Analysis

  • max time kernel
    122s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:33

General

  • Target

    https://mega.nz/file/v74wXKIb#HsjwN5T7sY4i8biyUpix6giUmvZVvJWx4rxbQ00WBps

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/v74wXKIb#HsjwN5T7sY4i8biyUpix6giUmvZVvJWx4rxbQ00WBps
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc763c46f8,0x7ffc763c4708,0x7ffc763c4718
      2⤵
        PID:4728
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:64
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:1828
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:3108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:4428
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                2⤵
                  PID:1640
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4184
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                  2⤵
                    PID:1768
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                    2⤵
                      PID:2740
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
                      2⤵
                        PID:4976
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                        2⤵
                          PID:5104
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
                          2⤵
                            PID:4328
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
                            2⤵
                              PID:4336
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                              2⤵
                                PID:2744
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                2⤵
                                  PID:2144
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3724 /prefetch:8
                                  2⤵
                                    PID:1160
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5884 /prefetch:8
                                    2⤵
                                      PID:4760
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                      2⤵
                                        PID:3028
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:448
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3748248991121019367,8603419219664336446,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1656
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2452
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:2160
                                        • C:\Windows\system32\AUDIODG.EXE
                                          C:\Windows\system32\AUDIODG.EXE 0x4f0 0x498
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:3832
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:4220
                                          • C:\Program Files\7-Zip\7zG.exe
                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Hackus_mail_checker2\" -spe -an -ai#7zMap28083:102:7zEvent12173
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            • Suspicious use of FindShellTrayWindow
                                            PID:4420
                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe
                                            "C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:3944

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                            Filesize

                                            152B

                                            MD5

                                            4b4f91fa1b362ba5341ecb2836438dea

                                            SHA1

                                            9561f5aabed742404d455da735259a2c6781fa07

                                            SHA256

                                            d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                            SHA512

                                            fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                            Filesize

                                            152B

                                            MD5

                                            eaa3db555ab5bc0cb364826204aad3f0

                                            SHA1

                                            a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                            SHA256

                                            ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                            SHA512

                                            e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                            Filesize

                                            17KB

                                            MD5

                                            950eca48e414acbe2c3b5d046dcb8521

                                            SHA1

                                            1731f264e979f18cdf08c405c7b7d32789a6fb59

                                            SHA256

                                            c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                            SHA512

                                            27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            72B

                                            MD5

                                            4562faf70b913f7cb8182a7284bb2f2e

                                            SHA1

                                            5574416434b93436b47be8a4eeccb79d69a1bd23

                                            SHA256

                                            6d036137ff7d59d21e451f1b547d446549c8b9d8e266caa83ee7b0106b995a3e

                                            SHA512

                                            82d37d176fc9d1dbf23cc493abc95d2d793a6be5c0e7e749dc34bc033f4eec0e46d72a4291ea1c52cbfb62c45c8876f913b36792ce5058ff30da288a1df0a040

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            72B

                                            MD5

                                            fe3e4463458cf9e83b260ff4d64a8eb7

                                            SHA1

                                            9dca0c3885b7e5b2c0acb135aa3dc538fdb32d16

                                            SHA256

                                            b47828bce70dfdfb77ddb2f130ec11070576c8f84524c1148cd403928ed8146b

                                            SHA512

                                            5afdf158800ca081e46d69f8f509e025763e9a27e4ab00021fa770fab89a21a5c18a8ca20287372e75f852245c2de0bc549705f1a877fa04c6c5799c99f4177e

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

                                            Filesize

                                            2.6MB

                                            MD5

                                            9e6f9a0e5b03cc7c281d94264632784b

                                            SHA1

                                            c84fd36daf4f68c95d5eb8e63053de28a5d89256

                                            SHA256

                                            61125cdbac4e93256ff9da67e5046d0e3187c14d4bda7668151c0e70e3084f01

                                            SHA512

                                            907333b185feaf80c3403a3e4f94d08bb2d6342c57eb14e84e18efad2ede294123cd01dc88ecca20edd45d8ebe3147b771f3c2db4e040cc18f0f25af61d1d4da

