Malware Analysis Report

2025-03-15 03:32

Sample ID 231216-27dgraeec6
Target main.exe
SHA256 1b617c535851db68536f3de36bddaaabc2c84500c78364b41a2ff862e2f9867d
Tags
pyinstaller empyrean persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1b617c535851db68536f3de36bddaaabc2c84500c78364b41a2ff862e2f9867d

Threat Level: Known bad

The file main.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller empyrean persistence spyware stealer upx

Empyrean family

Detects Empyrean stealer

Downloads MZ/PE file

UPX packed file

Checks computer location settings

Reads local data of messenger clients

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Checks processor information in registry

Modifies registry key

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-16 23:13

Signatures

Detects Empyrean stealer

Description Indicator Process Target
N/A N/A N/A N/A

Empyrean family

empyrean

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-16 23:13

Reported

2023-12-16 23:24

Platform

win10v2004-20231215-en

Max time kernel

603s

Max time network

666s

Command Line

"C:\Users\Admin\AppData\Local\Temp\main.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A

Reads local data of messenger clients

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" C:\Windows\SysWOW64\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A
N/A ipapi.co N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\URL Protocol C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\DefaultIcon C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9027\\Discord.exe\" --url -- \"%1\"" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-768304381-2824894965-3840216961-1000\{57C81F8E-EF4A-4C6B-8092-813C8A3D6166} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\ = "URL:Discord Protocol" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9027\\Discord.exe\",-1" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\shell C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord\shell\open C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Discord C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 880630.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 442500.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A
N/A N/A C:\Users\Admin\Downloads\main.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\main.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\main.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4252 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 4252 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Users\Admin\AppData\Local\Temp\main.exe
PID 3124 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 3124 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 3124 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 3124 wrote to memory of 4272 N/A C:\Users\Admin\AppData\Local\Temp\main.exe C:\Windows\system32\cmd.exe
PID 4272 wrote to memory of 2072 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 4272 wrote to memory of 2072 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 3320 wrote to memory of 364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 4872 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3320 wrote to memory of 2904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Users\Admin\AppData\Local\Temp\main.exe

"C:\Users\Admin\AppData\Local\Temp\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd904a46f8,0x7ffd904a4708,0x7ffd904a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6008 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd904a46f8,0x7ffd904a4708,0x7ffd904a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,10561791999162591863,15931567263520122261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe" --squirrel-install 1.0.9027

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9027 --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.26 --initial-client-data=0x540,0x544,0x548,0x534,0x54c,0x7fc5d78,0x7fc5d88,0x7fc5d94

C:\Users\Admin\AppData\Local\Discord\Update.exe

C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=2088,i,2267476985567975681,15353847579985041612,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe

"C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1972 --field-trial-handle=2088,i,2267476985567975681,15353847579985041612,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe\",-1" /f

C:\Windows\SysWOW64\reg.exe

C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe\" --url -- \"%1\"" /f

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Users\Admin\Downloads\main.exe

"C:\Users\Admin\Downloads\main.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\WatchShow.bat" "

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4f4

Network

Country Destination Domain Proto
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 104.26.8.44:443 ipapi.co tcp
US 8.8.8.8:53 44.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 ipapi.co udp
US 172.67.69.226:443 ipapi.co tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 226.69.67.172.in-addr.arpa udp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 92.123.128.164:443 r.bing.com tcp
US 92.123.128.164:443 r.bing.com tcp
US 92.123.128.164:443 r.bing.com tcp
US 92.123.128.164:443 r.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 40.126.53.19:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 19.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 dl.discordapp.net udp
US 104.18.48.115:443 dl.discordapp.net tcp
US 8.8.8.8:53 115.48.18.104.in-addr.arpa udp
US 172.67.69.226:443 ipapi.co tcp
US 172.67.69.226:443 ipapi.co tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI42522\python310.dll

MD5 c3b76e656b05ee566d8888f1cc73d13b
SHA1 3eed92d1d1d1ab2d10120a182e1d5ce15c52ed7c
SHA256 4bca5896303834fef01b812d8431d1d730336153853f1cc2126e84d732a45cdc
SHA512 750255c5091232f6cb28be762d022c8be2e7cd79f27d9d8cbf4132f7298e7b02593088c294a215c3a28094b32b026bf1a7284abc9771c7218eddf9d053a37a7c

C:\Users\Admin\AppData\Local\Temp\_MEI42522\python310.dll

MD5 cbb22e7dd31f93ef7f99ad6a3b05dbe4
SHA1 b41308106c6bdea688ab64890bd5e11c42310b42
SHA256 01f3ee8166b9a32a0118d014c0e1f684d70204451578851d8eb92de3fc9b5dce
SHA512 22401488bee44ebf715cf4767ca06871c39eea5ad1b160a7693c1741e6acef4db8dc0a04ecf9b4335a824d97e5b176e04a81553af5926de7ae7a280399efc03a

C:\Users\Admin\AppData\Local\Temp\_MEI42522\VCRUNTIME140.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3124-115-0x00007FFD913A0000-0x00007FFD9180E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI42522\base_library.zip

MD5 45246f17c07fc52c260e407befe8841a
SHA1 d8a992c57412108c1e732412f4e46f0c27d1aa58
SHA256 edeecd80be06ad71f618a722d5130d084668cb74d35b2ad37e5491cf327de10c
SHA512 0d2d228c4293991048fd8d1818a7a013f6554b9a7dce0e66557a9f7c129946a5366e9eb47d5c6b6f816251aaed1ce398986e936e986e9d5e020cd1c145f5f918

C:\Users\Admin\AppData\Local\Temp\_MEI42522\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_ctypes.pyd

MD5 6ca9a99c75a0b7b6a22681aa8e5ad77b
SHA1 dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8
SHA256 d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8
SHA512 b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

C:\Users\Admin\AppData\Local\Temp\_MEI42522\libffi-7.dll

MD5 b5150b41ca910f212a1dd236832eb472
SHA1 a17809732c562524b185953ffe60dfa91ba3ce7d
SHA256 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA512 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

memory/3124-124-0x00007FFDA5CC0000-0x00007FFDA5CE4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_socket.pyd

MD5 afd296823375e106c4b1ac8b39927f8b
SHA1 b05d811e5a5921d5b5cc90b9e4763fd63783587b
SHA256 e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007
SHA512 95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

C:\Users\Admin\AppData\Local\Temp\_MEI42522\select.pyd

MD5 72009cde5945de0673a11efb521c8ccd
SHA1 bddb47ac13c6302a871a53ba303001837939f837
SHA256 5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca
SHA512 d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

C:\Users\Admin\AppData\Local\Temp\_MEI42522\pywintypes310.dll

MD5 6f2aa8fa02f59671f99083f9cef12cda
SHA1 9fd0716bcde6ac01cd916be28aa4297c5d4791cd
SHA256 1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6
SHA512 f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211

C:\Users\Admin\AppData\Local\Temp\_MEI42522\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

memory/3124-130-0x00007FFDA5A40000-0x00007FFDA5A59000-memory.dmp

memory/3124-132-0x00007FFDA5A30000-0x00007FFDA5A3D000-memory.dmp

memory/3124-136-0x00007FFDA5A00000-0x00007FFDA5A2E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_lzma.pyd

MD5 abceeceaeff3798b5b0de412af610f58
SHA1 c3c94c120b5bed8bccf8104d933e96ac6e42ca90
SHA256 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e
SHA512 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

memory/3124-141-0x00007FFDA4560000-0x00007FFDA4579000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_bz2.pyd

MD5 758fff1d194a7ac7a1e3d98bcf143a44
SHA1 de1c61a8e1fb90666340f8b0a34e4d8bfc56da07
SHA256 f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708
SHA512 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

memory/3124-145-0x00007FFDA1630000-0x00007FFDA165D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\pythoncom310.dll

MD5 9051abae01a41ea13febdea7d93470c0
SHA1 b06bd4cd4fd453eb827a108e137320d5dc3a002f
SHA256 f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399
SHA512 58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da

memory/3124-147-0x00007FFDA06B0000-0x00007FFDA076C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\win32api.pyd

MD5 561f419a2b44158646ee13cd9af44c60
SHA1 93212788de48e0a91e603d74f071a7c8f42fe39b
SHA256 631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7
SHA512 d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c

memory/3124-150-0x00007FFDA1570000-0x00007FFDA159B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\pyexpat.pyd

MD5 5a328b011fa748939264318a433297e2
SHA1 d46dd2be7c452e5b6525e88a2d29179f4c07de65
SHA256 e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14
SHA512 06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87

memory/3124-154-0x00007FFDA1530000-0x00007FFDA1564000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_queue.pyd

MD5 0d267bb65918b55839a9400b0fb11aa2
SHA1 54e66a14bea8ae551ab6f8f48d81560b2add1afc
SHA256 13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c
SHA512 c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56

memory/3124-156-0x00007FFDA4550000-0x00007FFDA455D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_decimal.pyd

MD5 eb45ea265a48348ce0ac4124cb72df22
SHA1 ecdc1d76a205f482d1ed9c25445fa6d8f73a1422
SHA256 3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279
SHA512 f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013

memory/3124-159-0x00007FFDA1140000-0x00007FFDA1182000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_uuid.pyd

MD5 81dfa68ca3cb20ced73316dbc78423f6
SHA1 8841cf22938aa6ee373ff770716bb9c6d9bc3e26
SHA256 d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190
SHA512 e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_ssl.pyd

MD5 1e643c629f993a63045b0ff70d6cf7c6
SHA1 9af2d22226e57dc16c199cad002e3beb6a0a0058
SHA256 4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a
SHA512 9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

memory/3124-165-0x00007FFD913A0000-0x00007FFD9180E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\libcrypto-1_1.dll

MD5 817312d8a8cf756580e7e5f7dcc6fdb6
SHA1 42bfe81d31e071bc163cb2df8002daf3657f4ad7
SHA256 15c43a5f720485f525c4327483fbc9b6b40c486fb9edfb5ef945bec7056ad4d9
SHA512 b1ae6453dc7d316049b4da51aa876649f614d72c6eb5af057a2f0b83c51af65d068b51c2b18d072090680fd4b949fb329feb20a2ae8b2cec4531aab3b9d657d0

memory/3124-174-0x000002734EA10000-0x000002734ED85000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\libcrypto-1_1.dll

