Analysis Overview
Threat Level: Known bad
The file https://github.com/Intruder1235/Roblox-Injector/blob/main/Roblox_Injector_v1.0.0.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 13:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 13:36
Reported
2024-05-26 13:39
Platform
win10v2004-20240508-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of SetThreadContext
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 228732.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 513447.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 578126.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Intruder1235/Roblox-Injector/blob/main/Roblox_Injector_v1.0.0.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ad3946f8,0x7ff8ad394708,0x7ff8ad394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe
"C:\Users\Admin\Desktop\niggas\Roblox_Injector_v1.0.0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4001760149627623916,5277197247276228769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5312 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | acceptabledcooeprs.shop | udp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 8.8.8.8:53 | 156.59.21.104.in-addr.arpa | udp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
| US | 104.21.59.156:443 | acceptabledcooeprs.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_5100_PMJFVYTXMDUFVNVP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0f6a563a4e3d60ab1925d259579e0a7d |
| SHA1 | d3997130bdac976b353f48aa2a82f04633fdac91 |
| SHA256 | e8f26c83d43e3e394bfdcb941db6c2615462bce808bff9e9e67652258f720183 |
| SHA512 | ac2f4a9a0befd8cf7c2206b7c6096d0d2c0d8d73b428e1ad9de96cd4b49726353d325e37741689c032822e875fb45b28384e2b888791479a5ad6b9dd67be8c2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 98516c57a0b8ca2b0f406c1acc74728e |
| SHA1 | a3f2b78bab3b18f3ef4cdf8b297af58ae1d67624 |
| SHA256 | f386e23c2441afcfd9933b476353cf33965655a2838e35664e8a3aed358864f1 |
| SHA512 | 02aa35b206cf808b4ee05381f1955ce9b68f52eb057dd5b01e3bd70b2f5662bf314e962439fc9b99584525c1e9eab88dacf04d8dbad40851a8694f632e87146c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87c5d9a0fcf5f02be81435dc1876829e |
| SHA1 | 9987e334924e8f64dfa36f15c942556d0fb435e7 |
| SHA256 | 31a1bc1a137e8a1406011c688ca437cf1c9ff22c7b874b07650b65ea2bc184b5 |
| SHA512 | a318bc661af94cd7677afefc700bc02ab91edafdcf601b8904c9072b9d0c3adfae43575ddcb93d9735b2b57fd93fbe3b3ad490b1d1a92d813e0f6df288e18b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 949ca03b7e12d6563ee5dc4709ff1222 |
| SHA1 | 59ac56f69a8ef146d393754a4e977b13b1c392f0 |
| SHA256 | 238e6703520f7d0811f76e5fdb6fd0654db164599e9f704f9edfce7b79885c8f |
