Analysis Overview
SHA256
3bc027a50eb8aa85e590e120d203bec009069f23e8637145916b0de4827209ff
Threat Level: Known bad
The file configureStealChecker.png was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
ZGRat
Detect ZGRat V1
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Runs ping.exe
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Enumerates processes with tasklist
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-04 14:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-04 14:53
Reported
2024-05-04 14:56
Platform
win7-20240221-en
Max time kernel
118s
Max time network
122s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\configureStealChecker.png
Network
Files
memory/1336-0-0x00000000001A0000-0x00000000001A1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-04 14:53
Reported
2024-05-04 14:58
Platform
win10v2004-20240419-en
Max time kernel
308s
Max time network
304s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4660 created 3452 | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\Tight.pif | C:\Windows\Explorer.EXE |
ZGRat
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701b1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\Tight.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\RegAsm.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4484914\Tight.pif | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4485114\Tight.pif | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-17203666-93769886-2545153620-1000\{4E9A2A28-282A-4B6D-B827-64905B61A428} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 921864.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 173262.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701b1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701b1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\configureStealChecker.png
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff7d3f46f8,0x7fff7d3f4708,0x7fff7d3f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.txt
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701b1.exe
"C:\Users\Admin\Downloads\winrar-x64-701b1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 /prefetch:2
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8261f2c7eede4a1d967cf75f31ffd8e2 /t 2112 /p 5088
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,14588098516780270736,10949037255237857808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6e4ca27ac3e4468f9e7aad0d70d96e90 /t 1460 /p 1956
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap979:72:7zEvent23125
C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe
"C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Survivors Survivors.cmd & Survivors.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 4483934
C:\Windows\SysWOW64\findstr.exe
findstr /V "unemploymentibmrecoveredfarm" Tall
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Jersey + Ln + Precise + Nominations + Nhl 4483934\o
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\Tight.pif
4483934\Tight.pif 4483934\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\RegAsm.exe
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\RegAsm.exe
C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe
"C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Survivors Survivors.cmd & Survivors.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 4484914
C:\Windows\SysWOW64\findstr.exe
findstr /V "unemploymentibmrecoveredfarm" Tall
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Jersey + Ln + Precise + Nominations + Nhl 4484914\o