MD5 9d9ae24612b36d1a2ecd2bbdaaab2a00
SHA1 66ce7bccc452f2fd2cb126c5ca89d2752dc25866
SHA256 467ed4ca787b0896db06a9196d6af13df7c62fd4a993589db043879dd2c529df
SHA512 9cb8dd34a0e65c7835451937f1107112017236d86080c9baade3fbd586d37eae2670ba4cd468a0eb3e13fb6426870fda10c9b32a4e09a7f5404d863ddbaa275f

C:\Users\Admin\AppData\Local\Temp\_MEI42522\libssl-1_1.dll

MD5 48d792202922fffe8ea12798f03d94de
SHA1 f8818be47becb8ccf2907399f62019c3be0efeb5
SHA256 8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc
SHA512 69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833

memory/3124-170-0x00007FFDA5AA0000-0x00007FFDA5AAA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\charset_normalizer\md.cp310-win_amd64.pyd

MD5 79f58590559566a010140b0b94a9ff3f
SHA1 e3b6b62886bba487e524cbba4530ca703b24cbda
SHA256 f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73
SHA512 ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131

C:\Users\Admin\AppData\Local\Temp\_MEI42522\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 9bb72ad673c91050ecb9f4a3f98b91ef
SHA1 67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4
SHA256 17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f
SHA512 4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40

C:\Users\Admin\AppData\Local\Temp\_MEI42522\unicodedata.pyd

MD5 ca3baebf8725c7d785710f1dfbb2736d
SHA1 8f9aec2732a252888f3873967d8cc0139ff7f4e5
SHA256 f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c
SHA512 5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_sqlite3.pyd

MD5 7b45afc909647c373749ef946c67d7cf
SHA1 81f813c1d8c4b6497c01615dcb6aa40b92a7bd20
SHA256 a5f39bfd2b43799922e303a3490164c882f6e630777a3a0998e89235dc513b5e
SHA512 fe67e58f30a2c95d7d42a102ed818f4d57baa524c5c2d781c933de201028c75084c3e836ff4237e066f3c7dd6a5492933c3da3fee76eb2c50a6915996ef6d7fb

C:\Users\Admin\AppData\Local\Temp\_MEI42522\Crypto\Cipher\_raw_ecb.pyd

MD5 f94726f6b584647142ea6d5818b0349d
SHA1 4aa9931c0ff214bf520c5e82d8e73ceeb08af27c
SHA256 b98297fd093e8af7fca2628c23a9916e767540c3c6fa8894394b5b97ffec3174
SHA512 2b40a9b39f5d09eb8d7ddad849c8a08ab2e73574ee0d5db132fe8c8c3772e60298e0545516c9c26ee0b257ebda59cfe1f56ef6c4357ef5be9017c4db4770d238

C:\Users\Admin\AppData\Local\Temp\_MEI42522\Crypto\Cipher\_raw_cbc.pyd

MD5 fe44f698198190de574dc193a0e1b967
SHA1 5bad88c7cc50e61487ec47734877b31f201c5668
SHA256 32fa416a29802eb0017a2c7360bf942edb132d4671168de26bd4c3e94d8de919
SHA512 c841885dd7696f337635ef759e3f61ee7f4286b622a9fb8b695988d93219089e997b944321ca49ca3bd19d41440ee7c8e1d735bd3558052f67f762bf4d1f5fc3

C:\Users\Admin\AppData\Local\Temp\_MEI42522\Crypto\Cipher\_raw_cfb.pyd

MD5 ff64fd41b794e0ef76a9eeae1835863c
SHA1 bf14e9d12b8187ca4cc9528d7331f126c3f5ca1e
SHA256 5d2d1a5f79b44f36ac87d9c6d886404d9be35d1667c4b2eb8aab59fb77bf8bac
SHA512 03673f94525b63644a7da45c652267077753f29888fb8966da5b2b560578f961fdc67696b69a49d9577a8033ffcc7b4a6b98c051b4f53380227c392761562734

memory/3124-194-0x00007FFD90960000-0x00007FFD90AD1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\sqlite3.dll

MD5 b70d218798c0fec39de1199c796ebce8
SHA1 73b9f8389706790a0fec3c7662c997d0a238a4a0
SHA256 4830e8d4ae005a73834371fe7bb5b91ca8a4c4c3a4b9a838939f18920f10faff
SHA512 2ede15cc8a229bfc599980ce7180a7a3c37c0264415470801cf098ef4dac7bcf857821f647614490c1b0865882619a24e3ac0848b5aea1796fad054c0dd6f718

memory/3124-191-0x00007FFD90AE0000-0x00007FFD90BF8000-memory.dmp

memory/3124-207-0x00007FFDA1520000-0x00007FFDA152B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\Crypto\Cipher\_raw_ofb.pyd

MD5 eea83b9021675c8ca837dfe78b5a3a58
SHA1 3660833ff743781e451342bb623fa59229ae614d
SHA256 45a4e35231e504b0d50a5fd5968ab6960cb27d197f86689477701d79d8b95b3b
SHA512 fcdccea603737364dbdbbcd5763fd85aeb0c175e6790128c93360af43e2587d0fd173bee4843c681f43fb63d57fcaef1a58be683625c905416e0c58af5bf1d6c

memory/3124-206-0x00007FFDA1010000-0x00007FFDA102F000-memory.dmp

memory/3124-205-0x00007FFDA5A70000-0x00007FFDA5A7B000-memory.dmp

memory/3124-208-0x00007FFDA5A00000-0x00007FFDA5A2E000-memory.dmp

memory/3124-209-0x00007FFDA0FE0000-0x00007FFDA0FEB000-memory.dmp

memory/3124-210-0x00007FFDA0FD0000-0x00007FFDA0FDC000-memory.dmp

memory/3124-212-0x00007FFDA0FB0000-0x00007FFDA0FBC000-memory.dmp

memory/3124-204-0x00007FFDA5A40000-0x00007FFDA5A59000-memory.dmp

memory/3124-218-0x00007FFDA0DD0000-0x00007FFDA0DDB000-memory.dmp

memory/3124-221-0x00007FFDA0DA0000-0x00007FFDA0DAC000-memory.dmp

memory/3124-224-0x00007FFDA0CA0000-0x00007FFDA0CAC000-memory.dmp

memory/3124-228-0x00007FFDA0690000-0x00007FFDA06A9000-memory.dmp

memory/3124-235-0x00007FFDA0570000-0x00007FFDA0599000-memory.dmp

memory/3124-236-0x00007FFD904C0000-0x00007FFD90712000-memory.dmp

memory/3124-234-0x00007FFDA05A0000-0x00007FFDA05BE000-memory.dmp

memory/3124-233-0x00007FFDA05D0000-0x00007FFDA05E1000-memory.dmp

memory/3124-232-0x00007FFDA0840000-0x00007FFDA0857000-memory.dmp

memory/3124-231-0x00007FFDA0910000-0x00007FFDA0932000-memory.dmp

memory/3124-230-0x00007FFDA0E10000-0x00007FFDA0E1D000-memory.dmp

memory/3124-229-0x00007FFDA0640000-0x00007FFDA0689000-memory.dmp

memory/3124-227-0x00007FFDA0940000-0x00007FFDA0954000-memory.dmp

memory/3124-226-0x00007FFDA0C70000-0x00007FFDA0C80000-memory.dmp

memory/3124-225-0x00007FFDA0C80000-0x00007FFDA0C95000-memory.dmp

memory/3124-223-0x00007FFDA0D70000-0x00007FFDA0D82000-memory.dmp

memory/3124-222-0x00007FFDA0D90000-0x00007FFDA0D9D000-memory.dmp

memory/3124-220-0x00007FFDA0DB0000-0x00007FFDA0DBC000-memory.dmp

memory/3124-219-0x00007FFDA0DC0000-0x00007FFDA0DCB000-memory.dmp

memory/3124-217-0x00007FFDA0DE0000-0x00007FFDA0DEC000-memory.dmp

memory/3124-214-0x00007FFDA0DF0000-0x00007FFDA0DFC000-memory.dmp

memory/3124-213-0x00007FFDA0E00000-0x00007FFDA0E0E000-memory.dmp

memory/3124-211-0x00007FFDA0FC0000-0x00007FFDA0FCB000-memory.dmp

memory/3124-203-0x00007FFDA1120000-0x00007FFDA1134000-memory.dmp

memory/3124-202-0x00007FFDA0FF0000-0x00007FFDA0FFC000-memory.dmp

memory/3124-201-0x00007FFDA1000000-0x00007FFDA100B000-memory.dmp

memory/3124-187-0x00007FFDA1030000-0x00007FFDA1056000-memory.dmp

memory/3124-180-0x00007FFDA0E20000-0x00007FFDA0ED8000-memory.dmp

memory/3124-179-0x00007FFDA1430000-0x00007FFDA145E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\_hashlib.pyd

MD5 0d723bc34592d5bb2b32cf259858d80e
SHA1 eacfabd037ba5890885656f2485c2d7226a19d17
SHA256 f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f
SHA512 3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33

memory/3124-177-0x00007FFDA5A80000-0x00007FFDA5A9C000-memory.dmp

memory/3124-175-0x00007FFD90C00000-0x00007FFD90F75000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\libcrypto-1_1.dll

MD5 f1060a8d3ffa36c1b0d7c6ffb9baba13
SHA1 d055d9f76a5d84d386e4dd02ccf467b3992de0cc
SHA256 16c23ee794a3d43f17c912533f9e6ebbf559946c525e9687c3cbe0a66454ab31
SHA512 619e745df28546f5fba7db80ae8561f91db0fbfc7704ed87196c41ccd192006e0f2c3d812693404c3c58098f10b2de0bc9785646ef6608ed9886afd8f58ce6f9

memory/3124-166-0x00007FFDA5CC0000-0x00007FFDA5CE4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI42522\psutil\_psutil_windows.pyd