| SHA512 | 5b792040e5c3ae54b149800430dd41288f8d6ce8102f5c651528e66a9268308f726148738f36248c9fc3ba6dfcf6318e31c7d3681bd0980888e2f18cb4df927d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 62139b8a0677d2d58516ffb7fdfeb4e8 |
| SHA1 | 5b1dbc42f053a679750881a8f778f29c78876ff7 |
| SHA256 | ed4e729d538d24fc4c43b81eab45cab0e0613c3ddcf1ed6c14b576f5a5b7236b |
| SHA512 | b3ef998afbc3e11971ea3544824ca0f5eadfdde38ec6b481f2cdb655c61cd59553adc6d453c7d8c277a3b8dab93480a87ad2f9e8c0cce26b342db292778e35f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e01f.TMP
| MD5 | 6011f4cc01ca4790b66cdbbed1d0e4cb |
| SHA1 | 9ac17ca58d116428d21d85432f5b2a5a22bcd55d |
| SHA256 | c46ee1be5ae48b57220fa4e20012bc2bc6188e9e8f2d9bdff3a7922d83c3144a |
| SHA512 | 4fcf9ef147c76ac77d05a3691d765fdae3835434c9f3f32418265d5407316c4301fc5fa289d1dc2e918aa84e7f4dbb4a3c9d4d5c0e4b5155b6486b2b7d2ae9d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf800973ca4fcceef6199525aafa7d18 |
| SHA1 | f3365c8c87421ae9789d7a2369b9ca34752b639a |
| SHA256 | e160dfb03fd1dd7d96900879fc61feaa8d4236092b89744e949d5f5da0a8ec17 |
| SHA512 | 7bbc238e29bb5e86f5fe550f842e58dc29ed3f0fb69740165389ade9838c2a4fabe26866c50fbb523be3e3426dc8f2036cd32c1a7b2800d0dbd15693296777ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | adcda8aad7f111257d4c4eac2b2c0c87 |
| SHA1 | 00c970cb7b5d77cca1c441fd7a296e5b4047dbe4 |
| SHA256 | 7e54ecc50ed80b9194b85720835102c9823c150285ed86b78045b5a2e56bad8d |
| SHA512 | d02ae620319e2dced13aafe42f3990ced35c7a532dd09e178555d7317acc44208a688c81971c8b6a71defbbe5fd50d4c047d381028b4bb254edaf9a90d127011 |
C:\Users\Admin\Downloads\54dda6ba-d981-4bae-a88e-d13337303a54.tmp
| MD5 | e3145b9836eea8d0493d9934a9eb7ad3 |
| SHA1 | 7909ea7d32e493834dba65f203b6ba4b9195b4eb |
| SHA256 | bc86dab42844bff76ab22ea1a16b40f47b16d7b8bc77550ab7e47ab507a69a08 |
| SHA512 | e5745bc0cfff9636beb48e825827a72eda0e1d36eaced18513269b7d2dd5543c911568a5bd10cc79e5c80309283e4a652070c186ea6791ef97dba26798dd9986 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc0931ab0cbc4d7a1efa64983dea89f2 |
| SHA1 | e3e48bb020765c6ffcfab98a2f52996ec80351eb |
| SHA256 | 96d863f0d48fab513cdceeb689c62fe1598b40ce6b57185072553674d68cfe22 |
| SHA512 | 9f4ac6f96efb50ca1b7f19d3c979498a1cc605b661fc511c77a5ae2a1c8725360ab86abc28ca13b8e48c526d372384068f37812fc98ead7cac1878edd644db86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d90d5570b7b2c67d1434f820d7a6615 |
| SHA1 | 89e4f0d22ffd0722418a03f5ce1ca08b08a42e04 |
| SHA256 | 2ab4fd55a46790a49191e19959157c5d5bb59a0bf2e15ae5b970820fbf8f02ad |
| SHA512 | e5d2b02baf51ad706ae875d9484b75fe2b0220f53bbf6046cf17d8a5fa6f7b37cc07a15b06b02cfb167196c304cc6edf1bca84d630900061205e4c27cf8b03d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 61bf509638de1854f476ab0ce0604440 |
