Analysis Overview
SHA256
fef04bade6811de31ed43969889175b26f7b14b5164289aa0e8411e173798a6c
Threat Level: Known bad
The file Energy_Gamer.exe was found to be: Known bad.
Malicious Activity Summary
An infostealer written in Python and packaged with PyInstaller.
Crealstealer family
Downloads MZ/PE file
Drops startup file
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Enumerates processes with tasklist
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-01 00:59
Signatures
An infostealer written in Python and packaged with PyInstaller.
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Crealstealer family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-01 00:59
Reported
2024-02-01 01:20
Platform
win11-20231222-en
Max time kernel
1197s
Max time network
1200s
Command Line
Signatures
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Energy_Gamer.exe | C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Energy_Gamer.exe | C:\Users\Admin\Downloads\Energy_Gamer.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Energy_Gamer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Energy_Gamer.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4286256601-2211319207-2237621277-1000\{6EAC6D58-7076-4BCF-ACC4-39E93946164F} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 586175.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe
"C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe"
C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe
"C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd5923cb8,0x7ffbd5923cc8,0x7ffbd5923cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004B4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 /prefetch:8
C:\Users\Admin\Downloads\Energy_Gamer.exe
"C:\Users\Admin\Downloads\Energy_Gamer.exe"
C:\Users\Admin\Downloads\Energy_Gamer.exe
"C:\Users\Admin\Downloads\Energy_Gamer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| FR | 45.112.123.226:443 | store15.gofile.io | tcp |
| US | 8.8.8.8:53 | 76.16.231.173.in-addr.arpa | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.133.233:443 | discordapp.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 104.21.66.32:443 | www.emailgenerator.org | tcp |
| US | 104.21.66.32:443 | www.emailgenerator.org | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | selfishsnake.com | udp |
| FR | 142.250.74.228:443 | www.google.com | tcp |
| US | 34.110.253.203:443 | selfishsnake.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| FR | 172.217.18.206:443 | fundingchoicesmessages.google.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.18.206:443 | fundingchoicesmessages.google.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 18.172.89.73:443 | static.adsafeprotected.com | tcp |
| GB | 18.172.89.73:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.161:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.89.172.18.in-addr.arpa | udp |
| US | 34.110.253.203:443 | selfishsnake.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 216.58.214.162:443 | www.googletagservices.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| BE | 173.194.76.157:443 | bid.g.doubleclick.net | tcp |
| FR | 142.250.179.102:443 | s0.2mdn.net | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | gcdn.2mdn.net | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| FR | 142.250.179.78:443 | gcdn.2mdn.net | tcp |
| FR | 142.250.179.102:443 | s0.2mdn.net | udp |
| FR | 172.217.20.162:443 | googleads4.g.doubleclick.net | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | r2---sn-f5f7lne6.c.2mdn.net | udp |
| US | 8.8.8.8:53 | 3.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.76.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| PL | 172.217.133.71:443 | r2---sn-f5f7lne6.c.2mdn.net | tcp |
| GB | 88.221.134.122:443 | p.typekit.net | tcp |
| GB | 88.221.134.122:443 | p.typekit.net | tcp |
| BE | 173.194.76.157:443 | bid.g.doubleclick.net | udp |
