Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 15:57

General

  • Target

    http://tinyurl.com/yc35cnsb

Score
10/10

Malware Config

Extracted

Family

lumma

C2

https://controlopposedcallyo.shop/api

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tinyurl.com/yc35cnsb
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd515946f8,0x7ffd51594708,0x7ffd51594718
      2⤵
        PID:3216
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        2⤵
          PID:4176
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
          2⤵
            PID:5060
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:404
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:1012
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                2⤵
                  PID:3556
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                  2⤵
                    PID:796
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3320
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4212 /prefetch:8
                    2⤵
                      PID:1796
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
                      2⤵
                        PID:5172
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
                        2⤵
                          PID:5164
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                          2⤵
                            PID:5636
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                            2⤵
                              PID:5644
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                              2⤵
                                PID:5952
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5964
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,11944328973189388698,15803109792804449625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
                                2⤵
                                  PID:5944
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1564
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1980
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x510 0x50c
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2832
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:2116
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\" -spe -an -ai#7zMap20113:152:7zEvent4414
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of FindShellTrayWindow
                                      PID:5472
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\equilibrator\" -spe -an -ai#7zMap3550:178:7zEvent22494
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of FindShellTrayWindow
                                      PID:4824
                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe
                                      "C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious behavior: MapViewOfSection
                                      PID:5232
                                      • C:\Windows\SysWOW64\netsh.exe
                                        C:\Windows\SysWOW64\netsh.exe
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: MapViewOfSection
                                        PID:2328
                                        • C:\Users\Admin\AppData\Local\Temp\fm.exe
                                          C:\Users\Admin\AppData\Local\Temp\fm.exe
                                          3⤵
                                          • Loads dropped DLL
                                          PID:2068
                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe
                                      "C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Suspicious use of SetThreadContext
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious behavior: MapViewOfSection
                                      PID:3724
                                      • C:\Windows\SysWOW64\netsh.exe
                                        C:\Windows\SysWOW64\netsh.exe
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: MapViewOfSection
                                        PID:5360
                                        • C:\Users\Admin\AppData\Local\Temp\fm.exe
                                          C:\Users\Admin\AppData\Local\Temp\fm.exe
                                          3⤵
                                          • Loads dropped DLL
                                          PID:3612

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      3bde7b7b0c0c9c66bdd8e3f712bd71eb

                                      SHA1

                                      266bd462e249f029df05311255a15c8f42719acc

                                      SHA256

                                      2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

                                      SHA512

                                      5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      9cafa4c8eee7ab605ab279aafd19cc14

                                      SHA1

                                      e362e5d37d1a79e7b4a8642b068934e4571a55f1

                                      SHA256

                                      d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

                                      SHA512

                                      eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                      Filesize

                                      17KB

                                      MD5

                                      950eca48e414acbe2c3b5d046dcb8521

                                      SHA1

                                      1731f264e979f18cdf08c405c7b7d32789a6fb59

                                      SHA256

                                      c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                      SHA512

                                      27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      e2cd4e05c07eeaac809cf87a8d749e2c

                                      SHA1

                                      a014fb50c6961878e9aa3d0381e6798cbac8f947

                                      SHA256

                                      5388588285444cfaf7eab250745126ac37a67fea4eed0000e8eb8e0594a7ff4a

                                      SHA512

                                      c06257aebd1398d2a888263681e5315304522f3dba989d9d8f12e677b3a3639b000cf02679468c20a4a0648f6d00ac715f241fc24c6e4fc584af544df307e750

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      188B

                                      MD5

                                      008114e1a1a614b35e8a7515da0f3783

                                      SHA1

                                      3c390d38126c7328a8d7e4a72d5848ac9f96549b

                                      SHA256

                                      7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

                                      SHA512

                                      a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      8d6b79b3996b02ee0e322f03e33685bc

                                      SHA1

                                      c5443311bc70166b34dfb8ade7742a43380544b7

                                      SHA256

                                      63e8b44e5555086e924ea9d5e323ce1597702d480798ac91a8e4af993548782a

                                      SHA512

                                      5735b98a4d073c4564593eef14925b82983a3fc06ed87b77b6b48b77f44beaf678a850cce0cefe03975fae289f54a5ab293f72c51e673a01dbafc68c399c3e49