| SHA1 | b5c39e3d27e5443bf01f7e97aa97736026cc60e4 |
| SHA256 | 4a84c5212b989d7748a40985828af0d670e92742683cd146b07f60bd43032223 |
| SHA512 | 5a0f4f6153474b3ac0aab23d7aa09ca272d9d8968e7c6c2da6aa751d80f2f9e0164c5605d919666694db21b713fb91765dc1ff033de23d283fa2041e129734d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 263df0f44fa42eab6dbf4092035c9ef8 |
| SHA1 | de1511ceb047b64a94ebeda2656a5ae47891536e |
| SHA256 | 55e65502480366385422d69b7b0fee9eaf79d4f77153e3c8b584674fc964e991 |
| SHA512 | e90be07095382b452ae9c73ae93ed048535dd76bf22ceb909fd1c81d6c547c3cd4a0cc309c5cc2ccbff38c414324f7a6c033cebd2e9285eab641dd795077b207 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abbb50fae24320067ebdbb946ef22bb8 |
| SHA1 | 2f619f5949da3ac050e509e4a7adb4d68e9d951b |
| SHA256 | 1751e6a8a1ec04d694a2672679fa08c712c6cd549710e041f0eeda0e63fb2a7b |
| SHA512 | 0f1e534c9ffbfcaa50cb4fc91cfd57de01ff107061e8158c2166f0c9405caeffd7f32fb869fa3d6eec1f85e077fdc2de03395c075383e2c0cc31a2a21ea0cfec |
C:\Users\Admin\Desktop\BlockDeny.ttc
| MD5 | bd9d7a71ef6a66dbe8e1c41b855eda29 |
| SHA1 | aa048d03358f167e00af30bc4b2df3ba1f37ca4b |
| SHA256 | 5a8f2a47eac924cde4467ea71317a4e1e9ed07f193f9ccf573e5880ca300eeb8 |
| SHA512 | 4d270bf82f453c78bc13e217fd1854803291c0ba76099ff568b9ae2b0f7709c920a4663d5d399f4a02c5f7f637fec30fd09aae3dd27b1c74b7eec9a7cb3cb0f9 |
C:\Users\Admin\Desktop\CloseAssert.vbs
| MD5 | e0c3aa9a8653614407e85e6ad2af280f |
| SHA1 | 3729968c4fadaf44510b4a2989a5c646446c0fea |
| SHA256 | a2508a0a36e29449a3ad22c4d75e9942cc0d08aa1b2b941a68272d62ea7ffa4a |
| SHA512 | 14f937141862fb1597c1ca0f08db7bf05315c748ab18209ea8f226256e1ce34ee26af6e226642bdc84d33f34eec7c58fecd4fbbf6bbb8e40c1a7f05539ed0f97 |
C:\Users\Admin\Desktop\DisableExpand.lnk
| MD5 | 7f88593dbaa465d17eb98c6370969566 |
| SHA1 | 3ac3f92457a416ee5879df92fe001b0d6cf09aec |
| SHA256 | 536e621947b6002ccbb5f116f7e9394c04135c4a8e120905a464ff5dde3093d3 |
| SHA512 | 2cb793b4440725edfa7770e203424a5d91c90b2b09a6e03ec21550cdd53792847c37e234f68599f6589e593b8318c3e54fcfffdf2a5231130c1a961f87737b20 |
C:\Users\Admin\Desktop\DisconnectResolve.mp3
| MD5 | 371b1766f3b36ee93f25bdc55a570c18 |
| SHA1 | f797a31afb61341db453a666eea4b1434c3c8e95 |
| SHA256 | f30c4b63ffec288b50ffa8b1f6d52cd617c549d3f9433c7340b6b79441400b4e |
| SHA512 | 02a2c23a50a45e5feaa85a7acbc63d58fbf222844dd7012030582caf90d8db258cdae2be0ad44729fbd0035053f199b22e5397bdac48b5e253ab50d84844581b |
C:\Users\Admin\Desktop\DisconnectUninstall.shtml
| MD5 | f51dc1f36aa64f18c0873cb748b033b8 |
| SHA1 | e31269448404c1e82c04361d576f993a37af7c5c |
