Malware Analysis Report

2024-11-30 04:50

Sample ID 240222-kqjh1aeh3x
Target https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXBSR2toclhzUDhEOVBpTnJxTEdIREcwQzdSZ3xBQ3Jtc0tsdV9SN18yV1FyYjhmVjN0eXRZN0JxQVpXUWhEQTNrUDNfLXhHVmo5TGlpVUpvUWFPSkc4OHEtRFViQW15Y29WYnRRMkEyZjBBaXNkaUpfOU95dTk4MDFhV0hvSk5QdEpsUVg3SE5sZGFKdnNFRHN3TQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=f8NV6MJtaJM
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXBSR2toclhzUDhEOVBpTnJxTEdIREcwQzdSZ3xBQ3Jtc0tsdV9SN18yV1FyYjhmVjN0eXRZN0JxQVpXUWhEQTNrUDNfLXhHVmo5TGlpVUpvUWFPSkc4OHEtRFViQW15Y29WYnRRMkEyZjBBaXNkaUpfOU95dTk4MDFhV0hvSk5QdEpsUVg3SE5sZGFKdnNFRHN3TQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=f8NV6MJtaJM was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

Program crash

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 08:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 08:48

Reported

2024-02-22 08:51

Platform

win10v2004-20240221-en

Max time kernel

202s

Max time network

203s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXBSR2toclhzUDhEOVBpTnJxTEdIREcwQzdSZ3xBQ3Jtc0tsdV9SN18yV1FyYjhmVjN0eXRZN0JxQVpXUWhEQTNrUDNfLXhHVmo5TGlpVUpvUWFPSkc4OHEtRFViQW15Y29WYnRRMkEyZjBBaXNkaUpfOU95dTk4MDFhV0hvSk5QdEpsUVg3SE5sZGFKdnNFRHN3TQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=f8NV6MJtaJM

Signatures

Lumma Stealer

stealer lumma

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Launcher\Installer.exe N/A
N/A N/A C:\Users\Admin\Desktop\Launcher\Installer.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1460 set thread context of 1680 N/A C:\Users\Admin\Desktop\Launcher\Installer.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
PID 3748 set thread context of 3952 N/A C:\Users\Admin\Desktop\Launcher\Installer.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Desktop\Launcher\Installer.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3280 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 2192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 4432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3280 wrote to memory of 1580 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXBSR2toclhzUDhEOVBpTnJxTEdIREcwQzdSZ3xBQ3Jtc0tsdV9SN18yV1FyYjhmVjN0eXRZN0JxQVpXUWhEQTNrUDNfLXhHVmo5TGlpVUpvUWFPSkc4OHEtRFViQW15Y29WYnRRMkEyZjBBaXNkaUpfOU95dTk4MDFhV0hvSk5QdEpsUVg3SE5sZGFKdnNFRHN3TQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fuoa0mytkas1k2%2FLauncher&v=f8NV6MJtaJM

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad94246f8,0x7ffad9424708,0x7ffad9424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Opened.docx" /o ""

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,9665745820453250521,18280186478929112077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Launcher.rar"

C:\Users\Admin\Desktop\Launcher\Installer.exe

"C:\Users\Admin\Desktop\Launcher\Installer.exe"

C:\Users\Admin\Desktop\Launcher\Installer.exe

"C:\Users\Admin\Desktop\Launcher\Installer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3748 -ip 3748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 1032

