Analysis Overview
Threat Level: Known bad
The file https://www.tumblr.com/appsetupfiless was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-25 20:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-25 20:25
Reported
2024-04-25 20:34
Platform
win10v2004-20240412-en
Max time kernel
531s
Max time network
539s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3 | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5440 set thread context of 4720 | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | C:\Windows\SysWOW64\more.com |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Setap-Filess\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tumblr.com/appsetupfiless
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc673a46f8,0x7ffc673a4708,0x7ffc673a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,17441412648965299796,5177200806878578010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9992:112:7zEvent12472
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
"C:\Users\Admin\Downloads\Setap-Filess\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\WriteRead.m4a"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tumblr.com | udp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 192.0.77.40:443 | www.tumblr.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.tumblr.com | udp |
| US | 8.8.8.8:53 | 64.media.tumblr.com | udp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.40:443 | assets.tumblr.com | tcp |
| US | 192.0.77.3:443 | 64.media.tumblr.com | tcp |
| US | 8.8.8.8:53 | 3.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | cdn.parsely.com | udp |
| US | 192.0.77.32:443 | s0.wp.com | tcp |
| PT | 13.225.240.70:443 | cdn.parsely.com | tcp |
| US | 8.8.8.8:53 | 70.240.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o248881.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o248881.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 34.120.195.249:443 | o248881.ingest.sentry.io | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.102.244.18.in-addr.arpa | udp |
| CZ | 95.100.146.34:443 | www.bing.com | tcp |
| CZ | 95.100.146.34:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 34.146.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.32.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p1.parsely.com | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.99.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 52.17.99.225:443 | p1.parsely.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| PT | 13.225.242.19:443 | cdn.amplitude.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.242.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.213.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 34.210.141.171:443 | api.amplitude.com | tcp |
| GB | 216.58.213.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.141.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 128.201.38.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.138.73.23.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.213.3:443 | www.google.co.uk | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | translate.google.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.201.106:443 | translate.googleapis.com | udp |
| GB | 216.58.213.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | routinecontoradwjsk.shop | udp |
| US | 172.67.184.49:443 | routinecontoradwjsk.shop | tcp |
| US | 8.8.8.8:53 | 49.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | productivelookewr.shop | udp |
| US | 104.21.11.250:443 | productivelookewr.shop | tcp |
| US | 8.8.8.8:53 | tolerateilusidjukl.shop | udp |
| US | 172.67.147.41:443 | tolerateilusidjukl.shop | tcp |
| US | 8.8.8.8:53 | shatterbreathepsw.shop | udp |
| US | 104.21.95.19:443 | shatterbreathepsw.shop | tcp |
| US | 8.8.8.8:53 | 250.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shortsvelventysjo.shop | udp |
