Malware Analysis Report

2025-05-05 23:29

Sample ID 240504-t758rsee23
Target sample
SHA256 6144ca62b155eee9c853da912eb806160696d4717cdc7bf9a7aa002285bdaf1e
Tags
zgrat discovery rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6144ca62b155eee9c853da912eb806160696d4717cdc7bf9a7aa002285bdaf1e

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

zgrat discovery rat spyware stealer

Detect ZGRat V1

Suspicious use of NtCreateUserProcessOtherParentProcess

ZGRat

Executes dropped EXE

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Enumerates physical storage devices

Runs ping.exe

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Enumerates processes with tasklist

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-04 16:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-04 16:42

Reported

2024-05-04 16:45

Platform

win11-20240419-en

Max time kernel

148s

Max time network

149s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

ZGRat

rat zgrat

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4748 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2948 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 3412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\README.txt

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\CeleryX.rar"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\" -an -ai#7zMap31123:122:7zEvent16654

C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\CeleryX\Cel3ry.exe

"C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\CeleryX\Cel3ry.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Survivors Survivors.cmd & Survivors.cmd & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4492964

C:\Windows\SysWOW64\findstr.exe

findstr /V "unemploymentibmrecoveredfarm" Tall

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Jersey + Ln + Precise + Nominations + Nhl 4492964\o

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif

4492964\Tight.pif 4492964\o

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\CeleryX\Cel3ry.exe

"C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1\CeleryX\Cel3ry.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Survivors Survivors.cmd & Survivors.cmd & exit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 4493624

C:\Windows\SysWOW64\findstr.exe

findstr /V "unemploymentibmrecoveredfarm" Tall

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Jersey + Ln + Precise + Nominations + Nhl 4493624\o

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\Tight.pif

4493624\Tight.pif 4493624\o

C:\Windows\SysWOW64\PING.EXE

ping -n 5 127.0.0.1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,16813549266120309669,459269754686045000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6876 /prefetch:2

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4493624\RegAsm.exe

Network

Country Destination Domain Proto
NL 23.62.61.113:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
CZ 89.187.188.226:80 ryosx.cc tcp
CZ 89.187.188.226:80 ryosx.cc tcp
CZ 89.187.188.226:443 ryosx.cc tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 104.16.114.74:443 static.mediafire.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
GB 172.217.16.238:443 translate.google.com tcp
GB 3.162.19.146:443 cdn.amplitude.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 52.88.13.83:443 api.amplitude.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 146.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 232.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 81.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.178.4:443 www.google.com tcp
US 199.91.155.131:443 download2390.mediafire.com tcp
US 199.91.155.131:443 download2390.mediafire.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
NL 109.107.157.17:15866 tcp
NL 109.107.157.17:15866 tcp
GB 92.123.128.195:443 tcp
US 13.89.179.9:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

