Analysis Overview
SHA256
a0d8506547614bcdc0f772601a5efdbf5dddc8385c0ea5aeb971537bead03d30
Threat Level: Known bad
The file file was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Suspicious use of SetThreadContext
Modifies Internet Explorer Phishing Filter
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-24 18:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-24 18:30
Reported
2024-02-24 18:33
Platform
win7-20240221-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer Phishing Filter
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PhishingFilter | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = b84a7cac4f67da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000008c5b0434b62f2e3b642b11d443ef81c9d9a75f11306f19895cf47d4e12955e7f000000000e8000000002000020000000420bee1e4830b35a55e7316863d546630e4ce3495b10527f0e4771517d7432ae200000000c92b035a81a3b61ef6cf5e38b394c8c19bab6fbe2963f614e4967edd21b8bfa400000009ed6ea6d7c989604ffccff3f53034b1668e6888c354069b74b34c3743128804281dadbac527669e40038578d51b5c95a9026e92babc7c8199435d04b67fea9f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000bdba4264b5f18fa95e547bb9650b5abc4d84d0b11b75937c60b71bee3adb3a8b000000000e80000000020000200000005428292a916771c46eec3c815bdc45d58c61ecbd3d038aa757bba630a57d67e0900000001de104815b81924d8ee0331992f9007c900ef465771bdc3815c3b69600a9dbf49d6db8c68eda456e4be0456a4c80c80e5993eb269e3c306e49967433b45f1b30d0b4041bdd997bb1eecc85f676b0b8dae1e4daa18f6d61c9472f9d56ee591aa77e4fc695ea79d2d9d6a6b96da13c4d8ec5c3545878b09c5625bffc84e77a130fc6a66578fca26c6e67d616708416dc59400000008531bee5583bc7439922448393daa7470794d659a4f85e5091d0fb679c5a7d999fbcfe224ddaa3c72a468b5f661e35ac876757cfc4d3fab3856437af911fa834 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5029deba4f67da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414961346" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5DA7E61-D342-11EE-B9BD-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:2503692 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| IE | 18.66.168.184:443 | cdn.amplitude.com | tcp |
| IE | 18.66.168.184:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.202.201.238:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | download1652.mediafire.com | udp |
| US | 199.91.152.152:443 | download1652.mediafire.com | tcp |
| US | 199.91.152.152:443 | download1652.mediafire.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| GB | 92.123.128.165:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.74:443 | login.microsoftonline.com | tcp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| GB | 23.48.165.156:80 | a4.bing.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | www.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| GB | 92.123.128.152:443 | r.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4D2A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4D0A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6ecd6be766a5f6f3f0534cf22b43ca57 |
| SHA1 | 291ef022f6a5303f1e77777ce85d481b20837759 |
| SHA256 | 64b7ec2ba62b8c6d7ce3e103ab4c7c91006d070bf0f3678c1b595756d93a31b4 |
| SHA512 | 76a29b7f96588b99151db26de8d029331a3e48fe8997cee9603c747e7ca791c4468390550533a0c034feea1bac615a2da703476944b0a857bea4452a8ef73e31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5ad839724f2d875f7f2da1de5230ad57 |
| SHA1 | b90848ff9b0ab5ba29aa58919f40f932f3afaaf6 |
| SHA256 | 9a762c09a881a8d1bc19422295373971f6fdda5f3e1ec3c33439046ab35f8070 |
| SHA512 | 77135805d61d39f3c2bacc1089992fd6bcba4906692fc52048a22bbde6c5c2016abe726c6b098ae3387d757e30b56d4d5af4473d60634d0c07bee5bbac914e42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 195779cbe637daa06552929a4893e5cd |
| SHA1 | 7f16f4be6576f7137f25dc56107ebb2954d502d2 |
| SHA256 | ef0b7b1bcb4d641f82433f191772177d52fdc107da94ae58bf36b50e81b4f74a |
| SHA512 | dcd4c21ccdbbb9c123942767816fda7d208550436ac9d09d1aea62d19ca4b22cb00331899842fb0b3893c2230b43d6e40363c2bb7cfd9722350ae8734b2314df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acad2b086df3743622c9442b9a118adf |
| SHA1 | 68d0f216e5ef2b2039ecfab8b3e11f21ab64671c |
| SHA256 | 645a81642f058b21252b9b8e548b115975e4aa3ec26177d72f5f1714b9bf35de |
| SHA512 | a86a82b96d4af239c3c373638245fcafa29e32f0bffd6526b4f26cd21ef94b3c10f4055975fb0e70ce3aaa34f9bc7027284d60a140b78171e520d4c9f0f7eb01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a6457cb43755f3532ac0db65bf9ce08 |