| SHA256 | 191f8eb6d484b2be7e2b26ab3eacbb5e68770f805e02a6d7e1b2ef78eb78a6e5 |
| SHA512 | 51bdd3bb1dd5ed2af601e9aa399e785833217d572fd9d814945139313471ac3853a7b7c21da75aff2286fe412d6c047069af72d87bd4732c1cd8d08c43b2dca8 |
C:\Users\Admin\Desktop\EditConfirm.vdx
| MD5 | 4ced8a45caaa2abcc5d943601d22843e |
| SHA1 | 8cc1b74978f48826155eb37b0817103b600fa6f9 |
| SHA256 | 2d28f9849801de357821d91bf49a27311d153047fbb8820693d3a4135e1e7234 |
| SHA512 | 49a19932e604e546cacf9bc06ad375092e4858b735a721bd2c8865077789fdbdf403511459a7201bd8c38693b2e76f02a1f0c6b6e7e9f298005aa2027074675d |
C:\Users\Admin\Desktop\EditWrite.ico
| MD5 | 26453635719364263cbdcb8842c92ae1 |
| SHA1 | 27e6c811b5e87abca101bd1442436c8e9c910bb5 |
| SHA256 | 7f3e700e3eab385cae09bd65bad880879f5ff6279659ea8e2005e8b1fbf9e2cd |
| SHA512 | 8db4fc0891285f14142f3f186bcbfc717340886a9a1527ab5152f1073476a65423d0cb160f5bfe68cf07be63de48b9204807c94d9cbb4db7ea966fd1f6f4ee5c |
C:\Users\Admin\Desktop\ExportInstall.7z
| MD5 | 0b88db3c224deef560853b4034ade61f |
| SHA1 | 8c86c9496d6d6e7f5c840b813e28a5232fb37cfe |
| SHA256 | 1c491f0778a40f3148ecf71b4609b579ad1a20e6072156495db478e5c333fc1b |
| SHA512 | b984c70984a4de1fe0a6573fb918bf1a9c33baadebb14075de6069136d2ebfe65e7c18deafdb73ca471ba9375aba283653be4e92144467408535ea68ddba3379 |
C:\Users\Admin\Desktop\OutProtect.pptm
| MD5 | ac7f34926cbc47ce8b03021ea9d3f149 |
| SHA1 | a47cd0bc7ff6e832c8d0d41d844e837253d512bb |
| SHA256 | fa66a9b77f3107dcecc7e1f015ccecdd931ebd3c6b33bc9ebdadf0be95706612 |
| SHA512 | bf10bedeefa033b587246b138bcf821f83b86f40f3765afd77a368672057db83826fe0552ba6465ecbd39b965d6acd02c1adee57bb5a553bdbaa032ee091dc0e |
C:\Users\Admin\Desktop\ImportSet.rtf
| MD5 | dc5971f15b78c0aacdff8906046d9875 |
| SHA1 | 7d07264462c0105cda6f001d4835943a3f45e325 |
| SHA256 | 71820166b01cd7d37bb05844adccb3d02d9e5cb133412cdad625d789e60b344a |
| SHA512 | 0b4835bd9bd039e2ec102d312eb12e2f9e4cece44255d6057c9896e8e003f0195856c8b3e813ca61bcebe1869c02115de40880825e297ac9d1a8d261e7f5fb88 |
C:\Users\Admin\Desktop\ImportRestore.aifc
| MD5 | 3e135a0ba20c1e0a77ca76ffadb9a7b8 |
| SHA1 | 3c8607d66ea7d91d12e4f3c3bcf12247abb27c0a |
| SHA256 | 57d4893b72a4e35b7812d139d8923ce2ed67bf77d70c2d4478650ca3cd649595 |
| SHA512 | a03e6034b60964a0726d69164c37ac706454ebf422954e1effca9b5adfb7256de0b5d249139649d73c578844ece10c6452bfe4f4d470cfdf20edf976a1d339cb |
C:\Users\Admin\Desktop\PublishMerge.eps
| MD5 | edf78b9989f9c20c7460472daadac97d |
| SHA1 | 17fd460dc61127d7352b8e2d452105bc2a339da8 |
| SHA256 | 3247a315045c84f9a73fad5348f3fb80007ff312254cf943f93bbd6361d796bf |
| SHA512 | 9deb6eafcda90f85ddc6a729d1f487eeb3ad996630a5d0096582eaf072b282682a0eeb0adc5946f03751c96e19d32138936a2e4d32b1f265a5c773eca14c4e14 |