MD5 fb17b2f2f09725c3ffca6345acd7f0a8
SHA1 b8d747cc0cb9f7646181536d9451d91d83b9fc61
SHA256 9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4
SHA512 b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63

memory/3124-127-0x00007FFDA5A60000-0x00007FFDA5A6F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5e77545b7e1c504b2f5ce7c5cc2ce1fe
SHA1 d81a6af13cf31fa410b85471e4509124ebeaff7e
SHA256 cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11
SHA512 cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

memory/3124-268-0x00007FFD913A0000-0x00007FFD9180E000-memory.dmp

memory/3124-271-0x00007FFDA5CC0000-0x00007FFDA5CE4000-memory.dmp

memory/3124-273-0x00007FFDA5A40000-0x00007FFDA5A59000-memory.dmp

memory/3124-274-0x00007FFDA5A30000-0x00007FFDA5A3D000-memory.dmp

memory/3124-272-0x00007FFDA5A60000-0x00007FFDA5A6F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bfd1b8bd12da4f42f47de07a7e838174
SHA1 62383e6826be378179313597cd0a73ffdde23e8c
SHA256 9df5b801aa061df23d9e6c96126f8b646dcfe00f382b9d7bf4a909a7a10d784b
SHA512 a6e6368a4d5fc61c0ccfe823219e18db66fdde7a9ada02f30ee475d0eaceeafa19e5dd409c446dc8eed31c7e26d8d680a169130e27dc5fb1e1e6e8c2b34792c2

memory/3124-289-0x00007FFDA5A00000-0x00007FFDA5A2E000-memory.dmp

memory/3124-290-0x00007FFDA4560000-0x00007FFDA4579000-memory.dmp

memory/3124-298-0x00007FFDA5A80000-0x00007FFDA5A9C000-memory.dmp

memory/3124-301-0x00007FFD90C00000-0x00007FFD90F75000-memory.dmp

memory/3124-300-0x00007FFDA0E20000-0x00007FFDA0ED8000-memory.dmp

memory/3124-302-0x00007FFDA1120000-0x00007FFDA1134000-memory.dmp

memory/3124-305-0x00007FFD90AE0000-0x00007FFD90BF8000-memory.dmp

memory/3124-307-0x00007FFD90960000-0x00007FFD90AD1000-memory.dmp

memory/3124-308-0x00007FFDA1520000-0x00007FFDA152B000-memory.dmp

memory/3124-306-0x00007FFDA1010000-0x00007FFDA102F000-memory.dmp

memory/3124-304-0x00007FFDA1030000-0x00007FFDA1056000-memory.dmp

memory/3124-303-0x00007FFDA5A70000-0x00007FFDA5A7B000-memory.dmp

memory/3124-299-0x00007FFDA1430000-0x00007FFDA145E000-memory.dmp

memory/3124-325-0x00007FFDA0CA0000-0x00007FFDA0CAC000-memory.dmp

memory/3124-336-0x00007FFD904C0000-0x00007FFD90712000-memory.dmp

memory/3124-335-0x00007FFDA0570000-0x00007FFDA0599000-memory.dmp

memory/3124-334-0x00007FFDA05A0000-0x00007FFDA05BE000-memory.dmp

memory/3124-333-0x00007FFDA05D0000-0x00007FFDA05E1000-memory.dmp

memory/3124-332-0x00007FFDA0640000-0x00007FFDA0689000-memory.dmp

memory/3124-331-0x00007FFDA0690000-0x00007FFDA06A9000-memory.dmp

memory/3124-330-0x00007FFDA0840000-0x00007FFDA0857000-memory.dmp

memory/3124-329-0x00007FFDA0910000-0x00007FFDA0932000-memory.dmp

memory/3124-328-0x00007FFDA0940000-0x00007FFDA0954000-memory.dmp

memory/3124-326-0x00007FFDA0C80000-0x00007FFDA0C95000-memory.dmp

memory/3124-327-0x00007FFDA0C70000-0x00007FFDA0C80000-memory.dmp

memory/3124-324-0x00007FFDA0D70000-0x00007FFDA0D82000-memory.dmp

memory/3124-323-0x00007FFDA0D90000-0x00007FFDA0D9D000-memory.dmp

memory/3124-322-0x00007FFDA0DA0000-0x00007FFDA0DAC000-memory.dmp

memory/3124-321-0x00007FFDA0DB0000-0x00007FFDA0DBC000-memory.dmp

memory/3124-320-0x00007FFDA0DC0000-0x00007FFDA0DCB000-memory.dmp

memory/3124-319-0x00007FFDA0DD0000-0x00007FFDA0DDB000-memory.dmp

memory/3124-318-0x00007FFDA0DE0000-0x00007FFDA0DEC000-memory.dmp

memory/3124-317-0x00007FFDA0DF0000-0x00007FFDA0DFC000-memory.dmp

memory/3124-316-0x00007FFDA0E00000-0x00007FFDA0E0E000-memory.dmp

memory/3124-315-0x00007FFDA0E10000-0x00007FFDA0E1D000-memory.dmp

memory/3124-314-0x00007FFDA0FB0000-0x00007FFDA0FBC000-memory.dmp

memory/3124-313-0x00007FFDA0FC0000-0x00007FFDA0FCB000-memory.dmp

memory/3124-312-0x00007FFDA0FD0000-0x00007FFDA0FDC000-memory.dmp

memory/3124-311-0x00007FFDA0FE0000-0x00007FFDA0FEB000-memory.dmp

memory/3124-310-0x00007FFDA0FF0000-0x00007FFDA0FFC000-memory.dmp

memory/3124-309-0x00007FFDA1000000-0x00007FFDA100B000-memory.dmp

memory/3124-297-0x00007FFDA5AA0000-0x00007FFDA5AAA000-memory.dmp

memory/3124-296-0x00007FFDA1140000-0x00007FFDA1182000-memory.dmp

memory/3124-295-0x00007FFDA4550000-0x00007FFDA455D000-memory.dmp

memory/3124-294-0x00007FFDA1530000-0x00007FFDA1564000-memory.dmp

memory/3124-293-0x00007FFDA1570000-0x00007FFDA159B000-memory.dmp

memory/3124-292-0x00007FFDA06B0000-0x00007FFDA076C000-memory.dmp

memory/3124-291-0x00007FFDA1630000-0x00007FFDA165D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d111be134e78bdff2bcb39a3c651dfa6
SHA1 31f1382a5cd72a57c542c020eba89fb78b91bd1c
SHA256 a19cd8a30d006f7fc53680500463ab8054985f61ed5b09d19920c2191a66e26f
SHA512 4515c46207d5e12c0ba337eda7dcc789aa07269a04fbd9eb5f8bef17e58f71fb5b9762255fbfbb272d783144593e774e23042a99db76b55ca5f71eab150f6b8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 593afa5a6b5fb2b6b63db0a99c188d19
SHA1 f1527a0af9ddeb36a14b0ef16040a2cc99252c85
SHA256 9f32fe5062c5d54a770237cc6899937c2b84384e95dc0ef6f94450b26f45ce61
SHA512 87edb12ee285c0d280ee5b4fc9bf3d612ebc5d819d7b713f1d7e16afabf883dd9ebd314b9463c75c75f4bdccc0bbce1ad0b6dc62a5c52cc36b45c5406201dcb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 6db2d2ceb22a030bd1caa72b32cfbf98
SHA1 fe50f35e60f88624a28b93b8a76be1377957618b
SHA256 7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4
SHA512 d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

C:\Users\Admin\Downloads\Unconfirmed 880630.crdownload

MD5 3897d329691ad60340ecb33c25bcd6f3
SHA1 fc4ff7321c714fc57ad60b67de5aec3d973465a2
SHA256 d4fa7c79b88e2dc0a91d6fd0d339d857652578906a5b131a8f36574e6d64c68e
SHA512 045298dec51830b3b69d336be89f7b360e1ffcd927b3e714279ef737fcdc36f4e17555f5d8abe752673877102ff4bd0492402a391a53cd44f0c862c1f09db78a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b849aae249d7c38bbe321cb05a898f8d
SHA1 2705cd72b6ed8af231cdea06f382b5ec51dff190
SHA256 06e70dc4535362002546fde958db30450a296b40c08c24d3326c025f06f9354f
SHA512 3925014975693d7d48988a69c17c43b4a565f9c3ddc03abe7cc7f77d6685833bde0ee7154c743c2eb099d6529f6a88236d41234adb2d12224d38fc035d191c0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 95826d630c7095d056f3627baf07a06d
SHA1 5e51940011c405ad377210f9eb199ba5d6754cd1
SHA256 3cee3d10b0b238a5a4c7be9fafb2273de764179433d0168164d1bae63bea1c48
SHA512 eee70fce9b2855906385ce109f1f504f1ae75080e0379a21ab9ac414c2b28539295ccd8657cb4a48f7b8774758c9b7d3f01b8f53df2b3b6540f369f7ba671620

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c9ab4bd3d51e313ddbddff02356e9dd
SHA1 106d308513eff5646d464e8473f44ca81d8991f0
SHA256 b21b11f2a974acac2b1e1e0121816afddc553a011ed7e71bab0150951da9b4ce
SHA512 1766329d67375291309f2b8dd3d06726415c4db0ba591ca732caf425defa54f97de4eb89720a87e13cc4813a20009117bc8c9ec0f57d817badde3c3a779a1c00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5c3eb131e25d5c24fe6a5574ce36463c
SHA1 ab9bcad034ebf1357d309865947585d9442027e4
SHA256 7d625ddb932016d5d016641a2c70e26042477840ea13a793fe52c890416f1417
SHA512 5eee06fcb159f28e6dc3f423a1177158dad6c411231aa011c84a36c82cf8537f78793463728d82df8fb5d26ef96d2b04dfcf2f226f3cb4963061a7e40df136f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dc38e0ace0c202241321ee0d7747482d
SHA1 fa5266b1a70c8c1af25b42a9df630254a19ba95d
SHA256 395002efc80e6049a75a7c763d54e64ca2d6469413ea782f1c3b428abede39d0
SHA512 60f91624d9b84bc4f8fea90e24ad3784c525ec3c2a9c3525e5b26e757ccd208837fb8bff57586e6a714742073fa5056b4d29c4393e63f8401b3fbcf02bfb9fc1