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

                                            Filesize

                                            41B

                                            MD5

                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                            SHA1

                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                            SHA256

                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                            SHA512

                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

                                            Filesize

                                            98KB

                                            MD5

                                            8132058a2a88647268a8831bad19ae08

                                            SHA1

                                            b7de4abdda95eb79e178699e613c952b20486e54

                                            SHA256

                                            7777679011b9efc15cba7789b81e948d1beacb0d25dca6e688794cdd44848b3c

                                            SHA512

                                            8d7856a5e9df5ac7f3b4ed588d8fa47c5f1910ec2d87079ccfd6daafbd84d1d2fd1eac83d5d1115ce7e0700058c983218824be6d0a6fcb9d011b98604b8dc5c8

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

                                            Filesize

                                            375B

                                            MD5

                                            5f3027f432f2d1b42e93cada72b1e27e

                                            SHA1

                                            497bdd974df2191d3a56b7bb75967e13771f53c0

                                            SHA256

                                            1d05559f88801e9c167b1064acd6e3e582b83c08f883bdb0c7fec4a30ae035ec

                                            SHA512

                                            8ebd75bf1b8200c4086163ec52d358b192d06d37934ba4ff4f733ada6daffa424f4503b7bd8e689439832d36ba2d6693606024fd956a35c20b7e9fcaddb7430b

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

                                            Filesize

                                            375B

                                            MD5

                                            8b8c42f692c272b4b183e98663bfc21b

                                            SHA1

                                            77be2fb74b76f6091fe634c1b5a644a49d0aa91f

                                            SHA256

                                            1d948835eb5bcc69ff60a87bb96de2f8c0034de5808126f32afef048987c69db

                                            SHA512

                                            99a5ff82e6ad0518c92e2032f07370f5fb9a5354c955f1db49c05c55542632356f45def025f0da720166bf8bcf43ede95521dee81cefa5772d1e2eb1bd6975d4

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

                                            Filesize

                                            378B

                                            MD5

                                            74f58445d147e4de3b65bc930e58ca73

                                            SHA1

                                            6c03dd0c76378a9a8a624e69cd4031545e71bbce

                                            SHA256

                                            dc47b30cedb9cf371a7be6650a8211245fc91467a2a0ba4e460829979fcca050

                                            SHA512

                                            9f262c48cd9c6b63cfbf74c02ba2654fb6e687980e42364bb39e721bc3ecd39f729a90da8b568d24e1c7fefc278f3986fded3ce15424f3a7b08f06913cb6d66b

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe584958.TMP

                                            Filesize

                                            337B

                                            MD5

                                            6940eca62df990154ca6b24de411e2a6

                                            SHA1

                                            1521dc9ab0eec151d0b783e765a4744c07e9a39a

                                            SHA256

                                            f8f384d046c797ec420137cdfe21f6e094a557abed283acf65383441c7382c34

                                            SHA512

                                            d92918842b4923298308c502808ad147a259e4c5007102a91ef4b58c92c7833e6c3f3967205c5c61283e54db5472667f07c896b5794c10718526989bd1b12977

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

                                            Filesize

                                            23B

                                            MD5

                                            3fd11ff447c1ee23538dc4d9724427a3

                                            SHA1

                                            1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                            SHA256

                                            720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                            SHA512

                                            10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                            Filesize

                                            188B

                                            MD5

                                            008114e1a1a614b35e8a7515da0f3783

                                            SHA1

                                            3c390d38126c7328a8d7e4a72d5848ac9f96549b

                                            SHA256

                                            7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

                                            SHA512

                                            a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            5KB

                                            MD5

                                            93b9ce1d60bab63a6d17dd0bec159cac

                                            SHA1

                                            886813dea72a585e328dff37957434e5a0eb8cb8

                                            SHA256

                                            d3d14c08075272bdc3f2ece82aeb265675d7372bc283e42aa78d514445c2ed3c

                                            SHA512

                                            e7470c8c4cbf3d17bebef58232d4070a227cbb252398df141760269c4462209ac2dd84ca7e0ef150f4f08a1c57ea89b14dfb285d88d3686adf2ef6f511bebb0f