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      313f2a0463031ad678766d8437e51960

                                      SHA1

                                      d8df95417a43f9b51ed448e7221e2a7fc20e6c3e

                                      SHA256

                                      63f43e0523588be299ef742250ae1ff9c71a91d43b043a4785dd84250f6099e7

                                      SHA512

                                      e665379f28b033e1d314b02b85d763d9120b3afff3b93b02eb24df502a74806ade83c4064021718ca31d4ded3ec68aea17d2a92ec1c31715f79e18a960597e05

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      ec41b15a33f969afe696b396fb619f21

                                      SHA1

                                      f12a46d7124a3c1c480d05f9d1882d30c835c0c1

                                      SHA256

                                      46d89229665b0acb56f1a6f8337a007d4becb34f13e361e297e3154aa7e11f5d

                                      SHA512

                                      1ba0cb77ddbb51f9c17ef16b374630646150ae79f029f26d9f5b177e420f54890ca5b1f6790e89b1774c7ea7306d5b6d9713b9fabf7d1ca4e6a4707ea2f52854

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      7KB

                                      MD5

                                      68dd0b7af6e45255971aa892dc42f6d4

                                      SHA1

                                      4abc7d8dc7728e992a7e29c7616ec3e7afc4ce70

                                      SHA256

                                      3434ba099539265b467b124e96dab906eff87e85a5e9c95c8f28601ff777c9af

                                      SHA512

                                      d9c1873ef7022b74c97869c99f1a708f2b7baa8d15d848685cd487d88f2a0fa3f31245535e64b5700d5b095971824ace8cbd98d0eb4816cb9b89c851b5aaf881

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                      Filesize

                                      72B

                                      MD5

                                      59a9c734627aed84c18ae8e5ab661106

                                      SHA1

                                      df968267626e1b12282d2e0ed41fea20a8d96c4c

                                      SHA256

                                      fd0c39421d6e62fb65bb2abbf62954c13795fb59de3885d3deaf63a081e9c26b

                                      SHA512

                                      e137583afb25e704e2e87be2b28366fd5ce6963dc5db8d5291c72991351da6eb483d798d346f86b1cee8f188f32031d2f8fa51cdbc758da75b6d1febc26ba44b

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cc39.TMP

                                      Filesize

                                      48B

                                      MD5

                                      c532885adf332115a44c6754bbd40234

                                      SHA1

                                      b9fe935b882379a956b05a955bc4aa650acf3f3e

                                      SHA256

                                      506e2c4a55e8fe68262e71a38985202b8b2c02b5e5efbc00560a0d4e65c91d06

                                      SHA512

                                      9e110806657ab70e85dd6b84c8d0a3b4f05e2e0ac8a45dfb623c9ca445d85eb4b0d1e6e8ae7a83a497716032707db35fdd18b0937e0adecc91677b5f97b9ab60

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      c9183a04ddc9297ace3ddf5c08e54b62

                                      SHA1

                                      0ac6e3fa6fe25a33d954df7cdb49e0de2b8ffe04

                                      SHA256

                                      8295b3eee54cd696089d423de2a2a49351b2865a8db861ba788efe41acd130ad

                                      SHA512

                                      e4882bc987b600929c8b71f84f740fe3b36834b0c5749552313c43c4d093702cf6163281aa2bcb47ac5f1141c76d17b08c19e2db56b1e01aadb521e2dcc2de46

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      3af87e58c82ca3a65c4cb58252301bb2

                                      SHA1

                                      5569b75f5602c7ec052627b337ff7d5cd4ecad4e

                                      SHA256

                                      673795d9ec9e152612d8a31e2c74f976bd338c5bdf142685a75fe65659132b4c

                                      SHA512

                                      599dc225f7a104f8763305981e2cc2b8a9b295eb1854b99972982bf9f06b3b22b3602e668affdf64d5125b29dcbba1c2bb70d2af4bde26fb597e38fe6f8bd76e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      eb9e4a2013cb39a8749d8ac24f41c4c7