| PL | 172.217.133.71:443 | r2---sn-f5f7lne6.c.2mdn.net | udp |
| FR | 142.250.179.78:443 | gcdn.2mdn.net | udp |
| GB | 88.221.134.88:443 | use.typekit.net | tcp |
| PL | 173.194.15.6:443 | r1---sn-f5f7lnld.c.2mdn.net | tcp |
| FR | 172.217.20.162:443 | googleads4.g.doubleclick.net | udp |
| PL | 173.194.15.6:443 | r1---sn-f5f7lnld.c.2mdn.net | tcp |
| PL | 173.194.15.6:443 | r1---sn-f5f7lnld.c.2mdn.net | udp |
| FR | 142.250.201.162:443 | ade.googlesyndication.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| FR | 142.250.201.162:443 | ade.googlesyndication.com | udp |
| FR | 142.250.201.162:443 | ade.googlesyndication.com | udp |
| FR | 142.250.179.102:443 | s0.2mdn.net | udp |
| FR | 172.217.18.206:443 | fundingchoicesmessages.google.com | udp |
| FR | 216.58.214.162:443 | www.googletagservices.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
| GB | 18.172.89.95:443 | static.adsafeprotected.com | tcp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 34.110.253.203:443 | selfishsnake.com | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| FR | 172.217.20.162:443 | googleads4.g.doubleclick.net | udp |
| GB | 96.16.109.251:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| US | 8.8.8.8:53 | mb.moatads.com | udp |
| BE | 173.194.76.157:443 | bid.g.doubleclick.net | udp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| GB | 141.147.81.223:443 | mb.moatads.com | tcp |
| FR | 142.250.179.78:443 | gcdn.2mdn.net | udp |
| US | 8.8.8.8:53 | essencedigitalemea2015301593033067.s.moatpixel.com | udp |
| US | 8.8.8.8:53 | r4---sn-f5f7lnl7.c.2mdn.net | udp |
| GB | 23.44.233.148:443 | essencedigitalemea2015301593033067.s.moatpixel.com | tcp |
| GB | 23.44.233.148:443 | essencedigitalemea2015301593033067.s.moatpixel.com | tcp |
| GB | 23.44.233.148:443 | essencedigitalemea2015301593033067.s.moatpixel.com | tcp |
| GB | 23.44.233.148:443 | essencedigitalemea2015301593033067.s.moatpixel.com | tcp |
| PL | 74.125.104.169:443 | r4---sn-f5f7lnl7.c.2mdn.net | tcp |
| US | 8.8.8.8:53 | 223.81.147.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.233.44.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.104.125.74.in-addr.arpa | udp |
| PL | 74.125.104.169:443 | r4---sn-f5f7lnl7.c.2mdn.net | udp |
| FR | 142.250.179.65:443 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.162:443 | www.googletagservices.com | udp |
| FR | 142.250.179.102:443 | s0.2mdn.net | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.129.233:443 | discordapp.com | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.129.233:443 | discordapp.com | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store18.gofile.io | udp |
| FR | 31.14.70.253:443 | store18.gofile.io | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.129.233:443 | discordapp.com | tcp |
| US | 173.231.16.76:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 253.70.14.31.in-addr.arpa | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.129.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.74.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI50322\python312.dll
| MD5 | 1f8ccdf9675d29f03a9dba855455a78b |
| SHA1 | 77b77df85b935c673289957f19b50848da53755a |
| SHA256 | 424e7ee7f6e9e43e25c0a441336390b8c5544044e4caa497cb9bcd40f04f8fdb |
| SHA512 | 98c9f564a0fbef3b3a193a0ae2d75ae89b65b6d0b545d46c1bf28881373ecd99b2a023a7c066e67349260fb9747b95f33f1cc81d7785f400f5a6efa39de800d9 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\python312.dll
| MD5 | 48ebfefa21b480a9b0dbfc3364e1d066 |
| SHA1 | b44a3a9b8c585b30897ddc2e4249dfcfd07b700a |
| SHA256 | 0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2 |
| SHA512 | 4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_ctypes.pyd
| MD5 | 452305c8c5fda12f082834c3120db10a |
| SHA1 | 9bab7b3fd85b3c0f2bedc3c5adb68b2579daa6e7 |
| SHA256 | 543ce9d6dc3693362271a2c6e7d7fc07ad75327e0b0322301dd29886467b0b0e |