\??\pipe\LOCAL\crashpad_4748_TXHWFVRBMLEJQBFL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ade01a8cdbbf61f66497f88012a684d1
SHA1 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256 f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512 fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e685e34e5d64865390e1b1d2af3cadb3
SHA1 9400aaa0be9e71a93b928b71e033acf0b2711f36
SHA256 03dacc7bb7c0d0f3c48e380f2b33a7d8b3f5352807065cef6d50a170c32ee82e
SHA512 4d9d2b0db7ef0514b6e440112cb005ce4d1048c3ae2136b3f9ea7efdc17c07421120c496c2f9a13f3bb2d7a759fd53c78ab87eef7dd1f4cd4a96d0171ccff271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e8283cb43345c87bc51529daa3261042
SHA1 6b4374cb1ce3c02fcf22af08014f62a85ef57250
SHA256 7034f3b8a5804d4e267c3d0a2f9a348bca0aaad0c4cafc0e7248f6b132f00433
SHA512 a1d7f05608d770e3811ecd3cb0314d04bcc7da226757fb94a58ad8b1d6c4b40540b77b3e6d45f692ffce0395939bdb2a78f0f5805101b7e68c80ac0aa25e1668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46072e309214312fd269afa7f6decf6a
SHA1 cc85de3cae343908f6180f396c67e2fe824c12d7
SHA256 3b499c6a8c76987712fc4573dbfab2836f0c9f08a3d0810b2de5e9ea046a1cf9
SHA512 34f9ece7f3c2b10a731147e76db08a775464c60a51132bd35232b720d1fd206d6b0c4a5f2684b853321988eb69418500330ae6b4f8cb3f92f7388e5cf3e8df6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3f198736bd0c67790105ce29ca3e5dbf
SHA1 154b6895e2a36f3aba1c50b30301aa3e49ce7018
SHA256 24ac40d49b4695567f2cfd711baaea1f4ac553219c377b4371f1f3be6011fe27
SHA512 85c94904f6733d528bec1b823ebdeed2cc6f504389d6862c67abe72f361bbfa8e7aefc1ae6bc089477766c9d7aa632bc2c027eadcbdb35d48054d24e17171854

C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\CEL3RY BY GODDY V3.2.1.zip

MD5 627066057611ef9f4bb5259107a9e752
SHA1 8f0643f23a0cea2ff241815c96dd31a5cfba0255
SHA256 cc2956caa4a83e34181f290e6b51dc3eb909ca9b7737d25f6473359dc218d361
SHA512 ff687014cdfcbd1eeaa52d352d651233684dc7d55ef20d092c013064c604990c16b96f55424f9661b7195171c0a2829d7a9bdc8990181e56d7e2aa40cac1baac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d55946d5b8491128f77058806fce5db
SHA1 684965f093582c360d271737f41b3a6fff4e3b30
SHA256 8171d5a189c3d2ba1fb0e3f2293bb8ddfcbd63f85a78ea4edfecde9bdadf756b
SHA512 77ca0c7bff09f98ba74bffe15f77e6e99e4be83a5f1954b039c089b7b4b07ae45b44412249f2be59ae71d2279dab54716c502ece0aefdb0eaf073ffb17e41992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e119dc4d3546020020c72f02a96da487
SHA1 9c64a6c3a69dc399f4dd85030bf7fa04b812fbaa
SHA256 bfa49c818189a6c4da33ea0cf1bf3d35fbe70af0c21fc936822de3cab7915670
SHA512 64b879e1090967053a25babc97127ac688850bf18f7beee617354efa5c9b3b59fe949d986340fc96f8c901b07e5cd193f5e95076c1c93367f404631e72d436fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7b94f938f642254896e10265c8ec8765
SHA1 ddb78a60ee175df35cbeb91221f5857303cae2e2
SHA256 188571e9f60646faaa8709cd01fcfa19d0f0eabab88cf3ec9671d85311a987ee
SHA512 16012f202aa9a99afab8259f58e6f2f4eb2b81674b2a2ac0cdde8ec9d5eeda0adafa72d74b65bf0ecdb6da09b8466e879a8e8f532681c08fc15d708da6edeb84

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Survivors

MD5 ec59908d44dae3c6763dfa1ff6e028d7
SHA1 692052f3a2b8ae0c3c833d79e879b04da2c6f2d9
SHA256 47b184b8d27dadc64fa276c3d1f43b048f7cd39b1d9f13ae746e316aee6dd133
SHA512 62f26d02cf268ef844006f22c5b3cb64cb6a24a3acbf6767f0928abbbbaf135d671808a0145940e7d89fac13e1575f8d9c64baaf6ae6550602dbdf1b4f90583c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tall

MD5 2deac528950398199abb1557e1760b0c
SHA1 36869327c9ff42859c62510f5714d32d8dc50b05
SHA256 df7ac59dcd9591f07f9a37f631f1cc92ed0cb0bc2e889cd69b83c8fecf3c990e
SHA512 9eb113c2de4e9d3f9f3a67ba7b3674dc288f0f852be5fb0a9901607d3517af674c5d0eaae9dc54aea1ec2b00fc10a7ce728f58ef268ac7678ea5da014990b28c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Phantom