| US | 172.67.216.69:443 | shortsvelventysjo.shop | tcp |
| US | 8.8.8.8:53 | 19.95.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | incredibleextedwj.shop | udp |
| US | 172.67.218.63:443 | incredibleextedwj.shop | tcp |
| US | 8.8.8.8:53 | alcojoldwograpciw.shop | udp |
| US | 104.21.48.243:443 | alcojoldwograpciw.shop | tcp |
| US | 8.8.8.8:53 | 69.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | liabilitynighstjsko.shop | udp |
| US | 172.67.192.138:443 | liabilitynighstjsko.shop | tcp |
| US | 8.8.8.8:53 | demonstationfukewko.shop | udp |
| US | 172.67.147.169:443 | demonstationfukewko.shop | tcp |
| US | 8.8.8.8:53 | 63.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.192.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.147.67.172.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7e0880992c640aca08737893588a0010 |
| SHA1 | 6ceec5cb125a52751de8aeda4bab7112f68ae0fe |
| SHA256 | 8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2 |
| SHA512 | 52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a |
\??\pipe\LOCAL\crashpad_3988_YHKVQUUJGGYQSXDJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e2f0fe48e7ee1aad1c24db5c01c354a |
| SHA1 | 5bfeb862e107dd290d87385dc9369bd7a1006b36 |
| SHA256 | f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9 |
| SHA512 | 140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 910e3a5862e29df682a5a6d251a4d990 |
| SHA1 | 527d35946d3a341280a68e992e9690812ada7cd5 |
| SHA256 | ea9f65d1600c3eadd774e59a6936f1ec9bd4394a429d90708fbef26d2d38578e |
| SHA512 | e7bd81bda7099507b0d70389f88f0bfca22f8abdf461389326b9436a0e5addbffcf10b9c74f1d1a85b2e099b24a43035948e1ca58b5ef74796486bea60d4aad7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2c4b0239822f12ec6be42124f8ee8a4c |
| SHA1 | 696820a812149aee0a09709533cd40f0d8563da7 |
| SHA256 | 8d020dced90e3d832a639240234e4d99f2468b33e3ac2c898afb385d3f1307db |
| SHA512 | 87651dee1e91879041e84a755d35ac8e2d320f365584f0fd70f7e41876208d30eaaf7895010ae3f7202a594335e4aaf624af0ff5a3557faf5ff3e29374804b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6dc508f0d225faab0d287ec9cb028c32 |
| SHA1 | 283c6bfdf31a6a404c0493c9447da74dbf7249ff |
| SHA256 | d8fe51d856b16fa53da1d1b5189133f0cef710d0043d1ad9090d45897366c387 |
| SHA512 | f836d27a1dca6f39b90f493af4e3cc8e0b50dc54fc03f16da340ae0beee83fc8b8ee23030a8d7d030e207e624c8430b4ba560201e18a0204513dc55702a1b34f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6071eebcea33bec70a666b3477e98b5 |
| SHA1 | 538c33ecea101fec8c2e9ac4764da7ca5ee23a03 |
| SHA256 | d2ad969e9254ae634b9e19fef176e8ee63f5351a7b4695e575120314107ecc1b |
| SHA512 | 8f666e5d81c8c26637ba3dcb7c8a57dfb46fa745e19606d24bff118a9eeaffe7bd77376e8f175ab2bc7dd2b88bc1b66d5d76ee2ca614d1f2f6cfb2701e95e781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
| MD5 | 99cb13a3ddb00ae2b801aed82c37f054 |
| SHA1 | 0906cdd579b2a5296526fd2bd373c808ce170b37 |
| SHA256 | a627a1baf6fbc0bb2e5c3d3c6c990d176826bd2e59e5909b0a0898b7fb17633b |
| SHA512 | bf70d25b73d87c78c66091912620010a4aaf414f9aaf579e9045a80f8b3c59fb8aabdb7743c1a03bab122a4d6d3379b07eb55435f44bcc3232a1fa584d6617ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 302e08b4670a1079d256269aa4623718 |
| SHA1 | e63abd6164881e553a97f373405e8839b8d73ab1 |
| SHA256 | 47a905b83bae1944ca300aef651df40d0e1656204f31037b54d986461ea3f4ee |
| SHA512 | 5711e917fc181a1b82e1c1794028920fb6091d1daf7168eed319a59a211974f679dd6d6ac4e6ba7a9a4b2cf9960d789cb926836ef381a807bbe019dc50bd9c16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbfd.TMP
| MD5 | d096acc7c8b52bf6cc300121b03b80d2 |
| SHA1 | b137dd65ba34d787dffcddc0ab3aa55ed85ba636 |
| SHA256 | bbeab4dbc733daa5da4bf58756938b1ba06c96831fbd0dc93b758ef62e2866ce |
| SHA512 | 27687984b85d7e4ba2225cbd55da2511952bbc020df0dd727491bccc3d4164f3941665714476e2c0142a8a63a6596cd55f2a25bcbf9dad95993d7b005ac8d203 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a72208842b356375a336a6aacc5e9bfa |