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4484914\Tight.pif
4484914\Tight.pif 4484914\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe
"C:\Users\Admin\Desktop\CeleryX\Cel3ry.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k move Survivors Survivors.cmd & Survivors.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 4485114
C:\Windows\SysWOW64\findstr.exe
findstr /V "unemploymentibmrecoveredfarm" Tall
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Jersey + Ln + Precise + Nominations + Nhl 4485114\o
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4485114\Tight.pif
4485114\Tight.pif 4485114\o
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ryosx.cc | udp |
| CZ | 89.187.188.226:443 | ryosx.cc | tcp |
| CZ | 89.187.188.226:443 | ryosx.cc | tcp |
| US | 8.8.8.8:53 | 226.188.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| DE | 18.64.108.175:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 216.58.201.106:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.108.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.2.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| BE | 64.233.167.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 54.184.235.130:443 | api.amplitude.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | download2390.mediafire.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.235.184.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 199.91.155.131:443 | download2390.mediafire.com | tcp |
| US | 199.91.155.131:443 | download2390.mediafire.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.155.91.199.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.75:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.75:443 | r.bing.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 216.58.201.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.rarlab.com | udp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| US | 8.8.8.8:53 | 162.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| DE | 51.195.68.162:443 | www.rarlab.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | KJoFONIMgPTTNrOAY.KJoFONIMgPTTNrOAY | udp |
| NL | 109.107.157.17:15866 | tcp | |
| US | 8.8.8.8:53 | 17.157.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | KJoFONIMgPTTNrOAY.KJoFONIMgPTTNrOAY | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a9e55f5864d6e2afd2fd84e25a3bc228 |
| SHA1 | a5efcff9e3df6252c7fe8535d505235f82aab276 |
| SHA256 | 0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452 |
| SHA512 | 12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75 |
\??\pipe\LOCAL\crashpad_1376_YACVTOSFVOYQGKDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dbac49e66219979194c79f1cf1cb3dd1 |
| SHA1 | 4ef87804a04d51ae1fac358f92382548b27f62f2 |
| SHA256 | f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562 |
| SHA512 | bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5aa2158dcf2a6fd73b418d4f72030083 |
| SHA1 | 7aa1a36c0d51e9fdff8258f70dc6ac5cb61aa5a9 |
| SHA256 | b29beaecb97fe6e3d21fefadb2bd44df625186677096b234e04c7d3d9aa48db6 |
| SHA512 | 4e82ea1b6ef1ea02a2abd800de461a97be34594566ef30e2249412806a265c4f9eef41759a4312e0f7aeee69be588260a9cdfca69249403585911f72ff287efd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c06378d77e82553782ae818c6bb4e43e |
| SHA1 | 36bd46433834b21b740bd6bae05150d8209484e6 |
| SHA256 | d1f04a8c5c51e696f6a43cf5696acfe2f99ed5cfc8fe578966b9a6ae2160536a |
| SHA512 | 952d539fe8477adb3372c1cd398811be5cb8afdf34446d5204e66edac5e8a1f9f42336925324dd0fe25069818e89e72f90a985a93005da9e370229520d304566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 153a789eadbb05489d5d07f12dfefe2e |
