Analysis Overview
Threat Level: Known bad
The file https://downlame.org/voicemod/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-24 23:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-24 23:00
Reported
2024-02-24 23:05
Platform
win10v2004-20240221-en
Max time kernel
293s
Max time network
292s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4836 set thread context of 340 | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 2764 set thread context of 2120 | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | C:\Windows\SysWOW64\netsh.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://downlame.org/voicemod/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff099346f8,0x7fff09934708,0x7fff09934718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3412 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3484 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x33c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,9371125431154745139,5950536156552896567,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6452 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\#!Files-PAsw0rds__4466.rar"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\" -spe -an -ai#7zMap14205:106:7zEvent22176
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\" -spe -an -ai#7zMap20460:106:7zEvent25094
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe
"C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe
"C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\AppData\Local\Temp\fm.exe
C:\Users\Admin\AppData\Local\Temp\fm.exe
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\equilibrator.tar"
C:\Users\Admin\AppData\Local\Temp\fm.exe
C:\Users\Admin\AppData\Local\Temp\fm.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | downlame.org | udp |
| US | 104.21.68.165:443 | downlame.org | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 165.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | vamric.cfd | udp |
| US | 8.8.8.8:53 | kamric.cfd | udp |
| US | 172.67.128.210:443 | vamric.cfd | tcp |
| US | 172.67.198.236:443 | kamric.cfd | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.204.74:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vbklko.click | udp |
| US | 104.21.36.7:443 | vbklko.click | tcp |
| US | 104.21.36.7:443 | vbklko.click | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpaste.org | udp |
| US | 172.67.210.192:443 | dpaste.org | tcp |
| US | 172.67.210.192:443 | dpaste.org | tcp |
| US | 8.8.8.8:53 | 192.210.67.172.in-addr.arpa | udp |
| GB | 92.123.128.164:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tinyurl.com | udp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| US | 104.20.138.65:80 | tinyurl.com | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 65.138.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.13:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 13.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs204n146.userstorage.mega.co.nz | udp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.74:443 | gfs204n146.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.24.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | controlopposedcallyo.shop | udp |
| US | 104.21.38.105:443 | controlopposedcallyo.shop | tcp |
| US | 8.8.8.8:53 | 105.38.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 104.21.38.105:443 | controlopposedcallyo.shop | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d4c957a0a66b47d997435ead0940becf |
| SHA1 | 1aed2765dd971764b96455003851f8965e3ae07d |
| SHA256 | 53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163 |
| SHA512 | 19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc |
\??\pipe\LOCAL\crashpad_3276_JMUTATFGOBPDUSUL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 343e73b39eb89ceab25618efc0cd8c8c |
| SHA1 | 6a5c7dcfd4cd4088793de6a3966aa914a07faf4c |
| SHA256 | 6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223 |
| SHA512 | 54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45265b0b1e16ee2d5c87d0761a2596d2 |
| SHA1 | 2d598e325d0d741d3806d1625b04419269c5a22b |
| SHA256 | b0a93d710d43d842cf3fb79b369e10fb26264b4ad339a137b85fe2bd97bf9868 |
| SHA512 | c72b2e6faebf08855054f896610d441919ca17c93c0cdce5959efb3a39f8c798a3d239cf09ceb7ca4a17fbeab6f6e5f006b5438dea5564873026615456f66010 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ac178291901d7f4890778df627dbf7d7 |
| SHA1 | ac48715ac6563e862e9ef8beae0adc6beecbe659 |
| SHA256 | 047502ede3c4b2d5dd7c2ead7e0d8fe6fdb033fb1c41948ad883cf857ec77346 |
| SHA512 | 007cddbd5bf4a9dd40d79715ad22b12a1c669d5f860bcb7fc458c797937f676710de0c7066e3375d8a50733a9cc76ccfdefb1f17c912147fc40c977606f5f353 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df54a54a7ed7bd9069e30766234ac5d5 |
| SHA1 | 49a8efce10742cd5b6227977ede36150265743f4 |
| SHA256 | c28e30dc0d9f7dc73c671b3c476cf5f9c33de25be6ba76f3ab32179fbb2eceb3 |
| SHA512 | 3be36b546af93470e2bc57b77e4072b20c9d1d4a5d1e3fb7c8803bc137e552935bc9401aac07c515136156d2b998746ecad779cfdf30d12e9149b28704d4d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 71069154aad1b0d850f40a29ac76af82 |
| SHA1 | a7862640f34d1daf077f7c1b86481e72629f0943 |
| SHA256 | 07dad57753dcd887c1b099489d492bc4eef6f8f240e98e91f10cecbe51b8a9d4 |
| SHA512 | c42922911714316560c417bd11ee1a53e392028ccd3b9b31a4b796e349e7497f424193675ad027a865bb4b731987b54dfe6a0ce09074ea2ec45ff2b03973961e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0061342b40943249336fb45e76e26e46 |
| SHA1 | 6b7ac1565f011f1f40155cda2f497f53380ea269 |
| SHA256 | 686a50e04a37b33e0cf368dd94a8238ee2e08037a4be413c71cbbbc6861a4d5b |
| SHA512 | 24e1b07c4dbbc6c9e2fc8843ae8500eeebfbd0b45794b2805025afa9659ad47ab49f63312382f936aa4ae11da7292c4c78fb46be6bb1d90976107a2bfb8b9ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97c828cc77bdfafafd6030388c13dfe5 |
| SHA1 | f76b641ab40d2e02e55eda420eb1bad5ae7d1d6c |
| SHA256 | 2f5af0920b0dbaed2c646e270e621a06e268704a2e22bdec7a0de51f36aeebf2 |
| SHA512 | d0343efb45c85407433ce1f9f6873023500a3ef52d8a1f860f738d1eace5fca48da9b6e9a081213697af669687289126f25eb08dc6b2096f7a0e1e1bfe594b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c5e1c7d121a15f0013b9174293409555 |
| SHA1 | 56586c49f69ff99df884f894c672c68cfd391fd4 |
| SHA256 | 3f2010d0c153fe175a0e1d5c1daf9695eabb33e9ce3cf015b7965a991bd26a1e |
| SHA512 | 706317abf39b394e962ae09c9cb6ff315219b320a844ac5fc0014882df762f0a2bf574bcf0e1794e23fa24138af5f401ac721cb47b9dd2cd71abe095d2ecc5a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0231a46e43f35e72109716ed3ebd15c8 |
| SHA1 | 26f29144b41a4ec62de84f97d7c9052fecebe453 |
| SHA256 | e2a5f7a7eb519de491432b928fa9e6cf75927298d313126da9ce259dc4ff05c5 |
| SHA512 | d8f92d5e69e554514a21071469fee0cb8de22419ff9bfb609bfdc27638360fc8d3209fac95be9800df88cb3777dfab2b996920de3148b77a15a71a1f5452b9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591880.TMP
| MD5 | 3fa51bd1e8062501dce4cb254015d770 |
| SHA1 | 1c1de72b9770ec55f5fc0b60c9f0f6bf0b621e10 |
| SHA256 | 65068194f2e71bb6d134f1722bd43123806834f5002274ee62ca0dd26199b531 |
| SHA512 | 78994ac05b2945447478830ad23994e339da7fe71a379bad90beb5f25c1407a7db5232ee166188a7de7e8527994d90df661342879edd568e24d30d2dfe4bf3a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f2c468bed67ddd9bf8f2508534dd82a7 |
| SHA1 | 7d992b6dcec829097b4b817c5e3e9ea1a2941102 |
| SHA256 | 4e9d0406c588c11c91a705e08cd4c030564975c06b0d4284cb64fbb94f094883 |