                                      SHA1

                                      1a04c2a992f9abfd40f0ee970cefb4d392faff82

                                      SHA256

                                      5ee4a7cddac7bce8eaada3f80c74f2608107f082e2073f51b67d73ac0ea3515c

                                      SHA512

                                      7c77cbfc7f26665d4de0577fb7ff6944ba86cc6be5a293f6451dbeb7fbdad1bb209f6791cf0472e4b27b300fcf2eca41ddd6b95f335a9c1b924c19eb340862b0

                                    • C:\Users\Admin\AppData\Local\Temp\4241fb09

                                      Filesize

                                      1.9MB

                                      MD5

                                      d1752e893af14ff2e73f3526dfb29a50

                                      SHA1

                                      624479ea89d979e915b1e1d125e14480ebbaaeaa

                                      SHA256

                                      f6f00ede3f743ed4a332da75d1f520a195badd28f521f4bf801626caa104e4ac

                                      SHA512

                                      663091a25bde494494d6db76b73136e4a9d2962e7c58b0f1964ddcd749b29079ac7da258ca01841af57c6dde7c240b0059382d5fe87a2f925710c42db41b0e72

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619.zip

                                      Filesize

                                      2.9MB

                                      MD5

                                      40be53838d71395d79dc45ffa6dfd30d

                                      SHA1

                                      663273810612b04c3cdeffeaf923850113d545c9

                                      SHA256

                                      d90a1f698c36bbb331df323ad7884fa53d8f3540917d0b6efc891a8fef3e2da0

                                      SHA512

                                      868d52d3f72483855c4a9129cb30359bc734a81da3f0160b3a64352cdb6f1614b827f1e67a7735c2001eccfc54cafb3b826791531b855fc89f0529e4a24f377a

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe

                                      Filesize

                                      1.1MB

                                      MD5

                                      febb73d056e9d4c307de110f97ae61aa

                                      SHA1

                                      eddc5b436d63464f0f0642481d5a76a92f6fcd6a

                                      SHA256

                                      738ba599f2bca932903635f75fd1b9fda1c353f22198766c5e7f1c2853c73c69

                                      SHA512

                                      b76e510967c3d937f7b2fd1f3f42444207e13f81b51d0a660ccd588f158032578d1aa27da83fa78b51c2797a161b4857197bce2ad1530d37d959cfce3cc90a3b

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe

                                      Filesize

                                      320KB

                                      MD5

                                      7274263761c81665d7aea479b7d59d76

                                      SHA1

                                      48f3a97f48a5492f6ee38a7f619ec585487e5f2b

                                      SHA256

                                      37d216076f22b98202e7f4f39015f5e1dd57eb8cfcd9769acc39d088a3218f0f

                                      SHA512

                                      a6205e9bccc1bc7a51b1b5b2533c1c48ab2ebba2ea9e5b0acd9afd2978a9b0b31a813da462472ebfb2993f331a120665cacb1d158cafb868a8d90eb716977606

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\Setup_Full-Free.exe

                                      Filesize

                                      3.3MB

                                      MD5

                                      55076afc8f8de2df8f91fb2742bcda61

                                      SHA1

                                      c848bb01e859163b08ce4f58994b3d814dfdf700

                                      SHA256

                                      e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30

                                      SHA512

                                      70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\equilibrator.tar

                                      Filesize

                                      84KB

                                      MD5

                                      f07f53569c594f04b5b15ca6dbe4b455

                                      SHA1

                                      0cc33a3154349fad167f56f24d768177291383e2

                                      SHA256

                                      6a052820e39dc91e9fbbd96f8b5b2180d63266bf156dd3d2dd94af98294c715a

                                      SHA512

                                      75ff71afc83d2b499bcea82034691d1d9707c6a525e8ed24f7469934b7a1fbd607cc8e0a36dc1ebe58c97706dbc8cf7052a4aee49858caa5b18c04cb9486e2bf