| SHA1 | 8ab0c433d276e7bb3ed5019f75a5559a4d7de6a3 |
| SHA256 | abc5fc90e3024d89d48b65381dcf28660ec428a8cf853f5d7627a9c6365914f6 |
| SHA512 | 40694d4555f12a53837c4e072618671506af19b5eda91c0952da02f34bf1873e7eb4d1324244d01f41f04726f84f93711df4cfc05672b37090aaaeff1c08c27d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8681abf2aa5c668ef8927f7357ab3c3f |
| SHA1 | 561515b037bda6fe4e9e3e64af0d7e86f40f90ec |
| SHA256 | 6de7a091bac9b7b9c4ab915ee9558f04ff5a6878933b017f5c651a48e9796665 |
| SHA512 | 363c7ed209cd167f2c76c8624f1b7645693045b757716ceb5794a00c01e324a8642e73274d0dfd80c8208bbfbf7c86ec79196a822d668ae308e54440bfc304f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b680510bfb876de659af9225f5db1615 |
| SHA1 | 50999d7a8b4e8bea1c9302225cd254be63202237 |
| SHA256 | 34d2f900b44c41919011f00fd3198e84de59219eee7d05dcf2cf9095fd7265c6 |
| SHA512 | 4bd63c270fb17cabd04ed5bb029c3376429daeaa3bd39541e448ac472d91e254758f1460c8d5b47581f32a4bd0372ec401d2a4cea07f88ef5949a2f7c7134375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 810eca5d6148d633f492adff69fd8fbe |
| SHA1 | d1e11fca0a4125b144fd7d28f4d40685aa1b8124 |
| SHA256 | 5e9a100847ff1b802c34dbfaecdc3a3f32b04fd99e31273df6f0adb9b46b8d83 |
| SHA512 | 714db2747c8f26de465a1e2d17e7cda80491e75a5c842bc5cb2c18623aaac13cb60e10960b8520e283be86040a3958e9c009c718c84341722fdb23a6edfef147 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d19dbdb71ae613cc950a9a097e36b5 |
| SHA1 | de1bd16a67ce0c3977bff080c1ae1c162c5e363e |
| SHA256 | 35d15ee123457daf96b61d2a50b8253cf92305f35afc56180ff78ac74d6eff92 |
| SHA512 | 4459c9f2cf5138a52e81160962b5334fa72093b00da0c7ed7053aa6dcaf41a25bfca8157157da1157e279b6747917e0a0a0d1f6f6ef5f2f96664666303fd669a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f7624b47264439d5e052003774b62d |
| SHA1 | 54a2bd10d8d17e9034f738d48027f333f55160c1 |
| SHA256 | aeb0d614e250439888945256722d2a274a4cee280b06113805916535bf1c5a10 |
| SHA512 | 22bdb6f205a4d471317d7d4b00c6ab59e40b054d77f25c630057734c1814296f60326cd7fa10971f871c139aa8a8757c3e454e6eba6cbadffd350951f73e0af2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e86fb71d6c5cb5af0c48ecc30f814dc9 |
| SHA1 | 61788f1250fdc43efe4ee791451b54f4dbd9ca4b |
| SHA256 | 9adf01cc4f9afdd09a14f32f574654126a11620d82cf0e92cf79598fbf32441c |
| SHA512 | 5c6dfe5280ca30ade622b1c3f615217498b0804d86353f78acb454b9d4f8a3d98522269181e69ef507f157ceb20629a9d0293346f4a22fd70e68f6ab8cc250d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 285ec909c4ab0d2d57f5086b225799aa |
| SHA1 | d89e3bd43d5d909b47a18977aa9d5ce36cee184c |
| SHA256 | 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b |
| SHA512 | 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab9985e172baeba0ca6b31450cc9060a |
| SHA1 | 73137b87d38ec2169d284eb937cd22b210954bb7 |
| SHA256 | 7cecc244b292097740411b3d74d145a157f9281ecb2e7388eed984c781760f22 |
| SHA512 | 5aab565eddff648f2ea6e905b6d84d3341f2200680153a626fdde4e3dc69ea8c784e7ef28ca6564a8a195ef39a770dd49dee497054787b43f5a374e4729c8c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05b0c6f43920eda4d6a9f81bd9c73cfa |
| SHA1 | dd631cae66822ba1fa065d50907fa9fc6c392062 |
| SHA256 | 8a72767d8e5d62850b09dd063a7794a98799d3252fe4455a2d1eb9749fb88dc1 |
| SHA512 | f15891c742e305dbb67f5fdcf916da8df88b31e86e7907c4b3708016e6af05df3b2b45b6a3c1becbe80f816e92191e6e162f253f70696660441b130b1d6b6335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64ddee8a0530da342759ad2ed81ba01b |
| SHA1 | 5f1927bcdce4ec3a483d1eee99d883b4d1e8f1f9 |
| SHA256 | a0ea2a8f109a92e58a1b338633e5a34b0febc5e02539121c54afcccf35a1ef4d |
| SHA512 | f9bee4654ed5134dfb857f351d22a7ae9938feebefaec5acc083ce172b5f8908d981402412393e9ab0454c640113bfbdf5e7a4f0134e15d19a30c294447b94ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 089e0fdec824292df23fb1df449b7a40 |
| SHA1 | ffa5f633f796257b4bc998a99277ac331b39cc8b |
| SHA256 | 9e27882ca4ab4922c31ef1aedc293112eaf9687ae892531e34664e6393f0f7e1 |
| SHA512 | 6fd84c18815beb8981205280db2d751ebabe48bbf281f1ac3b9a616f9d4db80247df5e6c00e571918c0914662ba8a669699f1cbe0d9adfeffbcba5dfaf957d78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3567259cbf207e001926abffeffbe0b3 |
| SHA1 | f89242472d33aef0ca028f704e9f50492cdf6ad5 |
| SHA256 | 35583f409fe367c289959d42e8a02c19c10abbbce0869705401f488b94607384 |