| SHA512 | 3d52afdbc8da74262475abc8f81415a0c368be70dbf5b2bd87c9c29ca3d14c44770a5b8b2e7c082f3ece0fd2ba1f98348a04b106a48d479fa6bd062712be8f7c |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\base_library.zip
| MD5 | ccee0ea5ba04aa4fcb1d5a19e976b54f |
| SHA1 | f7a31b2223f1579da1418f8bfe679ad5cb8a58f5 |
| SHA256 | eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29 |
| SHA512 | 4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_bz2.pyd
| MD5 | 90f58f625a6655f80c35532a087a0319 |
| SHA1 | d4a7834201bd796dc786b0eb923f8ec5d60f719b |
| SHA256 | bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946 |
| SHA512 | b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_lzma.pyd
| MD5 | cf8de1137f36141afd9ff7c52a3264ee |
| SHA1 | afde95a1d7a545d913387624ef48c60f23cf4a3f |
| SHA256 | 22d10e2d6ad3e3ed3c49eb79ab69a81aaa9d16aeca7f948da2fe80877f106c16 |
| SHA512 | 821985ff5bc421bd16b2fa5f77f1f4bf8472d0d1564bc5768e4dbe866ec52865a98356bb3ef23a380058acd0a25cd5a40a1e0dae479f15863e48c4482c89a03f |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\libcrypto-3.dll
| MD5 | 51e8a5281c2092e45d8c97fbdbf39560 |
| SHA1 | c499c810ed83aaadce3b267807e593ec6b121211 |
| SHA256 | 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a |
| SHA512 | 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\pyexpat.pyd
| MD5 | e2d1c738d6d24a6dd86247d105318576 |
| SHA1 | 384198f20724e4ede9e7b68e2d50883c664eee49 |
| SHA256 | cdc09fbae2f103196215facd50d108be3eff60c8ee5795dcc80bf57a0f120cdf |
| SHA512 | 3f9cb64b4456438dea82a0638e977f233faf0a08433f01ca87ba65c7e80b0680b0ec3009fa146f02ae1fdcc56271a66d99855d222e77b59a1713caf952a807da |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_overlapped.pyd
| MD5 | 54c021e10f9901bf782c24d648a82b96 |
| SHA1 | cf173cc0a17308d7d87b62c1169b7b99655458bc |
| SHA256 | 2e53cc1bfa6e10a4de7e1f4081c5b952746e2d4fa7f8b9929ad818ce20b2cc9f |
| SHA512 | e451226ece8c34c73e5b31e06fdc1d99e073e6e0651a0c5e04b0cf011e79d0747da7a5b6c5e94aca44cfceb9e85ce3d85afff081a574d1f53f115e39e9d4ff6c |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_uuid.pyd
| MD5 | b9e2ab3d934221a25f2ad0a8c2247f94 |
| SHA1 | af792b19b81c1d90d570bdfedbd5789bdf8b9e0c |
| SHA256 | d462f34aca50d1f37b9ea03036c881ee4452e1fd37e1b303cd6daaecc53e260e |
| SHA512 | 9a278bfe339f3cfbd02a1bb177c3bc7a7ce36eb5b4fadaaee590834ad4d29cbe91c8c4c843263d91296500c5536df6ac98c96f59f31676cecdccf93237942a72 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_wmi.pyd
| MD5 | cb0564bc74258cb1320c606917ce5a71 |
| SHA1 | 5b2bfc0d997cc5b7d985bfadddbfc180cb01f7cf |
| SHA256 | 0342916a60a7b39bbd5753d85e1c12a4d6f990499753d467018b21cefa49cf32 |
| SHA512 | 43f3afa9801fcf5574a30f4d3e7ae6aff65c7716462f9aba5bc8055887a44bf38fba121639d8b31427e738752fe3b085d1d924de2633f4c042433e1960023f38 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_ssl.pyd
| MD5 | 6774d6fb8b9e7025254148dc32c49f47 |
| SHA1 | 212e232da95ec8473eb0304cf89a5baf29020137 |
| SHA256 | 2b6f1b1ac47cb7878b62e8d6bb587052f86ca8145b05a261e855305b9ca3d36c |
| SHA512 | 5d9247dce96599160045962af86fc9e5439f66a7e8d15d1d00726ec1b3b49d9dd172d667380d644d05cb18e45a5419c2594b4bcf5a16ea01542ae4d7d9a05c6e |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_sqlite3.pyd
| MD5 | de8b1c6df3ed65d3c96c7c30e0a52262 |
| SHA1 | 8dd69e3506c047b43d7c80cdb38a73a44fd9d727 |
| SHA256 | f3ca1d6b1ab8bb8d6f35a24fc602165e6995e371226e98ffeeed2eeec253c9df |
| SHA512 | a532ef79623beb1195f20537b3c2288a6b922f8e9b6d171ef96090e4cc00e754a129754c19f4d9d5e4b701bcff59e63779656aa559d117ef10590cfafc7404bb |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_socket.pyd
| MD5 | 439b3ad279befa65bb40ecebddd6228b |
| SHA1 | d3ea91ae7cad9e1ebec11c5d0517132bbc14491e |
| SHA256 | 24017d664af20ee3b89514539345caac83eca34825fcf066a23e8a4c99f73e6d |
| SHA512 | a335e1963bb21b34b21aef6b0b14ba8908a5343b88f65294618e029e3d4d0143ea978a5fd76d2df13a918ffab1e2d7143f5a1a91a35e0cc1145809b15af273bd |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_queue.pyd
