Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/AXMB2RAY#YrP3-be2t5yjaJ-TpWBlRPlLc_xGz_ZOHIrKXBYBXKg was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-10 13:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 13:43
Reported
2024-07-10 13:48
Platform
win10v2004-20240709-en
Max time kernel
269s
Max time network
274s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1296 set thread context of 640 | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 3940 set thread context of 1528 | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1776 set thread context of 4860 | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | C:\Windows\SysWOW64\more.com |
| PID 1616 set thread context of 1140 | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | C:\Windows\SysWOW64\more.com |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2990742725-2267136959-192470804-1000\{0F1BE5F3-2241-4080-BB8D-36625986F7A4} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
| N/A | N/A | C:\Windows\SysWOW64\more.com | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/AXMB2RAY#YrP3-be2t5yjaJ-TpWBlRPlLc_xGz_ZOHIrKXBYBXKg
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2da946f8,0x7ffa2da94708,0x7ffa2da94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x324
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\file___here\!!ṨetUp--@!Pa$$Kḙy!$$__25907.rar"
C:\Users\Admin\AppData\Local\Temp\7zOC5D88169\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zOC5D88169\Setup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe
"C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe
"C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe
"C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe
"C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Setup.exe"
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Config\DirectoryMonitor_[1MB]_[1].exe
"C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Config\DirectoryMonitor_[1MB]_[1].exe"
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\Config\_conf.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,4216204028136489112,8669507514594544679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gfs214n188.userstorage.mega.co.nz | udp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.98:443 | gfs214n188.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 98.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unwielldyzpwo.shop | udp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | 68.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | 254.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.146.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | 63.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 48.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| GB | 92.123.142.114:443 | www.bing.com | tcp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | 114.142.123.92.in-addr.arpa | udp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.25.204.33:443 | r.bing.com | tcp |
| GB | 184.25.204.57:443 | r.bing.com | tcp |
| GB | 184.25.204.57:443 | r.bing.com | tcp |
| GB | 184.25.204.33:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 33.204.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.204.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 172.67.158.68:443 | unwielldyzpwo.shop | tcp |
| US | 172.67.214.52:443 | bouncedgowp.shop | tcp |
| US | 172.67.146.61:443 | bannngwko.shop | tcp |
| US | 172.67.146.97:443 | bargainnykwo.shop | tcp |
| US | 104.21.6.254:443 | affecthorsedpo.shop | tcp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 104.21.25.154:443 | publicitttyps.shop | tcp |
