Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/kzdxn2rnae1mibp/%2521%2523Files-PAsw0rds__2231.zip/file was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Checks processor information in registry
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 03:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 03:06
Reported
2024-02-29 03:08
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1284 set thread context of 3180 | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 452 set thread context of 2016 | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | C:\Windows\SysWOW64\netsh.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/kzdxn2rnae1mibp/%2521%2523Files-PAsw0rds__2231.zip/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6c3f46f8,0x7ffb6c3f4708,0x7ffb6c3f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\" -spe -an -ai#7zMap6968:106:7zEvent30582
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\!#Files-PAsw0rds__2231.rar"
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe
"C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe
"C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\AppData\Local\Temp\wkhtmltopdf.exe
C:\Users\Admin\AppData\Local\Temp\wkhtmltopdf.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\wkhtmltopdf.exe
C:\Users\Admin\AppData\Local\Temp\wkhtmltopdf.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:2
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\ethyne.mkv"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libdl.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libgcc_s_dw2-1.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libwinpthread-1.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libXau-6.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-1.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libX11-6.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libXdmcp-6.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-util-1.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-shm-0.dll"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-image-0.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10429955326770471464,2887100634394102553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.114.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.114.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| IE | 74.125.193.139:443 | translate.google.com | tcp |
| US | 104.16.57.101:443 | static.cloudflareinsights.com | tcp |
| FR | 54.192.219.142:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| IE | 209.85.202.95:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.219.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.97.161.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.193.125.74.in-addr.arpa | udp |
| US | 52.34.43.124:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | tcp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 74.125.193.103:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | download2354.mediafire.com | udp |
| US | 199.91.155.95:443 | download2354.mediafire.com | tcp |
| US | 199.91.155.95:443 | download2354.mediafire.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.43.34.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.193.125.74.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| IE | 209.85.202.95:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | forknegotationaow.shop | udp |
| US | 172.67.172.222:443 | forknegotationaow.shop | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 222.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 172.67.172.222:443 | forknegotationaow.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| IE | 209.85.202.95:443 | translate-pa.googleapis.com | udp |
| IE | 172.253.116.94:443 | www.google.co.uk | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f44d6f922f830d04d7463189045a5a3 |
| SHA1 | 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c |
| SHA256 | 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a |
| SHA512 | 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d |
\??\pipe\LOCAL\crashpad_3556_VOAKZJAHQLSPZIFK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7740a919423ddc469647f8fdd981324d |
| SHA1 | c1bc3f834507e4940a0b7594e34c4b83bbea7cda |
| SHA256 | bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221 |
| SHA512 | 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a80441e8176339e7318d0b48be301778 |
| SHA1 | 96f005aefaccbe7e0e67856226b1b03d2fc56f42 |
| SHA256 | 25af662dd2cde2806a8fd8c06ecc3922d88a583c6e8bb918ebe095f7f650c773 |
| SHA512 | 58232c6a3a67d971b72455bd180490f957fedfbe170430971be083d696023c79bfdac484857778ad725214cd48478f4dc09b15d8a282c89bff0d4ba996c7c2b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cee3dd5892c0c82d271168445c40cfae |
| SHA1 | 806fa8a7caba6397d1a18e1cfd8113b5d6a3de48 |
| SHA256 | 787f31863676b90de9496cc2ac3968b6125d85ad66935e50903660553e889967 |
| SHA512 | 68b5907790a6ae24e66505186863faacee2bd558a04dc98c3849b84c16b3e260f98f23e8f860a7fe65e60e4ff4d384d307059c5ffc114b89b0b72187769c0393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 46945eb7c11445bbc185271de8ce80b2 |
| SHA1 | 3448a27e3fd9358c35ec7e820c26b1006691bb30 |
| SHA256 | 5a05d5c1cfab3a869222e8063a630b6192620c96b83a24699eba7579d4fea396 |
| SHA512 | e76a3e9f7077917a4b79f3de5ce33020664368fb4958a15e38638993258c6756f27afc3219abb1b4460b84ef0b94f55e1756bcbb26f551bc119874ef43cba8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ff3e51afc4f40750f4e4d028dec42dfd |
| SHA1 | 260d0e23f4f2abc0d663ca9a7617d41149cbb07d |
| SHA256 | 2e1a071bdb8802e094a9de9a61d67b637c1cfe2fc553e701ebfdee93c82f9b35 |
| SHA512 | 39e5ed8734006fe189ba3de8fbaa0647cbb2d94e3f865e34a6bb1be559957e32d0c1666668d874ce99d46adf8357e34fcbbcda0653c3d6b3551ad4c606d2a159 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231.zip
| MD5 | aa36dcda08cddf0b725dbd3f0c985c37 |
| SHA1 | f48ec5a159c064ef4029e0d01a8a975cccbc61e8 |
| SHA256 | 425d9f9f93019a1f0ccdbab576304f058c8e0348174de101ac031fb0dca01bb8 |
| SHA512 | 810cb36940eadadd86ad2a359300436f3699e62bf6d181aeacefb32ac33325fee3f126c5d8f7853fc7e3f686dc037ef57ccdafd7397ebad7a7cf058b61af2986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a92d3a7e1a3b3725def5783da4c235d0 |
| SHA1 | 5658d65cacf229a634a0c38cca19e3c48be415b7 |
| SHA256 | 70147fa010a6baeb147e7ff39fa7931f6f92c37e809801595d8919b97c3fd774 |
| SHA512 | 5a4a04e2b1b208517e8efa94dea2754b93a86407a700f2ec0b89427bc4a3206d87356cf60632f77d61c234ca02337bc10e98bfbd2fe3cdd774f2c69a9e5b41aa |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\!#Files-PAsw0rds__2231.rar
| MD5 | f9ad65775815c1d9a93d30345ecf0989 |
| SHA1 | 57b923aba711376cc65b7cfebf4c0a2b05488c35 |
| SHA256 | 5e2bd8fc10efc00c2f711d46c40a87f3eab4aa47ce9bbb42690e5cb227a238a4 |
| SHA512 | a2ec43c647f180cd25fdb761694c0e2af12558da1bf69e927f1815614a72d32009e2ddde8dbdeb435bf2a78870b68977eab00c176b61668aef5e4543b33d2240 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\Setup-Free_Full.exe
| MD5 | 55076afc8f8de2df8f91fb2742bcda61 |
| SHA1 | c848bb01e859163b08ce4f58994b3d814dfdf700 |
| SHA256 | e3cb1b8edb969533e9299c4169b12df17a01d7516df943b486a785c986ceda30 |
| SHA512 | 70bf3d76b86b28aa4209a51469a4b2161c4253313849217b5e1267cb17f6279235b9ed18cd975aa48227401b48887f594b3be149531750638091afc51a425d26 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libwinpthread-1.dll