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            23c32d5ed524486fdaebc5693571cd8d

                                            SHA1

                                            b1ebd805f23b0a8e778de3ad71517de79e0db2d6

                                            SHA256

                                            3f8667734ea83fcc83310a3b22e222ad76cb2d6fcd2a866a5cfc843810dab7f6

                                            SHA512

                                            176481ae86e206926d5890d71b3b38e672a05109c70a8c95e6997aab1b9474a527454dab8f5a34fc471ce530796466dec3c6ebb72c2ce545fa856126e4907c7e

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            bd7acadef7d20eb83254c4ae7c997c44

                                            SHA1

                                            cba6f8739eeec83732a3e36134e1f62440a040fa

                                            SHA256

                                            fe975e47a37eab9d4a9ab8cf95bf925be7ac28da4947568104580f155cb51f11

                                            SHA512

                                            50041d4bddadc61bfdae3d695b13e1cac2cfaf52da2bc7c90fd21c503d37019b187caa731005dc17503c9d6b82ab0cbfa7953722119e82a75a050fe12f0b3255

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            8e4e24d7b278a85445e21f218eaec7af

                                            SHA1

                                            a594223d7888eaff1194daa181fdf6534cd498b5

                                            SHA256

                                            b58d4b442500c8ba95307bfeedb9f0911a249afa3bed5325c50193c778f158ba

                                            SHA512

                                            dc4f7b7afefc7062bca437f016c22bc2ec27eb0e74335c4ee580f399eda1a4fb82611350fe125441f46aaf41f2403bbd6915da37bac4e7571333b898853a1337

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            fb1364ad3fdd8cc245f5170f20e3afc6

                                            SHA1

                                            7d7ceec1d79554b3d3bd1d64822c4dfc2731b5bf

                                            SHA256

                                            4d89b1d1681e3552ada16cd9e11244bb998a3c3881f298369267ce0ab2d6b842

                                            SHA512

                                            37e1365c5890eef804b82bbbbf4de4bef169f2e237b33cd1f8ac75a72e2f7b82ced55d8582f595d270b034a30d913b619fed05754fbb8ea35c94081f842e43d9

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            845f300c58e4eb08241369974735dfcd

                                            SHA1

                                            9c81f54520055cdbcf0944380f8e1e0fdaca4bc8

                                            SHA256

                                            c2c60313bf5a3bf78d0863c5c72688ffc0a8fe40dc3e0c1549b6cb888398d943

                                            SHA512

                                            3cde2af31c4a0875bc9f925b2c1c31bfdffe692f96bfe0f2add40f7fbf27f483d363d0a387e489041c758d72cf6d2dfc4f673a4d53d7765505ac1c9bcf29e6f4

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                            Filesize

                                            72B

                                            MD5

                                            6ffea94597e635626c5abfe6cbd61820

                                            SHA1

                                            3c4c8e119ba935504a286f79cb4a341ee32d314d

                                            SHA256

                                            244d5345d52a5de3f7a6d1ea7eb1b1f47c4dbc1dfe0b4ddec6b7671106ef3d26

                                            SHA512

                                            97317cb85c2a6ff9f6f8f8295ebe6d6f5c1dbc2f64a108c2bcd66084b972553ecf790bc9738a3bd9fcb927b88a73b9833c2bc4e32622635119aff713780ea89f

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585d2e.TMP

                                            Filesize

                                            48B

                                            MD5

                                            67ce3c245b2b6e4db19c5ef1e973b870

                                            SHA1

                                            b82676b6b21b59120ad5ce566eb9dce84d7d535a

                                            SHA256

                                            68c73d28fc52e4b8f30a832958274871bfe05992cee035d637ca1956a49bcc54

                                            SHA512

                                            0cfea7d4473ec935814f2a88cf76088e3e0e080122dc563f6a8513c51de9afbaa6cbe3040bcf45f11b71fc66c6f370642fbd726742c149fb3b416cdc7060521c