| SHA1 | 54b2fbbad0880c1385a067c8be4c7031c430466a |
| SHA256 | ed50475c5a9b9a7642d75887b5882ae17f3fde27c1b6fa0dce33da866de9a83a |
| SHA512 | 3f032ec01b55c21b1fa71e0e7ca5f885b8d98b6e2ab619d6aacb91492d9efd5439544e818ca51e019359cc06f0bc61ee1667d445883d094a61023371824c7292 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c06224b9cc879a865ae1b383cd8c81e |
| SHA1 | 2f23714a127527a8425989a94f34571fa456dad7 |
| SHA256 | 87b8fa6d37205843d7da0bcbf1762ae480b201a60d39b07f5afeeb881bdca9c0 |
| SHA512 | 1bf09514b0acddff1ebf4f8e9acb4aeb0175af2d0411e2b5561dd08a291fffc1bdb446d080321ad60831234b30b107f58f5acb1b4a42e1f790a5b47a880ee25c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fa917b39f3970aa1fb6a9582f34108f |
| SHA1 | c92ac1bb78d907c99d01de80cbf97178af642b89 |
| SHA256 | ab508c0d2ba0f3970b94e06b5af96ac80d1b367983be3a2e8f60097c9dcd1c50 |
| SHA512 | f6d35251718ee6aebab04a8d9c0e9c57f36d28a43a8d483caa35b06d820a251ad86c33727acbbc3798ca79ac7985a54d8ae120f48aec60c943adc7acebed512f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fb48.TMP
| MD5 | 290cb5228f2276e0fd18fed125b38377 |
| SHA1 | b2722e11e7108cd6f2f2197c3f1d2347ca23ed03 |
| SHA256 | fcc9924ebf55702ccd2a0b3c8b5ba0b72287650f711fa359890fb2e7872375eb |
| SHA512 | 87ee9ad062d20a5e45472deac234e938d8aa0bae545614ca7c0f7e0718ee5767d8ec0ac314c127bcbf4e7d6a8dc2011de585bfb095a24273dcab4c1864ce556d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | c8debb7d9b87b9415e496d1b3d7f96aa |
| SHA1 | 049ad6f947f01078ae6e465e6bcbd1dc47f39e29 |
| SHA256 | 1c6108b216a8243567b5e2282ee7f209c91854029552c52102a2de252216236d |
| SHA512 | c1f691c34cf7b8ced0e3df8c736b35fa0fa054ac9ac1c8ba692c0a5e49c965a4cff423056410e4c7cdc6ea40143146a30e99a4e6641b940a4d29310ba99e78b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 426838ceb5a071ac3233a88ffd4cdba2 |
| SHA1 | 6a054501cb93d9ae59263688da0046869ecb6276 |
| SHA256 | a62a20712ee736830ba4088cd1fb9c3c86dc91c5e549db3d19bf7cb166485c0a |
| SHA512 | 9419f63d79259d4edfcedb1089fec125f6de3bc1441dd5ebde390b0ecc6fe8b59a454f2f2cbc69aec30967e70f3501afa6bd751444aa5e6b7791f6d9f520b537 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a3c50d65d37784c3567a96df71b51943 |
| SHA1 | dbed72a8c2d8661d0552032ca39866337ff6db00 |
| SHA256 | 3184c349935a7d3f93d4cc5c6ee4b5864e4b4e608e5aa46f2e49542022ba6952 |
| SHA512 | d5653a6efe3f386a8193ed0897cb5a56feddced9e2a71962122521caac7d01247651ada1a3a5f53959cdcf0a142fea480a439eab1abc983bb5e247649626eb95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4dc2134770849cac5616fbaa4d7ad77 |
| SHA1 | 0791d159efec68de665d43673f88c621942fcea5 |
| SHA256 | 00cb734f892d2e8d7fd669e2d28b602405024d79d9fa699e80622e5aca6bc481 |
| SHA512 | c0357b46fdded3117c42d4bdff9fcb3d27b65b341f2b4170352fd645c344cb7be544d41a906aae5ccfdb05318a0992ea1e425ad24f0185a2de6226c52993c595 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 292c81819dac4b9596e8794f3b422c61 |
| SHA1 | 133f4dc78d463c36fd8c4f088941ea03162deb91 |
| SHA256 | 689fed11d0ac98952f606ad1314b6fe2ce232ea9dc448149b7aece7efa6ec9e7 |
| SHA512 | 98e55cbf3da4d96e0c309da8343e8bcd640cad0366a22269b1aea1b04ae3158206ce78482a892607136197e1c1ac6f5f60ef2900e3195d63b5c414593b9cf7ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4435f26d0d4532b83702fe2e054a0eff |
| SHA1 | f249d931f534141bf014584986bb9fdfb7ba57bc |
| SHA256 | ebdcf70f257b9dd6f5e0007b9526b971a8dbd1eab0d90976a1e784bf6223407b |
| SHA512 | 92155e0087eb64c72769be8c1592991f628febb559fb12afda2d90413ee0aefa8a0333021f9a83c3d880fa917524cae9ac5028d65fd832f6eafed7e79a3a13f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\0a1abb4f-b6bc-4285-a368-7ab64157da44\index-dir\the-real-index~RFe589dd1.TMP
| MD5 | 3b0bb5f4258a6db36292b519f5feaba9 |
| SHA1 | b1c6b223b2c8be805dc26890df56c74577196e3b |