| MD5 | 5aa4b057ba2331eed6b4b30f4b3e0d52 |
| SHA1 | 6b9db113c2882743984c3d8b70ec49fc4a136c23 |
| SHA256 | d43dca0e00c3c11329b68177e967cf5240495c4786f5afa76ac4f267c3a5cdb9 |
| SHA512 | aa5aa3285ea5c177eca055949c5f550dbd2d2699202a29efe2077213cbc95fff2a36d99eecce249ac04d95baf149b3d8c557a67fc39ead3229f0b329e83447b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_multiprocessing.pyd
| MD5 | c0a06aebbd57d2420037162fa5a3142b |
| SHA1 | 1d82ba750128eb51070cdeb0c69ac75117e53b43 |
| SHA256 | 5673b594e70d1fdaad3895fc8c3676252b7b675656fb88ef3410bc93bb0e7687 |
| SHA512 | ddf2c4d22b2371a8602601a05418ef712e03def66e2d8e8814853cdd989ed457efbd6032f4a4a3e9ecca9915d99c249dfd672670046461a9fe510a94da085fbf |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_hashlib.pyd
| MD5 | 8baeb2bd6e52ba38f445ef71ef43a6b8 |
| SHA1 | 4132f9cd06343ef8b5b60dc8a62be049aa3270c2 |
| SHA256 | 6c50c9801a5caf0bb52b384f9a0d5a4aa182ca835f293a39e8999cf6edf2f087 |
| SHA512 | 804a4e19ea622646cea9e0f8c1e284b7f2d02f3620199fa6930dbdadc654fa137c1e12757f87c3a1a71ceff9244aa2f598ee70d345469ca32a0400563fe3aa65 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_decimal.pyd
| MD5 | f78f9855d2a7ca940b6be51d68b80bf2 |
| SHA1 | fd8af3dbd7b0ea3de2274517c74186cb7cd81a05 |
| SHA256 | d4ae192bbd4627fc9487a2c1cd9869d1b461c20cfd338194e87f5cf882bbed12 |
| SHA512 | 6b68c434a6f8c436d890d3c1229d332bd878e5777c421799f84d79679e998b95d2d4a013b09f50c5de4c6a85fcceb796f3c486e36a10cbac509a0da8d8102b18 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\_asyncio.pyd
| MD5 | 70fb0b118ac9fd3292dde530e1d789b8 |
| SHA1 | 4adc8d81e74fc04bce64baf4f6147078eefbab33 |
| SHA256 | f8305023f6ad81ddc7124b311e500a58914b05a9b072bf9a6d079ea0f6257793 |
| SHA512 | 1ab72ea9f96c6153b9b5d82b01354381b04b93b7d58c0b54a441b6a748c81cccd2fc27bb3b10350ab376ff5ada9d83af67cce17e21ccbf25722baf1f2aef3c98 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\select.pyd
| MD5 | e1604afe8244e1ce4c316c64ea3aa173 |
| SHA1 | 99704d2c0fa2687997381b65ff3b1b7194220a73 |
| SHA256 | 74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5 |
| SHA512 | 7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\libssl-3.dll
| MD5 | bfc834bb2310ddf01be9ad9cff7c2a41 |
| SHA1 | fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c |
| SHA256 | 41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1 |
| SHA512 | 6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\unicodedata.pyd
| MD5 | fc47b9e23ddf2c128e3569a622868dbe |
| SHA1 | 2814643b70847b496cbda990f6442d8ff4f0cb09 |
| SHA256 | 2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309 |
| SHA512 | 7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\sqlite3.dll
| MD5 | 31cd2695493e9b0669d7361d92d46d94 |
| SHA1 | 19c1bc5c3856665eca5390a2f9cd59b564c0139b |
| SHA256 | 17d547994008f1626be2877497912687cb3ebd9a407396804310fd12c85aead4 |
| SHA512 | 9dd8d1b900999e8cea91f3d5f3f72d510f9cc28d7c6768a4046a9d2aa9e78a6ace1248ec9574f5f6e53a6f1bdbfdf153d9bf73dba05788625b03398716c87e1c |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\charset_normalizer\md.cp312-win_amd64.pyd
| MD5 | d9e0217a89d9b9d1d778f7e197e0c191 |
| SHA1 | ec692661fcc0b89e0c3bde1773a6168d285b4f0d |
| SHA256 | ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0 |
| SHA512 | 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\charset_normalizer\md__mypyc.cp312-win_amd64.pyd
| MD5 | bf9a9da1cf3c98346002648c3eae6dcf |
| SHA1 | db16c09fdc1722631a7a9c465bfe173d94eb5d8b |
| SHA256 | 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637 |
| SHA512 | 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 20708935fdd89b3eddeea27d4d0ea52a |
| SHA1 | 85a9fe2c7c5d97fd02b47327e431d88a1dc865f7 |
| SHA256 | 11dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375 |
| SHA512 | f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ecb.pyd
| MD5 | fee13d4fb947835dbb62aca7eaff44ef |
| SHA1 | 7cc088ab68f90c563d1fe22d5e3c3f9e414efc04 |