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                            Filesize

                                            359B

                                            MD5

                                            72b17db0534045e90ed43d6e8bee6584

                                            SHA1

                                            1734f114a2cbe7654f0cb1d0b3794cc675664f65

                                            SHA256

                                            1dce85404a3f6075b66b806d51583e77f305a7b08f43818aad853ecbd7ad46b0

                                            SHA512

                                            d2eb13d90bd904dcdc1b13205842b341b1d11da8cb25c88d671063fc773602eccf5bee8f47794d6be3885b583833c45723d75907da884ff1d14c3f8ade8707a6

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583062.TMP

                                            Filesize

                                            197B

                                            MD5

                                            f10c6942006187e04d5701b76031113d

                                            SHA1

                                            db024da893258a77f30d2d8feb58a5c3a59dbf81

                                            SHA256

                                            a0ffef71a8c39e405a7a98f387d0a887310b69388bf7d63fb4181e25b76e718e

                                            SHA512

                                            32385a361e768ad56cac758c6d451b135aaa13ba17a52777e703be29e799173c2e6e13ad3a2d48338713ca29e1b3b36e038e77333564ffd4469dbeeda9869cee

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                            Filesize

                                            16B

                                            MD5

                                            46295cac801e5d4857d09837238a6394

                                            SHA1

                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                            SHA256

                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                            SHA512

                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                            Filesize

                                            16B

                                            MD5

                                            206702161f94c5cd39fadd03f4014d98

                                            SHA1

                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                            SHA256

                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                            SHA512

                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                            Filesize

                                            12KB

                                            MD5

                                            daa53ca451bdba10d9fe699660008120

                                            SHA1

                                            c8f58d0898a8f51c261259dce9c1f23709586df3

                                            SHA256

                                            695cfbe864b5de050213ed552633ce6e196ec253b77b448349b23dad19dda802

                                            SHA512

                                            b43d7144ad8294e54cbd02c1f94dc2399c0929e4960bbfeb354221205a2f0822843646d1a1091cdd1c80967bcebde238a7a3395a9e81712808ce4dcbe9dfa7dc

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                            Filesize

                                            11KB

                                            MD5

                                            963f52ced293b74037aa61ec6735ee28

                                            SHA1

                                            847965916852ac80046a7630494eaf0cb6a164f3

                                            SHA256

                                            015bbf48e1e2cecc480688215a8bc22f6815e625abb3068535b7d6b603bd3ffd

                                            SHA512

                                            3f29a710143c986c2bf2f75814b89e49c345c67f2444331f4288deef661fe80274377fe692e285381f68d80ac9b4a162f2b18a6f55612c373cab4b58098a7582

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\.hackus\Settings.cfg

                                            Filesize

                                            3KB

                                            MD5

                                            60b29236031906ed6b96a746208eb5fb

                                            SHA1

                                            98cbdf6073197a99f182baa23b942f4867610a3f

                                            SHA256

                                            fdd43dca26ad9afdf0248cc286ed60ceb21bebf2778647be67bdaa69db12a46d

                                            SHA512

                                            ee02953f771c89fe4665370384272c1a289b83c5ad55fafcb8e00ae28bcf0a195451cf2c052e40da48c97ae153a4ab79890a88ae56013ea01053f158c5946204

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Hackus.exe

                                            Filesize

                                            2.6MB

                                            MD5

                                            b98582a96f3d102a3d45e7ed1111268b

                                            SHA1

                                            b1f4886d90acf2ab70477a043dea8b668a7494bc

                                            SHA256

                                            fb5518b93f5a75c4ddb033a5a1e8189d2e8177c863c8b86c0adbb2de90a928a3

                                            SHA512

                                            51530cbd2a90a0687203132ea5e8a40c7dd0ff3275e1183020ebd60707a360f66106eaf1856716f64d24ff06b0fd2ad1e29f12019e7d68bf00dc9cbe3a7afc1b