| US | 104.21.81.128:443 | benchillppwo.shop | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 104.21.83.48:443 | reinforcedirectorywd.shop | tcp |
| GB | 184.25.204.33:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 8.8.8.8:53 | 156.21.183.68.in-addr.arpa | udp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 54aadd2d8ec66e446f1edb466b99ba8d |
| SHA1 | a94f02b035dc918d8d9a46e6886413f15be5bff0 |
| SHA256 | 1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e |
| SHA512 | 7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994 |
\??\pipe\LOCAL\crashpad_2108_JAGQOPIOKNJFZSMJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2f842025e22e522658c640cfc7edc529 |
| SHA1 | 4c2b24b02709acdd159f1b9bbeb396e52af27033 |
| SHA256 | 1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e |
| SHA512 | 6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fabfde5e9261826d1308240c491ec85a |
| SHA1 | c83b9def90d92b6babd9ac629c04363b23329754 |
| SHA256 | 37c5941acd791205c996a9e333d25feb56f7324a69ea10d211c250efe6787906 |
| SHA512 | c96a7f166a97ad8321c0427fdbf5352140342923fa84f43f56f3c12e63a20b4719843d32baa926bcf2154de376e89a1a3ee5a58177f2e161f3cf1c3a438ba4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 71ff10b153975da943b7d1302de695e1 |
| SHA1 | 8b6f2e28e467fb6bcc6d61df178848126e523403 |
| SHA256 | 00640efeb27849a983327726486ca976e16e90e18b534752703564acf81b5f69 |
| SHA512 | 4ba9d50c0cd262ee660b1f04e26baf1bef034909ac9f5e5fba04c022f92df9786f3de59430a5dfda3a680c69dced57afc7411c7e18702460c994ea0336355ab0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e6917e4b7711f0076a079749bfe7113 |
| SHA1 | 2de41ea0964f03ca7833006f1bfd720b042a0276 |
| SHA256 | 34997fceac34110409ae9600604dd815c2c540a5094d81d5fadeeb901b872dad |
| SHA512 | 7d726d630cca449a7eefe4b2b13e564404b8d2d9aa00ad5aebe6fea07b78a22d8e3cf63a54fdebddd39fbd08f5ad7e567cb6cbdb9389c96dca4b02aa78f6ac6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4f460e2e79c5d76efe46ee6808ceeb40 |
| SHA1 | c5c586773409f90f35e400749a8f2a6b3ee17e04 |
| SHA256 | f1ce65ba654dae0213ef0098b6a71632bfdb172b6a2e8b058f58ea9847a98816 |
| SHA512 | 22c0e86d313bfcf8298a3ee51406d724c6ac8f269612101808504ac45ad2fd84d1ddb6ef034430dd4aa880943e5adc20dce5774be5ba4306939f47a8f04f5c90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34d85430555fbdbe106b0effea80ae76 |
| SHA1 | cb71659272c62c59927bbf0c04d7094b148f9684 |
| SHA256 | b21d69aae936147b589d4556a26fb6c725fc885f207f289c11302045b68fac01 |
| SHA512 | 626de59d6e2f17b1f86f2b33484a8ba036d2ce0eeee5e1b2a94a2024220a747d36b1036db412dd9b359349e7380fbf924eb20a0a3e03a5c3670e9077845ada67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 83a505a9cf9c7d9d7c515cc43f673124 |
| SHA1 | 3ab11f99a6954d13e2576c41a31ee39c1e33bf71 |
| SHA256 | 5b61e63bc50cb4dbe0f66315c684d7c76c6769de9f0d9e39230ca54c9a5a4bc5 |
| SHA512 | 95809cade88105bf20219f39be67e73059dcaa722730dd94a713e8e946fd0746732b02f632a1f4c22c92742c3ce6137cae925f22b268feeff6f173f1268f489b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5805f6.TMP
| MD5 | 7da9e1a21a80b31ec7b0cadaf8ab7a6f |
| SHA1 | 3bc541a3b11ea30e7837638be938b0d077322dee |
| SHA256 | 5ed351e8bbad675f400e2201bd22e7e805d3efa58f973774773be3e95669ef3e |
| SHA512 | dc5c1cc71973ea2240f87deaff99f6aac6674d7be8453f6562ebb8b17fe12f5a5fe664809fa30d62953fc392786fc84449a1d8cb336e9430464c7f4850c342bc |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!.zip
| MD5 | 5ee1a91bb16f43dd51c9b6b9833dc23a |
| SHA1 | e819be038460fc3e73fa2266764ba644a41486ca |
| SHA256 | ba4c332b39812241e314c347e0f4f437dbfca4fc0b31986c9d1fc11cfbde5e25 |