| SHA1 | a5d3f863063ab7e7a509dbb971ad4c4e9a902467 |
| SHA256 | 35574331e867afc46667ef6658d0c5646b2762df36b8492f81e5738b49297d7f |
| SHA512 | 88177843bafe521bda885cd2a4b370c3ad72cc8312afea6aabaf50ee69f5e40ef3233633686853c57862b5f65a1e613b92e062a787ad0cf4d7493b508256d26d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97c274c135ab2e5f02f67a89dba03577 |
| SHA1 | 2adecae1b6148cdea1b153cb47cc73f53875a400 |
| SHA256 | 58dfc144626253527bcd818ac5a99ee4ad9a6d66f3b3272bfeb95fc27fcbf165 |
| SHA512 | ee0402ea0969eff667f2a1813184f9cf68426e126d952b20d601e4bcaa7ca226d3ad194eef8122695963aa5727641a7014e818928dfbd0f731b7f2b64774f8f9 |
C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1.zip
| MD5 | 627066057611ef9f4bb5259107a9e752 |
| SHA1 | 8f0643f23a0cea2ff241815c96dd31a5cfba0255 |
| SHA256 | cc2956caa4a83e34181f290e6b51dc3eb909ca9b7737d25f6473359dc218d361 |
| SHA512 | ff687014cdfcbd1eeaa52d352d651233684dc7d55ef20d092c013064c604990c16b96f55424f9661b7195171c0a2829d7a9bdc8990181e56d7e2aa40cac1baac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dbef09ed28268af715154cfba6f05a6c |
| SHA1 | 9a52b011de4934f69bfb4c4ef9a4045188279325 |
| SHA256 | 35b6cbc784ae0f2f2509ea438905a3b29020de96381e8599f7f6023b8fb147ce |
| SHA512 | e279c0d5401f4d3b4d61a75908b61ba0c4202d8a7fc39f74fd7a452d206be9eecd55b7bbf32fbc8f3660dd793768f8c2c64a346c581aadef18a3aaeab14ea29f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c252c93b021d2dbdd83b5727ed4ade2 |
| SHA1 | 41bbe438ad23ade9b41a49ad750522e3348a24b7 |
| SHA256 | 3309ab860fc12d6fca3c5967fa9b6ab7ce1b02996263cfee1308454237335ad3 |
| SHA512 | 2a43af54ff3d9dc21b3a8e8e8df807251bd3846ea23c1e781f47223ec328d8162901ba83205bba23f97854f2afff625b09c445b06592cc88bdee2d65e1129110 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c859f6ea1f23e9e229538f002b99bcb5 |
| SHA1 | 5490e530c73b87cfbf225a6e6d7447b73c82036f |
| SHA256 | 5277cc029c643b88ef680f9aa67c773faea7a9cbb03c9894e4eee51216d9909b |
| SHA512 | 0a807442b5f47f8420c3f94c9d1a2d66a087131bad77b6d388ac4ef9a6be8f0db25975194f0e1fd19cac9c9963852a52f70192a224445810990f258a918be13d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b2c84e8a2adfc5bd7820344e5dcdca6f |
| SHA1 | 8321446dd4a2611087cdd951b5f207e6086bcb24 |
| SHA256 | 3679c15aa59a571c01eafd901b3d6ce607fde91980d1d08684f7221a6ff41c6b |
| SHA512 | aebe170e02b628c5304e5d90beb9ce5f926468075ea6541119bc79753a821c884b39e41757694f30dd8d5782b0095f5c8200f14d724f2ce9f21844d134958f5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 96def06d4a1fd4a99ddb1fcd1f0ddc2c |
| SHA1 | db8ec623a02dbea8c4c85ee3a66927f8fbfce198 |
| SHA256 | 4416c775956f8db75ec65496f32d8ad0deb7bdbdc62e7427240356cb4c9a1162 |
| SHA512 | 1acfe252ab4a6f2e9bfbe3e4b586fd09214a4c53f17f1968f2bd171a708fd1b80fa8834927ed95787c1ac6b734323c3906ed9b6245ea50e672f398b670ab79c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592541.TMP
| MD5 | 1da4c7c625f19c7b31e4ae15f4399d48 |
| SHA1 | dd0c37060f3f0c6490c4a5e62c6c8b889d3f869c |
| SHA256 | c651cfc4d63745b17214944bfe8c3c64ba66f0ba2ead196f509c7b264242a3ba |
| SHA512 | e1ac88f424c394a2e83fde7d4ab3fad78040711cd89fdda38cf72746c7f33beb8d2895b8cc894bc9bbe23afecd1509a2637934439afc986463c9eec950a5ab82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e4193c0f85cd2952ae8b1e773237cd7b |
| SHA1 | dcb6d83430e38e9f4cb4a16e2e417722b96a8b47 |
| SHA256 | 9fb47807a4318f675ff0c942634f1d3ff2281d0e6a27b65a4a5e0e7c2e91ed9e |