| SHA512 | eec240f4e54cecb9bb5a942001624b61d58b1ef70e074f9d8ad359ad81d415e69bedec7eaa62cbce400f3eb93ce36a1c6bd97ccbb7d5585f0df74ace9af5a850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7f0ab5d809b337d327dd5090f340925 |
| SHA1 | 192ce1449b72ac13f82d5f8a71ec4f228899c06e |
| SHA256 | ba5d8cb770dfc56b1d1532eb3178ca5486a12d92e5e3a118a17c6e512142c639 |
| SHA512 | a1c2dd26b02e570cd3e88a4177a424e8c21f543e865a6c125e66d0ef5a882330d7122bcfb6870c000e57643f36911497da074c50491f25d19ecda5172173753c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 266feebffd9fdd460f06f7397609d192 |
| SHA1 | 41f137ee2cae05a279841627dcb967923aeb892e |
| SHA256 | fedc8e8cba8a65a2de2445e1d31a308f8c80cfd11ff425f93554e77cb5724e80 |
| SHA512 | a5a4af8a9d31be0d093391617ec0057867de3711880596f6004d0087f7db133d71e7a3fc20470682736172ee79f27afc9bd0ab6fa1f6c7fbfbf6a4a3b5fd1060 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d495000313e456e1a03c7c28dc62f11e |
| SHA1 | 3f59d2837775f2c282537637374e5679ace09768 |
| SHA256 | a55ffbb740c2ce98e013afdf091490437bdfb09605e7552f71ac2ed1abfa8d08 |
| SHA512 | b16365e0d0c86422aa9e8484bdb7ff43b8ea35f9a11183076fe9cbb8a6f952955d3e4a82bf07a68bb8db193e269474045b289a6b2e20780601f1dc9b32e5f9fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26013b52daa56e66dc72619fefbeedf5 |
| SHA1 | d730c53b460bc1548490ac8dde13f950107b7eaf |
| SHA256 | f5564575553e2af53afe42b0173235dad31c48154c7d1bbfb4772bc7e5191c39 |
| SHA512 | 86ff7d4b350dcb326c840c6aaa30d9c8a52ca85b9b4cbc08f381417e10dfb7698d1ef73983a1a0a34eba3c192855111b270991869a330773fe6ff7b05989fc65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 136ea8e33b0bb2360924e09298d2cb71 |
| SHA1 | 903a54c4b5bd1692d33320ef50c3c1e22c2e5adf |
| SHA256 | b4c9253c0a112b923090a541d95c69e83582d4869ff3aeb71e4b9fe85c54ad10 |
| SHA512 | 3527ccba930348ddabc744571bfa33ad7449584ccc0d2a83d5d6638d1402298ca49ba204591726598fbeb36a6e0566b9f8316358f1083e18de69774b52385824 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8WRGLOTN.txt
| MD5 | 37fb1d08816af05978344b6d84168d55 |
| SHA1 | 1d9b84beac742e144c37c809eb95598ae302274d |
| SHA256 | 69c5aec7462de2d203d023c3207b43a36c3c9e67a9b35c6d5e1bc606e0145d68 |
| SHA512 | ec90ad2608be892ca24298b7c63345b438ea3034ed11fc8dec991c13fbf8a1bfd91249d4ea2a83271bf21d0baf65f8c4662c3a57f797affb1fdb5f9c38ae4e4c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75OMIGJ7\favicon-trans-bg-blue-mg-png[1].png
| MD5 | bda49766e2e7e028ef09d0e34988ecdf |
| SHA1 | 73fed2c00c224aa0df89397ec41488d63975c882 |
| SHA256 | 5cbda906c7db6d50c7e200d73841a7bb7404bcff1b3c9121aa5bc79dbc608b9a |
| SHA512 | 2292945b9f53d495b9845cde7fdddc6890edbf00262314691bdc609d81dd6521ad3bb687766a2291077a1848ef49bd04a430c96503eb3254dad6e932963c9abd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jre0bgm\imagestore.dat
| MD5 | 79e1a60e52628d958a997074a910bd53 |
| SHA1 | cf237d6cbc55bf9d9f876bdc23e36d9920414db4 |
| SHA256 | 954d067cbfaab5fe9d8199f63c8232b9ba6848062d0a05cfc8e0bf770f69248b |
| SHA512 | e2c99e034789e458e7b29ecfa5b7e7fe412425f4057d0a406882be006d421c17586f464a82fe605bc01d49d6e6ee3111f9347b8f61264179a106399aa6e03b2a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jre0bgm\imagestore.dat
| MD5 | 87aa4524ae469027d704b398bfcbc248 |
| SHA1 | 01940e7abd2051ab4eb8bd0045be19dae029ce36 |
| SHA256 | 8888534b1e612e95d03897be9182dce4c6eb49782bf3ba89367e6497cc24810a |
| SHA512 | 8c9ffe13c18cc4e6f92fbc987d597cca59af1cc6824a39bb8eed01d5f339acd93721533afcec330c50662a3e59e469fe41b45cf68f94baa89b5f2a540af59b48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e9c2e2a81a90a4a9d4a47785b94088f |
| SHA1 | d2e4e8ea80ac6ae95f9863c5d9032b6a6952f609 |
| SHA256 | 104330d9d19836d61ba399f6790bfea18c20e612d40ba761fd70734b0a0ca7da |
| SHA512 | d306ce5669394f9ac8a27650ff612ee699f831e381e68eb62a0bd74d2b11bc8e60428d3c4de5e3f4aa9486ba1ac733577a0be698e7d88ce03678a4ebdbc28dee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ebe1be68f7589cb16d668f0da782dbc |
| SHA1 | cea8b74d5b417016f452200db2b66f9b81a72a02 |
| SHA256 | 2eec1e5c9551ae7238597d7ae1c124b592de02f93bae0b6b02349fca4ccfded3 |
| SHA512 | 90bf43c47e5e549eaa5b3125e7a01ec246a19b99efa42bf152acdcb5929457918f08446b9472a66954aef0b48231a9a632715eafc591d30fd93e54d7b738d6f1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GMFVCUYW.txt
| MD5 | a2b6c0a7dc56e2a66ed0cd99b86d0b9a |
| SHA1 | acee351ff61e1ab9aec0f6f08cf5a47f706f5184 |