| SHA256 | 3e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543 |
| SHA512 | dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ofb.pyd
| MD5 | 4d9182783ef19411ebd9f1f864a2ef2f |
| SHA1 | ddc9f878b88e7b51b5f68a3f99a0857e362b0361 |
| SHA256 | c9f4c5ffcdd4f8814f8c07ce532a164ab699ae8cde737df02d6ecd7b5dd52dbd |
| SHA512 | 8f983984f0594c2cac447e9d75b86d6ec08ed1c789958afa835b0d1239fd4d7ebe16408d080e7fce17c379954609a93fc730b11be6f4a024e7d13d042b27f185 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_cfb.pyd
| MD5 | 43bbe5d04460bd5847000804234321a6 |
| SHA1 | 3cae8c4982bbd73af26eb8c6413671425828dbb7 |
| SHA256 | faa41385d0db8d4ee2ee74ee540bc879cf2e884bee87655ff3c89c8c517eed45 |
| SHA512 | dbc60f1d11d63bebbab3c742fb827efbde6dff3c563ae1703892d5643d5906751db3815b97cbfb7da5fcd306017e4a1cdcc0cdd0e61adf20e0816f9c88fe2c9b |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ctr.pyd
| MD5 | c6b20332b4814799e643badffd8df2cd |
| SHA1 | e7da1c1f09f6ec9a84af0ab0616afea55a58e984 |
| SHA256 | 61c7a532e108f67874ef2e17244358df19158f6142680f5b21032ba4889ac5d8 |
| SHA512 | d50c7f67d2dfb268ad4cf18e16159604b6e8a50ea4f0c9137e26619fd7835faad323b5f6a2b8e3ec1c023e0678bcbe5d0f867cd711c5cd405bd207212228b2b4 |
C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Util\_strxor.pyd
| MD5 | 8f4313755f65509357e281744941bd36 |
| SHA1 | 2aaf3f89e56ec6731b2a5fa40a2fe69b751eafc0 |
| SHA256 | 70d90ddf87a9608699be6bbedf89ad469632fd0adc20a69da07618596d443639 |
| SHA512 | fed2b1007e31d73f18605fb164fee5b46034155ab5bb7fe9b255241cfa75ff0e39749200eb47a9ab1380d9f36f51afba45490979ab7d112f4d673a0c67899ef4 |
C:\Users\Admin\AppData\Local\Temp\crcook.txt
| MD5 | 155ea3c94a04ceab8bd7480f9205257d |
| SHA1 | b46bbbb64b3df5322dd81613e7fa14426816b1c1 |
| SHA256 | 445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b |
| SHA512 | 3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0bed556ffeb1e69835b408d733b041f0 |
| SHA1 | e2aec94abd489a26f36a9694c7ef3903af6409b6 |
| SHA256 | 7d60b9117a935eaba25d7273a5b5e8ba04ece22672661ecb37a3c8a08f61def3 |
| SHA512 | 47d492a7c72f9d12511f070d7d28451b1c52c5f0d446890e704b02bbc51330b1890c5ac4e050d514ff1bfd9c64421adeebee114718042af5aee3f5fdfb413fc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a20c174b9c3a5da9d87f2e12e5797f0 |
| SHA1 | 9d775dc041efe967dbd9c2a0b60e1852e71c90d9 |
| SHA256 | e12e563e9bbe996e08083c8042610c6c8ffa8cc0eca3425e1ee2f04bafea3f77 |
| SHA512 | d17a630c835578af96c287973fbd37ce8bfae26e0087d8fdc1d09cbd0053e88e8455ff831c57e32a8e6e59b60f2ca68f349d1c9f7766377d1c7b0a22a5e5a6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 167564689cd0ff352286b034b4319989 |
| SHA1 | 4c87938a354c360299b694992ca4ed3f5e0701e4 |
| SHA256 | f3feea5755bbf84e3feedc266164d7282abe294362a34c9d0a26c723b338dcb3 |
| SHA512 | 771e278449918c72f68735e2d92b690e7c25f560a7eb64f12a50dd1bd24e19f7b79493fb41ff48d6b46edaec80eccab97f31b261232ba3cc4ce2c7123c3374e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e99d49cead39b394c6ecf19dfe7924be |
| SHA1 | 850767b1704b6ab6f8da4a4b3ec54fed2c22615f |
| SHA256 | 378399c9aa2dcea5e1e77b7ba7f50194f723f2ccca37b940b49e921e28e205bf |
| SHA512 | 3058c14e2ab4e269017593c19e5dad386cd3a48e00df743a8eae70e7165a534d37c67c7484fd56e2cf47cf02bcb97c239dce35939fd3f09d350e6bf093029344 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5e1542ec05a1840cfb56ae87d1c2e16e |
| SHA1 | 25bdd95b83b7c614a6446609cff6ecbcab58d9d8 |
| SHA256 | 41acd6ffea81ff1b8b58a4693696a397817473eb899edbf6606314820a8e40b8 |
| SHA512 | 12c32368cbedc3d2515907ab740c75022fc4eaecec9b45734f346db0df209e667b066b2fcd891e84193868ecec8b892e7b484c66a8b329562bad53a69b25c0db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f57d8003a125d87fc1c219731789a45 |
| SHA1 | 32e54843ccd77884b980bade73ffe73e3a054023 |
| SHA256 | 9412643a2a7a9abff481f4fa794b0bc1ee8127e25f2b958a52cc3999393b47f5 |
| SHA512 | b2526c2e312409ea0bda73e6bf2962661f0cb6f896a5b017ff67bc5572fbaeacbf30e93b5c1b1ccbb87d68a48421dd3e4f4dccd6ccd2e223b679026f47ac626e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 2b4a2c0d107bc671d4b39568a47aad66 |