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\floe.txt

                                      Filesize

                                      1.3MB

                                      MD5

                                      f21fc930afdf87669e2a8e5f79eed0ca

                                      SHA1

                                      69f3743fda7f010f7a633aa799ccce43d77ca290

                                      SHA256

                                      3b42676a9b8e9dd51d69ffecde0ac8038fc81acba32a7f0bfece8720add9da55

                                      SHA512

                                      cf613f03af5fee8f5bed01593ee5b043369906192c37812b7b2fd4222f7bf3bf46068b0bc17a3b1dde950e51e57e9e998f67da7b577545b6568a6b0c9afdc4d5

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libX11-6.dll

                                      Filesize

                                      1.2MB

                                      MD5

                                      3cd9af46753f2a618d15157372d0d2bc

                                      SHA1

                                      f2a1781b1a6d33338db4d9725b28f15d8a410903

                                      SHA256

                                      497471497886f18ca16f7facab7d76dc9bfadd69deb9c6e4ea9bdc0869a15628

                                      SHA512

                                      925097106554f6eac698ba933e32fb82c1405c7ccfe284b27f1558e9ab46139506b1e981721aeafaf2e0d595dbdfce3587c4056c6920fdffb0b2f2bdbdcdb38d

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libXau-6.dll

                                      Filesize

                                      20KB

                                      MD5

                                      b6f0655bed934503621fcf94ba449a19

                                      SHA1

                                      f0a5d9eefff5f3bcd2e23b9db748c50cffc1c6e8

                                      SHA256

                                      0da1f856d92d6b95f10ed8c3f629cd15468c906de9352fb4ae629139d1412eed

                                      SHA512

                                      77a10ae1748e5d76288c59933f3f41d4dc7a690b1f2bc9bff0b761f9f2c5331f868dc0259ffe4c4672e1806c33f3f9d0fe0a8b09b10e06333d2590f623c5b284

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libXdmcp-6.dll

                                      Filesize

                                      28KB

                                      MD5

                                      7d4f4d3bc6ab6c3ea2097a7ecd018728

                                      SHA1

                                      2434fbad089ac85eda43c0b0e911ab437b4dfe63

                                      SHA256

                                      7705851ba047a8154402aca92621b60be0e0e9d9b52b19bf8be540305bd53dba

                                      SHA512

                                      f9b64cbcd7c7c7b4e942c3da74fb280762d038f974fc23d1e0431b15787aefc87464cda121aa8fccf499af46e345dd65aa5fb5cfee1cb45dba6e5dd79b01a1d8

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libdl.dll

                                      Filesize

                                      17KB

                                      MD5

                                      ed925bdab51f49813686b62eb82fb4a4

                                      SHA1

                                      bc7c742b92a5b47089e0b400a8a80bb217e775fe

                                      SHA256

                                      e1646c7778c24407a17881908037a49ecfcb5a980d155212d544302653a3ef62

                                      SHA512

                                      5be99a6b0e2091fe37ff50d5a9c4fa789db27b5ba108801e4d18e99ae584ae1bc91ba3339916dff8a323155815e660f43ca54ffcc7c14c1e3f90600aedb54bd8

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libgcc_s_dw2-1.dll

                                      Filesize

                                      114KB

                                      MD5

                                      d35376c0d447108b2f9d64d4c40014f8

                                      SHA1

                                      c68129e8bf6cdaaa318c5aad8974efbc2b7ce39a

                                      SHA256

                                      c7544e1f9927afdf6e8cd7063020b572e60fe8f00af39227eb831d331df38225

                                      SHA512

                                      c46af0bbd3bca6e12125750a5b1ca4f17f85f84729b1c1c01ee76de3704bcdb090212202cf449458833f8ee92e9a46c8758cbd069747de534e2984dccbe9f24d

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libwinpthread-1.dll

                                      Filesize

                                      96KB

                                      MD5

                                      e40b7acdd7654c071b0f2c17eb91fddd

                                      SHA1

                                      6f7f65cacb44a378169cb9066099dccf96f51426

                                      SHA256

                                      b53329b607a4af6d59ce94c2ef79abad5bea6ff7045f53af721f5ca09e6f5840

                                      SHA512

                                      dcdddf8601e733947e76c6c5dca0cd7ffd2eb373ef771e43d411da3ee6d3da40f0a8f34e7599a3b7a6399fb4ee26d501d86acb08b889acc07e95a9a1d6b17a4e