C:\Users\Admin\Desktop\PushEdit.tif
| MD5 | 773e97adbd429f15f178c96f81126c0e |
| SHA1 | 012326a81ddef521c2ac82eeb93171f22b8cca9b |
| SHA256 | f6c1f690971251c9d191470678f88d283865705abc17323fb4bb2edc77c10a3a |
| SHA512 | b71fd47ed24111ce58b8dc4287bcb3f5ea7779d443830aaf120003f907d375c21b89c29bdcc0924b8acef71925e426d3953a7d06886cb9a0bba932563b21fa72 |
C:\Users\Admin\Desktop\ProtectSubmit.mpv2
| MD5 | aec8caccdfa887f8fe3424f00145e846 |
| SHA1 | bdab178c2d968153fa059ce2c4b70e1081cdce3e |
| SHA256 | 1a99e69ee6784a763c1ef1e86dd594ff041135b0daef9dcfc8c5fda244f550df |
| SHA512 | 1e109575e9b423f7b1d625aeff9869a4d47e393426865c9c9e888f5d06a7e623040161ec223977f4a725b01465c749f25a40367b8d382b86e29ff2f8818fb21d |
C:\Users\Admin\Desktop\OutUndo.vsdx
| MD5 | 71ca61c829c1fd6bb946d609a0bf42c9 |
| SHA1 | ad283d60df2504c480af28e981e40bd2bbbd1288 |
| SHA256 | ca4241b71ac2fb5d245a1c159aa6f85a8af73446dc1857bd1c4540594f9ea3e3 |
| SHA512 | 43ce3b1e8d86b38ab0fec923472fae8f315c79eba2d859c243b848817f4e9ad8d48ff3359fbfa5b601281ab89e7523b00947b8f206b45d8065b5741cdddefc03 |
C:\Users\Admin\Desktop\RenameGrant.xps
| MD5 | 447205478540fe56810f42892e40f425 |
| SHA1 | 15b87ce854679d1ca92d13bf8c8c601909fbe8dc |
| SHA256 | 5ce2bf63b0b232c71bd2f3dd106e6ce444c5c7bb11583fe361bfb8b1a90b2cdf |
| SHA512 | 2c192084556935d77922d1ac3d711335df8d9e57b17646fc13aaf83d73f80278a75ae9a9e9257931c2ab246ef86eebce5706344f44db4efdcbba52f4741f0aab |
C:\Users\Admin\Desktop\SelectDeny.lock
| MD5 | 2d5921744c4421589e7c0d3b4d44015f |
| SHA1 | ec10d5df360c569e5fba2ba9d86a7fa2a7ef2c50 |
| SHA256 | ef784abb629af0aeed364372357e09c411d78d38cf257da0187c198da8a255a7 |
| SHA512 | 294bdc1dcfca294f538acd5ef9a9d45aa1db08297447f650c7479cc3b11640c615ef55462cad8405bd19392eefc7d3cb474e079626b5467965e4c039a6a1335d |
C:\Users\Admin\Desktop\RenameCompress.html
| MD5 | f6b91c6bec4b7f813db86a7834f4c780 |
| SHA1 | c468423c6d81fe3f25ab6d59de1550e81d62abec |
| SHA256 | 0cee435b5af94a38aa196bc329aa7b11d1b1b533b45416654aa7aac816eace4d |
| SHA512 | 9c57b4f810c78ecb9e85a11ac6f072b841c58a31c9dffe0d8085d076ea3a4155116b692a95c005e63ab7d3d6f65feadfc66472e8e9fee291f0a065ebfde946a8 |
C:\Users\Admin\Desktop\SetResume.nfo
| MD5 | f3dee49ee67ad02e10edf4ffc902b763 |
| SHA1 | df54464a18c3e82ba08a9e3f67668c918a0e542e |
| SHA256 | 6b9e37e415473ff8d5982f0e1ef458848655965af34891cd40a9fcbfffa0387e |
| SHA512 | 9ef54a4995e81641745dd9fb0705aa699caf219e0b5fff113c4c6a1a872621e468fe28e2e0778d09815eab2c26fc820b73e718a8efce362598d51062aebe1722 |
C:\Users\Admin\Desktop\SetRestore.xml
| MD5 | e92444150cd3c69a290a6561afcf2c2e |
| SHA1 | 071d746523b120ad0d00d63ed4faf8b8aac77de9 |
| SHA256 | c4601bc6c2892c520bf6b4e001b4de6ce5eb9fadee5558490ac4d86c412d166e |