| SHA256 | 6de7efe3f928419037a801315f39482317bbe19781d59dcf7743212544487f2b |
| SHA512 | 687c375c026e041c85638e7023daa0f2103065f459cf7fcdce91e03900c796bf496b34145a26faebf82d886940eb241db5dd662a3bc1bffad75c93945d1ef0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\0a1abb4f-b6bc-4285-a368-7ab64157da44\index-dir\the-real-index
| MD5 | c707baf6b3f8e48f4ffe6d9085df69dc |
| SHA1 | ecd3031275b5ecbc566c7772f98d6d4d089f62e6 |
| SHA256 | 0d87a96d43b940b7144992a95bff30f0764c7e4b98ef099ee565ecdb6d887a4f |
| SHA512 | 20fcdc6e89eddc7b26d9d09eec52af1d44182c06b70450d2b3c07b0db821b03fae9542c23c6a292b3267dd7e70dbf2344d522c59e2dfc5eef40a1af06fe33a4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\36dcec9ef4b2634fcfce406f466684f60cae0eeb\index.txt
| MD5 | 7921850200e8a02ced11c17c4e704b6f |
| SHA1 | ecf2e4c7558663505439e75e864461838a0edaff |
| SHA256 | 65fef6f43af29ce956bdd54915f739a64d98a32e20ec4830bbca2135455ef2f5 |
| SHA512 | 8bf78bf7663d90f567ff35ef73d03be8b0eb5ac0a47c09a18723c77e2b134cff19ac5bd2c0b1c85a24a1467158429e81f68383b997ed45da02a4e451b840426c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a25fc953c8abd3e39a5755a06adf696d |
| SHA1 | 6be7a9ca8fbfbd128b4930633196f923713a000b |
| SHA256 | 84f3b49b8a13e74b4fdee99c67e28a43aba1d286d458e7e562efaf293b241f05 |
| SHA512 | e9f287e1314764f91ad96151a4d7c7e49bd760973cc52b6f348924004d812bcde1509322b12f030ff2432f10ad61ff9740d04462645136da88da36281535afec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | d2a0681a0495d93b04c1e86eeb3e24db |
| SHA1 | c7624fb247599533674df48a070b6f9f282f900e |
| SHA256 | ca40f1641fae8fa4f3bf72be2bf0c1ee6fc59e87b22dd7e8fc9dd43a4e7a4dcc |
| SHA512 | 575e4f2991a84de2899cd9684658fd52a01aa8f3343c04d99c920474c5ff59bf2d888165b6fda85657a1340e69c63262ca2ce86279d9b666e8e65b8c3ff52930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 410be30ffa7f2b57ae829dfc65fa3809 |
| SHA1 | d9874f913869b313d25a1e25a1c1bd1907303345 |
| SHA256 | 7c1a94064fc31a4294fbb65e2b54deb6835e951e90699bfb08481665e06e3694 |
| SHA512 | 492794b9b617bb89134310abd003d6d652c89b3c7cb9a347246b2c908e5b86ad7b3a4fb14bc52b78c75f9515079c85fc4cfcedd46344197b182ead650b961038 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 5e15327851626b49baf871837e02e667 |
| SHA1 | 7fa21a686531dd2a9f52dfb5354902831e793561 |
| SHA256 | 2b5390d5fba7edf78cd9dd8fdd5f601fef0cd20e0806dda5367bd728495a8b48 |
| SHA512 | e6ebfcc48873250765332786c23ce6cd4da8a8f356c7dac65b1891e6a1351fd9501a470bea1538bc23033b59e902a30a1cc87442c774a8328c8abe4af75eda10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 63e850304e36cc8b2004babfb2dafa91 |
| SHA1 | f93f6bee14861219896383d041da80ce86e3a087 |
| SHA256 | a3ee1d08cb25ce8c4457142c4283fab6e0926f8505723c55c24ce44354422171 |
| SHA512 | ca8e5ea5d509b1ca7fab5f90af46b9a2c3dab8f0c3a6cc923deaba97a69263b11953b1f1a129a662eaf5b8932b18d8ae235abe86f64c15bd6f4ad3d5f5905e50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cb78418e8c399f7a97da3c3eb6c5c4b |
| SHA1 | 031b9cf46d182746407feb8e1fbf7da1433d2b2e |
| SHA256 | ae39ad8e136b2fd1890bdfacab6f2fd5fc0e69b942c4ebe13beef269d05bdd82 |
| SHA512 | fee3fb81d40dff8562cc307d8be1e597f7b261c5376a865fc3615262ddce510aa532ea80ad4b1043b3dece341fb49b5aaaebb4b130ca3e8a4af8dfca1a53e27e |
C:\Users\Admin\Downloads\Unconfirmed 377239.crdownload
| MD5 | 38cc023464ba203f847e9b2dda828cf8 |
| SHA1 | 4e5b7773c21813597a8b8f8b71c59656cd5f6d4b |
| SHA256 | 703184640dcee1ca42d80d64f2182a719ec078956072dae2e25e6b35c5379731 |
| SHA512 | 3ce7814d3850670a06d4cc084bec339433ddf246d2e9275ad72b6c5be65cc48d3a58ae501facfcfad8fd6ded118cf944f1f20c4945cb716d1d26aa1a9d7a8399 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53180c3719791906c15b914b270ed6db |
| SHA1 | ef6d09766e67221a5284d03b1d880e2fad336a8c |
| SHA256 | a229ebffcb1b30d7074d006308432461edf1c2e1e431831a714dea0820768860 |