| SHA1 | 779b0775413e557f972fb43d07c4e1a09d2dbf01 |
| SHA256 | cccbd316b2e050d41ebf62c8c613d5bfae33cd43104ac3b772c9e10950a3dbd2 |
| SHA512 | 26d41601eabd090a6f6fb2e99d270f1631e2a4ecbade927705cc1ade3495757b097f0832a8a1f915688fb6072322b10071c93bf81d4304863ed53ec41c71fbd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8c5c3ef23b5b9e81b7cfe2099b90ac9 |
| SHA1 | 5a2ab39261d5e270237c534c2d4c7d1b2d08be23 |
| SHA256 | fe86332cf24d4260a633b6a9f66f0a49a25d473ec061f538b04dba7ac67e4ace |
| SHA512 | daded1283210cb3919a8ebe72ab18b60d26e1912eed69e773492dcc8c2d4874e7ff31d8ab0ec26af42c123057a5ff3f87768c03a7b7bc916c861554497f5853f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | c58b2ad20e02980eee174a19b34311c4 |
| SHA1 | 4bd6793cf28cbb126fd1e664316ecaaefc74028b |
| SHA256 | 4a620b6860da8b770eb0756cbbeb27e44ae716c08fe8982a69f632e4a6cdc7bf |
| SHA512 | ee2b1e68bd28e011213350af1c758759648d1804de50c3dab90d486d194b0e61682497b63f0b7152b7444e99e1f3bac8b5f2586f02dade4661f01c5a2b74c68e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 6529e24c1fc984ad62af8f3102997e39 |
| SHA1 | d262bd9ce4cdba28e6e45b3ec29de014d8f91ed4 |
| SHA256 | d4bbb9dceac625ac89699b2841bab4aa0ed758231ea011204cbfe040c4a15409 |
| SHA512 | 421b5e898b2d83e4c061dd63e33c5dc5b0277e6267010a509b815c3208381442805cfcd77d686ad1e9c03e38e4e0c40742a8e9c9c51aa1f79449f4860cd5365c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1962a847cd09603d9e1ef5b79d441495 |
| SHA1 | 81c6a2c06934188af1f3d1656c2ed4dd01f993eb |
| SHA256 | 53990c2f993b26bbfcbea788be843b7a74036b9a0ecb5c628a133e952a5d5102 |
| SHA512 | c331611abb64ec61aa9d6fc235ec04a3a15b9b86769867b07f4825ffd89069367250490fce8f4ffaed6161b82481986fb2329dfed891f8fc38527775bd8e825d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cebf93c32f728e3a8e3343b44d12f34d |
| SHA1 | b4ed220d434d8d0b614cbe14a4ac904642f62269 |
| SHA256 | 6879ff5edabfe282cfbf4f31d5d9e39cb9d98f8496c3f0777f62ed57bff75f14 |
| SHA512 | 1e77bdd35a7facec1b944ab07b02384a4bfb23e4a4da236133bf3ed9ecf7aa7fe6e64d0e40f0f25ceab4c267d80f673f5a4b111fd33af7745b17d8f3ea4f982d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5fdcad.TMP
| MD5 | 009401ed8dfcfbaedba17cbe1bbc26a5 |
| SHA1 | d2539c657531b8740ebc1b8a680dffa00240d165 |
| SHA256 | 319aefcc0acfb96a22ed4918f991ee7e70a3f421988b21e642ab51773d83bcdb |
| SHA512 | c638f3e6970539e64c11c6b045a246eb5ba2f60973ecce420d4fccdd0447879063b8f539b64ad1b6bccf61876d8ab29f176c31fbc4e724d8959391fa98b3fce9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 41aeaf1b23c718cc45446d59022584b0 |
| SHA1 | 015d0b95c2301e0ded8ff317d752c6abcf50c385 |
| SHA256 | ac04bb7cb63fd9507730278cae67d45a7f0a4b542b162ddd78d9eed3c57644e4 |
| SHA512 | 9fd1bddf809a1cfa69504efa1deb52972063d2dc78e250056e564e75b159d0ebb308ed94ebedf9ff84ddd7c5fa2553859c80421e4b61b44eea0f3f861eef435f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec267ae6772b2c11b0c7e787f6e796f4 |
| SHA1 | 44be852f28239c70e5cd0b2b9fed031dd0201503 |
| SHA256 | eeeab1571e609da0becafeec63b03b519a493747b509f35e6727d15430b98c54 |
| SHA512 | d3cf765e90a7b95b4c19b7454a454954da4bed3d51f145742e79c6a0f6493f8766047972f766faaf491840350d78f21f550b7a884ded312ad321ff94993ec156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87da94cb663dd37c8168d050550a5a31 |
| SHA1 | 10af33cc7415dbdb209b484e80dc66f36d742d0d |
| SHA256 | 2ce8a4785b0bba6f3f30868bd47048d82eb4d0a404b478e22bf34bb9c736a5a1 |
| SHA512 | 51c702495d693b3d3a4017967555650764fe7bf1b56afaf682d33eadcc420769066e24b137addfc4cd1f2a9141f81978e72d1f5b949c9070585c97b24a9653ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53531c39eddfce_0
| MD5 | 94229fa95706166dcdb5dcf8e453f4bc |
| SHA1 | 7fd572574e385780ceb6ce65f47d8a30f3e7544f |
| SHA256 | dac6e9168d0025c39d9ef25d69f9f71cf6f298534e2724db482fecdd25bade41 |