| SHA512 | 1c75ae4fc9d14aef4e3015a9483dbb3b2708906c62d8f08bfc4e9bee61080faad480ddcbcfafd758356804dfca16fb2ac16a5bd6fba6f978e349e9ed8c07cda3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 165cc44e7327cd6a4eac3844d725d22a |
| SHA1 | db0d2579eba108d1c5359f58c11b492f2d26a9d9 |
| SHA256 | 3106cf7f7221181269300bc1aa8ce0f2ceac31310ad496c86cca75986d1b7069 |
| SHA512 | dd3fe224f1821bca609ab61b460fc332d57ad733404d8b1012489868980f176803d51392e118cf4572b8cfdfa3ed09b2f681cf84cc7751b0c11ccd23bdbfb3d5 |
C:\Users\Admin\Downloads\winrar-x64-701b1.exe
| MD5 | 8c80e9a6c80f878dbbbb84c0eeb06841 |
| SHA1 | 776c1ebfefd195cdd974c7da149fd9335ef03684 |
| SHA256 | 8249444b8ec33512027cde2bd6edb51bea9e9b4f35c4b261319d7a52d3befffc |
| SHA512 | 2032fcb28818c44e478ce4d73b76454ff50bd7ff67371b6de3b60978a3474f5dbf135d37b92f4d960c7a9bb95b594590f5beb385fddd0d49aeeca4e817028863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5aa3555438a546c30801cfe7fe85d0d7 |
| SHA1 | eb6ec24deefdcc649f5e09407fbe3516699895cc |
| SHA256 | 953d519b74629c075649f83ef2be9547525b113525cf9b9727b31bc5bd159933 |
| SHA512 | f3a288e4a3acddca6072bd8194797a6248a1d4a8b5aaeffc7d116d1065ee0f5f4da32f6ff3b3a25ea5ed93d91c1dc44d548c424cc35025a9bc00e75802d25830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fbf4c2a68ebd5d797a21b7d95e3db9a4 |
| SHA1 | e6f74f13f57c879636a71bfd37816d0e3015d656 |
| SHA256 | eb39586c2b1b8080a8041847b9061f4f3c6ef0efb292fb425e908979db1fdabe |
| SHA512 | aade75de33f4d2a691852d1b60cac2f1cb9554ee099d3b01f908e6b715235ec42d893121ea7a7be3680feb86164c06253afa107aa3a1b1b4b7cb686d4869bacb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2e4019435104bb19402de0dd8039506 |
| SHA1 | 310bd9f4508a9b43c1cdb94dcc209c68a1f8f074 |
| SHA256 | b0a39fcb964914d6e3413ec466bbbe5f827277d915f57d7d23fcd7c60acf5a4d |
| SHA512 | 787cb91f8385d07728c7642461ccd9e6c0405df162343be2a618d64d97c37a0495e8af0e3327bcb34c9d37a11dc429de9fee99fd02c72ee7f739e61ed1496a92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 517d162ddc7836e330e396223543c576 |
| SHA1 | b34bf5b883094f074d1ffe9add6ab7f68610f89d |
| SHA256 | eafa5670f3bd8970aa8aff19240aa137f860ab9099f3645b9e2007c522012eab |
| SHA512 | 909aa336a8279cc03d22af16ba43dc2ea09bf2e1412ad2bae7fab23c1e9ada8810fa20a6f51756e41b03857a9938dc3b37fb2169df4cde37874e1545261e9fe6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 215b811c9d8ed888fb8a49eff72685b9 |
| SHA1 | e4a796ed1528ce4e2ea6af73668dc797221f86fd |
| SHA256 | 3589e89770765c280f18b23c45ac18e21e80371c66318b36059cb6c50120b0a4 |
| SHA512 | 437f476672c4c538bab57fd6f61f2cd90fa06cd986662cb3a6d9c8595db7b84bb1eeede5641f814e33066ac63ceaca0d49015bcfc97c76bcdeb5ad28142eb154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 44d717fcef80c92f02922d841b070435 |
| SHA1 | e279141b4345c98e6cc0739482035186fc009b22 |
| SHA256 | 06ff84df368a0fd29f0e5e137d9b3d043d7ee277a34e56dbb75c57d1bc124031 |
| SHA512 | 166b1a17073a890c0ccaad79a881b6d70cce22f9b683cfa4e51882d60cd0d2a79858b962916f34cb58b41a1d9cfe0f13427dc4b07845226f98008b447fbc0bf2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de252419c761e55728e84a65fbb2dfdf |
| SHA1 | d4ced0c64d8109db1210c210867f507a9a1e2140 |
| SHA256 | 1248614c6d6a59bb7f59e328204fb6df540f86f698788878d99658ab0bfb8f1b |
| SHA512 | 6addaa2cd2e8fee4c7e1104376d45b5a00e717a98851f10253be9c386ad53a3d5631f935bfc18ea1e67c915c610e7dfe7b5822778a112666a55952c7e3439ecf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee027d96112004d583dbdce453e5f24d |
| SHA1 | 345109eb4c7af83cb86b767e3f5608b75e0c6445 |
| SHA256 | 43a423b1bec9ff695dca303608c7d24ae376df9ac6c252d2d1777b895bfd737c |