| MD5 | c6e473bbed2fa26953bebfdd0b66419f |
| SHA1 | 226e16684e02c6331f7ee82d02d058e2c55f8ba5 |
| SHA256 | 620a7e658af05cc848091b8a639854b9b15700a9061b4a3d078523653133a4af |
| SHA512 | 277419eafcec04618304f19b8b5b4aa55e0233fd6118d92a41d51447f210be382aac9098f3476b9d5891ec180c4d3450fa556705e6cd0e6e2b414097860f0e9b |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libgcc_s_dw2-1.dll
| MD5 | d35376c0d447108b2f9d64d4c40014f8 |
| SHA1 | c68129e8bf6cdaaa318c5aad8974efbc2b7ce39a |
| SHA256 | c7544e1f9927afdf6e8cd7063020b572e60fe8f00af39227eb831d331df38225 |
| SHA512 | c46af0bbd3bca6e12125750a5b1ca4f17f85f84729b1c1c01ee76de3704bcdb090212202cf449458833f8ee92e9a46c8758cbd069747de534e2984dccbe9f24d |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\ethyne.mkv
| MD5 | c1379c528c92d46cb0c62301e5178b66 |
| SHA1 | 7b856e77fd900ff2a13ef44f3aa65cd0057a28fa |
| SHA256 | 70e328701e3e77a1e7e4551348acb4cee89f6c9d2b67a2de733fd212ef8f56c2 |
| SHA512 | 87d60da10379107caa24bd873b8ba9e59cd6c9b81a7cd8a7080b6d643d65108678a2624785b162631c9da246385d6d0df4fb880fa43c7f652f79474f18b3ce5d |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\catgut.gif
| MD5 | e55e6ca73206c9e789abff3c9a00e3f7 |
| SHA1 | 9d5d9e175603382fb976786ca4c1a35ada2d2da4 |
| SHA256 | 7bdc7da9ee85d00682bfd03f83b86c4d05cf4e63cb2a8e8141bb94bda16b916a |
| SHA512 | bb068356452cb5dcb5100ea7ff7927e840dd6655395c9d573feb0cdfbfefce2548f1dfabe34b51729eb5cb91c87baf1b82a62a57c1f82230e57070663034c7e5 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-shm-0.dll
| MD5 | 557ed85a1d8a3308e552a77a9902e8cf |
| SHA1 | a9acf7a1db500a734e95038b29c0bd90f7af59e7 |
| SHA256 | e102c9c5b22ceb60dc516ab4124bea8ec8e808b08eec48ea7ac674d13fca82ef |
| SHA512 | 110acfc0b886a1ff77b5452e2f813213630ba2eb4610e06942a59da78e516e05893b049c0d1ddcc077ebabb3a9490cf84fb41f31b62822c9365b60a1b38fd4b8 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\zlib1.dll
| MD5 | 73b88d602d47fbc6acfc6b7f3df37da5 |
| SHA1 | 9d73d4f11e77c4f62bef4d4ebdc8f03e3265ff1f |
| SHA256 | 700eef3c3e133981d6af6c3da776575a6e3961a43123d104878d2737d895d5c7 |
| SHA512 | f9b00d665a9365dfd8233641d85e88479da86a1b5b5e9adf6734097b26ee5cd74c0b724709962ad9ec3f3b2e866116dde3c7a4b6118fb96da1ec0348b71160fe |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libXdmcp-6.dll
| MD5 | 7d4f4d3bc6ab6c3ea2097a7ecd018728 |
| SHA1 | 2434fbad089ac85eda43c0b0e911ab437b4dfe63 |
| SHA256 | 7705851ba047a8154402aca92621b60be0e0e9d9b52b19bf8be540305bd53dba |
| SHA512 | f9b64cbcd7c7c7b4e942c3da74fb280762d038f974fc23d1e0431b15787aefc87464cda121aa8fccf499af46e345dd65aa5fb5cfee1cb45dba6e5dd79b01a1d8 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-1.dll
| MD5 | a4212be49e5ce8f3bf3950ca32c4bf14 |
| SHA1 | 53f8e986e5fa3844eb73f063ed01772b53bc2504 |
| SHA256 | 394d2d862f2ddce71f28d9b933b21a7d6c621c80ef28652574f758f77f01f716 |
| SHA512 | 74520d3b3749d2b61e8a970c1fb29c588f98ce477eac4ced8837420153a6e739303aca15ed7d1e070125afa7f3ee32e452815ef1af135f8ed39ef2fce9d333ab |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-util-1.dll
| MD5 | ee6788d3d3750421e01519a27f86634e |
| SHA1 | 48f4c7dc7bd1208f07e4176e78f035d36682d687 |
| SHA256 | b5acf358ff97127eac9ef4c664a980b937376b5295ef23d77ee338225de10d60 |
| SHA512 | 12ef0ac4cf9c8461044317e693bcfabdb4beb34a222b635ba50f6652b5a91b92ff20cb19e916ac60dca3e8314b7d8cec710a1c730374bb8f260b8d94f57c9775 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libxcb-image-0.dll
| MD5 | a3718d24f0e6eae9d6121a1219381ae9 |
| SHA1 | a3377f64d8fb6162f6280d3d924626c1fc6a2fe7 |
| SHA256 | cb220267fb0116b298bab6a09a764420d630c52026f7d750f8ffca4818389327 |