| SHA512 | c99b9133c4cb17b96d8319b697ef385b5be591fcd9e7b8127b1e0c4511f17840616f277050d9754e976222e5245d2bcf897c0457dd69d0fd7c65995c2a0921c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4a4222b881d5bd8bedab5efbd32fc05a |
| SHA1 | 9dc5f6a19958500fd6f489ca1e6c0f66a6243702 |
| SHA256 | 3213b0e5b430fa0517f458dda5fb343bf1cf20c836c5e2bedd9a98e76a919b72 |
| SHA512 | 8f59b573a0af4cef365e26518a0326104a994bccea482a67a806a41f0581e2118e3972daea1da9ef614bb9423c74909001bdb6fa8ce1e97dd5ef74b26e8203dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 008114e1a1a614b35e8a7515da0f3783 |
| SHA1 | 3c390d38126c7328a8d7e4a72d5848ac9f96549b |
| SHA256 | 7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18 |
| SHA512 | a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b |
C:\Users\Admin\AppData\Local\Temp\7zOC5D88169\Setup.exe
| MD5 | 37668418edb0f30c6f38d08c5ef319b7 |
| SHA1 | 72d173273dfc9a5cf0661ece8e6d90c602679ba2 |
| SHA256 | 4a7930a7130fe7c3c9822d90517e873e3e477c9a6978d096f740dc5b03770365 |
| SHA512 | 9c5c0c3a095824c51c349487c2366e4dcd1f3602082627296ac06569b72e28ef1d976f8b3ef8df30a81d4483c3220cbb6ee429f7ad4633d8692b9bf3f4104fd9 |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\vcruntime140_1.dll
| MD5 | cf0a1c4776ffe23ada5e570fc36e39fe |
| SHA1 | 2050fadecc11550ad9bde0b542bcf87e19d37f1a |
| SHA256 | 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47 |
| SHA512 | d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168 |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\vcruntime140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\msvcp140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\mozglue.dll
| MD5 | 3db878c40dcabb21abc9a2bbbd5eb842 |
| SHA1 | 791ad5ebd242b487af20a8170739e6818eefa617 |
| SHA256 | c902706c45b32a1c630520d033bc1723c4b1f8fd6564367e87680d765547b0ab |
| SHA512 | 519a0c01f19481f687b0e4ab1114c2fa8fd035530b7f6ea89c1163a4919598942077c98e39b3a74465c97f72349ec6a7e3874486480589d78729587f089feee4 |
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\lalapalooza.indd
| MD5 | 000d435e4e6f05c2ae05f442de9f6e08 |
| SHA1 | 9b1d0b156aa2feb1f119a866ac5f6f5e025c8537 |
| SHA256 | 8c09617fe6ddcd3dc856163f732e3502fd84fda83af50e867f56b77ecfcc9978 |
| SHA512 | 7f1f93731262261f7da7219c2fe49ab321b8529f230d99d4536a2ea7ec4d45b1e54dc3c4545c0fd9074f9ac3fade93b2b8e164d0bee26915c9e4ec9b24be7afc |
memory/1296-308-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
C:\Users\Admin\Downloads\!@ŜetUp__25907--Pas̈ᶊW0rd!$!$!\New folder\paranymph.raw
| MD5 | 17e1a0d2b6b3aa0cf0b726419b2ade2c |
| SHA1 | fc63cedec99985d9a8e47c14d8f91340d1189e78 |
| SHA256 | 9d5669961e9491cd828f60a8016dc017383ce716dc5422f5dc8faef17a28332d |
| SHA512 | 4bfe688f96caa932eb34767029a11518a02b61c6d05d9816a23d52d72449ce64f32af56c272585861f2a56d69c4671ddf3e3e11e9d0cb0310fe9375968ccc5f3 |
memory/1296-315-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1cf9be72
| MD5 | 9c79c75fa87c0927f3196763dbe47c76 |
| SHA1 | b9fc76de8fcf0ea99418098079b6a2c617e9039e |
| SHA256 | 503a02b2ab6e569f58b14d1420fd2a66db78fbcbecc2d441e883a6a6b01eb81f |
| SHA512 | ad2d0f17968bb8bb9c4aa9d136a18ee99e2c4fda2b2b8b8a8434746d91092f8ca9e968ed907ede90be8f9ddee6aedffd00baed0b11eb9ec3079780789435a1b7 |
memory/3940-324-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
memory/3940-337-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2cf8e96f
| MD5 | a0e21cab0e35dd82f4f72267b78d3945 |
| SHA1 | 7e7887021d809a0e32d3fda4488ba26b9ec7ef9b |
| SHA256 | 192addbef7b94d0b946a928e4fcf03304d2e4ede80c9ea1913f0d5e2f5a405e6 |
| SHA512 | 6373375d01f10579487c8b9c2338cbcfa7b1187cfb36a33127a7646c454876ac5b3731896726e4d8798c862a0617fc0a080e33f966b47665e9867faee1bce851 |