| SHA512 | 3f6f22a9c6aab43019cedd242855f249a3ee42c2c8d2be742b47920e52a24c57a9624414945465abcf90be25dccd2e2b7c27682f610ae89cb4b186db954d9547 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594b38.TMP
| MD5 | 7fa73767c29c0cbc0d6eb27b948f6072 |
| SHA1 | a0629779e1fc39502e3393942967e9959df658ab |
| SHA256 | 3b8ca3c6d7a7d226d2bfd429dd355e33115b1647f8d1e59c1974adf6393edcab |
| SHA512 | 7428329b538fb50bfb386efcedb05350b63e4e943b917773280ebbdbb102f95235b4ebeb729886596f8ffe135315aa22b1cca50e5c609c0c337c54536c2d182d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | da8f573090c0e1d49cba8adcb3064995 |
| SHA1 | 471f81b77f6f42fbb3e9d4d227878f0b2d27c3c8 |
| SHA256 | 78b0d64847d365b90f54ff279b246119d84b9c1eae6277b4c4f6085e26d58ce9 |
| SHA512 | bced70147c97399be4cf4897f6ae62c0ae7d052ad72dba946cacfdfc1d55e699d6f18ea43045877af84a37dcd0b663583d51ecab539422b94e077ba977f72920 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 680a05a788eda7826eecb5e77150824e |
| SHA1 | 0abe32f087507f6099bce036aea8b18ba0e24997 |
| SHA256 | bb6081bdefdf6accc93aed87b1d264b300037e6b90ecda168e7b51b1f8516e72 |
| SHA512 | 62f852d4fb3257fe1d428e9f052282a75a9889bfffd0b8a863938cf01f4c1f3df0d28dbcb94ae7f1aea7da273d5ac1143bd39c64bdeb5de91d67ac1f47eb0246 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa7e65e634baf52c0663a47b5a524254 |
| SHA1 | 502dabb07f1f07306de6aa1f543e41ea450a55e6 |
| SHA256 | 4b7b8f570d4e051afdbf7564b73602dae68cb374588d3478717ff556d4a1aa61 |
| SHA512 | fdc32548df8e632cde04071416cee41eb15615540d336a71278bb8ab36d53a580abdcf452df33118050ed3478a2fe027747c28c340b04c9aab7e54951816c436 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bcf653b74f93f8d05f854f07d7b0f25d |
| SHA1 | c4a229841136c35fb8fb2235d434227b4b27f2a7 |
| SHA256 | 651e7024c82a8dda7452c97f848ea1525b4ae72d88a0608f9a9866649c056f30 |
| SHA512 | 6aa26a4fc0ac244b2782e38be042a7314b034b0676fd88239c56542d69b003105246334957c130a84844194d6d6e54034c0aae6e927cbab83889671aeae657f5 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libXau-6.dll
| MD5 | b6f0655bed934503621fcf94ba449a19 |
| SHA1 | f0a5d9eefff5f3bcd2e23b9db748c50cffc1c6e8 |
| SHA256 | 0da1f856d92d6b95f10ed8c3f629cd15468c906de9352fb4ae629139d1412eed |
| SHA512 | 77a10ae1748e5d76288c59933f3f41d4dc7a690b1f2bc9bff0b761f9f2c5331f868dc0259ffe4c4672e1806c33f3f9d0fe0a8b09b10e06333d2590f623c5b284 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libxcb-1.dll
| MD5 | a4212be49e5ce8f3bf3950ca32c4bf14 |
| SHA1 | 53f8e986e5fa3844eb73f063ed01772b53bc2504 |
| SHA256 | 394d2d862f2ddce71f28d9b933b21a7d6c621c80ef28652574f758f77f01f716 |
| SHA512 | 74520d3b3749d2b61e8a970c1fb29c588f98ce477eac4ced8837420153a6e739303aca15ed7d1e070125afa7f3ee32e452815ef1af135f8ed39ef2fce9d333ab |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libxcb-shm-0.dll
| MD5 | 557ed85a1d8a3308e552a77a9902e8cf |
| SHA1 | a9acf7a1db500a734e95038b29c0bd90f7af59e7 |
| SHA256 | e102c9c5b22ceb60dc516ab4124bea8ec8e808b08eec48ea7ac674d13fca82ef |
| SHA512 | 110acfc0b886a1ff77b5452e2f813213630ba2eb4610e06942a59da78e516e05893b049c0d1ddcc077ebabb3a9490cf84fb41f31b62822c9365b60a1b38fd4b8 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\Setup_Free-Full.exe
| MD5 | 55076afc8f8de2df8f91fb2742bcda61 |
| SHA1 | c848bb01e859163b08ce4f58994b3d814dfdf700 |
| SHA256 | e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30 |
| SHA512 | 70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libXdmcp-6.dll
| MD5 | 7d4f4d3bc6ab6c3ea2097a7ecd018728 |
| SHA1 | 2434fbad089ac85eda43c0b0e911ab437b4dfe63 |
| SHA256 | 7705851ba047a8154402aca92621b60be0e0e9d9b52b19bf8be540305bd53dba |
| SHA512 | f9b64cbcd7c7c7b4e942c3da74fb280762d038f974fc23d1e0431b15787aefc87464cda121aa8fccf499af46e345dd65aa5fb5cfee1cb45dba6e5dd79b01a1d8 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libX11-6.dll