| SHA512 | 7fb78f7fffb70d8e586845fe9e4bdc4c840c1fe6479cb880140d3339acbb8c0c12773efb38edf7cfd871f2fb5135795ebfe7f41055346560d2935007afa322f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ceea51c4dbbc59d38d2ec6b5d0d6645d |
| SHA1 | c91ce2dace4815dfe3aad274afd256eb61c25ca1 |
| SHA256 | 7d96d6ae33dc200c7d20554bbfa7cd113a8937f31aba98e24f85996bb04f0e15 |
| SHA512 | f8b00cc3cdb414ce49373c155d4751fd5e9fbc484da2c74b13474d0fd0ac290b5cc793afa2c728a7731d7e2deeba5e4f81e72b40bf88bb740bf0e92db317daf5 |
C:\Users\Admin\Downloads\Unconfirmed 173262.crdownload
| MD5 | 48deabfacb5c8e88b81c7165ed4e3b0b |
| SHA1 | de3dab0e9258f9ff3c93ab6738818c6ec399e6a4 |
| SHA256 | ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24 |
| SHA512 | d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5388b713c710d2c78452d63a1f288f0 |
| SHA1 | fa09b600d3d0fa1e795fa04bd26c5de824999322 |
| SHA256 | 9f8f73ea870a0bcbe01a5870453085f7c0653e0a94e20014077deb900d249ee0 |
| SHA512 | 90708cac2d6d4ab385a46e3062eb3b45cdb58cdfc88bf5e669c8aff52993416a89dd22b4d664f342d038c6178bbf6f0af3c8d30e6d08d1099f9dc47e43f5a303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a05915957e6b69a8df16b37298945c6 |
| SHA1 | 0f08bfeec32883f445262c63e7e8b3378a5c6b8e |
| SHA256 | 719883558c8c6044bda12f2397251aa9fc108fb2d0f54c33292bb144d777513b |
| SHA512 | b2545497882750812d4649193441f7de6eec7283fe02947a88c07af1e4fce29556ac24c461d285951516c8bdbe56af54d60a80ab4bdeac6256d1a7508ef0b6d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 07943f4d66c17d06e71de10158ce3c53 |
| SHA1 | 2a16c4dc60ead79c68f905d945cb0df910151151 |
| SHA256 | 2d3411a80da61169597979429d203fb4a506fbbcbcc1744681d8191852fef32d |
| SHA512 | 098b24e88ce42d38cd84cedcf0ef804a72dc33ea5582b6be3126696be636e6c2c0caa08d31db1c24fd8cc1b5fd8f95a61a15fcb815694e699271d088e0da30ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 694912fdf9d78167e12d3a4abc13835a |
| SHA1 | c16e64976b03691feb73462af85bfd4aeb5cead7 |
| SHA256 | 6b54dfda532c41204bda7391ce4d490c52ee9eecea2c3ee6a83899e9572a77b8 |
| SHA512 | 8acd1e5d0be64980c61cbce1ea1218e17d3ab634c355f9474c83bfdd240ba6a57749e5e4bd0fe9d1e24aa25f30d395cdb290a1dd9f0427049e1b63a855ef6bca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68f8357654668905d34f2cfe5d75bee9 |
| SHA1 | cb0c131ead6722b56d3523b30b12bdbde7c5e485 |
| SHA256 | 12d4b83a62551b07944c2a14bbe661d5439434ddcd9f08dd31040909b04a28f3 |
| SHA512 | a25e92b51a740c14d2b426100db186b6bc1fb93aaf4fbc3b269b3633b7ba4a8f8a400273a52b01f726334eacf7319072365b920b79c05bd77a1a32875f5b9675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e26bed32d0ca34fa86168ae52d065232 |
| SHA1 | 646a9e9dc012f4473c6ef27be6aaade0c3e3493c |
| SHA256 | 9b7d872d1e12c03664830c8f399736efd58a9c65602cd760efd8c41421873205 |
| SHA512 | 0263b3a3fbf107db72a4e6f79a9a943dbbe0746d5c024057bb88e22fad1dba64b305abf1d9bb9725e6b0fa86b1eae24e7f7d17d32936913384d822707f8dda06 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Survivors
| MD5 | ec59908d44dae3c6763dfa1ff6e028d7 |
| SHA1 | 692052f3a2b8ae0c3c833d79e879b04da2c6f2d9 |
| SHA256 | 47b184b8d27dadc64fa276c3d1f43b048f7cd39b1d9f13ae746e316aee6dd133 |
| SHA512 | 62f26d02cf268ef844006f22c5b3cb64cb6a24a3acbf6767f0928abbbbaf135d671808a0145940e7d89fac13e1575f8d9c64baaf6ae6550602dbdf1b4f90583c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tall
| MD5 | 2deac528950398199abb1557e1760b0c |
| SHA1 | 36869327c9ff42859c62510f5714d32d8dc50b05 |
| SHA256 | df7ac59dcd9591f07f9a37f631f1cc92ed0cb0bc2e889cd69b83c8fecf3c990e |
| SHA512 | 9eb113c2de4e9d3f9f3a67ba7b3674dc288f0f852be5fb0a9901607d3517af674c5d0eaae9dc54aea1ec2b00fc10a7ce728f58ef268ac7678ea5da014990b28c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Phantom