MD5 572bbdae8e009af0d2840f10feaa4fde
SHA1 cef63dac1cf2112676c2c6f1f34d8619f5d7c9de
SHA256 c07c20860d8aded0d53da2789d679b7dcffe5ecc741857ed5caae8c385a8dedf
SHA512 eaddb4814afad4159bc9678322262378c531b73f444812bc6b77b9b0fc0cbe6fc7ae9a7115d279ac82d668a7383c723d47f14a23b96b5de90467fe222412dfb7

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Plaza

MD5 80b0185c61fb245926dec26217976e2a
SHA1 9ddb686647eeabb704c9c2bd46625ad898a48cfe
SHA256 0958ae8d97ac8e3285457a179f768eac30c8ef95cad6936492a0b76a6ba88f8a
SHA512 267055a9d6973571b9332cb6b30ae202ed84354e382d04194c6e28fd6a01c3c9f7e984e190a50c8047c36505b8ac3c4584c618ab1443f336b5a3d22c136292b8

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\De

MD5 e072dd1deee0bc3f1a544c725183ae73
SHA1 4dbc04900ab4f00d7112044e37897c25fcb7d491
SHA256 109e787154f2b5c1156c7261b510561d8e2d349d40ac4757931b2822d6c7a3a5
SHA512 da2a2061c38bd85e883029094e2e4fac14b53945cfd62b062e90960610d6d534da94c9f7aa310c47ecb565b1806ef186c9c2460ef5bb6b628d930e9324e2d70b

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spirits

MD5 3d7a3c2178dfa66fa9af97342c929198
SHA1 9f61d84863c7cc71e53e325542798aeaf74c1d35
SHA256 eb28ac821250fcbca882d80c68d58a40ea8fe99606bf302f8d53ee7aa32a3b41
SHA512 cdfd9cbab8bc553f3253ef6e67647caba95fb2ffda57ae7e8ccb8e2ecd0212740048e679519cca13eed51b331dd4aba62db0c85a2dc323a4d326febc0edf094e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Railway

MD5 2df85c40fdae66b23d7be0bd2a6b12e0
SHA1 22c6eb371aebc8c12dc6b0e34ce625a177092710
SHA256 f9d331d0aad9f14726c1ab87c2a0224858bfc525ac1b70df0fcd8decf49ff906
SHA512 b213ca0a8738eb7e793292a8fa658a23292ae61f103f272bc5b70c834c25da36b168137887e901ce2b76986b6eaf38ed0f3fa64aa7d4fa7618a7923de4be62e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ballot

MD5 048263c25239abbd5ecfffd24313bba3
SHA1 2b10d008b0ecd1c6f594b8017abd6a8d8a6f290d
SHA256 b469309b45bc77bde7d7593e0ac2b675f7698bed8a38ac973a7cbc7228573de7
SHA512 5563d68b85845d37566f7a7c980e9f821790e46047e9efbc1dcf13cdacb9883d0501ff80c4b7dff86cc3279f2240b8faf4ae4f6e4b444770564e4d0728b1e57c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nhl

MD5 3d9cfd7ee3b39be68779ef7c402b0f88
SHA1 97abda2bfa806ce568f40be1009f9e9fb02892cc
SHA256 a2044183bde2b08538b8a1f7ab20fbcd78c6ffbb957050ddbf2e79dbe950bd29
SHA512 a97446f4084609404431d94fb33d50eb235165eaddf324fa2a76143b3450b05480f3884e0da7cd5e9862e5a70b25c833b3b33c3cf1589f3207a3c1babc6abf58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nominations

