621bb287b692617365a83d5135c6fb258dba24581dce0dfbad7a237830635981b5aa8409ddac4d1284a09e8c22c022d371a7f7bc0572c7f6f04b92fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
45KB

MD5
1c60d2b54ec7c3b4bf4e126b5e7a449f

SHA1
47bf139d001a02eece9cd1aede35d80a0832b5b5

SHA256
360625d23859ff31554cf52a9b614443fd01f18af704153ec0d618ba5c097a07

SHA512
3760378c4b68aff3e48aca2de6ef8df433a5c05713d34fa852ea33bfecf0dbb3b362b8805b6d0805335b551f68ab2d534ad0cafa6cd0f688492f3cf24460940f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
16KB

MD5
9e4d971f40a2ba63fd0082122bbe3dee

SHA1
beb312b37947c7bd5bdbbc1f654f4ebf180cb695

SHA256
546edf04eb3645c6cedc4906fb66994632c50a925b1a71178a13c249a8a10320

SHA512
0b388d07331e988bfa213bcdf0a1af8c1c883de6d500a435849ee2eca4900142bbb069818c7a57bc45a849fcbf35bad0e007a20c5809c97184488298f1a1b3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
112KB

MD5
14ab1c932c3c2d6cb95649cba8553ca7

SHA1
675c1a7123885232890b6fdf87f2e82dd6a6eb78

SHA256
d5ee4f0d0b2ae37223b55e087d6c85d847bf238d397dab04c3584f175b81497d

SHA512
3208d00750e07676f94fa0086ff595870a7dd62bc6b5a0ef8b95c08febc0c3ca2dc84a6cbb52753aa50c8dd1cfa23f99469b56248d43b22807387399ac9108f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\549cb9e6ab69f53f_0

Filesize
293B

MD5
2e049dbed380d37dfd8807b17a177c3d

SHA1
c73b1a6823b2743be2d30a0260ed12f2f66c56a4

SHA256
4ec492410391e6ebef566b76df8f346f92e7e4257854cb04d1b069bfea702186

SHA512
928fb42187bf2a3938caa63210a135d868867d55ffa6049a3247533d59123ad76f10fb51eb0be7fddc3d212e5a5f20ed8b8ecb0cd297465e9f2f467a204ba0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c30d5fb6a33606b_0

Filesize
429KB

MD5
8ffdeb95b689c575a61f06d675cc3a40

SHA1
1099c6b5128fd18697ad9dd68fb82696caf002b3

SHA256
2e8a078315586c4c16fb6fd8ead8d43f52dc97ad0ddaede9bf5e6b859abeeac6

SHA512
7fd349247764ca8e2db520cad74062bbeebbb1c3219958e7a82c1a374a50e772b63dc1ed7ca858fb03ce385667b96e74989044222b9090dbfa029ea5476b0537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e836457b650198eb1490905f1447b55c

SHA1
f5cf59d0cba1f6131468b669c8dc76c05dc31677

SHA256
5aa8e616df89e10fa0ffdbb9ec51f8b69950c518e04142db7768750ac3d313cf

SHA512
129890e8eb31d1b1ad90e863298a76b153a910b46f00421e99458bf290e01c9d4fe3724683520d54b012ae3749aa5bff6ef01820fce88923d0ab8be7f6c042b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b59342c06b066a90f392a12c63abb33e

SHA1
bfdd1386375c97878ffa4ffe9d6e49306a662718

SHA256
3162ec16046ca1a9c2f1c10d3c37af7b1861625de2c36e4cd536766b907a17ac

SHA512
62f0e63ce3f29d59fde373542736528d66be8d380d92d4f43d0368959cb3e9f775647bfcde23f4963a258cbc2cb5409f1f77e34d8463e6d78491b17eb9a861c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
6f8b2a09a7bb7aa24a16684b42861f4c

SHA1
39096532d4fa3fc14ab61a63a9bb7769178d28f9

SHA256
d57642aa34e251960e3a7e6b5010d386bc204b8390e10fb3b4528ee6bb60e325

SHA512
0485e2384b5f7d7ce15fbcccebe389c50297457d3a4da8a7875bb5295cec0c49e470be25fdf8df4187ee9d382a1d6de7d902bb8bd5189af0a76e70a3b5c94c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
7c8e8015012b779cd3ab0f6887c4383e