| MD5 | 572bbdae8e009af0d2840f10feaa4fde |
| SHA1 | cef63dac1cf2112676c2c6f1f34d8619f5d7c9de |
| SHA256 | c07c20860d8aded0d53da2789d679b7dcffe5ecc741857ed5caae8c385a8dedf |
| SHA512 | eaddb4814afad4159bc9678322262378c531b73f444812bc6b77b9b0fc0cbe6fc7ae9a7115d279ac82d668a7383c723d47f14a23b96b5de90467fe222412dfb7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Plaza
| MD5 | 80b0185c61fb245926dec26217976e2a |
| SHA1 | 9ddb686647eeabb704c9c2bd46625ad898a48cfe |
| SHA256 | 0958ae8d97ac8e3285457a179f768eac30c8ef95cad6936492a0b76a6ba88f8a |
| SHA512 | 267055a9d6973571b9332cb6b30ae202ed84354e382d04194c6e28fd6a01c3c9f7e984e190a50c8047c36505b8ac3c4584c618ab1443f336b5a3d22c136292b8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ballot
| MD5 | 048263c25239abbd5ecfffd24313bba3 |
| SHA1 | 2b10d008b0ecd1c6f594b8017abd6a8d8a6f290d |
| SHA256 | b469309b45bc77bde7d7593e0ac2b675f7698bed8a38ac973a7cbc7228573de7 |
| SHA512 | 5563d68b85845d37566f7a7c980e9f821790e46047e9efbc1dcf13cdacb9883d0501ff80c4b7dff86cc3279f2240b8faf4ae4f6e4b444770564e4d0728b1e57c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Railway
| MD5 | 2df85c40fdae66b23d7be0bd2a6b12e0 |
| SHA1 | 22c6eb371aebc8c12dc6b0e34ce625a177092710 |
| SHA256 | f9d331d0aad9f14726c1ab87c2a0224858bfc525ac1b70df0fcd8decf49ff906 |
| SHA512 | b213ca0a8738eb7e793292a8fa658a23292ae61f103f272bc5b70c834c25da36b168137887e901ce2b76986b6eaf38ed0f3fa64aa7d4fa7618a7923de4be62e9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\De
| MD5 | e072dd1deee0bc3f1a544c725183ae73 |
| SHA1 | 4dbc04900ab4f00d7112044e37897c25fcb7d491 |
| SHA256 | 109e787154f2b5c1156c7261b510561d8e2d349d40ac4757931b2822d6c7a3a5 |
| SHA512 | da2a2061c38bd85e883029094e2e4fac14b53945cfd62b062e90960610d6d534da94c9f7aa310c47ecb565b1806ef186c9c2460ef5bb6b628d930e9324e2d70b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spirits
| MD5 | 3d7a3c2178dfa66fa9af97342c929198 |
| SHA1 | 9f61d84863c7cc71e53e325542798aeaf74c1d35 |
| SHA256 | eb28ac821250fcbca882d80c68d58a40ea8fe99606bf302f8d53ee7aa32a3b41 |
| SHA512 | cdfd9cbab8bc553f3253ef6e67647caba95fb2ffda57ae7e8ccb8e2ecd0212740048e679519cca13eed51b331dd4aba62db0c85a2dc323a4d326febc0edf094e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Jersey
| MD5 | e23669cdf38b0893d18a8a32633e1447 |
| SHA1 | 7acacfe1e7b440a4c8f51e7db5b00973e22a018d |
| SHA256 | f44940459aeb945ea918ab10c0134865a828987a38a17d72031905f97b97f5e2 |
| SHA512 | 16070adbd370511735c75c1101a90926af0d5ec10fabeeb556b4105abc94301f6c254204063fdd5e72499fccd835d39142a0247590da125ef68643344cbdabff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ln
| MD5 | 731603cce22e41ae5abf103fd9c6c315 |
| SHA1 | aa5cce06e8b30f76709411177bc5e8079f9cc4b7 |
| SHA256 | 540e351768b15b80eb6b6ff57077b56219cb82c37ce6cd97af2b498a4752c73b |
| SHA512 | b2f5173fa02d138f799e83c493a183948fb1da8387f07cc0ce3da33a5f44275a3fcc34ddc7af36c0350aa6f0a04401149bdf42722a45ad37a4648fca6285130c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Precise
| MD5 | 14bf7d55effe56d8eb97e275df411f4e |
| SHA1 | cb924a610c857aa8d13f1490b667cf96ebf89621 |
| SHA256 | 0bd26eb862c76e036de851e5d4ba028b7bb70feb07a80da1b8b43ed9a798bdf6 |
| SHA512 | f7441a3f2163e63847ef0264867c29f08883ba76130bd0d079b7c829b39856d4682dee4b3ad6d61552524975e86c165d4857d493a7141f550cdd7a635e945122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nominations
| MD5 | a960bb0bfa890f7b17092927491951f5 |
| SHA1 | 01ed334db20e3bd02eff9161de2f52c74c4a03ad |
| SHA256 | 9d3970eab9fb5a3c23e1ae22833685f4e028c6ce1c4e8c3bf166d840f46209e2 |
