Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/Zf9EGZyJ#WyV0aNq1kd2URWcvzdClSQTqGxdn3LZHTC4HMDc-_Tg was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 18:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 18:19
Reported
2024-02-25 18:21
Platform
win10v2004-20240221-en
Max time kernel
98s
Max time network
104s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5324 set thread context of 5592 | N/A | C:\Users\Admin\Downloads\Set-up.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 5632 set thread context of 5756 | N/A | C:\Users\Admin\Downloads\Set-up.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 6028 set thread context of 6120 | N/A | C:\Users\Admin\Downloads\Set-up.exe | C:\Windows\SysWOW64\cmd.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Set-up.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/Zf9EGZyJ#WyV0aNq1kd2URWcvzdClSQTqGxdn3LZHTC4HMDc-_Tg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9b3a46f8,0x7ffc9b3a4708,0x7ffc9b3a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,10743867026883395471,10383124532156864605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@!File_2024_ṔḁṨṨẄṏṛḒ#.zip\@!File_2024_ṔḁṨṨẄṏṛḒ#\@!File_2024_ṔḁṨṨẄṏṛḒ#.rar"
C:\Users\Admin\Downloads\Set-up.exe
"C:\Users\Admin\Downloads\Set-up.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\Downloads\Set-up.exe
"C:\Users\Admin\Downloads\Set-up.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\Downloads\Set-up.exe
"C:\Users\Admin\Downloads\Set-up.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.169.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.125.203.66.in-addr.arpa | udp |
| LU | 89.44.169.132:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gfs262n375.userstorage.mega.co.nz | udp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 85.36.24.94.in-addr.arpa | udp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| DE | 94.24.36.85:443 | gfs262n375.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 854f73d7b3f85bf181d2f2002afd17db |
| SHA1 | 53e5e04c78d1b81b5e6c400ce226e6be25e0dea8 |
| SHA256 | 54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4 |
| SHA512 | de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971 |
\??\pipe\LOCAL\crashpad_4920_MHSARKHQKMRUDICG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a65ab4f620efd5ba6c5e3cba8713e711 |
| SHA1 | f79ff4397a980106300bb447ab9cd764af47db08 |
| SHA256 | 3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76 |
| SHA512 | 90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3bdbdc81ab2c1d98e113ffeb108cc08b |
| SHA1 | 1aea72c5cabc366c817f68b5ce9525912880fccd |
| SHA256 | b107f4e67eaee96c5918a1dd2c87758641ef7eaa9411a2eb6d46a2d42dfeecbc |
| SHA512 | 5ddaaae38b1016792c1786d89c4616d620d002e016ceb63c6ed9f0af6ef6d35fb8305fe918c0e8193eb823cf503c8cfb85f634a1874be71b57bbd062a2eb98d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ebf273047e9e9388855532b7179d6f81 |
| SHA1 | 02feec6d0cd7aefbc19449ba9f3998a0cd47f258 |
| SHA256 | bfacf8fc01f610459b751f91c3c1dce06cb4d01757e560bc2fcbf43030b7a0c7 |
| SHA512 | 8750129facd8753e5286815e67e0144c71839f7149147d9dd8a1952c11229f25544bb39eae352e928f465c384f4ec96fdd8f0ac5fa5c0b1a6e8de3b763e1cae4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5462d2f748325b59020bca3d9e052833 |
| SHA1 | 08ff4a6d58a4b7afd8ad9faa46c4930b44035bd7 |
| SHA256 | 701e66b36c0d94809babf678482e5629516d2e1858748b329f80511ce1c6c992 |
| SHA512 | 594c47a8119c3b0c8ee4aac5fae8b73f8e99df930c69f2bd1d9a7ecac94e2b5862bbeb2f1a72370470bd05d7f69012ef18c1e6bc75fe4c5696cdf0595dfc7493 |
C:\Users\Admin\Downloads\@!File_2024_ṔḁṨṨẄṏṛḒ#.zip
| MD5 | 662b45cf59080e5c21fdeca1db3d1d24 |
| SHA1 | 5c101b7e6f37c9e99500ad23cc26a84729d8bcb1 |
| SHA256 | 87751896a1354df4cc8cc7b7d34b474090750e39f055bf50da1e5d2677675b5b |
| SHA512 | 718c62bf98deaa4f77860cc59c2c69d30a70c3c4dd3097e89e22eaecd3dfb5571cfce9c7d7998060dddcb6599f72dbabc0b54a737756bc66c0ae051954687121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | be1680600e991c62040c2e38fbf19099 |
| SHA1 | 586c4c4b58b9f73b913cb86dc0eda5dcf655e342 |
| SHA256 | b2596bddfeb7eb28015977ed900e95bdd053f1b103a184678784d8cb2f3ecc82 |