| MD5 | 3cd9af46753f2a618d15157372d0d2bc |
| SHA1 | f2a1781b1a6d33338db4d9725b28f15d8a410903 |
| SHA256 | 497471497886f18ca16f7facab7d76dc9bfadd69deb9c6e4ea9bdc0869a15628 |
| SHA512 | 925097106554f6eac698ba933e32fb82c1405c7ccfe284b27f1558e9ab46139506b1e981721aeafaf2e0d595dbdfce3587c4056c6920fdffb0b2f2bdbdcdb38d |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libwinpthread-1.dll
| MD5 | e40b7acdd7654c071b0f2c17eb91fddd |
| SHA1 | 6f7f65cacb44a378169cb9066099dccf96f51426 |
| SHA256 | b53329b607a4af6d59ce94c2ef79abad5bea6ff7045f53af721f5ca09e6f5840 |
| SHA512 | dcdddf8601e733947e76c6c5dca0cd7ffd2eb373ef771e43d411da3ee6d3da40f0a8f34e7599a3b7a6399fb4ee26d501d86acb08b889acc07e95a9a1d6b17a4e |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libgcc_s_dw2-1.dll
| MD5 | d35376c0d447108b2f9d64d4c40014f8 |
| SHA1 | c68129e8bf6cdaaa318c5aad8974efbc2b7ce39a |
| SHA256 | c7544e1f9927afdf6e8cd7063020b572e60fe8f00af39227eb831d331df38225 |
| SHA512 | c46af0bbd3bca6e12125750a5b1ca4f17f85f84729b1c1c01ee76de3704bcdb090212202cf449458833f8ee92e9a46c8758cbd069747de534e2984dccbe9f24d |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libdl.dll
| MD5 | ed925bdab51f49813686b62eb82fb4a4 |
| SHA1 | bc7c742b92a5b47089e0b400a8a80bb217e775fe |
| SHA256 | e1646c7778c24407a17881908037a49ecfcb5a980d155212d544302653a3ef62 |
| SHA512 | 5be99a6b0e2091fe37ff50d5a9c4fa789db27b5ba108801e4d18e99ae584ae1bc91ba3339916dff8a323155815e660f43ca54ffcc7c14c1e3f90600aedb54bd8 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\floe.txt
| MD5 | f21fc930afdf87669e2a8e5f79eed0ca |
| SHA1 | 69f3743fda7f010f7a633aa799ccce43d77ca290 |
| SHA256 | 3b42676a9b8e9dd51d69ffecde0ac8038fc81acba32a7f0bfece8720add9da55 |
| SHA512 | cf613f03af5fee8f5bed01593ee5b043369906192c37812b7b2fd4222f7bf3bf46068b0bc17a3b1dde950e51e57e9e998f67da7b577545b6568a6b0c9afdc4d5 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\equilibrator.tar
| MD5 | f07f53569c594f04b5b15ca6dbe4b455 |
| SHA1 | 0cc33a3154349fad167f56f24d768177291383e2 |
| SHA256 | 6a052820e39dc91e9fbbd96f8b5b2180d63266bf156dd3d2dd94af98294c715a |
| SHA512 | 75ff71afc83d2b499bcea82034691d1d9707c6a525e8ed24f7469934b7a1fbd607cc8e0a36dc1ebe58c97706dbc8cf7052a4aee49858caa5b18c04cb9486e2bf |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\zlib1.dll
| MD5 | 7e507af32ca219d2f832cf8d90ca805b |
| SHA1 | 4eb56c6f4184efc5a6bb5c7cab46547cfa769744 |
| SHA256 | 3668c6749db59a6cbc5293d0a4f904f76d6fb5048704449dd53894916f408a57 |
| SHA512 | d19c6a0a0798db42490631aa9e30da4200e0b687250daa5ec8bcfe68ae2589a523adeacb6c77544488ddc7610fa84be7477a92c2a27605537a0caec2449c87f1 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libxcb-util-1.dll
| MD5 | ee6788d3d3750421e01519a27f86634e |
| SHA1 | 48f4c7dc7bd1208f07e4176e78f035d36682d687 |
| SHA256 | b5acf358ff97127eac9ef4c664a980b937376b5295ef23d77ee338225de10d60 |
| SHA512 | 12ef0ac4cf9c8461044317e693bcfabdb4beb34a222b635ba50f6652b5a91b92ff20cb19e916ac60dca3e8314b7d8cec710a1c730374bb8f260b8d94f57c9775 |
C:\Users\Admin\Downloads\#!Files-PAsw0rds__4466\libxcb-image-0.dll
| MD5 | a3718d24f0e6eae9d6121a1219381ae9 |
| SHA1 | a3377f64d8fb6162f6280d3d924626c1fc6a2fe7 |
| SHA256 | cb220267fb0116b298bab6a09a764420d630c52026f7d750f8ffca4818389327 |
| SHA512 | 43f9c760be222490d43cbd9589b4afbc64759919993a1957a13a753cfcc9d94059dba0b5400a745c377c7bea1f02f4f8f6f952bee5b7ed33f6a49efaec62e9f6 |
memory/4836-496-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/4836-497-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/4836-511-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/4836-512-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/4836-514-0x0000000000400000-0x0000000000787000-memory.dmp
memory/4836-516-0x000000006DDC0000-0x000000006DDE0000-memory.dmp
memory/4836-517-0x000000006DC50000-0x000000006DC5D000-memory.dmp
memory/340-515-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/4836-518-0x000000006DBF0000-0x000000006DBFE000-memory.dmp
memory/4836-522-0x000000006DAB0000-0x000000006DACE000-memory.dmp
memory/4836-521-0x000000006DBC0000-0x000000006DBCF000-memory.dmp
memory/4836-526-0x000000006E010000-0x000000006E02C000-memory.dmp
memory/4836-525-0x000000006C370000-0x000000006C4B3000-memory.dmp
memory/4836-524-0x000000006DBE0000-0x000000006DBED000-memory.dmp
memory/4836-523-0x000000006DFD0000-0x000000006DFF3000-memory.dmp
memory/4836-520-0x000000006DC20000-0x000000006DC48000-memory.dmp
memory/4836-519-0x000000006DBD0000-0x000000006DBDE000-memory.dmp
memory/772-527-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-528-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-529-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-534-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-533-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-539-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-538-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-537-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-536-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/772-535-0x000001D7A5CB0000-0x000001D7A5CB1000-memory.dmp
memory/340-540-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/2764-541-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/2764-542-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/2764-556-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/340-558-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/340-559-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/2764-561-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/2764-563-0x0000000000400000-0x0000000000787000-memory.dmp
memory/2764-565-0x000000006DDC0000-0x000000006DDE0000-memory.dmp
memory/2764-564-0x000000006E010000-0x000000006E02C000-memory.dmp
memory/2764-566-0x000000006C370000-0x000000006C4B3000-memory.dmp
memory/2764-568-0x000000006DBD0000-0x000000006DBDE000-memory.dmp
memory/2764-569-0x000000006DC20000-0x000000006DC48000-memory.dmp
memory/2764-567-0x000000006DC50000-0x000000006DC5D000-memory.dmp
memory/2764-574-0x000000006DBE0000-0x000000006DBED000-memory.dmp
memory/2764-573-0x000000006DBF0000-0x000000006DBFE000-memory.dmp
memory/2764-570-0x000000006DAB0000-0x000000006DACE000-memory.dmp
memory/340-576-0x0000000074D00000-0x0000000074E7B000-memory.dmp
memory/2120-577-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/3692-578-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/3692-579-0x0000000000A50000-0x0000000000A9A000-memory.dmp
memory/3692-581-0x0000000000880000-0x000000000097B000-memory.dmp
memory/3692-583-0x0000000002CD0000-0x0000000002D02000-memory.dmp
memory/3692-582-0x0000000002CD0000-0x0000000002D02000-memory.dmp
memory/3692-584-0x0000000002CD0000-0x0000000002D02000-memory.dmp
memory/3692-586-0x0000000002CD0000-0x0000000002D02000-memory.dmp
memory/3692-585-0x0000000002CD0000-0x0000000002D02000-memory.dmp
memory/3692-587-0x0000000000A50000-0x0000000000A9A000-memory.dmp
memory/4184-589-0x00007FFF17D30000-0x00007FFF17F25000-memory.dmp
memory/4184-590-0x00000000009C0000-0x0000000000A0A000-memory.dmp
memory/4184-591-0x0000000000880000-0x000000000097B000-memory.dmp
memory/4184-593-0x0000000001920000-0x0000000001952000-memory.dmp
memory/4184-592-0x0000000001920000-0x0000000001952000-memory.dmp
memory/4184-595-0x0000000001920000-0x0000000001952000-memory.dmp
memory/4184-594-0x0000000001920000-0x0000000001952000-memory.dmp
memory/4184-596-0x00000000009C0000-0x0000000000A0A000-memory.dmp