| SHA256 | 9568e780255846039af3dcad8160a6c8f4c51f26a3bafcaebeda2827a2882232 |
| SHA512 | 09c7c0ba5697458d410d61e66a36d008ec0df5ff6aaf184471d896bc829d7ec1187b5ea1f49a19fa473c2b79d3fd03f6dce2f77354857923531770c3b4db6a46 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JDPL35O9.txt
| MD5 | b84ff7a4bf67ce063045f92381e16a84 |
| SHA1 | dc9393b49b95009b36a113b30ff22c68ae17b16a |
| SHA256 | b1ffc7f2e587d2b293a01dfeb9d5d5b680974b8fe220938a5f50f1727d56d221 |
| SHA512 | 939f271e883c8d2a2b97f6e762f3579a58fa58966ece103062cfe90ddcc4cb7698a7a742bff3df020ecea859df1fbfc6e7503f3f8f7c5564e9e00cd22fa819cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6fe0b86dcf2d1570d633b1a72c04ffa |
| SHA1 | c337030cbb3425375a8803e6e51ea41edd06b193 |
| SHA256 | 73332384812990838091db3b1595bde162f167996b56b530ff3404c09e89668c |
| SHA512 | 1f1cd6582cd3286ab6c075f01949040e9597d28645ce7555dc59d7358035b0c096b16d255dc0cbdb4a48b47a920d99db9c173005046cf54db5d3ad821a003f29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 979fb74e3c09a8c60c93182acc4bb897 |
| SHA1 | 0f82ff24aca8ae7cc1dcf734c9bbad8e305c63eb |
| SHA256 | f6a0fedd0a076dcff66dc6531063036dd49c94dbe169c2c4522b570b765dfd33 |
| SHA512 | 51b780ecb96f8b2a17d36c0f2391530688583ca1e65ca95d5ea347c87fa2eaf06a3bacc9d6fb3625cbf86c95281f3e39999b540217b9b79e2dddedb57eeea0d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6VQEW29L.txt
| MD5 | c0e7b1370589e232c22833a13ce65ac0 |
| SHA1 | ecec46e3e5a84b5efd2e7273dc6132be9357b43c |
| SHA256 | fc3a434f896e62733334cd3491ba60c56abfc95ad0daa327eb2c28ada60dad27 |
| SHA512 | d7f13119a941d4444e7c030455ae9a5700c81954433fc153ce19a4f4d6c62a81bbbaa37c5e3ca96dd9e397fbc5cbc8c543f6f30fa62fdc7bb810212424be6cd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 024f3db4f7aa5093cafdcd571657c62f |
| SHA1 | 7975803041487ecc84eb8d2ccc34f367951d7a55 |
| SHA256 | 70f1bf034afbf0edbe198cd6ac0b868adf60f36a0e0da87fe2e085032de7b415 |
| SHA512 | 0527c3785648e1c38ba59f9fdb5b2b90fff2a8feb73e741c8d10ba061c68cda5b604dad7fa96e9299c18acd1f055c11b31ced540cd88f7c42563b54798cefc8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 830f49f83d67ad974ef6f06075169468 |
| SHA1 | 885a3736ec0cc206ab7f30a4e3f2716af7867afd |
| SHA256 | 8fa9c243d8b9d2d2771153e63774e8f730c733997bbd41d3715a653cebe3136e |
| SHA512 | ae1a54f8b563d1fc03d6ba8db4773f0fc70c33ee2d9656f2ec5269a7e32027492de19fc03439681d77c3fbf1884a1bf98cc2bf324cb0f2b122d743bc0ff639f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | e7afc4eb62278eee07fa13a4c7b5ec9b |
| SHA1 | d2baf7df4d6f93c94898b140999c006cbe61e25f |
| SHA256 | 63860e1bfb968f1cd5082eeee88f7e7e9af36b927e15bb749828f1ad587dc394 |
| SHA512 | 0f6c002854b3bfd3ef1f9d165c18de21ad982cdb86ef2d82734bf016939ae62246214ce3e3279979b7fc51ec695be0e974e1a9513539905ffd040b08f825e40a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fe50142575866926d2e8108823b71e2 |
| SHA1 | 3bb2635086d079bd9b8fe4005d80f3f20eee6599 |
| SHA256 | e34a54756b6fe874316a1dc8df679d3663e1ac508bda0df5e2a16d9f0359a3c3 |
| SHA512 | bec1dbeec506681b81a6dff379c49c0324ed34493eac74066cac985217118d98f117041b049bbb0a24cc361b609251a4f43279dafba188f0308e1487073dc235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f9e028996fc19382ebaee233e224033 |
| SHA1 | d349779c128dd0b45ac184a294845ea47069cce1 |
| SHA256 | 6061ef1b39800c289cb531b7d9ac10ef785e36dcb6f79e39cb1225da75446f6e |
| SHA512 | d34a7c47bc66f7e936422c2c3b06a05c5b0134723fb828a496bb192fbc75feecb36e60ea0708e4174dca5bf314b75bd875bb622579ce14ae93525dc3e5c86b6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03880600ffd810f6180ba10d7c8e38b5 |
| SHA1 | 2d4d6b18797fb8a28452e4c08711c93bda23cdda |
| SHA256 | 72b273e6218205375b62c12b9e7e601cb7a1dec9685d4ecd26c10d801fe46662 |
| SHA512 | a939abc1cea770598e98a60b603cc74dbd5600d051df25b05cb8e3b27c489c80c615ffc693f27c69258afaf9cbcc64e2b29a6e04acf503882b96099ce0b52477 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e08b13aa087146f7a1ac736dcc6d750 |
| SHA1 | de83bae3f49542f20d0636ed345397825cc893bd |
| SHA256 | 1596e7efcff50dba05793dbbf3e6deebe0107cd6bdbd28b1b1bf3bf63331a9d7 |
| SHA512 | c16b17756b84a21004cba7581de2f3a6ca8c4d56c8d0eb788493261d4646131f1b1c3ddeece10f2d06e4511f09d4c2aecf39084f0fed1075eff85adc2c2391ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 695ccb9ad090c3d7ab5aa958ecc59b7e |
| SHA1 | b35aaca629cfefbab61101bdb069522a28dd40a0 |
| SHA256 | 92747350dd934985b578419a36cdf330e67416c0b2edf906c8c9bf9f0ecf39a7 |