memory/640-340-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/1528-343-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/1776-349-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
memory/1776-362-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6560a715
| MD5 | 06e87975590c2f496f93c69cd81e9c23 |
| SHA1 | 8fd1c4d5a1bd053d8b8d21dfe4f4981ed41f6d46 |
| SHA256 | 6e67c1e4566776617e280e6b9b995a605ad4da769976fbc10ecfbb89d770fe30 |
| SHA512 | 8b48c2f8aed381926218c21019c4685c6f6a148f86675e15a31a519688b81223654ec849f0805ecab7d076d2d7aa12027cdfd6f530ee7fe46236f90bcc012d54 |
memory/640-365-0x0000000076120000-0x000000007655C000-memory.dmp
memory/1616-371-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
memory/4860-383-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/1616-385-0x00007FFA3C130000-0x00007FFA3C5A2000-memory.dmp
memory/1140-398-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/4348-399-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/3052-400-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/4348-402-0x0000000000740000-0x00000000007A7000-memory.dmp
memory/3052-403-0x0000000000720000-0x0000000000787000-memory.dmp
memory/3496-405-0x00000000005F0000-0x00000000007E0000-memory.dmp
memory/5036-409-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/5036-411-0x0000000000C90000-0x0000000000CF7000-memory.dmp
memory/4348-413-0x0000000000740000-0x00000000007A7000-memory.dmp
memory/3548-422-0x00007FFA3D1F0000-0x00007FFA3D3E5000-memory.dmp
memory/5036-425-0x0000000000C90000-0x0000000000CF7000-memory.dmp
memory/3548-426-0x0000000000FA0000-0x0000000001007000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f9105b2a9ea0f3308bf45ad24dd17ea |
| SHA1 | 03b2f3ee2eae07ba3d8da28aa0f954405d3f6f8b |
| SHA256 | 23da9657dae7fb3f909b4947c2cec7ee275b3f49f1c749c6b6171ba71d7bf3da |
| SHA512 | 9723f57dc73cf8d6ea4f586f5688b3522f9c9c0945b9c74445102d09e2a7e8413ba3373212343eb1f2f5bd9dcfa06529e2ff0a092405d507fd00901bad5dfe71 |
memory/3548-657-0x0000000000FA0000-0x0000000001007000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d1303c98da95d3e506463380a839b7ab |
| SHA1 | a2442fab72734308d25488a2bbf22f054a360c21 |
| SHA256 | 81a0a940143efeaf499d3fa98efd1c6a8ecb7bdb13fb2dbdf123c06496741317 |
| SHA512 | 222bdc7f8c60515e56e70f6290a4c3d3bc886a2edcb62f7af43e8fbe0e6ff1678786cf923bb46d1d8525ad436e862316e0fae9daa43573097af5abb51b0773cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a6f36.TMP
| MD5 | c0e8b41d7cd706ef697848b564cc58de |
| SHA1 | 5e55b17c2d1d5100fd639e515bfef29d029a3836 |
| SHA256 | 3a545792d63ceb811101fc4a9a35a2aa0d6a9099290b76f0aaa2bc2be6149668 |
| SHA512 | 22c129bf7b014f4e1632b67f10a08be4d5cd3b2ee80f9b832d35c876c25731985aa63b471202887e7ddcab508807ae54962d122d65cae8cd6dea6dddb3df1360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 7d5e1b1b9e9321b9e89504f2c2153b10 |
| SHA1 | 37847cc4c1d46d16265e0e4659e6b5611d62b935 |
| SHA256 | adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af |
| SHA512 | 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | ddb12152235627d79d91205d518ca3b8 |
| SHA1 | ffb693be91d5489410e1e3df1026c8696f54aace |
| SHA256 | 8280f3b8757419a41cfc842bebb61cd15e98aebd64400cd4075e7b4a7af9231f |
| SHA512 | 478d4a236fa688ff043abd63f2cd18d42cef48be1b6a78e46f5d48dc666f68e8292a0dcdcfa9172236307ba62052d7ad50970cdb5afd3a137c38896ec2b15a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 32f58aaf5a515bdbb3d13f72879d2bf0 |
| SHA1 | 1742585148dcce5d9a85464fdc5b25f394e4736b |
| SHA256 | b2be2096fe98a9b55d92512ae7859e8ba6a54be03afd7eb454b220f9ed888ec8 |