C:\Users\Admin\Desktop\Launcher\Installer.exe

"C:\Users\Admin\Desktop\Launcher\Installer.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
NL 172.217.23.206:443 www.youtube.com tcp
NL 172.217.23.206:443 www.youtube.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 1.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 216.58.208.106:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
DE 52.222.190.46:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 translate.google.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
NL 142.250.179.206:443 translate.google.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 46.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 64.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 52.36.227.179:443 api.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.179.138:443 translate.googleapis.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
NL 142.250.27.154:443 stats.g.doubleclick.net tcp
NL 172.217.23.195:443 www.google.co.uk tcp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.196.35:443 www.facebook.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
NL 142.250.27.154:443 stats.g.doubleclick.net udp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.23.195:443 www.google.co.uk udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 179.227.36.52.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.196.240.157.in-addr.arpa udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 142.250.179.138:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 45.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
NL 216.58.208.106:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 142.250.179.206:443 translate.google.com udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 download2352.mediafire.com udp
US 199.91.155.93:443 download2352.mediafire.com tcp
US 199.91.155.93:443 download2352.mediafire.com tcp
US 8.8.8.8:53 93.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 172.217.23.195:443 www.google.co.uk udp
NL 142.250.179.138:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 woodfeetumhblefepoj.shop udp
US 104.21.1.232:443 woodfeetumhblefepoj.shop tcp
US 8.8.8.8:53 232.1.21.104.in-addr.arpa udp
US 8.8.8.8:53 theoryapparatusjuko.fun udp
US 8.8.8.8:53 snuggleapplicationswo.fun udp
US 8.8.8.8:53 smallrabbitcrossing.site udp
US 8.8.8.8:53 punchtelephoneverdi.store udp
US 8.8.8.8:53 telephoneverdictyow.site udp
US 8.8.8.8:53 strainriskpropos.store udp
US 104.21.1.232:443 woodfeetumhblefepoj.shop tcp
US 8.8.8.8:53 theoryapparatusjuko.fun udp
US 8.8.8.8:53 snuggleapplicationswo.fun udp
US 8.8.8.8:53 smallrabbitcrossing.site udp
US 8.8.8.8:53 punchtelephoneverdi.store udp
US 8.8.8.8:53 telephoneverdictyow.site udp
US 8.8.8.8:53 strainriskpropos.store udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7ee1c6757da82ca0a9ae699227f619bc
SHA1 72dcf8262c6400dcbb5228afcb36795ae1b8001f
SHA256 62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31
SHA512 dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

\??\pipe\LOCAL\crashpad_3280_XNYSAMXOJNULEJIF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d62cefeb0c8fbab806b3b96c7b215c16
SHA1 dc36684019f7ac8a632f5401cc3bedd482526ed7
SHA256 752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01
SHA512 9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d905ee5511514be45678d9156015aae
SHA1 5ded871a0fd1cb0d4f17a94010aa9141581019bd
SHA256 540f6bddf76c4c07739839fb3162453131e6205613b5b764a12423876984f07c
SHA512 5ec0cb78488cc84112c49485deb0d4615a8359af6cdff7bad11e6705f4d0937270765d45e99ac290395ccbb95e5f6380a5587ae3e925ef4829ea5abd7226389c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c0fb9e57ed34c05ce7b3c42626ce006e
SHA1 637c8456451e76ac90bc162039518a53e72628c4
SHA256 8b39059c3eeed62b8227a94f7282eb8953739392f92631568edde6f82783994c
SHA512 f325ffb8db0466392bde1a5e784e5f7dc66e927dfc3d1e944141e50f2d714653ba1fa1e49454828e850579a7f519ef16a4eb7d66a9c82c593d68f9de50ea7a1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2f3cf721a873a982a029fc43d6cf6017
SHA1 8effd541ad35e7b6d6c8e70f8d6f53e122306ca8
SHA256 88fea4e094290cd0589d073dcc294eab8700b8a7a7ea3d59eaf4cca9357289c2
SHA512 ce6112887d38eee58ca02d25dbb079efcba87a1a401ab6f39483997dee3d1b1c818acffd78fd1272306545d336373ae5ad83075cb77b4a605979bb9b0b5426c2

memory/1732-110-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-111-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-112-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-114-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-113-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-116-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-115-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-117-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-118-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-119-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-120-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-121-0x00007FFAA5060000-0x00007FFAA5070000-memory.dmp

memory/1732-122-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-123-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-124-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-125-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-126-0x00007FFAA5060000-0x00007FFAA5070000-memory.dmp

memory/1732-127-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-129-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-128-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-130-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-131-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-132-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 294638116ae0105b9844029f829be6b5
SHA1 61da3ce3d53ca71a96e4f4f27e0e6f784d925ee1
SHA256 2cd080d64477b08855e6be092557e5c0f427b7387ec221b035f4f99909d45608
SHA512 619a57527717c72040a5186dc49564c781798ac2a1f85b8864e9a06251814ff056d41101864d0b3bcc285d6ba42baf700c4032a11e3e0af5dd5531738c2fd762