| SHA512 | 53f7696218e7b4d970ff68016e53fcf2b3d4df69746d885fbefcb949e7af69b9837e3218b2cafb48f8242c67a6bab365bb46f3f98e88267d3800c4aade66a2e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e945a2f4002960330e68dfc71f3a3741 |
| SHA1 | 9e74b53ef1a8fd9dfe84b4889abe61cd323a58d3 |
| SHA256 | 3414bc28deb3d295f6fbdf6cf7ec3ba62610746f72138260a27d84d07a273335 |
| SHA512 | bac1ba289bf2a73dbad7db2a0d1045e202af7381e46f66acbdfd19c001e152e3e040a96c81530cd9c3839d63c3e7dba6c2b20ba1e03e880d612dc1d4f48edf24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a27c203cc9faf9dec4e2552ae5b88db0 |
| SHA1 | 978ccac26fcd1887811f845c7d8633161ea8c23a |
| SHA256 | 5e06ae31ba389cef49ead97408553d95ef30561156db3059a1beffd5e11ec9eb |
| SHA512 | 2d5293aab7a3b403343669573f368e33ad43702e95d0c00f2f4dc68d05fe9fff4a0a6bd43c120b8eb2b38e4a869ca2bbc2f9527c954623dee1c878f9b0231165 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | c558e40a182c4a78b74f061692e5155b |
| SHA1 | e1797787822a9158f03c4d83db7939b38a8de91c |
| SHA256 | 4d7309a18428052a646c7619ece204cd0dc19f742cec4de30f0e6b34873f0046 |
| SHA512 | 3838af3867f4506749c1d330e19b39d8067ca8c1410e65633ee43244994da0d5f0e7b28ae01e5d0d2ce30b1b28ecd054b6a766ab46c6385bd98a3bc5dc522b8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 3c26fac8aad02d2517e8c06719b6cce1 |
| SHA1 | d5ce131e3655423325afa78d8c71678973858637 |
| SHA256 | fc385ea6263a74a86a120c8cdbe2d3ce3e9f734d98adfd426da212a5155b15c7 |
| SHA512 | 9789520bf05eb231f57c84d0cdb66272e841c566ec73fbfae6252d096e1f525d45dd0476a253533ccf832b533171cbe9fbfe2e4fdc88ca1099297afa46819dd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b2eb4c1ca9bc955_0
| MD5 | 207dcf4b8c4d80eac9aa5a5064ae1454 |
| SHA1 | 8e5ad4bd7e2ecabfa0f973956fa8c1cfe780d27b |
| SHA256 | 8bd247d61c40f6b4f14c3cc10320ba45e79b50e42f13fa76973db6e03181c624 |
| SHA512 | a9f4895639d98f20c2f36ad68cd5117258fc40c10d2afdb05f5abd06234aef805a128c6e1021294651ba788417a0569b96bbcf1418345c2de603e7cdf11cdaa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 4397bcf1afe5e63765921bdef5cbb38c |
| SHA1 | 72483d9c0082766d14aee7585e326d426e111af3 |
| SHA256 | c7a25832defc3886d142b88ad33501f8e04284ca58bce52358415a3ccbae988b |
| SHA512 | 2c7d9b7bcc14eaa8735cf9b51ca49cb5b2f57f9b634631c8a49315388087211342a57f04c20f771dfdd156f47170fe7b39f7cd5c8fa0b268ba8d37a843cff5d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 035cde12b31cb78103dfb6dbd1571d97 |
| SHA1 | c179474b7d6ed60e4977095049cef4074ecc57bb |
| SHA256 | 91d458575f988091fbc5f6c0c5669c28ef15f0b049b967867cdf94c4d286b32e |
| SHA512 | 88cd0209d54dfe0c279473c19ca7e78d3a78f8e55f8c7be8cdd52f594923516d6389f4debcd9c2255f4e07b352634175b2f62b3f20f4b85261bbd6dd047cb4d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 219d69394afe68fd635edbf41e5a45d9 |
| SHA1 | ec71d259f23b94ecc800a13464d23203907527f5 |
| SHA256 | 5937a00cab0cde6081b10b614721a1accb8f677b5060276f0c5c2b57a1c5ca15 |
| SHA512 | bc57c435ce04a391587b98b1506bfc48214622749fafa16ac8c744d1cfd4856f0c4d41442202c37297ae9fe65d227e49e6d0343f3ed0e5c8ef6cf831658ed1b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | a84583afce667a477db8a079b61d2fc6 |
| SHA1 | d0f5f273650553b8c36577b1cb18846360b4abd4 |
| SHA256 | e70a01efe5f97dfebc02fde522ee541db1c2b6e397fa0a9ca92cb6b46e28cd1f |
| SHA512 | 68ce0a8bc037de53c3a006ae95e2d708f441fea4da70908f776d8c47817f959bba09b52e12c82fb279242de3256fa03da2fc63cc41f6ee7d496a525622d1c5c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 321b546f0e2dc315a0788fca234ada2e |
| SHA1 | 6e46a9c217b48d4e88ad966a2d385a655e6a0901 |
| SHA256 | 41d65429da0b66dbd14e2952d05a2484283f677a3c859a2f6f6fccb59e8bd3e0 |
| SHA512 | 6e016d30c2e373fed8cdf143d82f95dbdd09e150e56c01d3edbd87086672211c711c2be226c5ce0b2ce901537c395cde4de2b6b26d8a2530d6012eb16bd742e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 772921a67ff6a39c4b4447ea06576497 |
| SHA1 | deaeaa4770a806c4effdf626bee5646150c10e19 |
| SHA256 | 33ec947034d642e2eafe5c2663ac97375eddcc21c54a67a3a13ee79e4f783954 |