| SHA512 | 43f9c760be222490d43cbd9589b4afbc64759919993a1957a13a753cfcc9d94059dba0b5400a745c377c7bea1f02f4f8f6f952bee5b7ed33f6a49efaec62e9f6 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libXau-6.dll
| MD5 | b6f0655bed934503621fcf94ba449a19 |
| SHA1 | f0a5d9eefff5f3bcd2e23b9db748c50cffc1c6e8 |
| SHA256 | 0da1f856d92d6b95f10ed8c3f629cd15468c906de9352fb4ae629139d1412eed |
| SHA512 | 77a10ae1748e5d76288c59933f3f41d4dc7a690b1f2bc9bff0b761f9f2c5331f868dc0259ffe4c4672e1806c33f3f9d0fe0a8b09b10e06333d2590f623c5b284 |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libX11-6.dll
| MD5 | 3cd9af46753f2a618d15157372d0d2bc |
| SHA1 | f2a1781b1a6d33338db4d9725b28f15d8a410903 |
| SHA256 | 497471497886f18ca16f7facab7d76dc9bfadd69deb9c6e4ea9bdc0869a15628 |
| SHA512 | 925097106554f6eac698ba933e32fb82c1405c7ccfe284b27f1558e9ab46139506b1e981721aeafaf2e0d595dbdfce3587c4056c6920fdffb0b2f2bdbdcdb38d |
C:\Users\Admin\Downloads\!#Files-PAsw0rds__2231\Free_Setup_Active\libdl.dll
| MD5 | ed925bdab51f49813686b62eb82fb4a4 |
| SHA1 | bc7c742b92a5b47089e0b400a8a80bb217e775fe |
| SHA256 | e1646c7778c24407a17881908037a49ecfcb5a980d155212d544302653a3ef62 |
| SHA512 | 5be99a6b0e2091fe37ff50d5a9c4fa789db27b5ba108801e4d18e99ae584ae1bc91ba3339916dff8a323155815e660f43ca54ffcc7c14c1e3f90600aedb54bd8 |
memory/1284-180-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/1284-181-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/1284-195-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/1284-196-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/1284-198-0x0000000000400000-0x0000000000787000-memory.dmp
memory/3180-201-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/1284-200-0x000000006E010000-0x000000006E02C000-memory.dmp
memory/1284-202-0x000000006C370000-0x000000006C4B3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\da5fe8c1
| MD5 | 217602e5e1e0f4f32aedf5e36f0c3c48 |
| SHA1 | c4a4d6a1e8e44f06e054c68178bd67385bc88b52 |
| SHA256 | 2cca1fe59e85e25aeb032ca29e3ea88b65ec8d13fa208988d68f9f87c3c3a820 |
| SHA512 | d2223765d5391447691725128cd1b8d79200a9245b596ff06b9e276aa1413c40d9dd331e70e06a3e0fb71bff0c8055b47c778d4c1a0d7cc0d73b127a01e9c812 |
memory/1284-203-0x000000006DC50000-0x000000006DC5D000-memory.dmp
memory/1284-204-0x000000006DBF0000-0x000000006DBFE000-memory.dmp
memory/1284-206-0x000000006DC20000-0x000000006DC48000-memory.dmp
memory/1284-205-0x000000006DBD0000-0x000000006DBDE000-memory.dmp
memory/1284-207-0x000000006DBC0000-0x000000006DBCF000-memory.dmp
memory/1284-208-0x000000006DAB0000-0x000000006DACE000-memory.dmp
memory/1284-209-0x000000006DDC0000-0x000000006DDE0000-memory.dmp
memory/1284-210-0x000000006DFD0000-0x000000006DFF3000-memory.dmp
memory/1284-211-0x000000006DBE0000-0x000000006DBED000-memory.dmp
memory/3180-216-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/452-229-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/452-239-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/452-271-0x0000000075040000-0x00000000751BB000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 76ef3dca43ab9bf545dfd0d39c7100dd |
| SHA1 | 1511bdad7ab82f6667e92a473477b1fb750e7328 |
| SHA256 | 32923348b0f2f3da2f02a8faeb5ba5d1a4da7fadf13dd3783fad64829e5e2b27 |
| SHA512 | 0b37f81629cc1e94fbf40bc7448abb073f8eb26917d063441db7187ad7ebca55ff01eb033902ef5a237f62345846358d4a81451793fa1ec5d7346d8330c30ffb |
memory/3180-279-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/3180-280-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/452-282-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/452-284-0x0000000000400000-0x0000000000787000-memory.dmp
memory/452-285-0x000000006E010000-0x000000006E02C000-memory.dmp