| SHA512 | 33ed28f15be265e890bfb77bfceeaea56ca12a8e8272e39e1388e3e1ea2b9173eb368250368606fbf9215f4c8ab9973deb08dd05b53885e46a9dc79f9bc84a1a |
C:\Users\Admin\Desktop\TraceSync.jtx
| MD5 | cce646a09b8a801270d79cada525242f |
| SHA1 | e14ebdd59fabfed0c8f5dd207691544295ee0015 |
| SHA256 | 7c727e185347838e97ba4f455d9a0b5b31a6db94de39227013e7773386d53966 |
| SHA512 | 5797cb58d7541e55ff94dfd5201625489bfc70bb0bf6e17bc04eb185f588ad5e5f5b1cafca5419b3d9f4d3b95205bb6d9fd2817c0c03a644ca3b96fb3a0fee6f |
C:\Users\Admin\Desktop\SwitchStart.ods
| MD5 | 9e29892138645d129b4f73f04f0c8f81 |
| SHA1 | 556723440cf717fe6838f91c0322085d62e80a86 |
| SHA256 | 5157ddc8c8158c1a48265b54e58724399be4505364812cb7d3ef83742e4e2c03 |
| SHA512 | 98b354acf9441cab46647f287e12898506be35ff5fcf9ec1df59c44e0488e4ed62c5b43720a9e9dd401c1ec95dedd11e3db4109854eb429baa9c24ff1a530d41 |
C:\Users\Admin\Desktop\UndoResolve.vstm
| MD5 | 2af4998c6f7f350fef53a14920ab7271 |
| SHA1 | c78ac2ec2b3017f54aca51014491011546476303 |
| SHA256 | 17cec7b35c9f1ad325d1760496174cfc69e37c4695712eac9510d75fd02bfe7f |
| SHA512 | 9990b00aedf401bf0e54d329e1c0905801db5813a91d7e37f6c58bd54dbac81ea437a4a68afeb518abc8404d202c76e74f80f11a9c2a5ef96e7ca70865afc324 |
C:\Users\Admin\Desktop\UnlockLock.exe
| MD5 | 28939c3f793cf6873e292aa3ea9f62a8 |
| SHA1 | 868310c735df3e5aef011d8324cce3989f357777 |
| SHA256 | cc793e81fb9c707c6efaf9cc8e17af641609045dafb4867602bd166a5b37f414 |
| SHA512 | c586cff665b6076d657826a6f6739175536dac480242ad63b467f482514cd6c6687c2d5194483fea42a5210dab29d5a5aed5412bce76d56c8e7f76fff76e3554 |
C:\Users\Admin\Desktop\GetSplit.docx
| MD5 | b6959e98df05e40eb24c732ffc519b13 |
| SHA1 | bd05385506ae5634e377627604fb624824ddcc3c |
| SHA256 | c7974120ea9fe5b9769f9af5efd1752b9b18b4b20c4a30328bfff7366994e108 |
| SHA512 | 85214d78a3e787999c6a4066ea82dc21d23c00dca049a853439eb87117a1b4ebded39ef41a498646af979179d43e00094af24b3809e435bac410441852117a38 |
C:\Users\Admin\Desktop\ImportUnblock.au
| MD5 | ba409654285b1b36af52810cf155713f |
| SHA1 | 53e53e61a9730cef847075a6495f49396d382b4d |
| SHA256 | 41c3e99922e902d3e7965269f18d0d1be5c32e943386f6018646ca8fe34462f5 |
| SHA512 | 3d986e5f30bb762bdcb6da792830da1e74b24d4466ef11e3d71839f6dc05ef5b9eea0255165bb1b930ecdc0c55de6649e9aa3571eb9fb19067b3ff29fc6beae0 |
C:\Users\Admin\Desktop\RevokeExit.dwfx
| MD5 | c64232cf8388baf8643f302d150f0a9f |
| SHA1 | 3eadf99fca40e766a40c6acc0d20bab3a972c6f6 |
| SHA256 | dcc9af189dbdcbb9c46afd66711127744741bc3d8fff128d39665cf7f1f54a1e |
| SHA512 | 7e7077eb3f59a8c9fd6255021a71f5c76f76de6a973212b9f0600b3b257a0a0ee2aa19c5f340e5881c70af5116a916149ac25b31e7ddf35bc42d9f6f3ac83936 |
C:\Users\Admin\Desktop\SetOpen.emz