C:\Users\Admin\AppData\Local\Temp\_MEI37842\attrs-23.1.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/2124-645-0x00007FFD90720000-0x00007FFD90B8E000-memory.dmp

memory/2124-646-0x00007FFDA1630000-0x00007FFDA1654000-memory.dmp

memory/2124-647-0x00007FFDAA410000-0x00007FFDAA41F000-memory.dmp

memory/2124-648-0x00007FFDA4550000-0x00007FFDA4569000-memory.dmp

memory/2124-649-0x00007FFDA5CC0000-0x00007FFDA5CCD000-memory.dmp

memory/2124-650-0x00007FFDA1570000-0x00007FFDA159E000-memory.dmp

memory/2124-715-0x00007FFD90720000-0x00007FFD90B8E000-memory.dmp

memory/2124-716-0x00007FFDA1630000-0x00007FFDA1654000-memory.dmp

memory/2124-718-0x00007FFDA4550000-0x00007FFDA4569000-memory.dmp

memory/2124-717-0x00007FFDAA410000-0x00007FFDAA41F000-memory.dmp

memory/2124-719-0x00007FFDA5CC0000-0x00007FFDA5CCD000-memory.dmp

memory/2124-720-0x00007FFDA1570000-0x00007FFDA159E000-memory.dmp

memory/2124-721-0x00007FFDA1550000-0x00007FFDA1569000-memory.dmp

memory/2124-722-0x00007FFDA1520000-0x00007FFDA154D000-memory.dmp

memory/2124-723-0x00007FFDA0FA0000-0x00007FFDA105C000-memory.dmp

memory/2124-724-0x00007FFDA1160000-0x00007FFDA118B000-memory.dmp

memory/2124-725-0x00007FFDA1120000-0x00007FFDA1154000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b39de809f8d4f9aaf2feebc35fab3eb6
SHA1 48d5179784f8f3b220954a4d6f13974c4b3385cc
SHA256 de37a44bdb8687dee4ff47c7fc2f0d8be262ecc2bfdd90dcfddeae247b1e89ed
SHA512 8801251bf1cfc3b33a200ae0295ca8abef5db1e677548de8c395fb5c0373c46023ae3e1794cb62803e1e5cd86460f7eb7c80acaae3588b3b04600de5c12026b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad5f9e6d47e83a30d227475c96dc9616
SHA1 f6633e8c7e16f66711badc7ca806db3b2b81fc43
SHA256 4eb7f05e2fe4b96b9ecbb8d8350f341430e06d32fe330213f579596aee2d39de
SHA512 a3c4242c733e62561cafacc52b76baf58d1d3915d6783c67b618eeb59e2450b690b9cca2a7dcb02ec5af7e3bb62c30c88ffa870bd87d71c347e11ac8b9beed13

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_ARC4.pyd

MD5 d9f2264898aaaa9ef6152a1414883d0f
SHA1 e0661549d6bf59ffda98fccc00756f44caf02228
SHA256 836cba3b83b00427430fe6e1c4e45790616bc85c57dbd6e6d5b6930a9745b715
SHA512 ba033baf7c3b93bbf8fce4f24bc37930d6ce419ee3f517d2bc9702417e821f5fda5fb9334a08b37fed55b3b9535cd194a3b79dd70653d1f8c4c0dd906ebf1b04

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_Salsa20.pyd

MD5 e3ae69e44c4c82d83082bbb8c25aa8dd
SHA1 116d3b46e8daa2aefb2d58be4b00bd3bfc09833f
SHA256 4229235814bbee62311e3623c07898b03d3b22281cd4e5f1a87b86450b1b740f
SHA512 8a49128a79a9f9de27afe150402bd8db224f8bae6237d6c2d29c1f543e5a929e2fd15060bfd37b49b1c4a3190a70659aa041d36bde09674a77171dc27415b2d4

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_chacha20.pyd

MD5 ed1bbdc7cc945da2d1f5a914987eb885
SHA1 c71f0a316e41c8ae5d21be2e3a894e482d52774c
SHA256 1eece2f714dc1f520d0608f9f71e692f5b269930603f8afc330118ea38f16005
SHA512 1c26a0a0b223fd864bd01bca8de012dc385d116be933c2479f25113983723dbbc2cec147947f62c617bb7ccad242518fecb653f008090beec0deeeb5a1dfead4

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_pkcs1_decode.pyd

MD5 3effd59cd95b6706c1f2dd661aa943fc
SHA1 6d3c1b8899e38b31e7be2670d87050921023c7f1
SHA256 4c29950a9ededbbc24a813f8178723f049a529605ef6d35f16c7955768aace9e
SHA512 d6af4a719694547dae5e37c833def291ce3eaea3703faa360c6adcc6b64ba36442e0d2783d44450e0f582bc6fa07f3496919fd6c70f88dd0fc29688956939412

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_aes.pyd

MD5 671100b821eb357ceb5a4c5ff86bc31a
SHA1 0604a7686029becebbef102c14031ccf489854e9
SHA256 803e46354cdab4af6ff289e98de9c56b5b08e3e9ad5f235d5a282005fa9f2d50
SHA512 2d916a41993ea1a5a0e72f0665a6d8c384c1541ee95a582ef5fbc59be835720915046c7106ed2f9a1074ec0cddfa7124e8079b2f837a442599c59479477960af

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_MD5.pyd

MD5 ee11cb538bdab49aa3499c394060f5ce
SHA1 43b018d561a3201d3aa96951b8a1380d4aeb92b1
SHA256 23dda5ce329198fe9471c7dca31af69144ab7a350d3e6f11d60e294c7996b1ca
SHA512 afbdb4692ac186f62ae3b53803f8a7357e32eb40732d095a7086566b94592c3e056b48c6ca6c62742b8de14c7f309496f83b664c42d55e679afa60b4f1468832

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_MD4.pyd

MD5 d32a2064e2da99b370f277026bb54747
SHA1 1f12598490871a86b6e2b46527dd3f10b30b183d
SHA256 959ea4bb2f433f79cbc4afd7e77cd256e3e67416e9e6aa0e3646bcaf686e40cd
SHA512 0a2ece5075ff9212863d80aeffab356b314eed3cc806c599c7665f62c30cd726ce8ec00922dfdc2e8f5ae3e2a9d9b9f7b4bd1677a02623034332dfd0413d3e02

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_RIPEMD160.pyd

MD5 19ca6e706818cf08f91ebb82bf9911e9
SHA1 ab53841686bd55fc58a7262a79568a714a6d870b
SHA256 11933e4f74368b334c1d2118d4e975533185517264ca45f3382274dd27540deb
SHA512 658908aa5487dc398b58e9ea704e83a63146c7d87126fa275296263c981af48d08ab3d20d541401eb0a22489ad23991e32e6238bcaf46dafffa971ec769ffe96

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_MD2.pyd

MD5 11a097c3dfdcfbb2acb2ee0c92a9cb10
SHA1 d15ef7df71c8549b9b956dac89e2542d1452ed08
SHA256 dae038eb9d1ccde31f9889818db281ae70588ff5ab94a2ab7f33f8a1708f7325
SHA512 29149388b53fd85f7e77a0ae0acfd172d73cc1443195a98b7392c494998998017ef11e16faabba479996fa2424d4c3ced2251fb5d8852a76fb2341f08ad08c01

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_BLAKE2s.pyd

MD5 821670341b5465047733cc460856a2f5
SHA1 e0a1bbc859a1f502ba086ddd8bced82ab6843399
SHA256 84780c05c9ad7b1e554211cd31bbcb02cbe587e4f08bd2d0b9561d104c4d125c
SHA512 5f617695ea9a5312dbbd13e379e124a96692cc228b0bc366b93cdcdaf3e23375602d9e81cf5a4286a5cedeaae635f11120c2c2390876bf3fd7398c59044be82f

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_BLAKE2b.pyd

MD5 1bf5cd751aed60dd92d0ab3ce6d773fa
SHA1 897a5f74bbac0b1bd7cb2dd598aa9b3b7bed326d
SHA256 cda73af34e4f542646952bbcb71559ccbdf3695aa74ed41d37a4a7d1f932a42d
SHA512 81113cfcef2f434e9ac39b4b9cf08e67f1d84eaaa5a3cffc5d088410e6e6480057da1915aa22a8e01be69418247c29d921d481d0577b810d99ac815d82d9f37e

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_ocb.pyd

MD5 a76aeb47a31fd7f652c067ac1ea6d227
SHA1 ff2d8e14e8a99f5c78c960c2afd5be2f9ed627ab
SHA256 c816f4a89ce6126da70cb44062294a6a4ac0f73ec3a73ead9269425b7b82288a
SHA512 c7cec6a125904fcb42a6933520f88a6a1aa43fed9ecd40e20dddda9ac2dac37e4d1d79951ff947a10afb7c067c441ddf7de9af4e4bd56d73c1284962c085c1e9

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_eksblowfish.pyd

MD5 e5021b9925a53b20946c93b5bf686647
SHA1 deea7da72ee7d2511e68b9f3d28b20b3a4ad6676
SHA256 87922d0ee99af46080afd4baa2f96219fa195731c0745fcb9c7789338ecc778f
SHA512 e8a6b382c17138d9b33ae6ed8c1dfe93166e304a987bf326d129ae31948f91429f73ebd204c772c9679b35afea0a8e9df613bcec7f46c6e1448b226eb2c2a507

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_des3.pyd

MD5 d892f9d789c22787d846e405d0240987
SHA1 f3b728d04904e5fd3465c7665f7fde2318e623c3
SHA256 100cd322ea2f8e3997432d6e292373f3a07f75818c7802d7386e9810bee619b0
SHA512 00ffac3215ffa3dfab82a32b569bc632e704b134af4e3418dfbc91cce9fa09d7e10b471b24183dfa1aefa292b345bddc030547fcce1162f6ac5e464dfa7cf0e9

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_SHA1.pyd

MD5 d28807cb842b8a9f7611175cbbbc8867
SHA1 ffb37bcc48b93d47ec6ba442e1bc7aa90a98246a
SHA256 c6870db1d8518d0e594c7e7a0271636bcfccaf58be584a20e2a7efce1e3d4bb7
SHA512 0c9b1e751bdc8b995bf3bb8b90e884009f80d39e48ae679eb1551ad74d9a4987b80858ec180dcf81f25247571eb07b051e564f64594a4374e7bf5b07f68b90e8

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_des.pyd

MD5 b0eef5ceae8ba5e2a04c17b2b6ae87b5
SHA1 6ea2736ee6f6955f0dbbd3a3acc78cdd9121e468
SHA256 c9bba124be36ada4549276d984bb3812ee2207c7dbf646ec6df9a968e83205fb
SHA512 ce270fd23c2761d066d513b493c08a939ca29d94566ee39d0118bacb1619b5d860ebcfdcae01f9a0b556da95afa8d34cf4e2234e302de2408fffa1972f643def

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_ctr.pyd

MD5 d67f83d1482d9600ac012868fb49d16e
SHA1 55c34243cdd930d76155edf2d723faa60a3a6865
SHA256 aa463cd4d0b4bbd4159650d66c11a699b23775bf92455fb58a2206b932a65fec
SHA512 94e9599723bf697eaeeb0401ef80a75e46208c1984df63a315a3cde1a7c97db070353acb0712cec887c04cad9755a2e4e357a10b2d40f23f0b44ee277d4f4bdb