SHA1
cabee50e26f5a31c04657bc8e1e3a12a3a21c4af

SHA256
3cda342df064ed5b99e888566a308bf69011f33cf8365e0b8eb2a8a610dfad2a

SHA512
f4f241f23ca327668ef85dd42dfb6d8c40ea1855b65387807f6977b69aac8fc2e7adec46af45ca89713b1f183dfc31177e358204eb0b50814b917b35ea20b345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
694a36bd6f97052b467be51e66e711a8

SHA1
1683e268e70ba2a1fa58f3a83c3d90ce63e47453

SHA256
dbd452238776d068764da9bfec3c83bbd99c30ad8fb92749218c909da8882571

SHA512
39fe05aa8cd61485e7ac6d74e7fad2fd11a0f691939de30ea719d4ad4d749c5bd281ec5d621165f7a0540c15b799290494c7d95f56230dd506702d8631facbcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fb7da03b13d53a54398e63d435b821fc

SHA1
faea117cb42c029738095be86b61ac19f70282c3

SHA256
c2e927e03e3be0200a2af08c47ee2828a002b7e2960ea415dd7e3bb2055a69cc

SHA512
425869e4b8ecf40c69df5f4539ff6582348811463b3dbabe60f24b0c6180380513dfd2fe9045152939898d4b57599dec63cb494cfbd4ab8f8e0700fb7557b303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
88c1351210dee0fea45ea73588d5a391

SHA1
190e8a12b12745894b6b5d4848cecab45ef321e4

SHA256
4e3ece9b975595c901daecbf4b752f65297c9ec90b9cc059e12af9086e54143d

SHA512
0b25df326e458f0e0f5e929246d87b83c99126b66c78533fe1ba0121cf50ef61d624223bbd7c568bf71c0e1b4ddb0a8e3b206636f7aa076505bc08d938d39ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c40c0e4963b15f0e9d4a3072eccee2db

SHA1
5c94f8cb8917753095ac3355f685a0df64658911

SHA256
acb043062729716998c336e309c81d831699b8043fcbc12e90d76eb53da649c4

SHA512
97d20a2eb91c01d128815666128ad581529a2a34773086df398890cdbf71278ea6a15a7ab797538e19de7046a20f553ef29fdffca4887c4486c583817748e4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7d2d91e2744412a00ad8539fbc2130bc

SHA1
7e3911bdeaab08d0035702fbd214ccbba63bfd6b

SHA256
c6e4aa57ccb9a1523db19c556305ab7ed36a38f3815730b520f453e00f6dcbc7

SHA512
6e65e0efd13f03405503709123ecdeba3e8f793faa36f61997ad355376c18110edf007dcb6f6dc7bf690af02373725942517297e1ad4942b605000cb37ee82a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccdc3ee8c66fc7f33379640a14aea8fb

SHA1
46515382408ff79ace34284d7522b885c0b870da

SHA256
1010d0e8ed216ca6deb41b927d1729c727ee4d1cf1cbbc027af997972828b0bd

SHA512
d72f1c2c4822327c1bd2bc55b66c5a3e69f83b9e728b49c4e2d5b182a4e45328b2065363a178781473a058ab49de3e1ec3b9d5ebb61203c408a5c57a26f19445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a49e8241b3c9068484426bd3d6d3ceca

SHA1
8a05891818ffda6a3d07ff445be345005a35060e

SHA256
bb0b60af257348cd1b0c774f597f30e8a2d4aaa132b0bd24c2b05d261582e1c8

SHA512
7956a556fe4f74d589f966a1c6484da116198b57cb3356fe4e71dbfbb59fe1cf8ae2eadea81bf976f362110d90e536be24dd583ec6feb66529dec5ec828267e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
91d6f72ea31b330db54b06d9db029baf

SHA1
229540996c87769f7f9c9631501110c9847ac3c4

SHA256
eb122b0688410bf0ae1a684d2377272cc59a1f23b3fe8fb054033da9ca2bc243

SHA512
81f1348cc3a3cc31feb0dd08e8bf650a6ed0aa50e1b064941e1cf4e336d734b296a103abf24253e67740604c97472e65a86e9cdee57e7eab25e6bf73008f93bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
48b3478d6614041fceaa3a566583e47b

