Analysis Overview
Threat Level: Known bad
The file https://www.tumblr.com/appsetupfiless was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-25 20:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-25 20:20
Reported
2024-04-25 20:24
Platform
win10v2004-20240412-en
Max time kernel
259s
Max time network
222s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5788 set thread context of 5316 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1604 set thread context of 4904 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 5620 set thread context of 5848 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1656 set thread context of 2360 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 4892 set thread context of 4248 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tumblr.com/appsetupfiless
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaabc46f8,0x7ffaaabc4708,0x7ffaaabc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,3560785509399425257,4398057089429747274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AppSetapFiless-win64_enus\" -ad -an -ai#7zMap21461:112:7zEvent21802
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16091:112:7zEvent23395
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Setap-Filess\toughie.txt
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 8.8.8.8:53 | assets.tumblr.com | udp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 8.8.8.8:53 | 40.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| PT | 13.225.240.70:443 | cdn.parsely.com | tcp |
| US | 8.8.8.8:53 | 3.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | o248881.ingest.sentry.io | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 34.120.195.249:443 | o248881.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.240.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.10.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.221.208.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.99.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| PT | 13.225.242.58:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| GB | 172.217.169.74:443 | translate.googleapis.com | tcp |
| US | 44.231.155.27:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.213.3:443 | www.google.co.uk | tcp |
| GB | 216.58.213.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.242.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.155.231.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 8.8.8.8:53 | 87.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | routinecontoradwjsk.shop | udp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 8.8.8.8:53 | productivelookewr.shop | udp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 8.8.8.8:53 | tolerateilusidjukl.shop | udp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 8.8.8.8:53 | 49.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shatterbreathepsw.shop | udp |
| US | 172.67.169.43:443 | shatterbreathepsw.shop | tcp |
| US | 8.8.8.8:53 | shortsvelventysjo.shop | udp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 8.8.8.8:53 | incredibleextedwj.shop | udp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 8.8.8.8:53 | 202.89.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | alcojoldwograpciw.shop | udp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 8.8.8.8:53 | liabilitynighstjsko.shop | udp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 8.8.8.8:53 | 63.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | demonstationfukewko.shop | udp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