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 dd0c1d22223d8d0e4e271a25a6576eb5
SHA1 24db1209d718bd8eb443da6eec2ee28d39aaecd8
SHA256 c5b636a315f8af0aac9068a2517dbb1fe136a77b9baefd12af102e65b28a13e2
SHA512 fe7568b22218c10b268c115f2209ffa8282777e354a9ce0980857879c0364f005fb6af69627e95286a8229191d34e97479498986c657c6d4a394e54731653195

memory/1732-166-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-167-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-168-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-170-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-172-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-171-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

memory/1732-169-0x00007FFAA7630000-0x00007FFAA7640000-memory.dmp

memory/1732-173-0x00007FFAE75B0000-0x00007FFAE77A5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c8f5e52e9624795e9b6ed378fa742a83
SHA1 77ac0b74d69883bb72b6d281f3bf619a353b9a1b
SHA256 a99ff55c5b3c8f158342343102cc0038669e704d3d4489584a7fab2893cb6956
SHA512 08b87d6b422e58c747d509db85ab8d41d60a149dbb3f1c3418c52cc748c7328f94cd3e737d676c7565444c3f13b5f058f3646ca5972d34bea246f60ba6b96a64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c269a238ff8d4beb6fa64fe8b605b78
SHA1 b7a13026a897b8d1d399e66cac52a20b3a7e3735
SHA256 08a8131838e2945aa64530913380e441ca63a52ebc226248feb2df2ed5453a35
SHA512 263f610457194227fb20729234f7e2dcf8d7318518b8895821f56fb6b1c13d4dc7670836eea83f95ea6b2cc6d4b9a93b42d3bc3fff9d265d41c021d291fc94fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d6b9.TMP

MD5 915a414a515f6714ce262fdbe154270f
SHA1 b6b00bb48139d93945d0164fab79b1b203464395
SHA256 bfd1d82dd0fe599d65d7a8a18ca3bb2f152f77c2e0a6188dea2ce5ba8e15508e
SHA512 a23e395c057965a6ead628e671582833eaf0dbde27337243b01979bc9d5864c8276fbe7a49165fe90b161672a19e0de69a57e63c6ff6680b2440835861067d8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 392801abf5c08a68f7bbf32c34e472de
SHA1 e60525735bf1cb938b856a13ff06e1eff2570eea
SHA256 ee5cbd8eb48932b07dc9af9d97096758795fef6d2ad43a64e6e980be70f79029
SHA512 bdd4e6026138970b8fbfbfc4ad5b1effc85af03a860859a1a60095589104cf6534f9a6068802049e54cbeda23d03c1cdd6e891ee0141ac8eb5bc108b4b525bde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\718ebbc3-fff9-484b-81c7-28b74e10d810.tmp

MD5 cd0e56e3e42b00d47534120a3f12f361
SHA1 23f43d51bef9331f69188c99f1c88a694dde47ed
SHA256 3e136de74abe7059f2b2140f28813229021218a64ff71ffbab95d1ffd160b257
SHA512 9992ebfd04a32fdc769cfbe7b4641d6e931b2fa373dd05219721a992586ebb1c2f2edf716301c76b9d3a62d72f2a20fff7c8bf37d14f68f8980772679b192919

C:\Users\Admin\Downloads\Launcher.rar

MD5 aeadc074324b4c6a04d4086495001e9d
SHA1 a445c363104bae8d37b46d171231bf2266a65530
SHA256 3c5004266fd1e2b83cf6c5056ef326470d6045ac22fbd661629c20b368fa6afb
SHA512 77a8235cd10904ed79c66b37e8e8ec0108096590bb00c8456caf1d1280ec5a04219ae02d1d4ec5f8426ee9fec5e96ce88530abe44cf3a1b59902790566055bad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6cb9f932956450474c085be70d55632a
SHA1 1836a0078c8a1217499f1452d9e83351569ba5e8
SHA256 020cbd113a0baba52390e0bdfabe2fe84e4f29524e0e91f4807a2666b79e162d
SHA512 ac25a636a5f4810a72e41341303d0189f7625549fa28a6ba44d0d83e3c59fd4fdfbf699a380a00e07e22bdc79295c6387e5a41cd016bb28faa32d1a3d42ae729