| SHA512 | 83d8e5063f5bda2e7ab29c2b693fe3a2cfe1a373340ff1437da8d6a03bcd82cb9f6747ed7be8db78a024f940b0bff307e05d7806d8718a5f39098ad7f188c5ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3518dd71ada23570071e75cc73aefc24 |
| SHA1 | b70325704025eaefbcb18b03108734526074cc92 |
| SHA256 | e0251e8f250d14860449c5608ee2365a71f52ea2d54124acafd08dccbf46296c |
| SHA512 | aa574124ab84458d7eae04126d813121c9463e0973e8225ca0a9c135e9cfb6ae3c839f7dc33971cedb858985ff26b573a61d2ab32b6667279fe7144e439ccf09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e0feb2284e26b3ba5f9ad347edb172a1 |
| SHA1 | 8857c76a8dcd3725447fe0b4e39178afc5c1f37b |
| SHA256 | a95a23ec738ecb19d146440ae1ca2b59cf6103b1187d8fb6bcb80ba0f39bf27e |
| SHA512 | 8cd5da30fbf667c495960ed04b4aaeed8e6fe997eef9a0f95d35a5c8cfb4d5f0339c625e0e9d9ab215d6f1fc87c7e075f9115854f173039f25b01b0920dff06f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 44647e2afaf65981be2f927ddbc92195 |
| SHA1 | 43429015387821ddb08a8f0209df2e35e2183910 |
| SHA256 | af405dfd42260075e38838e2ce1b3b306bd0a72bdbad5cb21ef420d90744e3da |
| SHA512 | 58762626f1d7f007c274c10c5d6636e590d00294ecfedb98268ab1cc4c659afe1ebc81dcef6e038bc7d4100b991aadf94723ea8afc7dc2300d1f20ed59873b4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a97c845d6f85bcfd09ec033acea1a9e3 |
| SHA1 | 7b83409ed2f1036246aaecde0cccc46a35df2b8c |
| SHA256 | a4316a649f1b2d6434ebb2e6b6df39b468633b6b5ed92657dd16c79acbd03a2e |
| SHA512 | 3db1440cebfaad2c88e9df14a140cc38ef86bfd178889458cf437ca265f00ebdbd4d4babc913bb11f0177e6d173667a6b3cc3d8f60566590af8d6e68375c7fd8 |
C:\Users\Admin\Downloads\Unconfirmed 586175.crdownload
| MD5 | 569ebceef6b93d2b6df145be2b579e2b |
| SHA1 | a95f84dc080ffbab7f2e3c9b295c867a148d4a3b |
| SHA256 | fef04bade6811de31ed43969889175b26f7b14b5164289aa0e8411e173798a6c |
| SHA512 | 18bb9bf8d490e67d58ac7cb11ee491c8a796607771ee2a055d9465afa2949f073dfcaff1c8eb8fe965956e1ec32548330a5bd0240b70ba2ccf0b6c6ccdd48d9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ce28f094fb19ef8a5c27052e556993dc |
| SHA1 | 81b45472dee16ed4c6933b8404dcf00fedd145ad |
| SHA256 | aee14409cd79dc7029efc3b0b4518fbe368711ee8e3f1be8be84db02d92764a4 |
| SHA512 | 866c802bfc43f5dbf222bbf962d6dad61fa6067b1ee0bbfb5f7618de0e762676557064a772ebe4934d810f0ba2fd625eefed5e713a78ca3e01034d7195f3c544 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c46d539d06e27cfa0e0218efd9815920 |
| SHA1 | 6b01ca54b2bc6620106f08a214630738fb91fbb5 |
| SHA256 | dede78f2475a6c795be7d5ea5662a931db786f0340a6fc7d9da21620f5043fc8 |
| SHA512 | 5152e42163c95071fc28804fc7d2ebe4d2fcb722faa24501688183b8767426a54f207742d1a6be75f781b8422f6c6ef6c83a40a2a9f7e840a07a9a7bc0fff31c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 894991ac4bccab5b01d89d89402e4317 |
| SHA1 | 67aba137808d314b3ce4e5460603debbc2d4e520 |
| SHA256 | a4872a459035beb5146bd6b4f517adf70429fd6250393e643b92197cc90509b6 |
| SHA512 | abdc2f0a2f3b151564a95dc0a9f096e5e2440d88b8f02b35751ca508cdc90051e159d34f0e112492c58044d48be0ccb54c258be3ec4b419a26ee11442e409a8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27bf86a7e0b8ccbe_0
| MD5 | 379c4131a8b2abd6f5012635663b428d |
| SHA1 | 125cb2971d7bf0433d7e2e36e5e3b07670d17558 |
| SHA256 | bc114b7f17de33f067095cc6c0c776bd3af6db85bfff7b3983028071d5036d14 |
| SHA512 | 7072871b9c945da86bb2ea364976110f0b53e7d20636a156d06e6f62fd1eb7070aea9966e3c77d6cc8f9537c5976020821be337c4cee86f8cf7002c5cda1c15d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | efa0581c61fb7197aacd3b191a005371 |
| SHA1 | accacbfd4971c4e7b92b352ddb799f0f30a0550c |
| SHA256 | 54cba7af5ab15f7691c347d0846d1d87f468d358b1d30a88050cd2567e6aa9d2 |
| SHA512 | c36c3887cdadf91e5217ac1a665468c95a17f67b2511081774abf21a43d7a284e7d488696d85e3e251a6e4f4f875fe1d78bca30fc108ea5b73a9982ea8b226ad |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-01 00:59
Reported
2024-02-01 01:23
Platform
win11-20231215-en
Max time kernel
672s
Max time network
1172s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding