Analysis Overview
Threat Level: Known bad
The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazE2MFItTm9mbVBnejBYT1paekg1aXpYaVhOQXxBQ3Jtc0tuZzdFcDVNRE1qSldYUWFUbGhaOXF1SWZ1ME0wWkVhM0ZONlpRWHlwb252b0dRV2RnQTZIVmlUNVk1a2Z3Qm1xSDNTaHhhd2RLbTJHSHl0WnZzbHdwcm5lb2NNSzlLcjBSUllmcXpwRjJRRXRyd3FaZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=dfSZEMp8hFQ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 01:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 01:37
Reported
2024-02-22 01:40
Platform
win10v2004-20240221-en
Max time kernel
146s
Max time network
122s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Launcher\Installer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4472 set thread context of 1952 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazE2MFItTm9mbVBnejBYT1paekg1aXpYaVhOQXxBQ3Jtc0tuZzdFcDVNRE1qSldYUWFUbGhaOXF1SWZ1ME0wWkVhM0ZONlpRWHlwb252b0dRV2RnQTZIVmlUNVk1a2Z3Qm1xSDNTaHhhd2RLbTJHSHl0WnZzbHdwcm5lb2NNSzlLcjBSUllmcXpwRjJRRXRyd3FaZw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=dfSZEMp8hFQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9314a46f8,0x7ff9314a4708,0x7ff9314a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,5550003539309948671,4231619407174988633,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"
C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7909:78:7zEvent27278
C:\Users\Admin\Downloads\Launcher\Installer.exe
"C:\Users\Admin\Downloads\Launcher\Installer.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.251.39.110:443 | www.youtube.com | tcp |
| NL | 142.251.39.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.172.155.29:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.155.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.68.55.145:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 145.55.68.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.157:443 | stats.g.doubleclick.net | tcp |
| NL | 172.217.23.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| NL | 142.250.27.157:443 | stats.g.doubleclick.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 172.217.23.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | download2352.mediafire.com | udp |
| US | 199.91.155.93:443 | download2352.mediafire.com | tcp |
| US | 199.91.155.93:443 | download2352.mediafire.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.155.91.199.in-addr.arpa | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| NL | 142.250.179.170:443 | translate-pa.googleapis.com | udp |
| NL | 172.217.23.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | woodfeetumhblefepoj.shop | udp |
| US | 172.67.152.144:443 | woodfeetumhblefepoj.shop | tcp |
| US | 8.8.8.8:53 | theoryapparatusjuko.fun | udp |
| US | 8.8.8.8:53 | snuggleapplicationswo.fun | udp |
| US | 8.8.8.8:53 | smallrabbitcrossing.site | udp |
| US | 8.8.8.8:53 | punchtelephoneverdi.store | udp |
| US | 8.8.8.8:53 | telephoneverdictyow.site | udp |
| US | 8.8.8.8:53 | strainriskpropos.store | udp |
| US | 8.8.8.8:53 | 144.152.67.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 854f73d7b3f85bf181d2f2002afd17db |
| SHA1 | 53e5e04c78d1b81b5e6c400ce226e6be25e0dea8 |
| SHA256 | 54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4 |
| SHA512 | de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a65ab4f620efd5ba6c5e3cba8713e711 |
| SHA1 | f79ff4397a980106300bb447ab9cd764af47db08 |
| SHA256 | 3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76 |
| SHA512 | 90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9 |
\??\pipe\LOCAL\crashpad_3628_QHHXYYJAQBTLIQLD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f26fa74571e7be47b9268a5280b77724 |
| SHA1 | 3d8e7b3cc12992ff4a36f09c03fc95a849012adb |
| SHA256 | 056e523c0aa3ef986941bee9f9651b6ae576bde25ffe74a7cccebc1a13d3cd52 |
| SHA512 | 45c538a635867191c4218641b7012ccfa0a6d025c3746ec2e5fb0ea5b77e4aed17f02d1d7e8a01c9484a92f515a60387117347c08af90ee12be9858df467c6d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ef04da36c9bdf3bcead5ea8709c3ce6 |
| SHA1 | bd24ca92fd8ae1dd795d8f1476ed92acdd4e211a |
| SHA256 | 57512887ef1532f95d638ab76bba643da88d0b783b40c44bfcb719206525c064 |
| SHA512 | d4582026169d76e9d4e0823d0903ddca0400e6ed8a3e6a8a367a94fee5fc0cda0d4d5914fb12dd5ff084400d306a7d5b98fc207f65114e7eeb047dc78d92bee8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da44f888bffc3e7fa69b8e9982ddf137 |
| SHA1 | d765d897c72defbd38a60623359ea1d4f907cd80 |
| SHA256 | 4e8335b70dc13bbac68a767d57d6b786052bed403ac980917e612088251bae72 |
| SHA512 | 93328e165d967e7ce98d55594ff1af7d50c39f8a729b551aa8b71679541695c126deb0d2a22e18edc49c9834dd7877fc32be8cb224cb8cf63c1ca3cedc188bbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5bcda075b950085516df129b31279e83 |
| SHA1 | 0ded4024c98a418f3ce3f892fb2d4601f87224d0 |
| SHA256 | d66b892d166cbd64e224a9ee2275e7daca5e84704b46b2c8e5e09249f72d1f2c |
| SHA512 | e2ad43a733d95af336d178bfc5d36dc8ffe6cb93800976a1ddea8c6e34f6bae260c4f79bf4ba7d9f3ea22610d4fc1e1f4e3b09e64e561a576f0548ae96ab97f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 83292bc324d17836103720c9b4469d5d |
| SHA1 | 08f5d117d48f7560b6fd039c1211c7179ac03623 |
| SHA256 | 8180822595f6c37f56b1d2c55c9db249658d91b532455aed235e2f7eb3b2959d |
| SHA512 | dd490914fd66969a5bc70593b419e78fa184283d66ccd069d2e416b4336dae62a0f99e9189bb9852be37d621d15abc1b7e3e9c3d33adc149d4026e6cb64ac019 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a3c.TMP
| MD5 | ce76de05fccf4023d2cdcfddfcb56cf4 |
| SHA1 | 48a5ebb2ff65aca71727900ebc5c7b00eebb6ffa |
| SHA256 | 09e66fa893e42d092771a6f9e927598a7f13f4a32ae9c192ccd0b4de1422154a |
| SHA512 | d2d86e58743f6fe02c9e102c6560511bb47862299766402fd1a173f73d29512d707905afcef960a5972ff24e03807bfe513befa6aafa66c4acbc07b4e078daf2 |
C:\Users\Admin\Downloads\Launcher.rar
| MD5 | 23883bb679436861f349f6a820b2dee3 |
| SHA1 | 9f19c5c898d88d1a063255bd83561c3a1bf948b7 |
| SHA256 | 9c8d275628c64875023571f42df74c61fea0c1b96982b852a08f2dbc9406856c |
| SHA512 | 596ec1131af418ab2d31650121cad2e8052c1de55f62e9d1a84b0e17dc4ef49fa0d6d9e8a31bdc4554c1351200bc65877e958ad5378e00e665893a884c90eabb |
C:\Users\Admin\Downloads\Launcher.rar
| MD5 | 6a2906acd5ef404d2bd71b6074cd2b3a |
| SHA1 | 4a9eab1816fcd3d8c0cabd7990ad9180cab88618 |
| SHA256 | cf7d0766437ff3cb6760c6ca59063e3c7a8395d9e82ff6065da286ca710e1b54 |
| SHA512 | 30b2be7c3243364b775ad45cf006490adecab44721fb138f3116684cb1caca0f614b4c4c5a9261571b6910a3a0a335277e68c695979446d960979b4d948dfb73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2a77bfefc7836dc34c2bd8555228865 |
| SHA1 | 67cf6a77599ab491a8d27ee28c8a167c227dc8cb |
| SHA256 | 215d9f7f7362cdae794b0eb6e1dda7010479a234b96e0bfd567082b769adb88e |
| SHA512 | 84c56bcb92c6f4dd642cfb2b4e06d8904f49197936a71740be870534ca6f65b4ef870e62adbe25d525a449bc90017ce199a5cc0df053615ea8e7bc94c0e981e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e1994cbe039b728d2a6d2e35025f40e4 |
| SHA1 | a8f01ad4f77b8201eb2f6197e9c142153ee58e8d |
| SHA256 | 5a808fecb9991e5a6d55b60fec6a67dfd05aab75855fa9574e8340b9f5f67f89 |
| SHA512 | 72e8bba02f263e9097165744fcd2f588d4407a6782ac600e78750f51dc3e78ec741f994541f3d2d27891666a765cbe0f3021351710bb2afe5c20a8e452496967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 76cfb9ab706411fb4a5b8c51adb7c265 |