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d8d2393f930692e4e74ae999b99f714
SHA1 b51ff44a0ce2c9f8d68afe136eeb52d041c11251
SHA256 f4ea001a912e49b4854bc7321252e7ffcb25d9f8c3867fe272dc80cb5e24f6f7
SHA512 e42739f52a81fe952b603b4504ac8d00f68b5ccbc0e713eed2e870c7e4da70833d0cba8682c4a9178ddeaf1b6d4389aa76be6054ea6629346a91f9f343516646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8e2c2e2e37de399cc1ea65ceddcd2218
SHA1 c387141cef2fd0f7fb864a38e50853d1793d4cdc
SHA256 9ce5658184038f38c8050da8e837565f3a3d9228f573f2750f241cfc5d5f2519
SHA512 623405d656e6b5ccc79d5ee1736c04ca421f969f3fc9ae49d520bae1ad63f1cc29e3b980b8437ef181340dc463a4435ca1b0d989e6f31cfc519bb0afba72b83c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74be21c6327b37a131a32d8a906f3af3
SHA1 257d12dcc5a44635f3c3b60b9933099dab355359
SHA256 310d63e2e981df601dffa6edefd391e3f230246c2bf1dadabc5c5f2814018078
SHA512 673891fceb9f4518d1813f5c66fd8e9abdc6787f2f2af14dcdc232c5575d324ce8b2132fff8a2205de9f5fb4e7333060f11004aab8d1da8465d104474f061048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cb13e6f0-466f-4add-89e3-724cc9a24dce.tmp

MD5 605746e8bb69841e0ad82e9b17ed9b3a
SHA1 9dae91f7d5c5f6a494b7bd4cc578e2fb833e0ae3
SHA256 357fe6aee2a8ea445fe269bf349400532397bb6ad501f93d8a094651db3d7ca7
SHA512 be52abc078e6f2dab92d16e5ad8f65e9b2b73bc7128dfa4124c19d0eaac6f1bf48fa4606aa9fe7a81ca090e62facfe8833e11d73c3c1b4cbb7324f5c6a4e9392

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 97a8f21a48d7fd4c0db3c755c12a992e
SHA1 f8477898c141632a554bed39c12dfc7cc00b4146
SHA256 597380bee75be02f5265190745d795880ebd8f69f5741d9a45a8ea46db5d513d
SHA512 5da7e3c14e0a38cd28e64c2ecd52276d7f78fc09fa6d2502c377b6793f081bfee054e3ac38b8f65121b5610fbed70ccad83ae468a906ef810ad0a06a7477b5d6

C:\Users\Admin\Desktop\Launcher\Installer.exe

MD5 22a9f84061f4856effdcf3ceaf4637d5
SHA1 535abfb13edd6eadce807b41d4801b028108ad48
SHA256 faa65b9d9b22ec25d1e3309aa12a3182d87f01bd52affb70870f33013fc456fb
SHA512 015c0a08aa0d4b13ffc163b7c7c66535399aef5005a02cd78f3ec747647fa16abe5598efccef759c59cf19168922b742dc69b7557b921fa52d01cbd881af4d80