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_cast.pyd

MD5 243e336dec71a28e7f61548a2425a2e1
SHA1 66dca0b999e704e9fb29861d3c5bcd065e2cb2c0
SHA256 bf53063304119cf151f22809356b5b4e44799131bbab5319736d0321f3012238
SHA512 d0081025822ff86e7fc3e4442926988f95f91bff3627c1952ce6b1aaef69f8b3e42d5d3a9dd941c1a1526d6558ca6e3daef5afcfb0431eebc9b9920c7ca89101

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_blowfish.pyd

MD5 418cec0cc45b20ee8165e86cac35963c
SHA1 51b8ee4c8663be14e1ee5fa288f676ed180da738
SHA256 694bf801227b26dadaf9ddff373647ab551d7a0b9cff6de1b42747f04efc510e
SHA512 7986bd0bb851dc87d983eaaeb438c6f6d406fe89526af79cfcee0f534177efa70aa3175d3bc730745c5f344931132c235659e1cc7164c014520477633488a158

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_arc2.pyd

MD5 3f5fd606893b3de6116d4a185e713ca3
SHA1 5b0abeb17ae2b3d59215fffae6688921b2a04eda
SHA256 0898cde5fccfa86e2423cdf627a3745b1f59bb30dfef0dd9423926d4167f9f82
SHA512 11580c06601d27755df9d17ddfa8998e4e8e4fdec55ecd1289963095bd752a69307b09606b06e5012cc73620d1b6d6cd41563c27a8218653de7473f6e4be1b2b

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Cipher\_raw_aesni.pyd

MD5 dcd2f68680e2fb83e9fefa18c7b4b3e0
SHA1 8ec62148f1649477273607cdaa0dce2331799741
SHA256 d63f63985356b7d2e0e61e7968720fb72dc6b57d73bed4f337e372918078f946
SHA512 bf311f048001c199f49b12b3b0893d132a139dd4b16d06adb26dd9108f686b50c6feda2a73a59324473db6ee9063ff13c72047a97e2fcb561c8f841ee3a8360c

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_SHA224.pyd

MD5 3adafa903e2d2681181606c962a83e62
SHA1 d9963b1a62de6a0cd4e319bc24e1f6d86e5fb74c
SHA256 407318f348e50f68e9c0517467bd9fb9ab40823302a84cb56b4e015a76821d17
SHA512 f1b90e760878d8d3e8801c42cda4f3651e95b0f12df49458637d7bc4b87780b4e914345e5854eac2eb34668e0a088f526bc6360b0dd0597a8b3cd38a1708d837

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_SHA256.pyd

MD5 fda96b4ca2499de84f3f982b536911df
SHA1 898e6da58a9f99c2e97b7b968c7bb905cd1b8e3f
SHA256 ddaf1b7c30cc0bac0a30845c8279d9de3e3165149fba5bcbf5fe9c06849e97cb
SHA512 91de91d99d9e1ab1dece569031b4c94eb31438235cc54fd5d9db1c6c6588e99b5a12c8731ed02d89adb635ae32a6217336d4ea212a28f318b8d2fa5d157674f1

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_SHA384.pyd

MD5 961ed0a2e355e9d15d98918438e75f2c
SHA1 044210c4b576e85333acc7911d6b65aaa7d2ae6d
SHA256 f3526f51e53e2dc1251893dd345ad59f519f9c3c69860ae8320e029241676d59
SHA512 dd7e9352e0c132c9fce841d0c9a40d27c99e99661f5452760e67a09cacc701081fcae46bd90e1d81ebd7f1c641c271767be5d1d76a72e8fd0728aa069b330606

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_SHA512.pyd

MD5 17bdd9f18fc0ba23bcf7a2f0dbe6c34d
SHA1 09d42ae8ec33ca02b9889132a4957d0fe4274bb5
SHA256 820c8e6e5c7480a709b3665848884ba9d852163c79560a651131de89ace0261a
SHA512 91dbcd8654f7404a8cd9a40912b995f45fe5a405af78737b6dfb113db6dae12d9d36bf773cc702e2696bf79ab21f2ec505ffa87f74575dfd45c449a03c40a7f2

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_ghash_clmul.pyd

MD5 461effe91d16420811d0adb865654de7
SHA1 863ad8549892cb921dffc35559fc7385598bf0a9
SHA256 0f322bfb8f6c26df329d6254b2fe8a25c1ab4ab51f9404f6eae943e0a253f469
SHA512 cc05a3d9a6f48afd8e70bfabc870156e50d2ce6509e4e46c0f5567eaf1c2cc1ab52b8ca1990861e46af569de9717219bb205860d48177241d44bf573c0f50cdf

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_ghash_portable.pyd

MD5 3057b01ec05d6abd5cee82ec2e4cfb06
SHA1 a82d7d2183ad2c4d5b68b805dea6487b9fdd3e43
SHA256 2db1135ec696600ab7d53634bacad4bbcb8dc25b09e6bd2c2633e8df75736082
SHA512 1548894e039dfb33c17eb9cdb05c6c31f8d993c285898522e0776a063d2240f9f48f8717f9598a4957b5673b3256652e7fd2260d1e9db34fa86d144925c06a52

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_keccak.pyd

MD5 eb197359306daa1df7e19dc1e85d046f
SHA1 b0d013525c512f887beb025f855e439d654877e3
SHA256 8bb9b9e91287e12f867a53e0d6c8067fb9344ffb46ce6d874e44a6e89c8fe14d
SHA512 ebd339879e0da163008df5195316c086035bb980878a61e031e34fdc74253bf7ad495ec97fe1057bd5fa3d322c6c707adf405709dd44834238f705435e02cc1b

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Hash\_poly1305.pyd

MD5 b18d6148260d3f01b4cfb38ee35f76bb
SHA1 87064360d9a06d9b8507aa6cb3c9c49facb2d159
SHA256 e82a778ab0a50807f9e895761e4bcde2ab1f194b0bea29bb1242f782388c3322
SHA512 6c2db42605b6b8125860eb666149c186bb02acd2cd769fe0d494e7566d30824663dc9c4a19a654fd6cb0dc62e9ec13b105fb6c67b288e8b8bec65ec5ddf2cd9a

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Math\_modexp.pyd

MD5 22720d896afdbcdcbd949f5d5492c82b
SHA1 86a9a1dc7f6b0bfb37977824df983943be3141ce
SHA256 6f355bf63dd20593f44db12eab941096efd70f62d778bdea546b48f0d055e881
SHA512 8f1840a9daac58ac18a13d2b810ba410faee133d12df49be76699073e96b766aa21c2116bee9d45555e12ce0e2e516bcd3a561df3528e9fa57980f1ea72c68ec

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Protocol\_scrypt.pyd

MD5 ff7e401961c18d07c055b796a70e7d9f
SHA1 71fea35be66e71445b22b957c9de52cb72c42daa
SHA256 0b23ac14eb398813e04f9116b66f77e93deb2f9473c6534aaeee0742128e219f
SHA512 3885e7579ca4953167ca8f171a239355e3a0b128620cd4919fd8336ddb7877bbaea07b0ec987d3a3f00be495778ca003ec2d694373cfa6450644a82f090cfe5d

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\PublicKey\_ec_ws.pyd

MD5 9977af4d41dbd25919e57275a3b6a60c
SHA1 81bf50d93cb871b40f8e1c95a06ba7e1e5c77141
SHA256 7a467f18e2dfb9276f5cc6709102b70d004d8eeb55e3e53270419d3f3960edfe
SHA512 c8021b01e0c7cfe3da8006d1529dfefe851b6ed9eca104facb17b3bda2a6b6062143fa9a9b3462e4a0be58e6579fc34b6520b9e267e1c9b27b9950aa0807c7c8

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\PublicKey\_x25519.pyd

MD5 959e90a606763b4193a624d012974bb2
SHA1 fc80de8f6cfffa0ba034948bcfff8d8cdeba29e5
SHA256 6d63f30609f05450906e8ebd8c90e47827bbbf9ea92906e984223fd51e4908a7
SHA512 78161b7fc028b90ac40477d1181a00294d4d96378bb88980b8d1a8b7c65814f50bacfdf389540ef3d8baa3822282fc97981811c5685bd8123e59a614593b0efb

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\PublicKey\_ed448.pyd

MD5 999485c3306ce844545d6ff32b1778f7
SHA1 f6e146c47aa1992d91a46bdf1727bd752c9608a5
SHA256 933f66840e793d4897594e934b78d5513c5a4c6b28a930f2b3e89e5a0aa203ad
SHA512 315ed2b1cddb0a5476db91b6abe041d772437e5c72e7f9d9a67b747e61e5da2e5f4c035fe67487bb31e55b560f9846a908d927fbef9cc791d36e578247b1ca6a

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\PublicKey\_ed25519.pyd

MD5 03ab1f87202dbbb7a0b911283f9628f6
SHA1 968dcb59bfffecd767160356449b2e6397ceb819
SHA256 7c6131d04ba4ebb0c4a5434add080a33a30e6db7542a54bfe6ebe4ca3f13faff
SHA512 0170a3ae72141dabc95acf21d3f9602f0bb0a47e1aa834e0fc01f7e75e727acf9a6beb66484327639efee12e0106a030e56121e604deda0df3c44b3ea1c58706

C:\Users\Admin\AppData\Local\Temp\_MEI47002\aiohttp\_websocket.cp310-win_amd64.pyd

MD5 53352ab7e48e053343719db154af0041
SHA1 d428752f9ae4c104dbb59dccc2c2980afbd80b21
SHA256 1c2905def20fd5cb9a65686494ed4af3e2d4508dc1e49a5cb37d227e2b114eca
SHA512 8f40302899a0ec2f48680c938755242d5fb2ef60e3f1f87bf6ad86196ae905c368ea0bd2589746482780b7e227cd1e4826d951b9500c735f2f9c588bacd0f0a7

C:\Users\Admin\AppData\Local\Temp\_MEI47002\libcrypto-1_1.dll

MD5 da5fe6e5cfc41381025994f261df7148
SHA1 13998e241464952d2d34eb6e8ecfcd2eb1f19a64
SHA256 de045c36ae437a5b40fc90a8a7cc037facd5b7e307cfcf9a9087c5f1a6a2cf18
SHA512 a0d7ebf83204065236439d495eb3c97be093c41daac2e6cfbbb1aa8ffeac049402a3dea7139b1770d2e1a45e08623a56a94d64c8f0c5be74c5bae039a2bc6ca9

C:\Users\Admin\AppData\Local\Temp\_MEI47002\frozenlist\_frozenlist.cp310-win_amd64.pyd