| SHA512 | e87d7de9d365c75482d6076c4d93e4be8e22ab8cef4826e301a7bc3afdbe5e74d6acb1c84fe5c26807a9c2caedba32940b46e3041b39cde80d0aa7d0af6a2b25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f5b2d6f5f5415a8570304dbcaee9f40 |
| SHA1 | da34669eab26166d851c19837690ef6fd9635a65 |
| SHA256 | 8bbd563cb57e87eff9b7bfe726dcae72c12a8c2537e0a987738ba008c3ee8316 |
| SHA512 | 53a503f2315c354788d7f5dbe094250fa4cf2eff5a95d03ffbd613809a0f00597d0cb5327aba68b6a018e80b17e920dea8309bd720db217e6939b53b1c207697 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9dc31bb8ae8fa6b5941e7d2e20458e78 |
| SHA1 | 6abed4185b9269723b082cff77f51a4ae27c42a1 |
| SHA256 | 9fdb0df76484d75b4299265d0163de35931fac2ce2fceff50c0890c64f2aa32d |
| SHA512 | 7aa81c287adf7ff5d78f643468cc2cc5cc0421e4b7831c8659f30158929fa733b01d22bab5c63ee63c8a8bda34cd0a4d81a5e882730f34fb62f4d46572e060c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 75694b76903737a4326cba3905959c01 |
| SHA1 | 20ad67fb3768ac6686c5a87113691fa616645514 |
| SHA256 | b8ea2d3bbb9b2bfb0f93ad7afbb0f43e9c180dc21f5b8758e585516fbe84fbe0 |
| SHA512 | c51e01f9bf77644bf56e1cb5b5963b5c1a79dc6826e0a27e436486afbda1ddd783716ba61c8463ac4d360d6a28604672f592bf05c9ee9e5970415ff1645ffd74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8a554861f1ba3e15ff3c295a55bd62b1 |
| SHA1 | fcb199a9e0de1e94e3397489e916b26be7808bbc |
| SHA256 | 2e23c36581876b054cb6942318ccee49386c8dace3c7b562f86aef063e51a5c1 |
| SHA512 | e7b3e0b63803882cc647e8b69d8a06ec4bd1fed0f4c0678bf75a5ba0237def90566a11dee8e6d01e02db39cebb9a68b1e0ae9607d546f55d740f70d5b8552e3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1038f3e98a49e613e6d15159400695f5 |
| SHA1 | d04cdb626bfedcc48988366f04ebc8d5561a2eea |
| SHA256 | a24e72f322a57b9d86badc1ac96deaf549c8ec2589a968b5c1a8ada99ee2469d |
| SHA512 | eff3428a3966077a64fe497ebb675b864937250dd3869137cf828077ed7e7b3aaa8e6e772004a954f5dd7a19145a98bd87f8f07b455c638fb47610c28a345379 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 904d5da3ae3b578d839e2ea841e5ada9 |
| SHA1 | e0d08a587c158d37746a800613f8a99d5bd5fc38 |
| SHA256 | c7d1d730c78821378825ab1533a4720da0868c286f5af90b783a255d1cf1018e |
| SHA512 | 7e22d7f180df909ea76b6f4f0c19c33fcb8498a993b64d42791f8a4bbef44d90b460193e9268c474a2458f8beb6806cd0068f5ff11efd106ae865cce4ef2adfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aac203ec5c12df54e01bea52bb9589e5 |
| SHA1 | 6a5921848a5c5d36c66fb84e500efc5f4bc6d268 |
| SHA256 | 66205bac7bda97037652af372f689c4531ca8d156eb00e0acb1a200e55181175 |
| SHA512 | 48d2ffbf31100a81caff5b02760181537318a50459a89c31d1f6bad779d5d135f380ea2b7e70506c37951c96ae5ec262ba40293662b39b3d987a40ef20ccf171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ec2f4c352e4b7ed3872e7cfd2672ed1 |
| SHA1 | 8082b45571b674005966758cd57d7b22b892acc1 |
| SHA256 | 55b36f524460171344e8e407b450168f7cba4e822c5a26d2d08c33e0e597a789 |
| SHA512 | a2954db228106da26089476b6e381a8059e1bedbc3a32eae4417c95fad23d1ddf54a1e8cf9d794e34401ce93e21df3dbd6a944e192b6827b8cedb3fbf926e2b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df750a330bedd2dd471b88950a976b3a |
| SHA1 | 3778a57d6fa6563c68c0e663bc56b665b126598f |
| SHA256 | 97e01a0cc3b375ee621a8efd1fc9e1d99da5202f59ba69e32860269515d5bc40 |
| SHA512 | 3d48b1330b0964f049166853f1b5f527cee1651bf535d31d561af9efb86dd34e15a24214fd56a414ac55ce548e430ca27e1ba139bbb6f102729b8daba2fe3c39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a8ad593205d089eb0896cdcaf051b7c |
| SHA1 | fd6cfa0534028af37ba3fcda2801bc3ea65594cf |
| SHA256 | b94bc71e94e3ceca1a9c08398fb870afbc91a0c3fdad41bf68125cdb30823a7e |
| SHA512 | e40158d513becc25d8d772a90840c237a777ff18d827c1597a7759d11b31249dfeb988412073dbb5ec54976067e1b45831aec780e451cbc5ee45b619574c94e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c55eff1647c5c9339fb36978e4eb1b17 |
| SHA1 | 41158556b8c9c7ee1bca3b35dc02492e53b34748 |
| SHA256 | cad4e25ee25d0f9c9466e036df8afa9e0c6f7b788f58a33337f94c026201d9f2 |