| SHA512 | 29bf5d019b1f2c7ed659d1346003a7e5bdf2e99a42a1004b4ce55271d0d2fc462e496e29954012b9deb81949e8d23e0dae23b5e08b5e4cb9c6e23b6915c150e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c8624a3cf409d70ff0e33889206f29c |
| SHA1 | 231d2bf426fb1d38436ac33e60caff1b5a2a082d |
| SHA256 | 3b10cc024382ba794e755c9cb73c354d564fbb1ed71da128d9e168e7a72d1178 |
| SHA512 | d4b56c8af5e4d183b406fcb27801ca79e9090382e8e86177f58626a51a7042cad800f6257ed4eb7b5a06ea20f530945df0b81298c7e2a987654d80a41dc3fb21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f497b4b94d8e0e25b8e631ba1f831e |
| SHA1 | f25aaa076857a63c51dd340d9729aebcd39957e0 |
| SHA256 | c19f6e75e66b95b2313814b12a36e8f58a67b335a9201078fb96b211c4e0b769 |
| SHA512 | 2bbd0689f824c7104ed020e5902831f41766fcfc4ad47710d89b0ab0471cff84c942149c07e8a4eedbe503e892cff29d27a948cd3664339a1e4274e8b3cd2b3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e388d3606988877b3037fc62e5db72fc |
| SHA1 | 1590f9e08b351f3a7682f531f3545ab6677440c1 |
| SHA256 | f90a578f093f2e17fad4962dab8ce4cf9fad8364f53e482bc60139e3f2cb8e76 |
| SHA512 | a4677768f7e748221dd16c09fa8c8efe0b469fa3bf22d5884b16c9b2727d1cc07652a5afbc50bcf4815b41dde8e37adee767412de2dfafe78c3a619c6be9fe34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59550dba52a8903d04dd38fe4714c560 |
| SHA1 | d05f5f0e0d8787f47f597010e91d77eb1a4e1507 |
| SHA256 | 47c9cb19a8f0a73d0ccff45e38b30b591d71191e26e017bfc1a7a23eb993793e |
| SHA512 | eb22b8eddd4ade43f1f53555a31dbb666ffa7bc6ec5d16236e0ae1c4d2fb488da76ca9cf6cf0523a9772b60a3547a37c9db83f8a65079defd982096d2e77aa16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3153dbe8383cc821859e9e5e418a7f1 |
| SHA1 | bed35e52ff87f2c896c9431c98b87473d7a7272f |
| SHA256 | d76a1c6da97968e9ac98dcaca828ac6f7fd6166826ecb8500666a3075fcfc246 |
| SHA512 | bb245dad48bbe3bd77b007fa54eb6faf93b818ac24bce906ef917f2c742b119c5a52f0d4c9163bbe59834388666a150c909db7abb42d26883500338bb7da453c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24554093e1fd1097ec976be259325975 |
| SHA1 | f9648cfca93fe322e4cbb03e6348c3dde71031d0 |
| SHA256 | 511804c216a10ea0825879dc6fa28e19a9827167192537b5dbc59d146d2c3f05 |
| SHA512 | c483edce136c66c84332c90730cafab486fce8e5b7a986f4f340d984a882318c6dfaddc3e667f53f1e966cbb7ad772e6891356125987e693825eaa31ada2e807 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2642eff59b8e32591b579efb03f00e4a |
| SHA1 | 3f3dca1366340256849f39445afa8597b3f5d285 |
| SHA256 | e034d50c0857c2b8f3149bff3dc52f2395ae646064ff0298d9018dfa84d4cb7b |
| SHA512 | 99ad9021e4fa324ddfc493ef60c84fcf032481699020283d35c5e2806d19ef62c932c367edfe47d3cedb099d475fc489c930305fe8c13c750a64569333aa710d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d01f26e94ade712c9bcc25290a295789 |
| SHA1 | 00ec342edb3f005ab9de0a52ea10d9ddc68fffb9 |
| SHA256 | b94c083cc6cb7bc14aad3c4ecd205dd4278b0e0c56daca6fc971c9fe008f004b |
| SHA512 | 688d38f6f79b886d569ea57bf2fd2efe63577c5a48b64d056ad1a90c833286688e963a4b95cbd52dc94e1df8ec1a5b1ed18091a552efaac8da72f85a452e3448 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12c1a34f56625f7e104c14867c00f0c3 |
| SHA1 | 7472c6954be70ab343518421c17f887da6b67800 |
| SHA256 | 3061bc0efce1dd8874406ffd2c9f46e7dbcf2e643b727370c642959e55269484 |
| SHA512 | 7eaac6e82656ff674947c0e459b176558e61e84717a73ab5b8f106733987ccf94f36287e3fa656a28cf60812e73c280fe2f616f8ba2c826f3c6d66c9eb6c2f6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 475b39bef1138f3f1595a2fb45635cdb |
| SHA1 | 85b5a488a3c66a88af99e7ef64e71d9d9e9c2496 |
| SHA256 | e4ee885aceff7f9514eddca37317377603b32d0afd328139b9dcc4dd85e496b8 |
| SHA512 | 93d62d4e322b6656b9392e7d61eb38863b05a3f6c88428598d1937fa5474462a74acdb32c9cd1b8ef77f0f27f5ef5705d6c8b7325751fb05c4344b8d83a47b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37bd84bcb8dc8c633d5695eaa8ae5ff0 |
| SHA1 | e39e36468892ce97f96da3381326aadde8d68cd0 |
| SHA256 | 387852c7db233a50db42dbec4e1516aedb7733b131b5ce0ae4e11da2d0210ddb |
| SHA512 | d6f25bb9111f0bdaab0065cb08ac92de1abba9b3c524e12fb05c501ac05135420967fffc34e16cc76c39140fa13bf5db9776f4449d0adf979d0bf792d0415a9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbc76a0d608105da81bbb10a88f4987d |
| SHA1 | 33d1c2e52a85b79b28d9a57261ac5c519f4292fd |
| SHA256 | 41a17e620ccb10067908654e9593ce6c0ebf2c62e10001a4750c6e6d6c5dbaaa |