MD5 508a62852d194dab4b89d1ae1234d47f
SHA1 70024a52d3133c7f6824655795e6c68cf60f1cf1
SHA256 48525c6883d5df789c3998f377684b88835a3ef2045e744b2e91abfc0d887c73
SHA512 a395e1a88a19152388acca2282d773f659d6f5e69718b8448f9256c446eb24ebd61a4a0bac8104025e9b7b31bb67198757a2514d6f827bcd70cfd99546c427d6

C:\Users\Admin\AppData\Local\Temp\_MEI47002\aiohttp\_http_writer.cp310-win_amd64.pyd

MD5 91985b1fe2efe01569cbce462bea4dc4
SHA1 9a2fecd1b18042d6ade3265997ff70687881c7a3
SHA256 3afe7437bf5d29a0804adb56f80a2898273e6b0ab9f8898570d57e1e08a1bd07
SHA512 316f65f5a007a7547f9628c4c52fb1d3aeeecb975f4b6201824aa9fbb254b98ba3484dfe980398ec15d36ec9cddbcafbb3e6a46969873e5b374732d844af4098

C:\Users\Admin\AppData\Local\Temp\_MEI47002\aiohttp\_http_parser.cp310-win_amd64.pyd

MD5 bde2bbc830e2fc2bb38b5a0fd2a32b0f
SHA1 8b825607b8dbe5c0f65c4c393a664bf94f38989b
SHA256 3f138c81cc23c0f978332c665b7b4578b5f7ed69538988552dc639360f8bc14d
SHA512 bcb8f81cc49aec719e7c8948c7f5b8f6861d1789fc0e0223bf663dcf7ab855365e4bdeadff37df6c6a2d998ed39200ca84062537bde2429e14a586f482a4da2e

C:\Users\Admin\AppData\Local\Temp\_MEI47002\aiohttp\_helpers.cp310-win_amd64.pyd

MD5 ab87b7eeca2e8727a8456ae54a8669b3
SHA1 b50af47580dfc24f4a707d075edfd433147d600e
SHA256 ee0600ded25428293fbf4aa763246593232caf383533411f914a76328b2daa31
SHA512 f91d22ac3a18e9f91aaacd496a4f38f06c3e7995c8dd5e93cbe840980c48e7ca81d4db5200d625b0ade0a5eb94724b5e2c9e2c8bd25dbee7294bd4ae8dee4b90

C:\Users\Admin\AppData\Local\Temp\_MEI47002\_win32sysloader.pyd

MD5 ca5d703beccfffb4cef13729e56de725
SHA1 f5aeb8d98d4fede04f3ef76a8c2e3a6ac5ce1c64
SHA256 3113117c0b67cd9532053adee0d87a83b32e9eec4101bea437ee3ab3f6d1d6a2
SHA512 bed0f5490da5593c7c94c9f292b5fb2698a6040a8f4fb1151709bed3e450d55e8d74f9b558eeb0893ea89bf01b05a5df714b67cfc2b419a52e0c2c00bb2a16aa

C:\Users\Admin\AppData\Local\Temp\_MEI47002\win32crypt.pyd

MD5 b386eb9f697de442c4d6e426d7973706
SHA1 0ca2e62bccc709092a5ac4284e4ab44339917805
SHA256 4377b52e95e1a82e77d3b0e6d19706d4c064f90ef3d05f4d05d5d8131f4ebabd
SHA512 25e91a0c1dac2d7e7d9e2e0425b5a8ae0114b1f1d25558117864ed95f9a526435835ee58dfd50de0c05a63519f19bfc538d09ddde4e0b4672f8b08773b8f8f9b

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\RECORD

MD5 8f6caaf90b4c653279efd81ccffff5e3
SHA1 a95049b0512a670c609d9ff2ad68cbdc62712bca
SHA256 2d8dce3d5542ec6aba57299511ae6bd61ebd4789c52ae67715e219b616cc356c
SHA512 304185ee1a09c94d73c1d2d98fa5694f7be2e5475111ee03c491fac79f3c888d4e63c2d564b7611c339a9589a7b26e4d67e8638a887257edb61864e20958e2b3

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\top_level.txt

MD5 0a28e8e758f80c4b73afd9dbef9f96dd
SHA1 10072e4ec58c0e15d5a62fd256ac9d7bc6a28bcb
SHA256 1ae466bd65c64d124d6262b989618e82536fe0bddbcbb60a68488ac9c359e174
SHA512 38d7a1b6198701708f90750c9d82390a150972fb898fc91c825ff6f6fe2a560b3bcc381a388bb7fe5dfae63550bec2a6a7cfed1390e620a5b2a559726c1439e5

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\entry_points.txt

MD5 e15b5909d49dab451beb91c31b9732bf
SHA1 83a5f4efef9c91101fa2e7ac0cbed17fe9282145
SHA256 933880b425b47c933547830b21387ba2144517bca3638b213a88f4e3441dbd02
SHA512 ae280b4b217aa95d7275b58dc73e7586c1999dc363a0b83e7ca350207541f13b18f30b2bb634eb4ba2f4c191940b5ccc7fc201024000e4fd28431ae6c4a69617

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\direct_url.json

MD5 53d2df7f938332ae541110f31345aee7
SHA1 cb3a549a0a63e46b7da7a7bd9bb692196de845fe
SHA256 d0877e34250397cac4dd6ff48a6c4f05c6b5542564d3f8b3cd17b6a18bae3fda
SHA512 1169be9adf0c1f2e6230f697617e949c72c4ab2fadad1c2881fc899d2a843f438661cb99cbffacd34f7c08b0b69fc04b8ca041d7882a8fb5fe63ed71d4fec09c

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\WHEEL

MD5 a227bf38fb17005b3bdb56ccc428b1bb
SHA1 502f95da3089549e19c451737aa262e45c5bc3bc
SHA256 a2241587fe4f9d033413780f762cf4f5608d9b08870cc6867abfde96a0777283
SHA512 a0ba37a0b2f3d4ae1ee2b09bb13ed20912db4e6a009fe9ba9414830ad4fdbf58571e195abbe0d19f5582e2cf958cfb49ffdacd7c5182008699f92a0f5eec6c41

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\RECORD

MD5 5459b189f4da6dc6741985114bbf117f
SHA1 4553bd77d985481bb25441f13a863abc45a0b4e1
SHA256 f59ec9ca75a70e4d1044207dbd0580ea719363395c6cdb5f6ef41a06baf058bf
SHA512 b1b650c1efd168e05e132da102dda2729d825101c8b4eca60b634091d906826c47a9436e0cd30a95844976de3fedf8f777c5d9d5bd432e2c1f5707e417e528db

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\METADATA

MD5 773c87abc4e5dcd07b8bb371f14ee941
SHA1 c0d7916dcb39445c03371b62f5c168a01633d4ed
SHA256 47889a0eabe0545af939addd679a6e246cd8f19a99732c6c6b170b9f50d1293a
SHA512 02e1c5895b41d440079c341c7472c2dd3f327435d45c4d8c41bae9d09d5c4ca629a56530d93fc79737c80f6f6ea1bebfc773ed5508deaf34866ea3f2fc9b0b2a

C:\Users\Admin\AppData\Local\Temp\_MEI47002\pyinstaller-5.1.dist-info\COPYING.txt

MD5 371fe7fdee041250f12b3a4658a14278
SHA1 a4aaa06709ff77945ca1a42eccc06c9c99182a27
SHA256 dd7315735d0c3cbb0cc861a3ea4d9cee497568b98cacea64af3ea51f4e4b5386
SHA512 77fba931238b59a44357996ec3a39d5e8cdd8e8cbed963927a814b30aada1f0ff88fb2d62d2dcd9955dba9458c4a310252b72e52963febd0e80639aba53a9d19

C:\Users\Admin\AppData\Local\Temp\_MEI47002\certifi\cacert.pem

MD5 302b49c5f476c0ae35571430bb2e4aa0
SHA1 35a7837a3f1b960807bf46b1c95ec22792262846
SHA256 cf9d37fa81407afe11dcc0d70fe602561422aa2344708c324e4504db8c6c5748
SHA512 1345af52984b570b1ff223032575feb36cdfb4f38e75e0bd3b998bc46e9c646f7ac5c583d23a70460219299b9c04875ef672bf5a0d614618731df9b7a5637d0a

C:\Users\Admin\AppData\Local\Temp\_MEI47002\base_library.zip

MD5 524a85217dc9edc8c9efc73159ca955d
SHA1 a4238cbde50443262d00a843ffe814435fb0f4e2
SHA256 808549964adb09afafb410cdc030df4813c5c2a7276a94e7f116103af5de7621
SHA512 f5a929b35a63f073bdc7600155ba2f0f262e6f60cf67efb38fa44e8b3be085cf1d5741d66d25a1ecaaf3f94abfe9bbe97d135f8a47c11f2b811d2aac6876f46c

C:\Users\Admin\AppData\Local\Temp\_MEI47002\attrs-23.1.0.dist-info\licenses\LICENSE

MD5 5e55731824cf9205cfabeab9a0600887
SHA1 243e9dd038d3d68c67d42c0c4ba80622c2a56246
SHA256 882115c95dfc2af1eeb6714f8ec6d5cbcabf667caff8729f42420da63f714e9f
SHA512 21b242bf6dcbafa16336d77a40e69685d7e64a43cc30e13e484c72a93cd4496a7276e18137dc601b6a8c3c193cb775db89853ecc6d6eb2956deee36826d5ebfe

C:\Users\Admin\AppData\Local\Temp\_MEI47002\attrs-23.1.0.dist-info\WHEEL

MD5 14ccd3ce79ed5ed7dad2420cd7c0d412
SHA1 388b959646735e0095900e61f3af8a90f594f0a3
SHA256 108d89b06c9dc142f918ff6dea4cd9bfb1b71c33e2ec5b990c37fd227e9a9913
SHA512 6ea1321d7f62e8284c3c5b29a3d7940890a4488503832457bf6580108351c0b2a0ee871928561dff7f71c9ba9d1b89b2d93c1c5839eec4815032e89e670934b4

C:\Users\Admin\AppData\Local\Temp\_MEI47002\attrs-23.1.0.dist-info\RECORD

MD5 a3ad7b8cda8539786366bbbec93d29ad
SHA1 d79fe6c3773c0e56ab64f6288b2cef36bacc10a6
SHA256 0c4d6f02b4fecd5a3a81d45a6d684d38998f2a8dab51490548a27d85a5377299
SHA512 03a7fbf8ae5fb6c4bad790edc6c3479bb604fb7e3f8ccccb96fe7a8ef45dceb1bcf12415d51437c5048aa01183a3cd0e55d5a64fa1e7b22d7dab8031822ed77b