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libxcb-1.dll

                                      Filesize

                                      132KB

                                      MD5

                                      a4212be49e5ce8f3bf3950ca32c4bf14

                                      SHA1

                                      53f8e986e5fa3844eb73f063ed01772b53bc2504

                                      SHA256

                                      394d2d862f2ddce71f28d9b933b21a7d6c621c80ef28652574f758f77f01f716

                                      SHA512

                                      74520d3b3749d2b61e8a970c1fb29c588f98ce477eac4ced8837420153a6e739303aca15ed7d1e070125afa7f3ee32e452815ef1af135f8ed39ef2fce9d333ab

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libxcb-image-0.dll

                                      Filesize

                                      25KB

                                      MD5

                                      a3718d24f0e6eae9d6121a1219381ae9

                                      SHA1

                                      a3377f64d8fb6162f6280d3d924626c1fc6a2fe7

                                      SHA256

                                      cb220267fb0116b298bab6a09a764420d630c52026f7d750f8ffca4818389327

                                      SHA512

                                      43f9c760be222490d43cbd9589b4afbc64759919993a1957a13a753cfcc9d94059dba0b5400a745c377c7bea1f02f4f8f6f952bee5b7ed33f6a49efaec62e9f6

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libxcb-shm-0.dll

                                      Filesize

                                      19KB

                                      MD5

                                      557ed85a1d8a3308e552a77a9902e8cf

                                      SHA1

                                      a9acf7a1db500a734e95038b29c0bd90f7af59e7

                                      SHA256

                                      e102c9c5b22ceb60dc516ab4124bea8ec8e808b08eec48ea7ac674d13fca82ef

                                      SHA512

                                      110acfc0b886a1ff77b5452e2f813213630ba2eb4610e06942a59da78e516e05893b049c0d1ddcc077ebabb3a9490cf84fb41f31b62822c9365b60a1b38fd4b8

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\libxcb-util-1.dll

                                      Filesize

                                      23KB

                                      MD5

                                      ee6788d3d3750421e01519a27f86634e

                                      SHA1

                                      48f4c7dc7bd1208f07e4176e78f035d36682d687

                                      SHA256

                                      b5acf358ff97127eac9ef4c664a980b937376b5295ef23d77ee338225de10d60

                                      SHA512

                                      12ef0ac4cf9c8461044317e693bcfabdb4beb34a222b635ba50f6652b5a91b92ff20cb19e916ac60dca3e8314b7d8cec710a1c730374bb8f260b8d94f57c9775

                                    • C:\Users\Admin\Downloads\#!Files-PAsw0rds__1619\#!Files-PAsw0rds__1619\zlib1.dll

                                      Filesize

                                      90KB

                                      MD5

                                      7e507af32ca219d2f832cf8d90ca805b

                                      SHA1

                                      4eb56c6f4184efc5a6bb5c7cab46547cfa769744

                                      SHA256

                                      3668c6749db59a6cbc5293d0a4f904f76d6fb5048704449dd53894916f408a57

                                      SHA512

                                      d19c6a0a0798db42490631aa9e30da4200e0b687250daa5ec8bcfe68ae2589a523adeacb6c77544488ddc7610fa84be7477a92c2a27605537a0caec2449c87f1

                                    • \??\pipe\LOCAL\crashpad_4144_OEKTCQOYQSOPPRRO

                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/2068-489-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/2068-495-0x0000000000CE0000-0x0000000000D2A000-memory.dmp

                                      Filesize

                                      296KB

                                    • memory/2068-490-0x0000000000CE0000-0x0000000000D2A000-memory.dmp

                                      Filesize

                                      296KB

                                    • memory/2068-492-0x0000000000370000-0x000000000046B000-memory.dmp

                                      Filesize

                                      1004KB

                                    • memory/2068-493-0x0000000000940000-0x0000000000941000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2068-494-0x0000000000940000-0x0000000000941000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/2328-474-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/2328-307-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/2328-321-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/2328-432-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/2328-434-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/3612-499-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/3612-500-0x0000000000D70000-0x0000000000DBA000-memory.dmp