| SHA512 | 5afa9a562763f49e3cb76798c76fd427269da91475a7c24da165128ce5108d9c6c4aa175ce7bbff107c3c63debba49a90dd10fa579d6bc53456391b7f5bc195c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8a2f0994bc69b8b91ac5a78c05a7bee4 |
| SHA1 | fd4f1e574613ec414dc27d126c7978d22910aa7d |
| SHA256 | efa85db646df498b7c3b12c3edaced60cdaea467388ff31cb96036fda36b3bf6 |
| SHA512 | 59139a9c0ed2c6063c7e5ce6fa48416f4b09c70e4af711626e044929370bbd797d52d7c83eaa9834b2bf5e0703295dc1b23e97af8a8108a9ac8addeba67ad3a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579683.TMP
| MD5 | de481077654e38941182bc63ad6a4b0d |
| SHA1 | 0308806b328404b025cad67a471fb9d57cb9e500 |
| SHA256 | a997a989fa48d54c937d187b4d1b08451bd28dfe7ac231d2a359bf8afb3da6b7 |
| SHA512 | a2c2dde07e6d6fcdc351dc28ec2a2a613d87eff62856e903ce31b9ff0682272083c9c9523acb4131c713652d4b2a5630b7df553bdbb1cf4a69ba6f58d58b82dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 072cbb1ed863086d5e15b76a9670dd21 |
| SHA1 | 6229751e51eb1ccca237bb7ea1ffb28fb72c45ba |
| SHA256 | f7d953efd09fca9ad8171c27adade0daace62009953c6b9e33c2602ff16e0345 |
| SHA512 | adceccc94385bf20d78c5b63dadfb97b8e68ec91264c6b49bb3692ce79016bbd0e672e26f227f1a46097e0137c028d35745632e7bfc522f83148db5e7735fff5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4cdb49b2d0fdaf897fb4eed1eaecaf5a |
| SHA1 | 494a33ddb44dd4d0f357dc8d6c5c4757e6df9c88 |
| SHA256 | 0a636889413462a2d7d89155c59c12b6b5f48435b7b631beac83d9c837833244 |
| SHA512 | 20e6dd934d897531c1f89144d8f8774e8fbf2386c113a66499126b13dadf568c41b319ed0067745b86ac51817ff5e497bea536e29a83703c368628206c7106dc |
C:\Users\Admin\Downloads\Set-up.exe
| MD5 | ae224c5e196ff381836c9e95deebb7d5 |
| SHA1 | 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4 |
| SHA256 | bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26 |
| SHA512 | f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c |
C:\Users\Admin\Downloads\glib-2.0.dll
| MD5 | 2c86ec2ba23eb138528d70eef98e9aaf |
| SHA1 | 246846a3fe46df492f0887a31f7d52aae4faa71a |
| SHA256 | 030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b |
| SHA512 | 396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c |
C:\Users\Admin\Downloads\iconv.dll
| MD5 | 862dfc9bf209a46d6f4874614a6631cc |
| SHA1 | 43216aae64df217cba009145b6f9ad5b97fe927a |
| SHA256 | 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b |
| SHA512 | b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8 |
C:\Users\Admin\Downloads\vmtools.dll
| MD5 | abda498c196eb63a6545437d92081dff |
| SHA1 | ec040ef5583d3799d80f8d42ac7e72ca23c0b19c |
| SHA256 | b7bce419fc20f73f07c41441b272d191323b9387afbe4b79a1d8030083eed01b |
| SHA512 | 7bb40775f37d4bc4de6d451d347501ee8657655afd608f827f1b90e6cc276564c29e6c862345df4706a9ea40f418d2f0869d230adebacd08e613782121063790 |
C:\Users\Admin\Downloads\gmodule-2.0.dll
| MD5 | b0a421b1534f3194132ec091780472d8 |
| SHA1 | 699b1edc2cb19a48999a52a62a57ffc0f48f1a78 |
| SHA256 | 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b |
| SHA512 | ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98 |
C:\Users\Admin\Downloads\monogyny.ppt
| MD5 | f2a011e63ae67d678b34d5b53c8f1018 |
| SHA1 | ae4b3b321f0cfce1e4a4a061412be9d85a53dc09 |
| SHA256 | b3cc80230b08770bdfed917366765914e47f4de62ce4a9425f987b8d22bbd406 |
| SHA512 | 5af58fce7839fdb4c8b1b37fc0d00bfd6a688a2fcc5cf10a00b2bf5880f6313656758c553ecfdc2b00a06e7d30e6f362063a57c14969e7dfeb530b3efb08fc1c |
memory/5324-1175-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5324-1176-0x0000000000540000-0x0000000000551000-memory.dmp
C:\Users\Admin\Downloads\gthread-2.0.dll
| MD5 | 78cf6611f6928a64b03a57fe218c3cd4 |
| SHA1 | c3f167e719aa944af2e80941ac629d39cec22308 |
| SHA256 | dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698 |
| SHA512 | 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c |
C:\Users\Admin\Downloads\gobject-2.0.dll
| MD5 | 24a7a712160abc3f23f7410b18de85b8 |
| SHA1 | a01c3e116b6496c9feaa2951f6f6633bb403c3a1 |
| SHA256 | 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8 |
| SHA512 | d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df |
C:\Users\Admin\Downloads\intl.dll