C:\Users\Admin\Desktop\Launcher\Installer.exe

MD5 01c66806b4830fe974c699d216630bc6
SHA1 2ca0ff181f4565e3f2025a7b1923fe2b08f3f477
SHA256 bec49332c4e0f0c5c8aca0134c3a68739a71582ccdc088b40fbfc9460c0de15b
SHA512 ec3d851835089f7849b52935181baa0cb65c8fa5ecbda82221df781a40a417ce8396fe3edee5cc6f403e4d859b5c201ce32f4de3806e59da9d2771fbcfee0f33

memory/1460-1006-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/1460-1007-0x00000000007E0000-0x0000000000F68000-memory.dmp

memory/1460-1008-0x00000000059A0000-0x0000000005A3C000-memory.dmp

C:\Users\Admin\Desktop\Launcher\Installer.exe

MD5 326bb55042949472ab9a787a48d4ad64
SHA1 e38d33295bfd38dfaa7b2ca77ce893eae50905b4
SHA256 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e
SHA512 6d11f8ee8470c70cb6cea582bf25252af530bb4925f8025bd66c0749156a90521a09ac4154d25a1cc6622ffaf7153192c3e30248d464de7bcceda418febb1340

memory/3748-1010-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/1460-1011-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/1460-1012-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1460-1013-0x0000000005DF0000-0x0000000005FCE000-memory.dmp

memory/1460-1014-0x0000000005FD0000-0x0000000006162000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512 f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

memory/1460-1020-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1460-1021-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1460-1023-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1460-1022-0x00000000062E0000-0x00000000062F0000-memory.dmp

memory/3748-1024-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/1460-1025-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1680-1026-0x0000000000400000-0x0000000000447000-memory.dmp

memory/1460-1027-0x00000000058F0000-0x0000000005900000-memory.dmp

memory/1460-1029-0x00000000064E0000-0x00000000065E0000-memory.dmp

memory/1460-1031-0x00000000064E0000-0x00000000065E0000-memory.dmp

memory/1680-1032-0x0000000000400000-0x0000000000447000-memory.dmp

memory/1460-1034-0x00000000064E0000-0x00000000065E0000-memory.dmp

memory/1680-1036-0x0000000000C50000-0x0000000000C82000-memory.dmp

memory/1460-1035-0x00000000058FC000-0x00000000058FF000-memory.dmp

memory/1460-1033-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/1680-1037-0x0000000000C50000-0x0000000000C82000-memory.dmp

memory/1680-1040-0x0000000000C50000-0x0000000000C82000-memory.dmp

memory/1680-1039-0x0000000000C50000-0x0000000000C82000-memory.dmp

memory/1680-1038-0x0000000000400000-0x0000000000447000-memory.dmp

memory/3748-1041-0x0000000006040000-0x0000000006050000-memory.dmp

memory/3748-1044-0x0000000006040000-0x0000000006050000-memory.dmp

memory/3748-1045-0x0000000006040000-0x0000000006050000-memory.dmp

memory/3748-1047-0x0000000006040000-0x0000000006050000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Installer.exe.log

MD5 8334a471a4b492ece225b471b8ad2fc8
SHA1 1cb24640f32d23e8f7800bd0511b7b9c3011d992
SHA256 5612afe347d8549cc95a0c710602bcc7d7b224361b613c0a6ba362092300c169
SHA512 56ae2e83355c331b00d782797f5664c2f373eac240e811aab978732503ae05eb20b08730d2427ed90efa5a706d71b42b57153596a45a6b5592e3dd9128b81c36

memory/3748-1048-0x0000000006040000-0x0000000006050000-memory.dmp

memory/3748-1051-0x0000000006040000-0x0000000006050000-memory.dmp

memory/3748-1053-0x00000000069F0000-0x0000000006AF0000-memory.dmp

memory/3748-1054-0x00000000069F0000-0x0000000006AF0000-memory.dmp

memory/3952-1055-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

memory/3748-1056-0x00000000069F0000-0x0000000006AF0000-memory.dmp

memory/3952-1057-0x0000000000400000-0x0000000000447000-memory.dmp

memory/3748-1058-0x00000000752E0000-0x0000000075A90000-memory.dmp

memory/232-1060-0x0000000075380000-0x0000000075B30000-memory.dmp

memory/4560-1061-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1062-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1063-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1067-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1068-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1069-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1071-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1070-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1073-0x0000021E53F70000-0x0000021E53F71000-memory.dmp

memory/4560-1072-0x0000021E53F70000-0x0000021E53F71000-memory.dmp