| SHA512 | 8eb170cf8b7a1210739fd54e7fd95d1c16611879cee6d4e890b5f2b691c513ecbc83ac48b877893e9c1addce8524212ff0f3f8707de3341af1e8d34dfb4d9318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e35ff583cd43a85f83cb0a94416a67eb |
| SHA1 | 9360f14d8f339f2caa2aa4d88d2d491f6ad62cf5 |
| SHA256 | 5e7138a4e6548e8e895f195fe26439382fb96a60aaf5acfa84e006f038c2e60b |
| SHA512 | 88d8caaa301e6c82ae2cfba6bf58c46c4e99e8c408d9c7c6da287c4ee08ed803dbc95687d78fe2edad75c2a52a148f0672b98d17df8cc3fcf17d684b83770725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11d065df8c74057228f01915b94bec23 |
| SHA1 | a1619f1c4e6cebdf49e5e29ac5b164599e15aa8f |
| SHA256 | b9a57374c49075acf528e0e4ce87b6aa36b00dc3bf457e96399446bc2cbd681a |
| SHA512 | 09cbb6252e6b5596f37a4ed095448277feaef43290670adf9e7fbc0e89e9b8886ac354783588a5184e17475e72afd6c590408a04c71a1c6f232c3b53d86b29ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60e2a884838f77682b72d25c6ee223de |
| SHA1 | ff887692eab0476f19e2e35b4abcb6c497fdd870 |
| SHA256 | 3d7050ba69663a5a72b4e8672f373b38be7019118cd7946adad871d30edfab8a |
| SHA512 | c7c973d286b5fbf4cbbef94b6891652422197b1c02ae4d1768b4feef26a0adcfd5f4ad342499d57611998b60158a25c0579ecb1d1396f7d39bb334256785b1b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b156f8f931a887cdf74d9cc3af68fb9 |
| SHA1 | e0d94fbcd3350a491b378728c8fb7c4e75b829e8 |
| SHA256 | aaacb025b53609d2fbc1e8fd973c1c78d34367bc3b39f0f7ffed232b82f2add1 |
| SHA512 | 10410c4afa5ed20c7439d07aed4d5507489e4bdfd229a2b0b1d58950b256589be4ea68bb8eada00f6deb61d7bc52a507b48c2a269824a8aaab20f385766c95dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a50ddb9cd2e2c55f4dd994ed3d8e45 |
| SHA1 | f867ac9ec3b87227151814f55e0f7817d39d523e |
| SHA256 | ec75d1a08f34d9867c21e5135b330bfe172f379b232f5c5f0641aaa4caf11cc5 |
| SHA512 | a250ee2d86751b5d029cd36d2d25f447b4da2b3c3813f2310723d4706d0bd6b6cf87c6e0de7316a8e6e1fabcf53874b01345948bb96d568c8c092687d4013c4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d06c8b56905d44170f309f8001017d42 |
| SHA1 | 404e05667296ca5b1a0352dc9ed739bea4c0084d |
| SHA256 | 83ec1a42cffc0645d0d8f15ae6ca51c967e5be9099e4fdd2596e0d61ffc324ab |
| SHA512 | baadbd248905bbcd5b5e47ff690dab0043f88a0acaa0c98505ea9613dcbec0d9ec6fe0633da2869005cfe756624070d1803e4434063049edeecc2451c374721f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53bb5c81afa4811260cac34594f26af4 |
| SHA1 | 27a62c313cb4403e0f88aad6981c21a650082202 |
| SHA256 | 7c2d96401629e7191c988aad87e452ea6c951e0547ac370993f8e843e2edaff4 |
| SHA512 | dc9aa5997d63947d89eecf14684f496328cdba7a12f8c96be9d2ad6541791ae04218a00a6fb14af2ff01b57928d9e1eeea2747e5eab640d29f52f4d38369c0cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 689df3b633e89123b46bb7d92ec18568 |
| SHA1 | 11cadc64c293f2a48f9befa94573822442ad698f |
| SHA256 | f8f07cf7f83517a638a07befe02332cb9303a035f8ff9d8b4ff595d0bae5b4f7 |
| SHA512 | b73a69ffd9458a633fae972b580c76e310c2b2800be8ceb9869dc7a223d7ac89651fb675c5a23631da99e5fa54bf7f8e98801ee03d425a6c89f800b0980e9886 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69de816390d50ce94ed7d41bbc26ff56 |
| SHA1 | ccc3028c377ebcc8ba25fe05582e26068df69af6 |
| SHA256 | 522eb4b328bec213a7a5358522d93e8f2680dec32c87a116293d289a7d1b5644 |
| SHA512 | c38455979b96bcaef9bd8eecfdca52d024f57b8870233f2d97b6c7a97bf05f001a59d7ac392181b7ed73e97bb92e0c8f2e5b2d30d126a183373cfe0083954e23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ffb46b50fbfaa8274da752ee045a375 |
| SHA1 | 4a016a6a2f67d2e83d6986cff7508efae1af97fd |
| SHA256 | da183b845b9f55a74b9265e074bd94a2bd2074b32ec33b6e99e1fced33db9719 |
| SHA512 | 51f861ee34e290d0a8eb083eb5fa4082a2a2c4b68b3acbc16e4eb03daba95e29d48c9d60960bf1e0c0565ee0169e892a4485f400389c5a68c05598496507949f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 605c2c0ef1829a53c8d229b2327f6301 |
| SHA1 | 728f1974d122369b2211fadddf497871621d93c4 |
| SHA256 | f9ebfa7382299e5b03cfefa0b237b8b538cc0c21c720afb5fed255a9b3d7d3f4 |
| SHA512 | 439b7612f935f7cb03f6e827fdf94338e79f64af4d37045453312729dca6b017b7105193260c626bfb83be2f9e33d57ac84de3d663f17f8b55cb0b3f284f8850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b270ed9ecaeeaf17dc9c8126b9edb9b |
| SHA1 | e8a7a84a60278315ec0fc67f4250a4e793efc167 |
| SHA256 | 03e8ec16230921564fc0444a788239ad302b405ff097112391128995dd940c66 |
| SHA512 | af122f6f32b90d9c6bd01cd48294a2971c87492013b0a984545a46d19d94bac8543f35fbb4e487a1ea48b67f8fa87e991ab4ec9680cd9ad01cc8c7156eee89c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f7418b9a8d9f419c815308440acebf8 |