                                      Filesize

                                      296KB

                                    • memory/3612-501-0x0000000000370000-0x000000000046B000-memory.dmp

                                      Filesize

                                      1004KB

                                    • memory/3612-506-0x0000000000D70000-0x0000000000DBA000-memory.dmp

                                      Filesize

                                      296KB

                                    • memory/3612-503-0x0000000000D30000-0x0000000000D62000-memory.dmp

                                      Filesize

                                      200KB

                                    • memory/3612-502-0x0000000000D30000-0x0000000000D62000-memory.dmp

                                      Filesize

                                      200KB

                                    • memory/3612-504-0x0000000000D30000-0x0000000000D62000-memory.dmp

                                      Filesize

                                      200KB

                                    • memory/3612-505-0x0000000000D30000-0x0000000000D62000-memory.dmp

                                      Filesize

                                      200KB

                                    • memory/3724-479-0x000000006DDC0000-0x000000006DDE0000-memory.dmp

                                      Filesize

                                      128KB

                                    • memory/3724-488-0x000000006DBE0000-0x000000006DBED000-memory.dmp

                                      Filesize

                                      52KB

                                    • memory/3724-448-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/3724-472-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/3724-447-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/3724-475-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/3724-477-0x0000000000400000-0x0000000000787000-memory.dmp

                                      Filesize

                                      3.5MB

                                    • memory/3724-480-0x000000006C370000-0x000000006C4B3000-memory.dmp

                                      Filesize

                                      1.3MB

                                    • memory/3724-484-0x000000006DC20000-0x000000006DC48000-memory.dmp

                                      Filesize

                                      160KB

                                    • memory/3724-482-0x000000006DBF0000-0x000000006DBFE000-memory.dmp

                                      Filesize

                                      56KB

                                    • memory/3724-483-0x000000006DBD0000-0x000000006DBDE000-memory.dmp

                                      Filesize

                                      56KB

                                    • memory/3724-486-0x000000006DAB0000-0x000000006DACE000-memory.dmp

                                      Filesize

                                      120KB

                                    • memory/3724-485-0x000000006DBC0000-0x000000006DBCF000-memory.dmp

                                      Filesize

                                      60KB

                                    • memory/5232-319-0x000000006DFD0000-0x000000006DFF3000-memory.dmp

                                      Filesize

                                      140KB

                                    • memory/5232-312-0x000000006C370000-0x000000006C4B3000-memory.dmp

                                      Filesize

                                      1.3MB

                                    • memory/5232-317-0x000000006DBC0000-0x000000006DBCF000-memory.dmp

                                      Filesize

                                      60KB

                                    • memory/5232-318-0x000000006DAB0000-0x000000006DACE000-memory.dmp

                                      Filesize

                                      120KB

                                    • memory/5232-289-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/5232-316-0x000000006DC20000-0x000000006DC48000-memory.dmp

                                      Filesize

                                      160KB

                                    • memory/5232-315-0x000000006DBD0000-0x000000006DBDE000-memory.dmp

                                      Filesize

                                      56KB

                                    • memory/5232-313-0x000000006DC50000-0x000000006DC5D000-memory.dmp

                                      Filesize

                                      52KB

                                    • memory/5232-314-0x000000006DBF0000-0x000000006DBFE000-memory.dmp

                                      Filesize

                                      56KB

                                    • memory/5232-320-0x000000006DBE0000-0x000000006DBED000-memory.dmp

                                      Filesize

                                      52KB

                                    • memory/5232-310-0x000000006DDC0000-0x000000006DDE0000-memory.dmp

                                      Filesize

                                      128KB

                                    • memory/5232-309-0x000000006E010000-0x000000006E02C000-memory.dmp

                                      Filesize

                                      112KB

                                    • memory/5232-308-0x0000000000400000-0x0000000000787000-memory.dmp

                                      Filesize

                                      3.5MB

                                    • memory/5232-305-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/5232-304-0x0000000074D90000-0x0000000074F0B000-memory.dmp

                                      Filesize

                                      1.5MB

                                    • memory/5232-290-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB

                                    • memory/5360-491-0x00007FFD5F7F0000-0x00007FFD5F9E5000-memory.dmp

                                      Filesize

                                      2.0MB