C:\Users\Admin\AppData\Local\Temp\_MEI47002\attrs-23.1.0.dist-info\METADATA

MD5 7774d77d730c0c295cb6e3e46817dad6
SHA1 406b5c84945b8dc1035bd53eb33f289b9ae699fc
SHA256 ca0970517928ef943e209e8b98f550e18f7d2894b708f2b4356f28bd7158b038
SHA512 6e991f3144cca536e906a180da7faf3198521c81eff4143fb943ecc6c6faa558d0b1f2aa1379a7294baa039d67202c671027d12c821d95b859ec25e0f78c2c21

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\zip-safe

MD5 68b329da9893e34099c7d8ad5cb9c940
SHA1 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512 be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\top_level.txt

MD5 beb0ca64aa7dd6722f65930793f447d5
SHA1 9bba1bce17fb25bdc9e6aa7ad8077999422efd86
SHA256 1c405e4567f922d54f73b63d856ee11a5acb5d98cfa0be1bcba08084157f0700
SHA512 bc4c40bcc527a9e40a934b6b594278a89625c9142795582c223e227a2d6ecceb3233f10aa790e87d44171207ac0feac09581bd63c71937f97bb8f07e8cc88f30

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\WHEEL

MD5 f1effd0b429f462bd08132474a8b4fa6
SHA1 a9d3050af622bda1bd73c00dc377625ff44d2559
SHA256 6bece9151209cceab941fba10736e1880d5e1d3ccd0899fc39d46f85d357d119
SHA512 ef7d53063cfcb54155f4c700c9e99adba9bf6085296b8cf1e3ab86767b7c96d1a4ebf4f6b19d4942da7f6cbc0ac25dfea8eae4ce461b1701cb1acf9b2b68bb6d

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\METADATA

MD5 22177e21cadf554a961f1eb13da4ceaf
SHA1 35610f8c8ae735ac6a03c7556b55170248748d6b
SHA256 691116cb60e4b1dd5554077804932fd0290357120fc9921f03d27664526b1295
SHA512 a213c826d1b84bd7207bb6fa652b2f618d27b05abc9f308086d704fd6a5d4a26be75522786ec77c650ab52d35d2b34a6096bcbd9553d8c7ac1372ee4b59f72b3

C:\Users\Admin\AppData\Local\Temp\_MEI47002\altgraph-0.17.4.dist-info\LICENSE

MD5 3590eb8d695bdcea3ba57e74adf8a4ed
SHA1 5b3c3863d521cf35e75e36a22e5ec4a80c93c528
SHA256 6c194d6db0c64d45535d10c95142b9b0cda7b7dcc7f1ddee302b3d536f3dbe46
SHA512 405e4f136e282352df9fc60c2ce126e26a344dd63f92aab0e77de60694bd155a13cf41c13e88c00fb95032a90526ad32c9e4b7d53ca352e03c3882ed648821f0

C:\Users\Admin\AppData\Local\Temp\_MEI47002\yarl\_quoting_c.cp310-win_amd64.pyd

MD5 69fdb1d4e6b7b137e1ee239a73bb5412
SHA1 4bb0acaac25ded9135969e0b54e25a45fbf32a42
SHA256 aeadbe2a50e0918704c3bcddf2f3d3382de1fa477ebce17d85643d648a051f25
SHA512 2bc5e4464ab88737b948a6b9998901af55c3e9ac0391911f522db5f7ee01222071bf010c655582763f67a37992b2221ea3f96acae6baa9f63b367ffbfadbe057

C:\Users\Admin\AppData\Local\Temp\_MEI47002\win32ui.pyd

MD5 0ebd9cb6234a1c9d90f29e17a74a6e4c
SHA1 2fb9488cacfb2625d7ed682559dac5caeb789f3a
SHA256 5bba9608d364e79ed444666b8cf9e609c59d3bcc94aab0435899e42cccf9f566
SHA512 b7229699eaa1355a8bb533133905745c5d967020a8431824460d3d267dddd9892b2cf1582856a048b2e4f331fa43a24408d3fa27a82098f642eb64f906c76fe6

C:\Users\Admin\AppData\Local\Temp\_MEI47002\win32trace.pyd

MD5 e37a3cd90cfcc9a7d8002efec8e44138
SHA1 3eb7d0e10193e41215b0e5b7c94c1b660189162a
SHA256 8b03d36bb3da3cea74fbc1fe4749e3187b1f72839c211ce1a0256b42b4b9b8c1
SHA512 a3022230f1a89ed3c3b03b17ca12991e61c29e4ae22eacea6d700a3b8a325dcf6c8d7cc7293d2ff11941e37c4dbe0b1b5df1ddc006f72b4da448170653b7ddcd

C:\Users\Admin\AppData\Local\Temp\_MEI47002\win32com\shell\shell.pyd

MD5 63ed2b5247381e04868b2362ab6ca3f0
SHA1 804963b6f433ccb298b5d0b284cdde63b0dec388
SHA256 353d17f47e6eb8691f5c431b2526b468b28d808cbee83f8f0d4b5c809728325e
SHA512 8c9148c1ed8f1a6ecd51b8d1c6dc3b0b96dc6828efc0c6b8652872d9d4feeb5704cdccd43fd23f71a9e995733cc3a8b352bcb4b8bb59f05f596cebdaa5c29966

C:\Users\Admin\AppData\Local\Temp\ogedjgm7

MD5 3f1d1d8d87177d3d8d897d7e421f84d6
SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95
SHA256 f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2
SHA512 2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9

C:\Users\Admin\AppData\Local\Temp\_MEI47002\python310.dll

MD5 69d4f13fbaeee9b551c2d9a4a94d4458
SHA1 69540d8dfc0ee299a7ff6585018c7db0662aa629
SHA256 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046
SHA512 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

C:\Users\Admin\AppData\Local\Temp\_MEI47002\multidict\_multidict.cp310-win_amd64.pyd

MD5 648f7c5319feceee7d0320e82fdb3359
SHA1 98592d4b2297c24cdbb6b750110331759e657475
SHA256 2d445451d6f6c92ef5c02c09204017c8444d6816925eb56d49bbadef9fdb49b7
SHA512 bb68648fac4253d72189a7ff52a23eb2e61976115dddfbeffd4dd15cbc48478ea5130e594034236c45ad02b2298a23f473d43e5cc5915bb4fab581a82687dd4c

C:\Users\Admin\AppData\Local\Temp\_MEI47002\mfc140u.dll

MD5 03a161718f1d5e41897236d48c91ae3c
SHA1 32b10eb46bafb9f81a402cb7eff4767418956bd4
SHA256 e06c4bd078f4690aa8874a3deb38e802b2a16ccb602a7edc2e077e98c05b5807
SHA512 7abcc90e845b43d264ee18c9565c7d0cbb383bfd72b9cebb198ba60c4a46f56da5480da51c90ff82957ad4c84a4799fa3eb0cedffaa6195f1315b3ff3da1be47

C:\Users\Admin\AppData\Local\Temp\_MEI47002\_overlapped.pyd

MD5 d22d51b9f7e5273373a380b832905832
SHA1 5b96cbd365101aff5f9fea55065a015ecfcd9725
SHA256 a56e339e622e613e0664705988a2166168873cfc9507385bb6f7ac17e0546701
SHA512 93b3c5031a67f2ec68bf6f12a795ce7dca87d04d470e7097b47e8c1c2fb246c4d8d56ff4c6ec61d271815eb79fefae311a05d135b0b69cec012d319dbbb4c40b

C:\Users\Admin\AppData\Local\Temp\_MEI47002\_multiprocessing.pyd

MD5 0d48797f8115161d1f4f607862c894f8
SHA1 377e116ce713cef85764a722d83a6e43bdab30a7
SHA256 5d5c7c93157a6c483d03fea46aad60d91a53d87707d744fa7810134a0e6d2cd9
SHA512 a61119fdd99a2900af4cc738ba4bb9acd7171906f15dddbcf27cd2d4830ea155bbb590c2b4e9459ea70a17285ccf5649efacda81f05b9ef15ce4e4bfa77cd73a

C:\Users\Admin\AppData\Local\Temp\_MEI47002\_asyncio.pyd

MD5 cd9d22812520b671eed3964da7e5cdb9
SHA1 ade6cc31b7610cfae8ee8d2ba61c2c3d123ac5c1
SHA256 00275adf6ffe251ca6c46864d44b6f2f29341b76ce5c9e26eb11721cb8b134ab
SHA512 a07e008d39b1044d89151a871fffb18ea82814bf12574d6d959ef28cd590f2a09242d739fd9abc4f6a4e32d1eb8cbd813bcedcca524551eac1e1d92e2e245491

C:\Users\Admin\AppData\Local\Temp\_MEI47002\PIL\_webp.cp310-win_amd64.pyd

MD5 96bf2f1ec99ede91e4c85c1c55e88825
SHA1 15ca18d5c4620e9bf1bdf46902fe238410a29b6d
SHA256 84498379b48c4fa2955688910f3409944bf4fc819c0f7c7fe07a5d1ed7d25efa
SHA512 1a7229ca7aeb1f1b8a525bbcb9952d741ad43bbc597ada0a423586f2a65c3c6045716313ebb073cac03d2e8802ace2a49c9350e95953e288b8d1ac5f4f07f8e5

C:\Users\Admin\AppData\Local\Temp\_MEI47002\PIL\_imagingtk.cp310-win_amd64.pyd

MD5 94c237e6acdbf6ee7f060d109c47b58b
SHA1 ed5305a5ca7c5ca1e2246444a20c9edc82f495c9
SHA256 78acc538ab16006b8b1162704924979fc4f3ea32c96c3d7f419e45b5805251cf
SHA512 4632bfc70acfed1f7915a1e4df68dc48da432a8d644d59849332afdc82cfaad4fc705e11b8b2bfbf56aa36c0878658bcd928bcb0a5b75a1eb1c928ed350127a6

C:\Users\Admin\AppData\Local\Temp\_MEI47002\PIL\_imagingft.cp310-win_amd64.pyd

MD5 f63da7eedfc08fe144d3bf4e9556bf2d
SHA1 727c28a211a6eb168fc4f1114d437530d0472c82
SHA256 78bafb6ed313f0f5cc0115558fed81c46ba5055aadb5117b85373722c8dcca16
SHA512 6a2a590ce32ea5581faeb6b55dae0d6156831267ec2b347e4b5c9602ee74a1ef58f182d56b25dccf4e2c655abfc2cd9240ec530536a1dbd0086b34eb37b793e3