| SHA1 | da418da0cc58de7d18c5a2182ab14caabdf33a1c |
| SHA256 | 29dbc20504fc1330714968291b3dff0aad7d314d30e504f5151302f0141eaa99 |
| SHA512 | 43a11386dd8c2d47148e7202b3cd0ccdebed81067d4855ad8e0e71fb69a2bb44107cc77582084dd1710cbb9b4568a63563882e0befd72b81139f6e6de757f873 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 371f1ac7f40d3d29dbc06677386cd7b8 |
| SHA1 | 8255642f54219aa928cf11c8fd8578ae5c176fe9 |
| SHA256 | b060c6df6ced7785332cd1ac4b141473122ea42a166cdb31903207bd13ed1ae3 |
| SHA512 | 2b65fae9a9ab54433b5290885408aa0304f2026a31a295a643dfbe171fd84e70d16bb8f99986da32f55b788d4acf54d6c83ab72a9af4a8a47d3763856219b818 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49affa1ba72d0a7b9876c3f60d3153bd |
| SHA1 | 0f0d4bb7d63f728d7cacfa3fcc0ce12cc461db92 |
| SHA256 | dd7514c08d60529a3f372741f5f55bc73c6cdeb6bef18b6e453424325ba89ebb |
| SHA512 | aec39a5f3c11bb61fc2ee0720a03c93e8b691c5bcfd300ccd3a5f4e6d745574c6b50e782e52ad1d5338ce19461f512bae590aa582d82bec704b502ceb01e311c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b15bca3b4414e3f37e74e10df1c9b7e |
| SHA1 | 7a6d4a43e00fee3459d44b1d1f2d92d880cae742 |
| SHA256 | 9369425fc2faac606ecf56a411128e94b4f41497a2cd41ab716575ea09394f23 |
| SHA512 | 078116c3084ba15cb873f5246f0d902eb37989f41200c984ade62a351cf902854dca7cb63f2f6f575b3f52b20b841d1f8c5a73112f748f5616d3008cade04aaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90b5b891ecec8e64a2bcdd51c97cf723 |
| SHA1 | ecc389c36823c5c0336c6419c097efcbc0fdf32a |
| SHA256 | f33f26015d90832d94415ba73350ae93b4fcefb5534845ac672f218199505796 |
| SHA512 | 819675645f26f7ea7bfdb4b34ceff62a9e59ea0a9f9202d08f052289cb2d207f2f8359f9fbf09b16fdd656ce2c345ea52ab377efe11ddd1c894c8c1671a16ca0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59370703e076b25da9a81f113e253e43 |
| SHA1 | 6612a40efd6262778b70e84ad331ec0627473922 |
| SHA256 | d4d679b1a45336d94f8d4eb24470a2f8840d77f7afef7c8c5de89edeeaf35df9 |
| SHA512 | 462055f2312b1bcd8e560b49217e32b16b9fa844f34d243a31ac476bbed0a0604b5cfbaa8c66bfb6e9cc1e5ffa53703dd01a5c3e98584bc43c5d1e4e99d5b7af |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-24 18:30
Reported
2024-02-24 18:33
Platform
win10v2004-20240221-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Lumma Stealer
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3332 set thread context of 740 | N/A | C:\Users\Admin\Downloads\gamesensecracked_without_pass\gamesenseloader.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafeab46f8,0x7ffafeab4708,0x7ffafeab4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1516210462954249502,9956789850166550802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Users\Admin\Downloads\gamesensecracked_without_pass\gamesenseloader.exe
"C:\Users\Admin\Downloads\gamesensecracked_without_pass\gamesenseloader.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 172.64.164.23:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 172.64.165.23:445 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| IE | 18.66.168.114:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.168.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.27.240.229:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 3.162.140.101:443 | tags.crwdcntrl.net | tcp |
| IE | 52.212.53.200:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.72.69.210:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 229.240.27.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 101.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.53.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.69.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download1652.mediafire.com | udp |
| US | 199.91.152.152:443 | download1652.mediafire.com | tcp |
| US | 199.91.152.152:443 | download1652.mediafire.com | tcp |
| US | 8.8.8.8:53 | 152.152.91.199.in-addr.arpa | udp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 104.19.215.37:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.215.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:445 | static.mediafire.com | tcp |
| US | 104.16.113.74:445 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.16.114.74:139 | static.mediafire.com | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fbbaffc5a50295d007ab405b0885ab5 |
