Analysis Overview
Threat Level: Known bad
The file https://download2300.mediafire.com/0nw18boq4rqgJoXAsJzW5mLp2mFVyY_8rKUnx_uKTiqbeSpTgCYh7TJVMnDZxYkdLvzSNm9XAuv0BzgcRshm-1i1HNwDfifTFZ2M48fI0ixqmfAlN7ky-r__cRQLdJ9QMmfGpL4gX4R1U0ftJzdP2NDO8sNkM4hX1AX8hKw2tFQ/lij1ktcpy9uhez3/CheatMenu.rar was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Opens file in notepad (likely ransom note)
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 02:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 02:00
Reported
2024-02-25 02:03
Platform
win10v2004-20240221-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\CheatMenu\Launcher.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CheatMenu\Launcher.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1204 set thread context of 4112 | N/A | C:\Users\Admin\Desktop\CheatMenu\Launcher.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1464 set thread context of 2860 | N/A | C:\Users\Admin\Desktop\CheatMenu\Launcher.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2300.mediafire.com/0nw18boq4rqgJoXAsJzW5mLp2mFVyY_8rKUnx_uKTiqbeSpTgCYh7TJVMnDZxYkdLvzSNm9XAuv0BzgcRshm-1i1HNwDfifTFZ2M48fI0ixqmfAlN7ky-r__cRQLdJ9QMmfGpL4gX4R1U0ftJzdP2NDO8sNkM4hX1AX8hKw2tFQ/lij1ktcpy9uhez3/CheatMenu.rar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98ebb46f8,0x7ff98ebb4708,0x7ff98ebb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CheatMenu.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\CheatMenu\Launcher.exe
"C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\CheatMenu\Launcher.exe
"C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\CheatMenu\manual\Manual.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault29aa3f06hf2d7h4dbeh9782h6e1584093c78
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff98ebb46f8,0x7ff98ebb4708,0x7ff98ebb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,14400262699752227296,3850594056670847425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,14400262699752227296,3850594056670847425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2300.mediafire.com | udp |
| US | 199.91.155.41:443 | download2300.mediafire.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 41.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.133.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4254f7a8438af12de575e00b22651d6c |
| SHA1 | a3c7bde09221129451a7bb42c1707f64b178e573 |
| SHA256 | 7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b |
| SHA512 | e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70 |
\??\pipe\LOCAL\crashpad_3068_AGPVDKGIQYTTTLYH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1f6d41bf10dc1ec1ca4e14d350bbc0b1 |
| SHA1 | 7a62b23dc3c19e16930b5108d209c4ec937d7dfb |
| SHA256 | 35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770 |
| SHA512 | 046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee7f4643d7a1f69cc21426e2315a3788 |
| SHA1 | 830da0287b34888a3a9d9c7b0a0451b7ac78c87f |
| SHA256 | 45d7ed5b73cc26b63023036de704f9aeadc77f5ebc1cec7f700b3529eefc853e |
| SHA512 | 42a9a3fbd62b5906231bd1c35507af411c92ef60b001363ded4ee3c8863ea447e0a4d5da5a6f271c2296ee116e79498e2364f2ebc74e0891cf99c4da450a0d51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d37ba05938c258dfb5ca25e76b17c649 |
| SHA1 | d0cb8e05c5b5d54d288f8754872b4fdefd82cd0a |
| SHA256 | 5e58a4fc28bad5b3d870406f91ad8da6b2bc036994a18f096aa36ab16e3ad607 |
| SHA512 | 2fe239bd58aa0d8870d26381e8ef15d65d14ec3e847c0b2807da6b0ab28fa60e30474a19e968fec24774704b0d2c236d8e11669ffc7a1dff10e13343729930da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8cd371c82f5a7bab9f8b47f0e051947 |
| SHA1 | 3f8e542c84f25f4de80ed238a6175d4a350ff4e1 |
| SHA256 | a0b8823d2be5ea136c98621758c0c971174a9adce717b9a7cedc5d120af9366e |
| SHA512 | e56e452230c1aa0ec11ffba9b7b35f4edb7777e24ad3680fc4f24b8c1a195c1910c0ea74c5592aa14f0d4720572baaac8fe9a7cb6833bf6f02e146d4dd713ca5 |
C:\Users\Admin\Downloads\CheatMenu.rar
| MD5 | 005493eb4f0a3cc4f60f40a439a2bc88 |
| SHA1 | 95215978b89153ebd36551e1efdf92b9f44fc3ee |
| SHA256 | 59a1d975139553085bbf053015398692030428e58e58962f470edc96a5485fa1 |
| SHA512 | 479ce68de5e749ca28f0198faac9c358f4f068ec4d0b04c695bf71a4e137e1fcae1aaeab52ba21b101a262731fca783e07ef8126834225cc2402955841457f90 |