MD5 a960bb0bfa890f7b17092927491951f5
SHA1 01ed334db20e3bd02eff9161de2f52c74c4a03ad
SHA256 9d3970eab9fb5a3c23e1ae22833685f4e028c6ce1c4e8c3bf166d840f46209e2
SHA512 3c4dfe56aadb7acd84e367ee66c9b83a787e338572c6ed5bdf68c81584bc9c5224db0a8416618f50f801b528c3b1e4f9c3424841823ed1087f47928f61c63b07

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Precise

MD5 14bf7d55effe56d8eb97e275df411f4e
SHA1 cb924a610c857aa8d13f1490b667cf96ebf89621
SHA256 0bd26eb862c76e036de851e5d4ba028b7bb70feb07a80da1b8b43ed9a798bdf6
SHA512 f7441a3f2163e63847ef0264867c29f08883ba76130bd0d079b7c829b39856d4682dee4b3ad6d61552524975e86c165d4857d493a7141f550cdd7a635e945122

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ln

MD5 731603cce22e41ae5abf103fd9c6c315
SHA1 aa5cce06e8b30f76709411177bc5e8079f9cc4b7
SHA256 540e351768b15b80eb6b6ff57077b56219cb82c37ce6cd97af2b498a4752c73b
SHA512 b2f5173fa02d138f799e83c493a183948fb1da8387f07cc0ce3da33a5f44275a3fcc34ddc7af36c0350aa6f0a04401149bdf42722a45ad37a4648fca6285130c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Jersey

MD5 e23669cdf38b0893d18a8a32633e1447
SHA1 7acacfe1e7b440a4c8f51e7db5b00973e22a018d
SHA256 f44940459aeb945ea918ab10c0134865a828987a38a17d72031905f97b97f5e2
SHA512 16070adbd370511735c75c1101a90926af0d5ec10fabeeb556b4105abc94301f6c254204063fdd5e72499fccd835d39142a0247590da125ef68643344cbdabff

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\Tight.pif

MD5 6ee7ddebff0a2b78c7ac30f6e00d1d11
SHA1 f2f57024c7cc3f9ff5f999ee20c4f5c38bfc20a2
SHA256 865347471135bb5459ad0e647e75a14ad91424b6f13a5c05d9ecd9183a8a1cf4
SHA512 57d56de2bb882f491e633972003d7c6562ef2758c3731b913ff4d15379ada575062f4de2a48ca6d6d9241852a5b8a007f52792753fd8d8fee85b9a218714efd0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\o

MD5 516ad8cde3f6b9cb38e2f26a3ec845b9
SHA1 d74d737cd7bceb72f669eed4b26bf1a1f9a22102
SHA256 a8bb0c34c381d5f065fc9fcfb4f4c7f177fd534117a350ed8a9751f1e15fd031
SHA512 8e75567cdacf5711cf4c6816bf7eaff68c51aca3c13f79ed0504a718e50337330265dd6b7bc2d499e57e560957077fda6701de88fc0cc07af2f3ab8ac3ebb916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3c0a054c2866e9aa540ee144b5afb19
SHA1 a1515d5e6bd386befc1d2a4f680e41165f41e9c6
SHA256 242b3300e510fe7c055584094222a92ff772d7ac5d26525be219b4eec9185c3f
SHA512 a78082781415b76112ed1292c2d35704b896959bdfcec08cb2de1e021c88df921dd8ddb9b4af5fc2bc8b56f95816da61d0d4fd375cc50af4e6a98b2070499090

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee903877c90b21e4ed4e5eb60be2f708
SHA1 7461832a046d80810298d7db2b40a667d34e2670
SHA256 64244ce6d7cd27aecbe3631b031441ccdac6db759859e6852bce6dd697b29b95
SHA512 b5e89f524f237bc1e60ef1b6867a794530508efbe7e1064c7eed2e6a8fa4e4d266dec9537ad40175f4d00a8ec7af449d3254249e21e05ad9a1a52f7230c975e8

memory/1076-328-0x0000000001030000-0x000000000108A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\4492964\RegAsm.exe