C:\Users\Admin\AppData\Local\Temp\_MEI47002\PIL\_imagingcms.cp310-win_amd64.pyd

MD5 6733db0c6af1962358a2b0e819a23448
SHA1 a7a095c71a3809dd1558cf5bea17f7c16cbc5625
SHA256 3bcf5ad133fdd648c22b67d2819c923771d4586514d5e9d0051e088ba10bcbfc
SHA512 7fcc307add30ecdfef1f2d7446cc6f202785195673a2ace8f9c5250a2a64319fe7d7b9218847e9f93a1545cd65887d5d4a0b32ebb08ec012cd7d5aaa9306e099

C:\Users\Admin\AppData\Local\Temp\_MEI47002\PIL\_imaging.cp310-win_amd64.pyd

MD5 24b9ed7a68752b1fbff8d6e4deb3ccf2
SHA1 b5f02f742f3e7deca22b01af2cdfe5049d187a86
SHA256 ea70560b18994eec4c1e1856eda5fd2108cc22f602f3721c1beedd1679996b12
SHA512 db1373943986ed0b44dca7ffac7c96f955a648be88b837805400ca774b5b70341d5a5f8af2a6c59222b6be2002737a40e74b1458344aa88417458699f928d978

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Util\_strxor.pyd

MD5 9c34d1ec0b1c10fe8f53b9caa572856a
SHA1 141cdb91ec3c8135a4ac1fe879d82a9e078ab3cb
SHA256 4ab62b514bae327476add45f5804895578e9f1658d8cf40ac5e7c4fb227469fa
SHA512 6447889ffe049579f3e09d5828393f7dc5268b2061895ed424f3c83b8c1929d6fecc6f8c9823c483f451c31458736d27d83eb3979a5c91703dad913957717d09

C:\Users\Admin\AppData\Local\Temp\_MEI47002\Crypto\Util\_cpuid_c.pyd

MD5 6499087eba82e487f21d40a769c686b6
SHA1 4c5e8759fb35c47221bda61b6226499d75cbe7e4
SHA256 2f4b5eb8397d620fa37f794bca32a95077f764b05db51dba9ad34c2e2946ff60
SHA512 ce183276f0fdccaf8be5c34f789f2c47bab68dfb168e0c181dd0fcf8b4a8c99527cd83c59891dcd98bbeb160dbce884c4ecea5ee684deedff845c6b3f8205518

C:\Users\Admin\AppData\Local\Temp\tmpctltmmzh\gen_py\dicts.dat

MD5 2c7344f3031a5107275ce84aed227411
SHA1 68acad72a154cbe8b2d597655ff84fd31d57c43b
SHA256 83cda9fecc9c008b22c0c8e58cbcbfa577a3ef8ee9b2f983ed4a8659596d5c11
SHA512 f58362c70a2017875d231831ae5868df22d0017b00098a28aacb5753432e8c4267aa7cbf6c5680feb2dc9b7abade5654c3651685167cc26aa208a9eb71528bb6

C:\Users\Admin\AppData\Local\Temp\tmpctltmmzh\gen_py\__init__.py

MD5 8c7ca775cf482c6027b4a2d3db0f6a31
SHA1 e3596a87dd6e81ba7cf43b0e8e80da5bc823ea1a
SHA256 52c72cf96b12ae74d84f6c049775da045fae47c007dc834ca4dac607b6f518ea
SHA512 19c7d229723249885b125121b3cc86e8c571360c1fb7f2af92b251e6354a297b4c2b9a28e708f2394ca58c35b20987f8b65d9bd6543370f063bbd59db4a186ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c84445ab2ff6934629229c7c8e02898c
SHA1 afb7b9aa1d58776e5b174d0bc573023b9e4a21ec
SHA256 b15f817b2e5d366e2d28b26c43c7e860df79514f08628bc3b8518dabb4085bf9
SHA512 b148f0ca6cdc61091951c88340e5efc21c1cb63b41b588b46082d851b235b0bf469f884d1930006fcca45fd5e8a4e29903888eea4b769b62821c823bf42a1447

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14acc917985aafbf349a069c5639b938
SHA1 7b9b4e39b648ef3425aecd25e729a6bf85e81b81
SHA256 7054607df4526fd067f51ea0e5966c9ea20b1aa9888911f0ef55cbf3f392cdd4
SHA512 1553c565f0a065d798e862ed2237afa44108eef7948539d99e922a193e068406a555c0c793a2d703d4527d729708853572d2c1404f061a1bae4227b4c580f7d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc39777d1003353d01e355ae9918f72b
SHA1 c057d3e5c91335087c5e93cea4639f90b4d9d362
SHA256 20df5a3d73ea2e29821f762f75f99dd1fd549eda15c82d8b23fd2a5a649b4e03
SHA512 6abbf669aa5258ff2cb6439ec2439dd326b73f2a0f8fca37b61cea61a3a4b3efc6859f083b4f6e77c9bdc315c64f386bea2e73e21e74f1b4c8abe10985e900e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b4a63.TMP

MD5 22bcabd3cdceaaef146e05e6de1d2954
SHA1 fbb0d2f98beb338ca8e460331aca84303c244856
SHA256 17c2a15b21371a9f1363fb8e3bec9eaff600e9637f134c90c6ad20c1da8e1f29
SHA512 160c1758d2a11166a6e7634802093c8c8b301251092dd8c4d373d6f0d368d35245c308d78ff0e3594f18428830808aa7fd2d22e85bd1d2afa0b03c0993bd63ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5333fa747530b4c909bbff9bed40f628
SHA1 fe7aed25283385bb0707a2fa91e7c22c2757b357
SHA256 7221741db9ba5ee6afd20eaf5a29f7898e6cc4d7c4336f41ede887c1553daad6
SHA512 9e750cac9b0c89bde339aa35b3df734a9136328f0c6c871e9780351a1652723ae77ce4baeb999436618ed390178ec76987bd45ecbafbc858deb0cd9529ed0d2c

C:\Users\Admin\Downloads\DiscordSetup.exe

MD5 59f7f572e56bcd14434abe7b294b4715
SHA1 055ae7cb2b5bdf740707291ee764c236bc8d66f0
SHA256 6fd68c0a6da0662183b7c3511101397b15a14032b99c53db3aedec59b4eea722
SHA512 907c75eca8e02309712b888f207526cb8b40be2d19e80df5bddc093747d53fa0670bf50a51147bf46f2b57b45280c4fd46a2e4ebbf604c545bd7ab7c2e148dc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53dc0b885aeeb95e4ca6270b1971f5f7
SHA1 71c6d93811147f84fda3b0816333301814f20bf0
SHA256 a16ac94444f66fc7a6c133b129d04264818f06575f6e49b2ef15df42ff2e2cac
SHA512 854ecc382947bc512b5391f5b321d37f2247a3aeca9455a50cc1dba639c8a975b91a98c19525b7b4c42cfbe07151e7a74e2b2007311b097fe30808374e0fdca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 63fdf6486832299815f3eb8fed7902ab
SHA1 a23fb0fd89dd5b4b52f14eb0a6154a58c9a87737
SHA256 932c339f76c18df23740e6f8ffb9b05c39827d2477a8673dcdc9e68f4a4efab0
SHA512 b1b1ad1e8c6a85f010020729e735661770ed40897219646e04af912539236b5c8577368774fa323ae297625e03feddb43816551712d9e51e08a46962303b9e03

C:\Users\Admin\AppData\Local\Discord\app-1.0.9027\Discord.exe

MD5 5d038e54a00265cc0c35c860be8f56d5
SHA1 02bca08daef8a626b8aaef763c5804520067ca3c
SHA256 379815453a0b2eca79dd5343c6ae07a9a811f5a2dab08681147bd22cc9186165
SHA512 5e610c9dccca66cef35781e224802c4ab7b1e13677d57896469b7e9dfac0ee3174add5928660e9b695891996edd82d23c6c09a26a725f6b220fcefeb297740a4

C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9027-full.nupkg

MD5 c663f8bc9fa74b19b41bf6417718ae1b
SHA1 ddcd55305aab0acc227377cddc75d8137329faed
SHA256 1b0260818c8f0f9a517a2b9cf835335dd908f6458c3a40a13d6653ef5187a49d
SHA512 5e04657cb3a2445a4928b6ce61bdd15e36c7a078f833f65db36b720f8e66ee2f5667f8de7a85552490f99418321620983c2a95c7980a9706f038905a1b85d078

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7aefd0a14d6a40dd69501b93b99819e7
SHA1 af8697298dc9c820db0d9601f811ab3e4aa39850
SHA256 526dc73dabc8a53f7bc2334fac403b6912884e8fec2fac19ca042150571796eb
SHA512 0c1effefad398837b8d336870cc53b16042a67a45f11c0d18c8a2b8a6eaadb1e53187355e183695686807ac1e8d25f338ca829a9c4754fe93971ed7352d6ea59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 46201b75475c371ca1ad2ad9d7f8c480
SHA1 dde533d710cb516d1de1ecad2ed9b35c327490dc
SHA256 fb6714702874ba37ae95dc76c97cb6a240f3a0eb35eb42f7a14a1e5fdb623a0b
SHA512 5455ea33960682018d9ee18b914b17a8ab092770278bf820cfadea345910fefb7790f42234c887210d556d390230836745c6f73505171b0513490b4876ff911d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 51677314057c445764481ee501092477
SHA1 f6e8721899195570cd2d2dad0c9fbc5b6a7ee849
SHA256 751d666751f6468ddfe9184c525cabb5640ac73030e3651f7e6e4d16de7244a1
SHA512 c4a804d4fb4d3ff27c194d4b2c7a9458cdbc9e2452890da3a6828a4cf325c0ba883f8d6863499aa8b0fa370e593333f50a681f29229c902c7245bd79aff8ff9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f6608427f2ce87e086b5f779a28cb7ef
SHA1 c27e7dac5d2e33dfdd06442ff971c0df9a8c68a5
SHA256 3c04226c5b5198f214fd3d04fe3a87eaf79130cb66b68c8e0640b8687a8bf3fb
SHA512 e0931a0ed4a3154a26f7740625733d8b8606ca926a8dfd166672193945b135ab9e4720342f15b19b89a79aa2adc5f355532845db40ddd833ba771e0e1e4d29a1