memory/452-287-0x000000006C370000-0x000000006C4B3000-memory.dmp
memory/452-286-0x000000006DDC0000-0x000000006DDE0000-memory.dmp
memory/452-288-0x000000006DC50000-0x000000006DC5D000-memory.dmp
memory/452-289-0x000000006DBF0000-0x000000006DBFE000-memory.dmp
memory/452-290-0x000000006DBD0000-0x000000006DBDE000-memory.dmp
memory/452-291-0x000000006DBC0000-0x000000006DBCF000-memory.dmp
memory/452-292-0x000000006DC20000-0x000000006DC48000-memory.dmp
memory/452-293-0x000000006DAB0000-0x000000006DACE000-memory.dmp
memory/452-294-0x000000006DFD0000-0x000000006DFF3000-memory.dmp
memory/452-295-0x000000006DBE0000-0x000000006DBED000-memory.dmp
memory/3180-297-0x0000000075040000-0x00000000751BB000-memory.dmp
memory/2016-298-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/3332-299-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/1428-300-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-301-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-302-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-306-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-308-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-307-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-309-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-310-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-311-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/1428-312-0x0000029616F60000-0x0000029616F61000-memory.dmp
memory/3332-313-0x0000000000520000-0x000000000056A000-memory.dmp
memory/3332-319-0x0000000000CF0000-0x00000000022D8000-memory.dmp
memory/3332-320-0x0000000000730000-0x0000000000731000-memory.dmp
memory/3332-321-0x0000000000520000-0x000000000056A000-memory.dmp
memory/648-322-0x00007FFB7AE90000-0x00007FFB7B085000-memory.dmp
memory/648-323-0x00000000006B0000-0x00000000006FA000-memory.dmp
memory/648-324-0x0000000000CF0000-0x00000000022D8000-memory.dmp
memory/648-325-0x00000000006B0000-0x00000000006FA000-memory.dmp
memory/620-329-0x00007FF64E9E0000-0x00007FF64EAD8000-memory.dmp
memory/2948-328-0x00007FF64E9E0000-0x00007FF64EAD8000-memory.dmp
memory/620-332-0x00007FFB6C4B0000-0x00007FFB6C4E4000-memory.dmp
memory/2948-335-0x00007FFB5C3A0000-0x00007FFB5C654000-memory.dmp
memory/2012-336-0x00007FFB6C4B0000-0x00007FFB6C4E4000-memory.dmp
memory/2012-333-0x00007FF64E9E0000-0x00007FF64EAD8000-memory.dmp
memory/3544-331-0x00007FF64E9E0000-0x00007FF64EAD8000-memory.dmp
memory/3544-334-0x00007FFB6C4B0000-0x00007FFB6C4E4000-memory.dmp
memory/2948-330-0x00007FFB6C4B0000-0x00007FFB6C4E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4afcb2307f4b511dd4148fccd28723d1 |
| SHA1 | 2afb12decfb229bbe0fa494ee3086ff6c3f3ecba |
| SHA256 | a731111221ba719b42339109cb4ed528c57ab3d70d17cbee7986db17bfeeddd9 |
| SHA512 | ed0ed71ee77ccf28d36acf557aa437cb666c0f1f93996d451bfd42e05ca0ed9ffedec072588e0e26908d984977e338cf8676802c3333cc2369b94e486f245122 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63dfb48e-f837-4088-b5b9-5ac95b8cef95.tmp
| MD5 | 6038ce8bfbe2f7d360c3a1e277e6b50c |
| SHA1 | 397c95aae5c48c45199792202107051d065c241e |
| SHA256 | 20c1da84e0890cf674896505d43ed2a5744b4cd2348ce73ad6002d4efaf29899 |
| SHA512 | e641a656eb552544d2e41264b9996bcadce0ee1a5734625722ff6ec774705c50cde8e15a6eb2354109e1fe2cafa94dc5ee42cb6eecf0242c57129481a37df8ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88445e3cf63652b05eaf428aea22ffbe |
| SHA1 | 2a7994e8d62d5a0d2d7fc5c71550b266f72c61fd |
| SHA256 | 2d0e31e2984e3630bbe5c906c89d9e6bac3af9e12c290f1acd3cba49c26d1ef1 |
| SHA512 | c1dbb5acda97ab3be3dc719300cd6c08630d3cf0f2943f930d3b38cf3b60ac9f93ba20569b559c0d0c9f1e2154d93458b61fc4923978f26603c33ea00f84249a |