| SHA512 | 28c693e9a85da7cd7441209c60c4da4b9b6b7da7555c86c2039387b470c453a474a07597069959cccc2840360f76dbb307f88a77e52248adcf8de71ab99cbe19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c92171d7a8dad6ad60d05ac6666cf42d |
| SHA1 | ba009baecc7d76e6f23b2c988f7091dec593e256 |
| SHA256 | f260e5867a55110fb161c2554fbf9c9928f33a8cefc5628e4c69ef4c2119aed6 |
| SHA512 | 1e641ed18f0fd30abe2ae4ccf81f4c71d1c7f9c942322edc6a1650824ca09abd3be36c1e1ed427eae22ecda6ff53b38efb3280c164cd314b575b05c6bb7c854f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 39302f12292a3adefbb4631e5ee28267 |
| SHA1 | 37dcb82581a074004cb365bd44db393d8014eb2b |
| SHA256 | 5c9a0730d6ee7f284bc36b78f1369597383cd193a3b6b3a4ee67f44fe9948510 |
| SHA512 | e3a481fbfb2a70cc2ff3f56f85a9927a9fc790bc8b38b4a1dd93fc2793482610e4df38992656f5c2618c3af8c032f7d951b6d1970f3b21d8eabb5b9e720f22b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c8964cd068e61708c7d7daab55320793 |
| SHA1 | 44385acb223012d6d908ad8c2a91914b012f840b |
| SHA256 | c9513e9ff17c06f1203b91d6b996ee065dea10a1a98df56084e2eadb00c9a6dd |
| SHA512 | 10fe5a921d4733791633e6e9d7514a2cf5640879a280fbd26bf5c713b08ae55e549ffca35f27f527a9973fb2f4d18ea15934bd9fbda06d282e813a90bcd2b525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 03c8a92ad074c12dcdb40d2fe877238a |
| SHA1 | c6846723f20c2f21dd7a6b65462ac69b8ccf4122 |
| SHA256 | 34d522856ed40f418cd125bc9837957cad8fd8dfc67f02ae1b27c718c6a0ed13 |
| SHA512 | 370e3d056e1a2ce780e4f20abe30c832f9f89b1d6ea24dc9475ef7e2532dbca66c2161d6f7e80554c3d7dd3535df591961523b9562d4431be9d5272d7432ccf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 694e6bf515d54d7eab9f6aea1a09dc1a |
| SHA1 | c8f4eee2c1f8ce5b2828b85458f8cfb0d5d718bf |
| SHA256 | 9dbcd4b089364e43221a101d660ca7b074cf02c30e2dc59d34a90c1d8d31a26e |
| SHA512 | 2b072f3f6b4b6800a964e5eea3d05f4025e8f7165956b83b08dff5e1fd3f4f189175a7be5a6909de9929491598ad33c911aa3936e93a3a0513c8ac74917e86b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 6823ca34104db2db3d687df0a13cb41c |
| SHA1 | b7c5cc2702a811dabc548965929ef9c32e8feac2 |
| SHA256 | 7cc3d5d41b62858af2e26ee0e18e5f72f021037ab8d4c4889c50024a0a07f2ad |
| SHA512 | b88d847e7cca27402305e8683ab76b0124ad58ace18f85c45aaa89f284b76fc24fbb855bff4ec70ac0a83d6762bb7dae1303a37f6e5cd6e2e01c6385b42d0670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c4184cdb3a637f1f193c4c65938bc52c |
| SHA1 | 9cf84222af2c3c2ef915c88292463697da1dcdf3 |
| SHA256 | d90919dc1f2c3f8fffb70083e71446e9fb779006b83c11e4f5579856a2089083 |
| SHA512 | 1fd97aa2fe670297ae0e971dbb6d75eb24604b1e5c57108c8b2d8ee9ec6824cd31259b077a9f26e472c3aa0169ab7ec6d10c4c8b7439db6c18631ec2aa3b81b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9f2f72b14e2d2766dd3759a612d2458 |
| SHA1 | 59348472dc6d25335d0cc5ed9c52aad3cd8e620f |
| SHA256 | 3d16c854fc3c4ff51419acf39efc344081ad48ff8846114ef98ff19d19d029f3 |
| SHA512 | fab7e13592ca5fd6deac59ee400ea4eb8edba7e8f5b35dbb9e432d48f9f86dd2c9577adc9caa9258db0f491003f11ba96be398c004552891fc52e58df6730cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e6b525bdc2f71c7997b7a01b4e6ef72 |
| SHA1 | 6e86cd02d473116151ae12b2eee35164c4bde794 |
| SHA256 | 6f779ee8a1c782823be675723cccdaac35404b1c7f846778c770bb7f23b7fbbd |
| SHA512 | 851c2720bf93846d9850903e4d6def28d9081c125366bcd715e9a3a32ead90904c751acbf66a132adc62a330e76cdfae35a66bd50a6699de22552a1939bb08b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b2cd14e21fd645f164e7079d3f1b3a14 |
| SHA1 | 113f5fc341a7b00d1d1f619712d7432c97aa99b0 |
| SHA256 | 29b46a73b56118efa045cfcfd3164e0ce106ad7a078f5ab8361efedf4cd890ae |
| SHA512 | 6cf28631e86dab3ff61286558ece0e1163f270f5c113a822a52511edb231ad0bbbd4bf72e5fff58c7ee9d18ed361c031e52dd40d4068e67be32df54616155c67 |