SHA1
866d82cb394507071711a4706ad093d158fe84ed

SHA256
a903ab69c2359cc4da39dfb0e895fb7098922b4dfc87eaf90119b1ec0e550db7

SHA512
e574e11925a05110e2196a6210100391b2dfc062599df5ff1aa66806bc99fd9bdb11789310407f9784f36f09866a08e93da5f79711973e2a345270f0946e27f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe592958.TMP

Filesize
48B

MD5
a01a4491be66ae4238fe9cbecb2fbe10

SHA1
48b6746412ba0857966ccd5b8b8e236858a844c1

SHA256
f48a8b8de6b50ec900ec18c869f82f29b4ecb5b65bb17e872d71ffec94ddc9ac

SHA512
19ef03914bbf3c57f44c56fad718819401d7a5989d28be363f82653fd2ef39d32d5ec668736e8265ff1bb02bdf177f90ede1ac4526f8b9cf54e70da7dfe4afb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
387f2ebf1162c65c356c77db99297035

SHA1
bf27aec1053273e5f985d53624470835d0adc7dc

SHA256
d708251c618a8462e5c5945e73633c35cf54e0b2a6c953a2b9768b9b0ad3249d

SHA512
ad6027e7ab8045098b527877dbdee25e8b0720a7d8c6b9c60f361c33695c3858adac14ec7985c1057b4cb87810f6aff056ffbc35a20e5d6f90e944e4a5e12228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
03e69c2a67386785eddd385a8dd4dab1

SHA1
9f205ad068b1052e56b25f40fb80d2e32208e9c7

SHA256
49cc893648ae6c413f5f2bf0a624cd3c7b554050f575700fb46215744445f3a6

SHA512
4ba42ade95778ee557e4e6bbdf4e1e168056d744c8c4d8ed322b9368cc6decf901b13a9c305e3e26d53b58532eab3339a4271e6faedc0e8bf6ce9e18e27e3635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
980934d3a1f79adb79282a082d64c170

SHA1
0140aa0f0545a1d279a95a30287396dcbe812502

SHA256
62856fc1d798b9fd0b64e0a69d40d9edae990bff0a2cc1b576f24d2b51bdd77b

SHA512
406133471bb735f091c157a8852a89a48eb9faab7924e75cdccdbf3a80f35f1b0b32ea72779fd8d4e841f9de0b4a216936de28df945bbc2e34b178a6d3f2e306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da52.TMP

Filesize
706B

MD5
9ff77f830a13696c70f398f804a846ce

SHA1
63152557eaf618f50f30b06ae9611092f308df14

SHA256
59ed94256e725ba6248e0c996f73a2c9c4d25bb654bd6e6c4e525c284eb109bc

SHA512
de7b6d30fc97ea24d9739b9bbda76209699a3acc008838e044f30722b064e711f7a34d4997f5762374874ec75cacb0bd64773c44ff175823077aa02231db5e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fe5a1184f4322e5f92a5805dfd3b57a

SHA1
78c6a75d9c395c453b00f34de2d974a4d12d7581

SHA256
11fa9f5419b0318ad24b851a2e9193a24b3149ec8e3e3a825fb20ffd003b03b1

SHA512
8842099e8807885534805fdab70a928c57f814a44e4deca7d9a2fd701820c5616cb4c64e74b7e7fc38e0af677ecd4b5137bc4bbde6bb3288cea68d68bd5d5175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4349e1a42983cf14d85023b8bd1c32c

SHA1
0954d87db59eadd44a1e31b7508dee82109e7aac

SHA256
0a714f1a689b2e90887a27df3e42fb41d1273b38837d913ab202b102947991b3

SHA512
40ebe2d3060475ac7f49932ea57d237242b2ed60eae85bccdab56cb2be3e59bf7e0f02c00381aee7160ab31f4b0dac9fa8c54ea78d0b3958789511cd1c82e9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51e215d4faf922fa84b672ecebdb5a9a

SHA1
17c1bdc1cd6dbc15ae8a5ca41594e9f1ba8af8e9

SHA256
9b353cc044c90d581ac81cdfd8f5ed35a49b09b1dcd04469eed053239318f7a0

SHA512
8b6c57f0e616c6173d3282ba64061c81db8a434179fac10ae9916d835a5ec011f76ad1c360974957324e0778a498c2ed2a55c26fb52b942abbd122896f8ef599

Download Submit
C:\Users\Admin\Downloads\GalaxyPr00j33ct2.53v.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3164-906-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3164-907-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download