C:\Users\Admin\Downloads\CheatMenu.rar
| MD5 | 888f255f1f5e42df16de5de0c3638e61 |
| SHA1 | 3e83a47ea5b7d99730ac40872a7ab01f384c0b6f |
| SHA256 | 60f151bcbbbd53d59255d1b221d9e2ef2f08f53fa147fc8cf601364f367e5693 |
| SHA512 | e25333a36729d40ccdca511d91aa8b2100b075f16ed1bc9e3d3a381be247256269294e4026978f9aa438036326c0081d536241e1dae5f660913259498a90099a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e46607001c3879604d9489882a6dac76 |
| SHA1 | fd7f8dc837e4679ac75aa7526313d18f4ca71e0f |
| SHA256 | ef1cfd344d6d4988fdb198507b8a345c594295bdc5114cf3a10b5300b99fb743 |
| SHA512 | 7564e6216f74606da63b3a5640b555f2da0118ee34cd662f86be469bfd2161e574126dc97e18a7c69a6cbb8bf4d59a3959b5bb3810551ada1aa51eda74f9466b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ae4fd28f5a7d8dab49691e0da1c946df |
| SHA1 | adb59dd620b0cf88d66258e4990ba6780051c4ce |
| SHA256 | 60cb6a3bc5efa1a8ac8830ca94467892a34330acd81e951889b07e0aa5762da4 |
| SHA512 | c8790aec7bb8fd51614928d183dffe4654890603d93a9775397a39f86d23c9268f495ba9280849a07a60906ab20f03abe7af4a0eeb6257614d203c8cd0bddecc |
C:\Users\Admin\Desktop\CheatMenu\Launcher.exe
| MD5 | 9d6ad238f0d3dc1873722d2cc0d61df3 |
| SHA1 | 9401a18d3e419cae7201971740f96e58b6fc062e |
| SHA256 | 58ae6cf58fe8ceceb74e88134682706e6eb9f2912b5cae02dedd86b5b979314d |
| SHA512 | 6abdb7f2b50623ed75764b095fe364cb6558fb41bd072cc2c0e1d057e3f59d6fea380742818f01e2f77444c420f085d3ab4b3fdc3857b2febffd28fda910706e |
memory/1204-131-0x00000000750D0000-0x0000000075880000-memory.dmp
memory/1204-132-0x0000000000650000-0x00000000006A0000-memory.dmp
memory/4112-135-0x0000000000400000-0x0000000000448000-memory.dmp
memory/4112-139-0x0000000000400000-0x0000000000448000-memory.dmp
memory/1204-140-0x00000000750D0000-0x0000000075880000-memory.dmp
memory/1204-141-0x0000000002B10000-0x0000000004B10000-memory.dmp
memory/4112-142-0x00000000013A0000-0x00000000013D2000-memory.dmp
memory/4112-143-0x00000000013A0000-0x00000000013D2000-memory.dmp
memory/4112-144-0x00000000013A0000-0x00000000013D2000-memory.dmp
memory/4112-145-0x0000000000400000-0x0000000000448000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Launcher.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
memory/1464-150-0x0000000075170000-0x0000000075920000-memory.dmp
memory/1464-155-0x0000000075170000-0x0000000075920000-memory.dmp
memory/2860-157-0x00000000012D0000-0x0000000001302000-memory.dmp
memory/1464-156-0x0000000002620000-0x0000000004620000-memory.dmp
memory/2860-158-0x00000000012D0000-0x0000000001302000-memory.dmp
memory/2860-160-0x00000000012D0000-0x0000000001302000-memory.dmp
memory/2860-159-0x00000000012D0000-0x0000000001302000-memory.dmp
memory/2860-161-0x0000000000400000-0x0000000000448000-memory.dmp
memory/1204-171-0x0000000002B10000-0x0000000004B10000-memory.dmp
C:\Users\Admin\Desktop\CheatMenu\manual\Manual.txt
| MD5 | 8f86cd0535008c5dc6ad253798ff1d57 |
| SHA1 | d257dd0abd1b3c3af84c47760766bb7e0e73b1e9 |
| SHA256 | ce8d11c2c3359a92f740909d30e6e8b89f734ba4be98a8f14c8575b3f67153d5 |
| SHA512 | bbb1080a8f0dbaa3ab3e2cc856499cb673c5b119529643cf338dfab0b2d3e4ab68d9443885137a08041b5097d7c017e900c403df9f3e901a9cb0d9982929cb79 |
memory/1464-195-0x0000000002620000-0x0000000004620000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 699befbeb8df1894574f99ebaaca2b1a |
| SHA1 | bd9f2cc4287c3f38e1806deb419dd74e474e0c15 |
| SHA256 | a9839344de7a5686acdcd0a67565cff1c56ad083367325d58ffdb4e6d1110e75 |
| SHA512 | ccf19e4794ee75741f157e75563b7ae82f49bfbb9fddd487e22fb61e64bc12e9de0ec4dfaf6f7bf44075179264b16d53e3dbc0394b9937093af0ce003b96be11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 05fcaf23077596c738b88e0ca049ecf2 |
| SHA1 | 4777f932ed60ff5a054ac709c3c65795e0db3e67 |
| SHA256 | 2096b116004202b14bcc71dc3c8ba2b242a63cc4be476f80f75099134edbb918 |
| SHA512 | d1bb07e1f833c4becf9960d4c32d0b3219389a0e9d4755f3a3187c6a72271c41704a04accdaf17924f916fbce9647ba970ebcd5a9d8e964d9c68fc421a477152 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b3a2f50524375a2ed5a0ab420c22e60c |
| SHA1 | 6509ef4ca22f5e2c5d09ea09a965983619309269 |
| SHA256 | dcf6ae701c6cd39af2333e8a542d5af3203ea648948655842fba3a3d0147a7fb |
| SHA512 | 0c0c69a6f52461bd45b6b0ed0f7acb7b2fb03ee3bcca2490d56a94eca1b8eddf7726b276172a008f5fcae3d52da02163a28d370e08d1761b718276ec9c2c7ec2 |