| SHA512 | b20971f71b2c9cd952f063021fd450974d93403d158d036febc51a328577682d89e4d7b11a7dc61e31410830629811234c5e265479c88a2512c2de6153b27e56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\Downloads\AppSetapFiless-win64_enus.rar
| MD5 | b575972769490a1e3ca1fcee07537f13 |
| SHA1 | a60603fb405344f765d41db5e24c4fc07c21b0e7 |
| SHA256 | af0fb84a4ebbe2c4059d374e82f6a9c149d450de062c16e9e409422604a9c1e1 |
| SHA512 | 55bb20e9b93e9ed8af57e22d183f277c1aa7b5e3b25cb53e2b3832e826afe942a4bdc8183c400cd02f245470eb5e8c554e5e4da8ec3b89f4ba82b74a714f2d0f |
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libavcodec_plugin.dll
| MD5 | fad5798d2177993c88072f28581750e9 |
| SHA1 | 029bb1a51e948f649ed8af73bb54b99493b7e233 |
| SHA256 | ab10e941252965e338b8b9351902c8eec98c71fa23dd431769a732ca109b5f22 |
| SHA512 | def4e1de52122ed8826b46f00067bbd3420e2591bb854310aad05e2e4f01923dec5400ad242ce3e3a71ae344794688ebb084fa534ba50f946f2e6ad0d0649161 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\codec\libd3d11va_plugin.dll
| MD5 | 1137f05e3030ce4031dfa68731650f25 |
| SHA1 | c1e78b9ad6c834d71b0f42ca0f4932f37b7b1579 |
| SHA256 | c5cea8862585850e651cbcc5883c70ce7d54e1871b53905b210b55ed9bc1fab1 |
| SHA512 | 7b03d88f75a30cea02c766741550fb781f7a9a9472145558989e90cb8294f58d7104c79f94f2775fdb90edd38580d189816e63e56aa7c5f022e85d8bcab20a2c |
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libdirectsound_plugin.dll
| MD5 | 077990f957556e8a72a37f0ee09a2083 |
| SHA1 | 371908e5515adb53a57f8d2bda47d59a7346fc1b |
| SHA256 | 412f9ec13da17b2f2269567b8397b587352070ce77a641ae40b7a243e26c57ef |
| SHA512 | 420d536532ccd474176e2ad2421e655708e0835faa1a60f9b2a70f8a54fdd8d787567c30f478639a367d913b5b34e4e0a81c1c38d95d14351affb25abc536770 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libimem_plugin.dll
| MD5 | b0770c82314e94afd0d793774d66290b |
| SHA1 | 79b280cda1ca944478ebad7778f642d415de523a |
| SHA256 | a5c2f2030e2cb70837d35e434d9793cafa04132e1823430ebcfbd4d985899637 |
| SHA512 | 21f4780a6da31c84fbc0fe117eef11cbd796d837b7fa38ec8c5e025c8b318f0b925775a7dec1e909ee14da77d800a01115758e803ddeb605e1da0ccbff047133 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdrawable_plugin.dll
| MD5 | defb6d6c7bfbddafd3d48d47a69d47a8 |
| SHA1 | 787c35fa991694f54834d007c13646a219ba43e4 |
| SHA256 | aa8cdd685be3ffecb848dd4264061536d562b784c473c3ad1abc1fc3527ac1f5 |
| SHA512 | 2284fdaec89b819b695db72c493f59b11d60eeab24450c500b0972ee097eae0e51578c0a3044ed100c8ea29e389e46183400ab17140407eebb86a418e04b005f |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d9_plugin.dll
| MD5 | f910aee501d6fe100096dcdf9bd4b525 |
| SHA1 | c3aaf9ce5643695822cfa6935eefd4e39eaf3d14 |
| SHA256 | 77a79184b2c81da3b98d501632fc8e5c8af6d078dd29414ae693906f51c343aa |
| SHA512 | 05fc6297fb44ef9e60cb975d941d98dd7bea9fbfea1e48723168725a887b1e1e8e00f97d8a5faf419039ee791c2f14404db61e65b40c767e17a1dcc2f6f84940 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libdirect3d11_plugin.dll
| MD5 | 267237343345265fe20a9688bd840de2 |
| SHA1 | 99fee276074a4671e2b5ccceeaf71ec951df45e5 |
| SHA256 | 0732c8978869bcbf11fa63f8cfbb5d6c75dfd8d34d176cae2dac99a261bcf2dd |
| SHA512 | e354a8c0ec8c32792b6c356dc519d41319684ea2d20d18b61e19eeb8133a049db93ac6845e9ca7978f2933be9bf37eb3f608b81277dc14e3d7d240b206392196 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\access\libfilesystem_plugin.dll
| MD5 | 8fac15d2a2da66abdf345afa45ac5e3b |
| SHA1 | 553d4c9f39726d8aadb15fed7c904048928049e0 |
| SHA256 | 66ef741a9282b420b09b940fbdbf666cd1625a8da18daaece036fcc4e1a74d38 |
| SHA512 | f756e3b3368245d4670cf0f86a6727858e3ead983b3e10c11d9b13e67d86b632703f44df70e648bb8edcad295744c763a268f4eb02ace0055405c3e9af124548 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\video_output\libvmem_plugin.dll
| MD5 | 30afe05b0f7f8dbcb10fb9533b189754 |
| SHA1 | e92e194b6c0b9b3abdf16f2d6a80081e61f3af65 |