| MD5 | c7e87c733f77c3abb31df29f73612ad8 |
| SHA1 | 1a24f8c9d5590cdd364ef5b7d34d1c9b91201678 |
| SHA256 | f815d5c055e62790842478f706a0b749a98a1e8eb4fba6b969db6c78852a95d3 |
| SHA512 | eabf5b1a21de12f8bc43a5a90f58e7f48e88b4499101a09690007a802e9907037aa090a359d5ca4bc9ec119ec01f49cfea2bfc681871a2c89598efe4f4241014 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2b941c342a8b5bd69e14757e625b178 |
| SHA1 | 711d011a5ef2a2decb77c7392c88c56bbd5b3627 |
| SHA256 | d6f267e32c6d36015db40409cb58d7b9aa03f639b7957d72f586c62d39231592 |
| SHA512 | 125ce2dc16529fbd76e280da18a963abee3b9cb28ed0eb88dbb15526da2ec4fba10810e034d0aeed2e17c1051b1de859a6620c35c1ec72815de3ebe271a1ee5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e3a2d94a253d5ca6dfaed81a4874eb6 |
| SHA1 | ecb5cb987a788d2cbee06b17fd18fe134e5910c5 |
| SHA256 | b6d486c1149a0f55c12567521d805b818192276200409d1fe1ac58c8a3c4f28e |
| SHA512 | 3f3466d7fb1150b4db5525592ccece16a4121aab4b509f87ed4fd13a5f33eaab85e399fe841e6f3df2b712a295f357c772c1e97de9786206df13eae52a2da22f |
memory/2548-387-0x0000000000CC0000-0x0000000000CC1000-memory.dmp
memory/3408-388-0x0000000000400000-0x0000000000458000-memory.dmp
memory/2548-389-0x0000000000CC0000-0x0000000000CC1000-memory.dmp
memory/3408-390-0x0000000000400000-0x0000000000458000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 91296d2ca67d658a8273c7dff51ca591 |
| SHA1 | 00426819460cc61db5d44827648a439bd190b201 |
| SHA256 | 89908c5e6bfc5d998f5b7ae1515b2c42881d4741dd1e8e9f645bf05183cb686d |
| SHA512 | 4775bf18a4a3990d41ef3b1fc5b0284cb64748e12b87c7beac80d28f039b97197016f5f806f7e264e2133f38ad60d702bb5bcb39fa9571f2acc2c7fab5ef1677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 8a0e21b4a585f927b8500742515f7867 |
| SHA1 | 5b97d9cd15e1c2cfe9e100ee34e9de09280e716f |
| SHA256 | d1e2c27153085128fc18d1a1f202418f50367d3b5a129f614ef68b0c18b6fdba |
| SHA512 | 0612f8c2fd03ab557847bb9c65af657b4cb8140cf6be65aee4eb968a39e8c2521274f81561b9a63cac78f14f5311d42888c3da1a7a6487604d1681b9e80a5b14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
memory/3232-396-0x0000000000920000-0x0000000000921000-memory.dmp
memory/4052-400-0x0000000000E50000-0x0000000000E51000-memory.dmp
memory/2504-404-0x00000000008B0000-0x00000000008B1000-memory.dmp
memory/964-408-0x0000000000CE0000-0x0000000000CE1000-memory.dmp
memory/2984-412-0x00000000003E0000-0x00000000003E1000-memory.dmp
memory/964-416-0x00000000006E0000-0x00000000006E1000-memory.dmp
memory/228-420-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/1676-424-0x0000000000BD0000-0x0000000000BD1000-memory.dmp
memory/4356-428-0x0000000000170000-0x0000000000171000-memory.dmp
memory/5132-432-0x00000000008D0000-0x00000000008D1000-memory.dmp