| SHA1 | cf7ce00b1b0daf03c37332868081a9cf610a3a62 |
| SHA256 | 667389bb08d4ce6ef0a7b0302acc4d912bc215f4c3e8b3fcbb33801ca6f938e1 |
| SHA512 | a51c8128cfa2da511ef122b00f1de279bf1f17a7e01685161ac78002e7dec06ab1b7f195f756c1f8918c536014593f470536578ea5980dec1cf452b1de340599 |
C:\Users\Admin\AppData\Local\Temp\7zO0D09E578\Installer.exe
| MD5 | 326bb55042949472ab9a787a48d4ad64 |
| SHA1 | e38d33295bfd38dfaa7b2ca77ce893eae50905b4 |
| SHA256 | 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e |
| SHA512 | 6d11f8ee8470c70cb6cea582bf25252af530bb4925f8025bd66c0749156a90521a09ac4154d25a1cc6622ffaf7153192c3e30248d464de7bcceda418febb1340 |
memory/4472-262-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/4472-263-0x0000000000430000-0x0000000000BB8000-memory.dmp
memory/4472-264-0x00000000055C0000-0x000000000565C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbf15ca243e5c97fd0276cbf2f84079c |
| SHA1 | 1603560f8f6f3974055d0189f832b274248b5d69 |
| SHA256 | 758733544289e87cf79b5792a749a0c7e06ef15b3470fabecce1fa2af179822e |
| SHA512 | a506276d15e828a595d31e58ab2e443f3059c1fb568d9bca6d686d4d51d48df952fef7fafbb45d167318f8e19a76e6589d0f2a10dad844d9e3f2336f8f104f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ece0566d21bc5c02a7d00e90a015d008 |
| SHA1 | 5391354c905593f926141bc24174e2367cd86966 |
| SHA256 | 76468fccdfb4faf716df974a1b8a4b13dbaa605bea2ca042983f3a88d216e159 |
| SHA512 | b15c33d3f9930cfd9d59ae83fd720eaac3d1ec6d225878e488c204ab0fd08a4a3e9712bb9593dce56d91daf194011ee80a8b674f2304212626a8e5c7602e6d3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d0d8d63d9307cd4320111e6293c69d22 |
| SHA1 | adabaa95454b4cbd9005618a21d4134157db2a7a |
| SHA256 | fe5605385f91d28b20ab5d2bce89d423dc594d4366814d51f5ba168118a14409 |
| SHA512 | 4d66e6e9f0c9dcc1b4d6813f9b26eba044510b9dcecbc4aeafca496cda770597c71e93fff11c60cd7ddad23ac112053f98c75c4a0c0fc06fbed3fc6bcccb3570 |
memory/4472-375-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/4472-376-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-377-0x0000000005900000-0x0000000005ADE000-memory.dmp
memory/4472-378-0x0000000005AE0000-0x0000000005C72000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/4472-384-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-385-0x0000000005EF0000-0x0000000005F00000-memory.dmp
memory/4472-386-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-387-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-388-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-389-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-390-0x0000000005780000-0x0000000005790000-memory.dmp
memory/4472-391-0x0000000005FB0000-0x00000000060B0000-memory.dmp
memory/4472-392-0x0000000005FB0000-0x00000000060B0000-memory.dmp
memory/1952-393-0x0000000000400000-0x0000000000447000-memory.dmp
memory/4472-394-0x0000000005FB0000-0x00000000060B0000-memory.dmp
memory/1952-397-0x0000000000400000-0x0000000000447000-memory.dmp
memory/4472-398-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/1952-399-0x0000000000400000-0x0000000000447000-memory.dmp
memory/1952-400-0x0000000000400000-0x0000000000447000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Installer.exe.log
| MD5 | 8334a471a4b492ece225b471b8ad2fc8 |
| SHA1 | 1cb24640f32d23e8f7800bd0511b7b9c3011d992 |
| SHA256 | 5612afe347d8549cc95a0c710602bcc7d7b224361b613c0a6ba362092300c169 |
| SHA512 | 56ae2e83355c331b00d782797f5664c2f373eac240e811aab978732503ae05eb20b08730d2427ed90efa5a706d71b42b57153596a45a6b5592e3dd9128b81c36 |
memory/2836-690-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/2836-691-0x0000000074B00000-0x00000000752B0000-memory.dmp