| MD5 | d1a21e38593fddba8e51ed6bf7acf404 |
| SHA1 | 759f16325f0920933ac977909b7fe261e0e129e6 |
| SHA256 | 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e |
| SHA512 | 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e |
memory/5324-1177-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/5324-1186-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5324-1187-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5592-1189-0x00000000752B0000-0x000000007542B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c01eee2f
| MD5 | b4f718dcef4b4850304871ffff767c11 |
| SHA1 | c370d1bcb4e9af3d32d48afd6d634ab845d93313 |
| SHA256 | 706a2ae6b23d1a202b444eab5fe15dfea56e42bfc227b8e46f7ade3008fd9f95 |
| SHA512 | 1f6cd3131d55cce7721e9609aa77d8e63936a010499b4a06e78cf30ea46e6d21bf9e13f8ee32b9af6c6a246aa48a914dc2a2ba2c1769adc75487ea64c57352ee |
memory/5592-1195-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/5632-1205-0x0000000000540000-0x0000000000551000-memory.dmp
memory/5632-1204-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5632-1206-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
C:\Users\Admin\AppData\Roaming\WEB\glib-2.0.dll
| MD5 | 1ec2e96f2dbbdc0364edd8c2702e33c3 |
| SHA1 | f305e514632c9a824b2aedac1e9de66c53262284 |
| SHA256 | 073555e76823112efe9fca2b5bf258c3c26f51b915e7f4e98d7e62d6501ab0fb |
| SHA512 | 70de026eb38ab23cab2f71eb8563e9f8bd207850b355cd569970cee246c2d979d17e1b7b0ec40c1de2b9c11937da8886b5bee13ad7ee5ccc1c30b75d6a213a33 |
C:\Users\Admin\AppData\Roaming\WEB\monogyny.ppt
| MD5 | c8f5c6112bd77c6c0a7a622f2710e303 |
| SHA1 | ffdc87b6db30c3068bd753e9f17f4f2a4e28f5f9 |
| SHA256 | aad17b5045ece51fe56b77e67b1e3829dfba0d799a1d550f9e82132956874cff |
| SHA512 | 0581bb155d08e4836889cab5c972b4581f3565582a346c5611cabdfa17e2b3975783edb57727314bce83e864277bfb70488c30b538aa15aa99a7bb59aef1fe57 |
memory/5632-1223-0x00000000752B0000-0x000000007542B000-memory.dmp
C:\Users\Admin\AppData\Roaming\WEB\iconv.dll
| MD5 | 698ec22e42948033d62ad46e57ca02f5 |
| SHA1 | 1a1618ab4fa6935ab8e067738d675bfd972910f0 |
| SHA256 | 1359a175fd807f21e82502786a1410ae96d793c4664cd42ef4eab06bfc2261f3 |
| SHA512 | 226a8f22ca6eed9d57007c839e740b29045bffac13ebf99a9e2510de3167e93706aecce0a1593cc802a90005c8c5613a257bfcf276d4c28590220503a6f10e3a |
memory/5632-1224-0x00000000752B0000-0x000000007542B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\f87154e
| MD5 | a46b350960d6603075fe46eb343f4a01 |
| SHA1 | 61b781d6b47dec63c696f2a014cd3f0ca267a545 |
| SHA256 | 830aa6ac074b9a8a1bd5e77223aacc28e445fbcf8bc781b39dbc2049ee721b80 |
| SHA512 | 422635a93afde57a9128cbd72b6959d68800eedaef13b5371061d6724d3f5cf5e9909b413b5356aa38ab94c56f4582d6289e4662b99ee8b2ef88e36893277486 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
memory/5592-1251-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5592-1253-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/6028-1263-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/6028-1262-0x0000000000540000-0x0000000000551000-memory.dmp
memory/6028-1264-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/6028-1281-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/5756-1282-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/5592-1284-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/6028-1285-0x00000000752B0000-0x000000007542B000-memory.dmp
memory/6024-1287-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/6120-1288-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/6024-1289-0x0000000000A80000-0x0000000000ACA000-memory.dmp
memory/6024-1290-0x0000000000400000-0x000000000040A000-memory.dmp
memory/6024-1294-0x0000000000920000-0x0000000000921000-memory.dmp
memory/6024-1295-0x0000000000920000-0x0000000000921000-memory.dmp
memory/6024-1293-0x0000000000400000-0x000000000040A000-memory.dmp
memory/6024-1296-0x0000000000920000-0x0000000000921000-memory.dmp
memory/6024-1298-0x0000000000A80000-0x0000000000ACA000-memory.dmp
memory/1928-1300-0x00007FFCAA570000-0x00007FFCAA765000-memory.dmp
memory/1928-1302-0x00000000000C0000-0x000000000010A000-memory.dmp
memory/1928-1303-0x0000000000400000-0x000000000040A000-memory.dmp