| US | 8.8.8.8:53 | 3.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.33.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 172.67.169.43:443 | shatterbreathepsw.shop | tcp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 172.67.169.43:443 | shatterbreathepsw.shop | tcp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 172.67.169.43:443 | shatterbreathepsw.shop | tcp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 104.21.89.202:443 | tolerateilusidjukl.shop | tcp |
| US | 172.67.169.43:443 | shatterbreathepsw.shop | tcp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 104.21.44.3:443 | liabilitynighstjsko.shop | tcp |
| US | 104.21.33.174:443 | demonstationfukewko.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 48cff1baabb24706967de3b0d6869906 |
| SHA1 | b0cd54f587cd4c88e60556347930cb76991e6734 |
| SHA256 | f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775 |
| SHA512 | fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6 |
\??\pipe\LOCAL\crashpad_532_DJQYCITWHCPUSYLT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7b56675b54840d86d49bde5a1ff8af6a |
| SHA1 | fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811 |
| SHA256 | 86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929 |
| SHA512 | 11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e887aa2e096d98b515f040022f698b97 |
| SHA1 | ea676deca360a3924a63cbd1a4e4408f0822dc5b |
| SHA256 | 0bee10bdec3866d5f8a6225d66b4afca7995cd676e30f08b3052844c9afed0ca |
| SHA512 | d41dac2c199ab55a8a3892957f8b444904fd20c3a1746305825a621e59128b42e9f67e416f05c676dd3dee70bd67b81236b8f60f3e9c4f9c95db97d53cb91f24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
| MD5 | bf1e5f63a5bee00bc2009e527324fbc0 |
| SHA1 | 3395b65bf26c35b5d49791e63ea4696dfb0f2c2d |
| SHA256 | b7a587a3a177d46f0a16dfb58252918baa6cec2c81389b8da5394ca1f6ecfa1a |
| SHA512 | 22fbf0d6e94b826395d5a6bbf735b57f7a2a0038f9e4502203e875b1f9ab80ac16de817c43bcad64cb2c76c4000a099ed799dedb3e9ff63577b5c0d211d4746c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 38240680ab59df19db54560a8dfe4228 |
| SHA1 | c5d21b4c84bd6cbef23b6c65f3ad256e0df9407a |
| SHA256 | 5ae28226da22c0a7a2dd8aba97243abf075e30a8338d7f9b420c91c8b5810515 |
| SHA512 | 6d57390dd498a9466a581c4477150fee6b4e8e8ee3b9540b3171c34e363400340d35187cd432f52d77711aa4a4908285e20456a0d115aedd0e5f741bdc187a60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80c820288e01337fb5e6a70ff0e0c8ee |
| SHA1 | 714449f07044f99a27cdad085511da7e672a6da1 |
| SHA256 | d9a7aefa1e10d92f49071b1e05b3610e4127df9bccf94d35c5b81f33aac513dd |
| SHA512 | 294d9d9fd46d7c184844101d6b1214ff92a2aa768d966ce620a40453b2b1bc9f135639c5824b519f773b1f9317e3280fc9701eec1af044e20033264dd88e0efd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1821174bc4c886f485ecdc7f34c6f091 |
| SHA1 | bbc422dc496b1fe3f447843c3aa3619b12430a04 |
| SHA256 | 26b1cc9ab9720e4dc4822328e01016fbda488b251f043b82b47e957532dcc944 |
| SHA512 | 2658b88b67295cadca00a35800cbbd6fc857f471c2306646a21e7c6ff6c97966933a97f57bb497885bb1b93122609af412a8860412a0b7ddd071f95434f2c571 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577b4a.TMP
| MD5 | feb53f42006cdc3cb4d559f6daca6993 |
| SHA1 | cde43572435a80a6555f70d799780c3fd03eb733 |
| SHA256 | 9198209af34a3c0418634503ded6596d20023267f9db17de702a9d5a5b512bab |
| SHA512 | d4cc38bd8f7ba027385d9c1ddaadda07c378ecd5b99174d1334370c296849db213178b478a63e945f43fbf88d6ccb9d82283233115e60510302cde42065cf364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f1600799d7440e5c07d6b913f0aeddc2 |
| SHA1 | b5ebec3252b18eafca9dfa290a0c68d02a54accf |
| SHA256 | 1cb108af1f97a830f295f64636e4c3e082c5620718f2f916c84102ce549e3c58 |
| SHA512 | 836fb6a4cb7975df0de73d99353026ccb22960f37cc8a7aad860f82e2d6f5e1021b0fc4d0fdd3c925a0e48ca1bf59f6d43473f086d90e92fbc774298d7dac57d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc5acf03fb651de243535bcba2575771 |
| SHA1 | ee3537bccf8d15e010f5d036b63e9c378fc8072c |
| SHA256 | 36d73febbdb1b3054844ffc03a61c78f97f0ea6b0b77906ba57d14fcb18e4420 |
| SHA512 | 4e0b2d3464213670025ee2b3171cdfd43703e0f7abf1ff5f9d7ad98f46ed826a666cc7e883dce51d59c80b6ee83aa6989aaefc8482d796773d350e69e41c8119 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579589.TMP
| MD5 | 006bf280f11692aa9cc94337c6bb83c4 |
| SHA1 | 696d79c6366865b8519e333cf29c63c76281b8c1 |
| SHA256 | 98b0ac6a6a0d1dce2d0b52cead1b7f85de74206b8616a2b1218527d18c9c31db |
| SHA512 | 65a62a3f1261f61caf50d3ca318f0d8feca7e2334a1eae09945bba9df7872a09de4fcc273ad37ddf7c6e2b170ccce4eb2e7861286c49480d67b89fa82cc69fb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 30fac32ec056960e0803af76b4fc7bc8 |
| SHA1 | 1c231bc1a43715152fcabd6f5d7c6c1f7d2db600 |
| SHA256 | a206398b1ff90ee19d770a7e5838d9f5fb607aea1b79e8e60b9711fbdf5d458a |
| SHA512 | 1341c41d5a0184ce4f227b356b997be6a7960811c09e2f2b77d840ad528515000a3dcf64e4856645fe1035ccfdb4d4cce93bd1a7858a396bc678ae721e0ee9f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\1ff00abf-4453-4a70-964a-9599c57ca0db\index-dir\the-real-index~RFe579c7e.TMP
| MD5 | ec5433c9990cdf1e414bc7bec96cda27 |
| SHA1 | f6db1ea87e5e836336fc6696d0cca042f391af46 |
| SHA256 | 2d57c6b4626f753cb7451ee8b89711dafcf3fb5ce40a273433ac5abd21226dd8 |
| SHA512 | 4a1aee35da07abbea65982da3ebc5166b92e08a6380038020c82261c3fc5d01d3e8df02313f1dc023e4f68bc67bb2ed0f0cecb345bd46a31c0a91d2135452e2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
| MD5 | dcc0b47a6f01cd5f913ecf2769250359 |
| SHA1 | 2139110f58faaff7e49098812f7673e1e08f986b |
| SHA256 | ee4aaf27a61715292bcb44143bef6f2b30bd603806f252412b5a1e02f823f5bc |
| SHA512 | fb9a770cb4916a19178543d12db8479b6152bcdc2acf37943a6cf837987cfc552a3edd104ed7ee0e105a8d286809cc16f347bb997a8153eb98297f8d62e608b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0cb0c2366863355f52f636806b17289a |
| SHA1 | 522a271ae0160f78e0d2eda846b1e76e272c8ec8 |
| SHA256 | 61f47ea1a55b934ec9cf2309d2fcf689b90694d7b8022da63c073f8f3494768d |
| SHA512 | 95ef96fd1fbe9dfb00c90a9bec477701462d3b4a663ceef0ccc566ec58078f89120df1ea3a20eb24ea87bcd957ca7f1276bd2a2eb4186ac60719740c3932b0d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4f586d98bde4e1ec56c46492fc31afc |
| SHA1 | 084292645ae0ffd7f78af13407b80d61643cf0d2 |
| SHA256 | 6e38f28c0f558a2ce8fc2c446ee10e85476630c6eb2765c64b1aa3864136aa23 |
| SHA512 | abd17da8507ba16c48a514568318e0887e758ff77fd229be631f247b66c9fd7bafa1950cdf5119fc69f84830b966a2a982cf631cbc96952018ca312f5cf33e15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\1ff00abf-4453-4a70-964a-9599c57ca0db\index-dir\the-real-index
| MD5 | 50fd18866a1cba6eee8e5c90ba514735 |
| SHA1 | a9a69354cbf148fc186e7e695325447f7023f4eb |
| SHA256 | 9efc88eb53edb092d4d1ec2f3a17a0239330a486a76ff9149f85112d73ed2fe1 |
| SHA512 | 689a4972efd4a838418cc46c4950f144f54df62a21c45a8a8d7f606bbd9f5a58267d515e3d2c3867f8ff0ef32007624b3f15f3e78c03b2495ef466f0ad401680 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9ec40d6e47244bd8035460255bbf5f7c |
| SHA1 | 706a8322968e6c018a1e3edee92fe6ed08aa42d1 |
| SHA256 | 07c4d15bbf637a378037f1ba2b899b2b253c1fda52f0f8ef7afb3f19a3d7ea69 |
| SHA512 | 5fe7c67f0078942737d549635481998c5d3a9050563c0efbb706c174c6094d620b4208e5bcf0786e7a535603e2428b145d62f001ba5bb7c99340e144edb9830d |
C:\Users\Admin\Downloads\AppSetapFiless-win64_enus.rar
| MD5 | b575972769490a1e3ca1fcee07537f13 |
| SHA1 | a60603fb405344f765d41db5e24c4fc07c21b0e7 |
| SHA256 | af0fb84a4ebbe2c4059d374e82f6a9c149d450de062c16e9e409422604a9c1e1 |
| SHA512 | 55bb20e9b93e9ed8af57e22d183f277c1aa7b5e3b25cb53e2b3832e826afe942a4bdc8183c400cd02f245470eb5e8c554e5e4da8ec3b89f4ba82b74a714f2d0f |
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libavcodec_plugin.dll
| MD5 | fad5798d2177993c88072f28581750e9 |
| SHA1 | 029bb1a51e948f649ed8af73bb54b99493b7e233 |
| SHA256 | ab10e941252965e338b8b9351902c8eec98c71fa23dd431769a732ca109b5f22 |
| SHA512 | def4e1de52122ed8826b46f00067bbd3420e2591bb854310aad05e2e4f01923dec5400ad242ce3e3a71ae344794688ebb084fa534ba50f946f2e6ad0d0649161 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d11_plugin.dll
| MD5 | 267237343345265fe20a9688bd840de2 |
| SHA1 | 99fee276074a4671e2b5ccceeaf71ec951df45e5 |
| SHA256 | 0732c8978869bcbf11fa63f8cfbb5d6c75dfd8d34d176cae2dac99a261bcf2dd |
| SHA512 | e354a8c0ec8c32792b6c356dc519d41319684ea2d20d18b61e19eeb8133a049db93ac6845e9ca7978f2933be9bf37eb3f608b81277dc14e3d7d240b206392196 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libd3d11va_plugin.dll
| MD5 | 1137f05e3030ce4031dfa68731650f25 |
| SHA1 | c1e78b9ad6c834d71b0f42ca0f4932f37b7b1579 |
| SHA256 | c5cea8862585850e651cbcc5883c70ce7d54e1871b53905b210b55ed9bc1fab1 |
| SHA512 | 7b03d88f75a30cea02c766741550fb781f7a9a9472145558989e90cb8294f58d7104c79f94f2775fdb90edd38580d189816e63e56aa7c5f022e85d8bcab20a2c |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdrawable_plugin.dll
| MD5 | defb6d6c7bfbddafd3d48d47a69d47a8 |
| SHA1 | 787c35fa991694f54834d007c13646a219ba43e4 |
| SHA256 | aa8cdd685be3ffecb848dd4264061536d562b784c473c3ad1abc1fc3527ac1f5 |
| SHA512 | 2284fdaec89b819b695db72c493f59b11d60eeab24450c500b0972ee097eae0e51578c0a3044ed100c8ea29e389e46183400ab17140407eebb86a418e04b005f |
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libfilesystem_plugin.dll
| MD5 | 8fac15d2a2da66abdf345afa45ac5e3b |
| SHA1 | 553d4c9f39726d8aadb15fed7c904048928049e0 |
| SHA256 | 66ef741a9282b420b09b940fbdbf666cd1625a8da18daaece036fcc4e1a74d38 |
| SHA512 | f756e3b3368245d4670cf0f86a6727858e3ead983b3e10c11d9b13e67d86b632703f44df70e648bb8edcad295744c763a268f4eb02ace0055405c3e9af124548 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libdirectsound_plugin.dll
| MD5 | 077990f957556e8a72a37f0ee09a2083 |
| SHA1 | 371908e5515adb53a57f8d2bda47d59a7346fc1b |
| SHA256 | 412f9ec13da17b2f2269567b8397b587352070ce77a641ae40b7a243e26c57ef |
| SHA512 | 420d536532ccd474176e2ad2421e655708e0835faa1a60f9b2a70f8a54fdd8d787567c30f478639a367d913b5b34e4e0a81c1c38d95d14351affb25abc536770 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libimem_plugin.dll
| MD5 | b0770c82314e94afd0d793774d66290b |
| SHA1 | 79b280cda1ca944478ebad7778f642d415de523a |
| SHA256 | a5c2f2030e2cb70837d35e434d9793cafa04132e1823430ebcfbd4d985899637 |
| SHA512 | 21f4780a6da31c84fbc0fe117eef11cbd796d837b7fa38ec8c5e025c8b318f0b925775a7dec1e909ee14da77d800a01115758e803ddeb605e1da0ccbff047133 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d9_plugin.dll
| MD5 | f910aee501d6fe100096dcdf9bd4b525 |
| SHA1 | c3aaf9ce5643695822cfa6935eefd4e39eaf3d14 |
| SHA256 | 77a79184b2c81da3b98d501632fc8e5c8af6d078dd29414ae693906f51c343aa |
| SHA512 | 05fc6297fb44ef9e60cb975d941d98dd7bea9fbfea1e48723168725a887b1e1e8e00f97d8a5faf419039ee791c2f14404db61e65b40c767e17a1dcc2f6f84940 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libvmem_plugin.dll
| MD5 | 30afe05b0f7f8dbcb10fb9533b189754 |
| SHA1 | e92e194b6c0b9b3abdf16f2d6a80081e61f3af65 |
| SHA256 | 2062d5c42d295e8f01cf0d1c8402460597f1e2b9ba9f86cdad22014364a92782 |
| SHA512 | 1ac4386671dd47fc9826b718b345295ae2b1a35a1198f4a0d9c0003a3983940df118e440ae9b02e7ff1d821e38eedbdfe1650d6dd02ef39da4c08ace4b17d634 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libwasapi_plugin.dll
| MD5 | d217e0144d8d9237d284a38f9c3e6340 |
| SHA1 | fdf9f0edeecb0759fd8b502cd5314511e60f6347 |
| SHA256 | 94eb16ffd5526836c715d0a1eedada03f0a1061920cbfd44fd4daee3dfabd1af |
| SHA512 | 22f7b1b05035011b95f3bf3f1ce4aeb43f8baaa8dde2f2d565dfbf83a9b0a00adaae9c941cd5a2ad4633444d9fe1410accb97a1dd16396afbe84679758738227 |
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
| MD5 | b15bac961f62448c872e1dc6d3931016 |
| SHA1 | 1dcb61babb08fe5db711e379cb67335357a5db82 |
| SHA256 | bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5 |
| SHA512 | 932119f7dc6710239481c80ad8baaed5c14a2085fcc514b6522671b1a4ebbaf488e43453f11d5aaf6dcef7a245db8de44d93ff255f7cf8385b7d00f31f2cc370 |
C:\Users\Admin\Downloads\Setap-Filess\msvcp140.dll
| MD5 | 71a0aa2d05e9174cefd568347bd9c70f |
| SHA1 | cb9247a0fa59e47f72df7d1752424b33a903bbb2 |
| SHA256 | fdb3d86c512adff90967cb860d02a4682850ab96727f0376e4d4836504c50e47 |
| SHA512 | 6e65520528facaa4058720eb16d6bfdcc7bb36923b7e8e6551f3526709f0fabafab123999e618438e6abe7efed4a1332547cfc988f2b24b0e3d91198b95a911a |
C:\Users\Admin\Downloads\Setap-Filess\vcruntime140.dll
| MD5 | 16b26bc43943531d7d7e379632ed4e63 |
| SHA1 | 565287de39649e59e653a3612478c2186096d70a |
| SHA256 | 346f72c9a7584c2ab6ce65cd38a616c77ebddc0bbab2274c4e89dd5e62237517 |
| SHA512 | b5b7b4b8c5ab4276a34956e43f586272b1803ec3609253fee1bcc0a549aed7ba11d47404b023f7b67af701726bab95cca55738e7bd5bca272eca5ac71bb418cc |
C:\Users\Admin\Downloads\Setap-Filess\garret.sql
| MD5 | ccae01c00a7bba0bcffc9b1124b59dc5 |
| SHA1 | 2cc8eaff7984a83da0dc81db7f0a97746dd58418 |
| SHA256 | c9d728b10c339685bea1c182c41dfefa105850d422f4f9d47d66ce058a0f9998 |
| SHA512 | 910138e01bc14f4e8e7679e6997651e8ba4e946a16b9cbbae127a00d82d394cbc06becc7e390395c00913e2fe781a464d3cb45a98af71ccba0f45514b4bd6c1e |
C:\Users\Admin\Downloads\Setap-Filess\toughie.txt
| MD5 | bc64e726ff9f079309711bbce16038b4 |
| SHA1 | ccdd42ce09d6a8b29a696f2c9924167bfbcc6f08 |
| SHA256 | 5335f7aa5c4b96e7533990e22a81dc4d6e19262dc100074262dcf612d3d3c058 |
| SHA512 | 92f7df5683c73475dd7fee405ef2c8f13482df75078e108a1337461e98c349b9c3e6efba1ce8a448cd54046368fa3f8bbd22c2ef9224b95d5f769c35788dfd68 |
memory/5788-1308-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5788-1309-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
C:\Users\Admin\Downloads\Setap-Filess\WCLDll.dll
| MD5 | 47eee41b822d953c47434377006e01fe |
| SHA1 | ad42e88bbcce1640aeda1397f82c826ba764d08e |
| SHA256 | 218106e2f5ee44e8ae3ecf62e5c2cb1c3db50e5825f4737c9d13bbd48114ed0b |
| SHA512 | 443328c44f0d4203c1d7ffc0cce0883c279db9a820e53c5ef4e4711fac451563b4f2ef114c21a4c947212def9f4218ef852ca0e9bfe8a8655668c757f591883f |
memory/5788-1316-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5788-1315-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5788-1317-0x0000000073EE0000-0x000000007405B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cde9e39d
| MD5 | 54c1853dbac870be8b5265e94a44474e |
| SHA1 | a07ae0ef748ced71449ab6240ae5842821fe9131 |
| SHA256 | b800a6eeafd6d775deb1d497702738a533e661b6dac723af432853d3a080a543 |
| SHA512 | 4b06cefb74c2bd5b18cfc2edeb1a5016f7298619557118d1659eb725d0f9a830b5467cef804d3e8416d94961cb3c98bea1369cec816a70146c2914b426c4e9fc |
memory/5316-1319-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5316-1321-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5316-1324-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5316-1325-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/1604-1331-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/1604-1332-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/1604-1343-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5316-1345-0x0000000073EE0000-0x000000007405B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/4980-1347-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/1604-1348-0x0000000073EE0000-0x000000007405B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5d7d1eb5
| MD5 | 49390c9725624f6bfe744e84797437ac |
| SHA1 | 98fbd0d0b813b3d31d10124eceb0d29f0f8f87d2 |
| SHA256 | 78d49b6505aca405f4e9e095ca6254ce94e4f7eb25361dc0543fe1291f5c8f5a |
| SHA512 | df4cc6e8dd4a52914eb761dbae75a4a3accccd30739466965ed97c7af9746259b93a3327ab57ac79f68fbcdf2ec7ca531443434e37241ab88f8a6502043f642c |
memory/4980-1351-0x00000000002B0000-0x0000000000300000-memory.dmp
memory/4904-1352-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/4980-1356-0x00000000001D0000-0x00000000002AF000-memory.dmp
memory/4980-1357-0x00000000002B0000-0x0000000000300000-memory.dmp
memory/5620-1364-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5620-1365-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5620-1376-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5440-1378-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5440-1379-0x0000000000710000-0x0000000000760000-memory.dmp
memory/5620-1380-0x0000000073EE0000-0x000000007405B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ef461ff8
| MD5 | fbfd1b776ed92186475f4d9e0fc1d608 |
| SHA1 | dafd8876acce5ea6a76a802db236741adb617cc0 |
| SHA256 | b77e187094dba6ffc85cbb1fa689e2183638709dcccd728b8f4c2ed2d12aa4ce |
| SHA512 | 512ddea7c45202c3864d24bbf0e714b2389f554bd253738b0c2c8548db84bb1c6fea3a05172c8b8fbd032c51894375a490ca5987a506da9844adb8e50350e4bb |
memory/5848-1383-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5440-1386-0x00000000001D0000-0x00000000002AF000-memory.dmp
memory/5440-1387-0x0000000000710000-0x0000000000760000-memory.dmp
memory/5524-1392-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/1656-1397-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/1656-1398-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5524-1409-0x0000000000780000-0x00000000007D0000-memory.dmp
memory/1656-1410-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/1656-1411-0x0000000073EE0000-0x000000007405B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\984c681b
| MD5 | f0c3dd661b3c64143e3ff7442e63f26c |
| SHA1 | e2c7212c0541962f1e087973ba90450aba7ba07a |
| SHA256 | b40501c4ff9e89f406dd1b24d3aac3ae6115c642491fbdebda6d0d8769642c91 |
| SHA512 | 7fc8e6fb0414a0790cb94b2f99c9bf699529bbe17aa9c7fe97927a4b938e669bed682069b58227287466a4225c6d28fcdf84c812a1c50734794afe9a276ab3bf |
memory/5524-1414-0x00000000001D0000-0x00000000002AF000-memory.dmp
memory/2360-1415-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5524-1416-0x0000000000780000-0x00000000007D0000-memory.dmp
memory/5668-1421-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5668-1422-0x0000000000B40000-0x0000000000B90000-memory.dmp
memory/4892-1426-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/4892-1427-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/4892-1433-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5668-1436-0x00000000001D0000-0x00000000002AF000-memory.dmp
memory/4892-1437-0x0000000073EE0000-0x000000007405B000-memory.dmp
memory/5668-1439-0x0000000000B40000-0x0000000000B90000-memory.dmp
memory/4248-1441-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/5880-1442-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1443-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1444-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1449-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1448-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1450-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1451-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1452-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1454-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/5880-1453-0x000001C3686B0000-0x000001C3686B1000-memory.dmp
memory/2112-1457-0x00007FFAB9DB0000-0x00007FFAB9FA5000-memory.dmp
memory/2112-1458-0x0000000000150000-0x00000000001A0000-memory.dmp
memory/2112-1459-0x00000000001D0000-0x00000000002AF000-memory.dmp
memory/2112-1460-0x0000000000150000-0x00000000001A0000-memory.dmp