| SHA1 | 518e87df81db1dded184c3e4e3f129cca15baba1 |
| SHA256 | b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6 |
| SHA512 | 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b |
\??\pipe\LOCAL\crashpad_3940_SVYLPPHKDKAQAPZU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 360dd5debf8bf7b89c4d88d29e38446c |
| SHA1 | 65afff8c78aeb12c577a523cb77cd58d401b0f82 |
| SHA256 | 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef |
| SHA512 | 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 717bbb1ae6cb3d990a3d7cecf5c34d8d |
| SHA1 | bc3ba22dd33c959e75d2532f94ef6ccba3b20b02 |
| SHA256 | 067ea688defa07bf7a3d85763bca251fec3351d725ed320296778c42117d1a66 |
| SHA512 | c4b6dcc445363a15937daf868cdb888b0bfb7c0c32823ea3e1a41e90c2271da962b080746eb1748c999b694748550cadd5a8e3ba4550363992e3d9e6b483cfc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68c7866084f708ab6c6e4bca92eeb9aa |
| SHA1 | 778af90b19b16e8dc812a46cbf29dc2e08512170 |
| SHA256 | efe113d2ee933bbb0c661bc4be95b975bee36ac6fa86db5a9b4a2448fc68013c |
| SHA512 | 5edacc70af0e8a87e7dd0f994d6050da849757badabdab781ca29cf3f3514f25d4dd7524382cf497936ccd7831601196430ffc82a47c35b3a8e3783fc70ce933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c524e64-ab11-434a-b716-f2ee8a1baac0.tmp
| MD5 | b5e13125382a90789643dfdae6298c6a |
| SHA1 | 8fcaea8a0fa30a60bd016d4aca6fb7f5074c2b91 |
| SHA256 | a48ad733bddbdf4181d1450bb168dfc012b0decc075426fbd370a4bc624c746f |
| SHA512 | 1aa15f48b2a508550fd6f1304df59fb02a3e80502cd2bf3d6041a6b3b4914d2ee0984550271041b27720d97646f34715bfea76e597ffb1a06278b405735164cb |
C:\Users\Admin\Downloads\gamesensecracked_without_pass.zip
| MD5 | 31b921635f25e519736150d9b860cd33 |
| SHA1 | 527d6786d3184f6d7e0e61efabe72b39b5fa58d4 |
| SHA256 | 23521975c5f526909ddd77cf4c7af96ac2d0bd64928059377652e65a0f236f13 |
| SHA512 | 08fddc1da9ffea6517f7625414c038c7c6575ccb0eb9411a3c9dc29ad7aa0117926567144baf8a1f63f6b84201d6d9e6371457bf727b2eaac232acdf065b5916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a73e31b45bca7456b03ee12a166309d5 |
| SHA1 | 7d19dc387d298076b3d466e982945fa81f9a5c6e |
| SHA256 | 20a5b3f85147ffd3add4d6d07a1ea82e71942bd05970caf118748ec0c84776f7 |
| SHA512 | ea44b2d3eea81537c399da9135ef6409d3b3abfda7bb1dcc47878c58431c677aca80f1f2d8640bd3d981738671d5d59f65a6282b9c6af696ab1fccff4140115e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 988d8ccba479da43f9321e086d0b115f |
| SHA1 | e8881c11d1abf4e8858ff2e23004671fc49c5f2a |
| SHA256 | dd4ebb37861fb4e097039ee6ba9fcb24743d17ab00f912889a87c0cca248f187 |
| SHA512 | 6a71f0074f107fd33c98740ba04386b163a37e1b79179be094727e6513633693e39456045e94a14f3e46dcd028756d63ed82390f3191f002fc8613d4e3f01a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f794659d7111ad23cc06d81cd9fadd9 |
| SHA1 | d8dfc166a930734e4f4d37bc48af2db0d7c56331 |
| SHA256 | d4e563c0550c22f81a90c94a7be2ee19c61ad6f9dd6cef8b7dc023dc9e240107 |
| SHA512 | 12a8a94910edcc7aa0845d109a6b57b9442cf33c43709238ef9d9ae664a80ebe5d61652d257ad5d2a2671acad66bfc0c70f114095a818723e23079f9bedf2d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9d81f27d26b56e25604cfc21635284a2 |
| SHA1 | edc9ce452b4a7c8460628115e0e3bba6b98a3c2e |
| SHA256 | 8c82c5975d5c44ef6985cde9589bdc7f182e667428dbe7cb36261ecc254d93bf |
| SHA512 | fa7b7c73d3e87fa53eaf4c4ed6ac0c36525f836df96bccdc9be7c5ca8ce2e2c1b18bcd1a2fd91cf493424e18212d827f757ebe629e74ef950994d04afa5b984b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fd142b5da0ac13cf6850a06addf66ef5 |
| SHA1 | 1f2eeabc917fadd0f2511d37129097f35d228968 |
| SHA256 | a2c470b885fb232d8ffb730f4e262437a19c708c5172b66a918467b2d1a150df |
| SHA512 | fb6f413ddf973a0ac0dc45ef3a646bd6bf8f190601216a1f350f73a4c552184c9a7c816da36b0f8ce3826e3ffc34f054dc259152b9fabf0c40207923b9986020 |
memory/3332-225-0x0000000074890000-0x0000000075040000-memory.dmp
memory/3332-226-0x0000000000C80000-0x0000000000CD0000-memory.dmp
memory/740-229-0x0000000000400000-0x0000000000445000-memory.dmp
memory/3332-231-0x00000000031E0000-0x00000000051E0000-memory.dmp
memory/3332-233-0x0000000074890000-0x0000000075040000-memory.dmp
memory/740-235-0x0000000000400000-0x0000000000445000-memory.dmp
memory/740-236-0x0000000000400000-0x0000000000445000-memory.dmp
memory/740-237-0x0000000000400000-0x0000000000445000-memory.dmp
memory/740-238-0x00000000012C0000-0x00000000012F2000-memory.dmp
memory/740-239-0x00000000012C0000-0x00000000012F2000-memory.dmp