MD5 42ab6e035df99a43dbb879c86b620b91
SHA1 c6e116569d17d8142dbb217b1f8bfa95bc148c38
SHA256 53195987d396986ebcb20425ac130e78ad308fdbd918f33f3fd92b99abda314b
SHA512 2e79de2d394ad33023d71611bb728b254aa4680b5a3a1ef5282b1155ddfaa2f3585c840a6700dfe0d1a276dac801298431f0187086d2e8f96b22f6c808fb97e5

memory/1076-331-0x0000000005D60000-0x0000000006306000-memory.dmp

memory/1076-332-0x00000000057B0000-0x0000000005842000-memory.dmp

memory/1076-333-0x0000000005950000-0x000000000595A000-memory.dmp

memory/1076-343-0x0000000008DE0000-0x00000000093F8000-memory.dmp

memory/1076-344-0x0000000008940000-0x0000000008A4A000-memory.dmp

memory/1076-345-0x0000000008880000-0x0000000008892000-memory.dmp

memory/1076-346-0x00000000088E0000-0x000000000891C000-memory.dmp

memory/1076-347-0x0000000008A50000-0x0000000008A9C000-memory.dmp

memory/1076-348-0x0000000008BD0000-0x0000000008C36000-memory.dmp

memory/1076-349-0x0000000009580000-0x00000000095F6000-memory.dmp

memory/1076-350-0x0000000008DA0000-0x0000000008DBE000-memory.dmp

memory/1076-351-0x000000000A560000-0x000000000A722000-memory.dmp

memory/1076-352-0x000000000AC60000-0x000000000B18C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8d0e45ff83dcec21ac69b3bd6460b52
SHA1 ab890ddf4240e058ffaf57335feb85ff6757c837
SHA256 973f3077906a17657b6694b174dd8c244d3469c8d3ced548bbad404242870d5b
SHA512 d905d6499110d4731de32323eaea69ca8c7b58c98181d8c7888e61df2159c54ac87582350970cf3f2b1e7602c314f0e8f4e8b9df479671dd93c1eb6c3bb13030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 cdb4bb3aff472d7299bf6eafb79b2b82
SHA1 cf942fbe1c06b5cf9dfd9a32f00e1d390c74d632
SHA256 24a5f3187d95fad30c947cf8af4cb00dfd890d41eaa56234512fd1b399f4b581
SHA512 27896a8253583aaa21d5f788c2b9dffc70497e1c9a7a53fb3599ee644697aac643a36998e653d3ce17e4982f6a04eae6d6a7c02501f6d37b09bb90df738defe1

C:\Users\Admin\AppData\Local\Temp\tmp7E9.tmp

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\tmp849.tmp

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3faf5dd8da0b2a1099da932da652986
SHA1 0743b14365f208f546c90eb0a84a90506daf0bba
SHA256 4dab1f56f99a3b33005322d9686c92fbdcb50d7a50940e4e9c56192f8729d67a
SHA512 9f01eaf05714f3cad2f3edd9c2bcf6b363e46369d695d6476a46e11629ec21da641472c382f5677af58406f559cce4ece6ac6422e709adc77aa46e7178e4597a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 812e3eefcdd8e9927efdf85c154c5a9f
SHA1 42b79a0ba14438d79ca636b363b07cb56eaff4a4
SHA256 8d19b3c6bc33192f8ec8d91e016ffc5d123ad31fb4dea97554f96e5256156790
SHA512 73564f285256dc6a6e0df10b4b14941320c7d1db2301e02b7672057a4f4845f69e923dced816f6c62e08b28362d0bb2fb508b726db617540bfe3e08741c17bf8

memory/1348-415-0x0000000000560000-0x00000000005BA000-memory.dmp

memory/1348-416-0x0000000008140000-0x000000000818C000-memory.dmp