| SHA256 | 2062d5c42d295e8f01cf0d1c8402460597f1e2b9ba9f86cdad22014364a92782 |
| SHA512 | 1ac4386671dd47fc9826b718b345295ae2b1a35a1198f4a0d9c0003a3983940df118e440ae9b02e7ff1d821e38eedbdfe1650d6dd02ef39da4c08ace4b17d634 |
C:\Users\Admin\Downloads\Setap-Filess\plugins\audio_output\libwasapi_plugin.dll
| MD5 | d217e0144d8d9237d284a38f9c3e6340 |
| SHA1 | fdf9f0edeecb0759fd8b502cd5314511e60f6347 |
| SHA256 | 94eb16ffd5526836c715d0a1eedada03f0a1061920cbfd44fd4daee3dfabd1af |
| SHA512 | 22f7b1b05035011b95f3bf3f1ce4aeb43f8baaa8dde2f2d565dfbf83a9b0a00adaae9c941cd5a2ad4633444d9fe1410accb97a1dd16396afbe84679758738227 |
C:\Users\Admin\Downloads\Setap-Filess\Setup.exe
| MD5 | b15bac961f62448c872e1dc6d3931016 |
| SHA1 | 1dcb61babb08fe5db711e379cb67335357a5db82 |
| SHA256 | bf1a0c67b433f52ebd304553f022baa34bfbca258c932d2b4b8b956b1467bfa5 |
| SHA512 | 932119f7dc6710239481c80ad8baaed5c14a2085fcc514b6522671b1a4ebbaf488e43453f11d5aaf6dcef7a245db8de44d93ff255f7cf8385b7d00f31f2cc370 |
C:\Users\Admin\Downloads\Setap-Filess\WCLDll.dll
| MD5 | 47eee41b822d953c47434377006e01fe |
| SHA1 | ad42e88bbcce1640aeda1397f82c826ba764d08e |
| SHA256 | 218106e2f5ee44e8ae3ecf62e5c2cb1c3db50e5825f4737c9d13bbd48114ed0b |
| SHA512 | 443328c44f0d4203c1d7ffc0cce0883c279db9a820e53c5ef4e4711fac451563b4f2ef114c21a4c947212def9f4218ef852ca0e9bfe8a8655668c757f591883f |
C:\Users\Admin\Downloads\Setap-Filess\vcruntime140.dll
| MD5 | 16b26bc43943531d7d7e379632ed4e63 |
| SHA1 | 565287de39649e59e653a3612478c2186096d70a |
| SHA256 | 346f72c9a7584c2ab6ce65cd38a616c77ebddc0bbab2274c4e89dd5e62237517 |
| SHA512 | b5b7b4b8c5ab4276a34956e43f586272b1803ec3609253fee1bcc0a549aed7ba11d47404b023f7b67af701726bab95cca55738e7bd5bca272eca5ac71bb418cc |
C:\Users\Admin\Downloads\Setap-Filess\msvcp140.dll
| MD5 | 71a0aa2d05e9174cefd568347bd9c70f |
| SHA1 | cb9247a0fa59e47f72df7d1752424b33a903bbb2 |
| SHA256 | fdb3d86c512adff90967cb860d02a4682850ab96727f0376e4d4836504c50e47 |
| SHA512 | 6e65520528facaa4058720eb16d6bfdcc7bb36923b7e8e6551f3526709f0fabafab123999e618438e6abe7efed4a1332547cfc988f2b24b0e3d91198b95a911a |
C:\Users\Admin\Downloads\Setap-Filess\garret.sql
| MD5 | ccae01c00a7bba0bcffc9b1124b59dc5 |
| SHA1 | 2cc8eaff7984a83da0dc81db7f0a97746dd58418 |
| SHA256 | c9d728b10c339685bea1c182c41dfefa105850d422f4f9d47d66ce058a0f9998 |
| SHA512 | 910138e01bc14f4e8e7679e6997651e8ba4e946a16b9cbbae127a00d82d394cbc06becc7e390395c00913e2fe781a464d3cb45a98af71ccba0f45514b4bd6c1e |
C:\Users\Admin\Downloads\Setap-Filess\toughie.txt
| MD5 | bc64e726ff9f079309711bbce16038b4 |
| SHA1 | ccdd42ce09d6a8b29a696f2c9924167bfbcc6f08 |
| SHA256 | 5335f7aa5c4b96e7533990e22a81dc4d6e19262dc100074262dcf612d3d3c058 |
| SHA512 | 92f7df5683c73475dd7fee405ef2c8f13482df75078e108a1337461e98c349b9c3e6efba1ce8a448cd54046368fa3f8bbd22c2ef9224b95d5f769c35788dfd68 |
memory/5440-1796-0x0000000074190000-0x000000007430B000-memory.dmp
memory/5440-1797-0x00007FFC72010000-0x00007FFC72205000-memory.dmp
memory/5440-1803-0x0000000074190000-0x000000007430B000-memory.dmp
memory/5440-1804-0x0000000074190000-0x000000007430B000-memory.dmp
memory/4720-1806-0x0000000074190000-0x000000007430B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dee6971b
| MD5 | 3d357ab3d03bc74a84b169dc056331c5 |
| SHA1 | 823f04645a6815e9aecba03f28b47d84131e1cd3 |
| SHA256 | 0a0aec7f3cd219dea3a6c4691ea672ec9a6295cd8f900bb06f5b134435375552 |
| SHA512 | 67ce27208d78f1f02ac56a90dd2401f4d7d2c8c233af4ab0f0df4e02b3be7f89e3a874840e67ec36ee8027959e0257bb7acb5fbc305320188bd5dd99710df06e |
memory/4720-1808-0x00007FFC72010000-0x00007FFC72205000-memory.dmp
memory/4720-1810-0x0000000074190000-0x000000007430B000-memory.dmp
memory/4720-1812-0x0000000074190000-0x000000007430B000-memory.dmp
memory/4720-1814-0x0000000074190000-0x000000007430B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RcClientBase.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/5128-1816-0x00007FFC72010000-0x00007FFC72205000-memory.dmp
memory/5128-1817-0x0000000000140000-0x0000000000190000-memory.dmp
memory/5128-1819-0x00000000006A0000-0x000000000077F000-memory.dmp
memory/5128-1820-0x0000000000140000-0x0000000000190000-memory.dmp
memory/3084-1821-0x00007FF6058E0000-0x00007FF6059D8000-memory.dmp
memory/3084-1822-0x00007FFC63730000-0x00007FFC63764000-memory.dmp
memory/3084-1823-0x00007FFC542E0000-0x00007FFC54596000-memory.dmp
memory/3084-1824-0x00007FFC67970000-0x00007FFC67988000-memory.dmp
memory/3084-1826-0x00007FFC62DB0000-0x00007FFC62DC1000-memory.dmp
memory/3084-1829-0x00007FFC62D50000-0x00007FFC62D6D000-memory.dmp
memory/3084-1828-0x00007FFC62D70000-0x00007FFC62D81000-memory.dmp
memory/3084-1827-0x00007FFC62D90000-0x00007FFC62DA7000-memory.dmp
memory/3084-1825-0x00007FFC64230000-0x00007FFC64247000-memory.dmp
memory/3084-1830-0x00007FFC62D30000-0x00007FFC62D41000-memory.dmp
memory/3084-1831-0x00007FFC53EE0000-0x00007FFC540EB000-memory.dmp
memory/3084-1833-0x00007FFC52E30000-0x00007FFC53EE0000-memory.dmp
memory/3084-1834-0x00007FFC62CE0000-0x00007FFC62D21000-memory.dmp
memory/3084-1836-0x00007FFC62BF0000-0x00007FFC62C08000-memory.dmp
memory/3084-1835-0x00007FFC62CB0000-0x00007FFC62CD1000-memory.dmp
memory/3084-1837-0x00007FFC62950000-0x00007FFC62961000-memory.dmp
memory/3084-1838-0x00007FFC62930000-0x00007FFC62941000-memory.dmp
memory/3084-1839-0x00007FFC62910000-0x00007FFC62921000-memory.dmp
memory/3084-1840-0x00007FFC628F0000-0x00007FFC6290B000-memory.dmp
memory/3084-1842-0x00007FFC61C00000-0x00007FFC61C18000-memory.dmp
memory/3084-1841-0x00007FFC62830000-0x00007FFC62841000-memory.dmp
memory/3084-1843-0x00007FFC61BD0000-0x00007FFC61C00000-memory.dmp
memory/3084-1844-0x00007FFC5F410000-0x00007FFC5F477000-memory.dmp
memory/3084-1845-0x00007FFC5F390000-0x00007FFC5F40C000-memory.dmp
memory/3084-1846-0x00007FFC61BB0000-0x00007FFC61BC1000-memory.dmp
memory/3084-1847-0x00007FFC5F910000-0x00007FFC5F967000-memory.dmp
memory/3084-1848-0x00007FFC60750000-0x00007FFC60778000-memory.dmp
memory/3084-1849-0x00007FFC5F0D0000-0x00007FFC5F0F4000-memory.dmp
memory/3084-1850-0x00007FFC5F0B0000-0x00007FFC5F0C8000-memory.dmp
memory/3084-1851-0x00007FFC5F080000-0x00007FFC5F0A3000-memory.dmp
memory/3084-1852-0x00007FFC5F060000-0x00007FFC5F071000-memory.dmp
memory/3084-1853-0x00007FFC5B240000-0x00007FFC5B252000-memory.dmp
memory/3084-1855-0x00007FFC54CB0000-0x00007FFC54CC3000-memory.dmp
memory/3084-1856-0x00007FFC54C90000-0x00007FFC54CA2000-memory.dmp
memory/3084-1854-0x00007FFC54CD0000-0x00007FFC54CF1000-memory.dmp
memory/3084-1857-0x00007FFC52CF0000-0x00007FFC52E2B000-memory.dmp
memory/3084-1858-0x00007FFC52CC0000-0x00007FFC52CEC000-memory.dmp
memory/3084-1859-0x00007FFC52B00000-0x00007FFC52CBA000-memory.dmp
memory/3084-1861-0x00007FFC54BD0000-0x00007FFC54BE1000-memory.dmp
memory/3084-1860-0x00007FFC52AA0000-0x00007FFC52AFC000-memory.dmp
memory/3084-1862-0x00007FFC52A00000-0x00007FFC52A98000-memory.dmp
memory/3084-1863-0x00007FFC529E0000-0x00007FFC529F2000-memory.dmp
memory/3084-1864-0x00007FFC523D0000-0x00007FFC52623000-memory.dmp
memory/3084-1865-0x00007FFC522C0000-0x00007FFC523CE000-memory.dmp
memory/3084-1866-0x00007FFC529A0000-0x00007FFC529D5000-memory.dmp
memory/3084-1867-0x00007FFC52970000-0x00007FFC52995000-memory.dmp
memory/3084-1869-0x00007FFC521A0000-0x00007FFC522B3000-memory.dmp
memory/3084-1871-0x00007FFC52160000-0x00007FFC52172000-memory.dmp
memory/3084-1870-0x00007FFC52180000-0x00007FFC52191000-memory.dmp
memory/3084-1872-0x00007FFC52140000-0x00007FFC52153000-memory.dmp
memory/3084-1868-0x00007FFC52950000-0x00007FFC52961000-memory.dmp
memory/3084-1873-0x00007FFC520A0000-0x00007FFC52140000-memory.dmp
memory/3084-1875-0x00007FFC51D90000-0x00007FFC51E8F000-memory.dmp
memory/3084-1874-0x00007FFC52080000-0x00007FFC52091000-memory.dmp