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\HandyControl.dll

                                            Filesize

                                            1.7MB

                                            MD5

                                            1ffa7237d695541158de09ef6a3fe74f

                                            SHA1

                                            d46c42d47302bec68b0f42969f7b1bb4a9504d2f

                                            SHA256

                                            9569eda5c0af677733b29fd3247d48651a5604f21e8aa03ad0fe3508d9609ba0

                                            SHA512

                                            176bd9478ec75cbe4f26ecfbc0717bdaa69148c5b38a8b14b9ea8477505ec56b982350c07acebe0aae9235dc313b0b64391737d9442ee397546eb3aceeeeb305

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\MailBee.NET.dll

                                            Filesize

                                            1.7MB

                                            MD5

                                            6dde77d756621d00016945736760f717

                                            SHA1

                                            7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f

                                            SHA256

                                            81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0

                                            SHA512

                                            e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\Newtonsoft.Json.dll

                                            Filesize

                                            679KB

                                            MD5

                                            99f75ea1a4a5a0206d4be30827ca87bc

                                            SHA1

                                            73e6aba5d4a8be5eb82eca5b5faa2594fbae3bde

                                            SHA256

                                            99592e8b144529d5e0acc40028758643ae475bcacdeb5288c1a1a3c0502e0453

                                            SHA512

                                            c3e64c3556f58b171ac6528a448fe44f22946177580cf29b01115783e7cba0037517b40e4a32c948da623cb447038eb713f9cd0617f27f7a5873488b297b4fe3

                                          • C:\Users\Admin\Downloads\Hackus_mail_checker2\Hackus mail checker2\x64\GoSrp.dll

                                            Filesize

                                            2.6MB

                                            MD5

                                            8f5f6ee061242d609bd05b48479d887a

                                            SHA1

                                            0005089c13ba90f2d150a6e117bf463a6e28af54

                                            SHA256

                                            6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2

                                            SHA512

                                            f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa

                                          • memory/3944-498-0x0000028CC7AB0000-0x0000028CC7C6C000-memory.dmp

                                            Filesize

                                            1.7MB

                                          • memory/3944-503-0x0000028CC9E90000-0x0000028CC9F4A000-memory.dmp

                                            Filesize

                                            744KB

                                          • memory/3944-509-0x0000028CC9E00000-0x0000028CC9E22000-memory.dmp

                                            Filesize

                                            136KB

                                          • memory/3944-507-0x0000028CC9F50000-0x0000028CCA000000-memory.dmp

                                            Filesize

                                            704KB

                                          • memory/3944-502-0x0000028CC9C10000-0x0000028CC9DD2000-memory.dmp

                                            Filesize

                                            1.8MB

                                          • memory/3944-505-0x0000028CCA110000-0x0000028CCA2C6000-memory.dmp

                                            Filesize

                                            1.7MB

                                          • memory/3944-499-0x0000028CAD750000-0x0000028CAD756000-memory.dmp

                                            Filesize

                                            24KB

                                          • memory/3944-496-0x0000028CAD0F0000-0x0000028CAD394000-memory.dmp

                                            Filesize

                                            2.6MB

                                          • memory/3944-512-0x0000028CF16C0000-0x0000028CF16C8000-memory.dmp

                                            Filesize

                                            32KB

                                          • memory/3944-514-0x0000028CF17A0000-0x0000028CF17AE000-memory.dmp

                                            Filesize

                                            56KB

                                          • memory/3944-513-0x0000028CF1FF0000-0x0000028CF2028000-memory.dmp

                                            Filesize

                                            224KB

                                          • memory/3944-515-0x0000028CF2A50000-0x0000028CF2A58000-memory.dmp

                                            Filesize

                                            32KB

                                          • memory/3944-516-0x0000000071F20000-0x0000000072215000-memory.dmp

                                            Filesize

                                            3.0MB