| SHA512 | 3c4dfe56aadb7acd84e367ee66c9b83a787e338572c6ed5bdf68c81584bc9c5224db0a8416618f50f801b528c3b1e4f9c3424841823ed1087f47928f61c63b07 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nhl
| MD5 | 3d9cfd7ee3b39be68779ef7c402b0f88 |
| SHA1 | 97abda2bfa806ce568f40be1009f9e9fb02892cc |
| SHA256 | a2044183bde2b08538b8a1f7ab20fbcd78c6ffbb957050ddbf2e79dbe950bd29 |
| SHA512 | a97446f4084609404431d94fb33d50eb235165eaddf324fa2a76143b3450b05480f3884e0da7cd5e9862e5a70b25c833b3b33c3cf1589f3207a3c1babc6abf58 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\Tight.pif
| MD5 | 6ee7ddebff0a2b78c7ac30f6e00d1d11 |
| SHA1 | f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2 |
| SHA256 | 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4 |
| SHA512 | 57d56de2bb882f491e633972003d7c6562ef2758c3731b913ff4d15379ada575062f4de2a48ca6d6d9241852a5b8a007f52792753fd8d8fee85b9a218714efd0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\o
| MD5 | 516ad8cde3f6b9cb38e2f26a3ec845b9 |
| SHA1 | d74d737cd7bceb72f669eed4b26bf1a1f9a22102 |
| SHA256 | a8bb0c34c381d5f065fc9fcfb4f4c7f177fd534117a350ed8a9751f1e15fd031 |
| SHA512 | 8e75567cdacf5711cf4c6816bf7eaff68c51aca3c13f79ed0504a718e50337330265dd6b7bc2d499e57e560957077fda6701de88fc0cc07af2f3ab8ac3ebb916 |
memory/4652-801-0x0000000001300000-0x000000000135A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4483934\RegAsm.exe
| MD5 | 0d5df43af2916f47d00c1573797c1a13 |
| SHA1 | 230ab5559e806574d26b4c20847c368ed55483b0 |
| SHA256 | c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc |
| SHA512 | f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2 |
memory/4652-804-0x0000000005E80000-0x0000000006424000-memory.dmp
memory/4652-805-0x00000000059B0000-0x0000000005A42000-memory.dmp
memory/4652-806-0x0000000005A60000-0x0000000005A6A000-memory.dmp
memory/4652-807-0x0000000008C80000-0x0000000009298000-memory.dmp
memory/4652-808-0x00000000088B0000-0x00000000089BA000-memory.dmp
memory/4652-809-0x00000000087C0000-0x00000000087D2000-memory.dmp
memory/4652-810-0x0000000008820000-0x000000000885C000-memory.dmp
memory/4652-811-0x0000000008860000-0x00000000088AC000-memory.dmp
memory/4652-827-0x0000000008B10000-0x0000000008B76000-memory.dmp
memory/4652-828-0x0000000009460000-0x00000000094D6000-memory.dmp
memory/4652-829-0x0000000009420000-0x000000000943E000-memory.dmp
memory/4652-830-0x0000000009ED0000-0x000000000A092000-memory.dmp
memory/4652-831-0x000000000A5D0000-0x000000000AAFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | e5b26bcfd06bec34f3ffb5aa2fe116d1 |
| SHA1 | 33830591c937210a427ae27ef81df0a3cd107730 |
| SHA256 | d1efb717bec858be32c1d1a66a1c9c49c49c67f1c799f5bb996b5433b98d43c3 |
| SHA512 | 11499f2c797a5776b6c9b0a0ab85f79ae41beb39fa2bb98e51d3a510d5ea3b6ab04acd0579a606fe1e937e8eb530b51a311426e9f87def94a54579c87651f67e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 86066b195a6f0f4b74ba7d2cbd353374 |
| SHA1 | 6cc20419a6076f10434b7f1caafa93f028e27a16 |
| SHA256 | fab95402423df32e6e561b9f7c948936e9b362229acc6494eed09d9370a5a083 |
| SHA512 | 0c5646a5f174fc0d4e52ba109d6b70868f8d244429f74d3a4589550e74f2794393313482ceab1e12c969464dfdd071cef1bc1572fcaa7e8336e4f618edf5461a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4485114\Tight.pif
| MD5 | 7774285e3ebcad0ee1383c20afd009c1 |
| SHA1 | 85032512c88be4440836ec98ef20fa088071e0c9 |
| SHA256 | 1b66f14e747659a401df5aa57e07e383e611fa74cf2c697a0a7fa3f6a7e2acea |
| SHA512 | 2f85dbc58e89fe708bfa6124d21f671a3497ea51fc155abc09015a9d0750306b73cb994c1cbe04bfe8fe140b740de97e2cc94391dbf8571140b17329a6f4fdeb |