Malware Analysis Report

2024-10-24 17:05

Sample ID 240201-bces8afha3
Target Energy_Gamer.exe
SHA256 fef04bade6811de31ed43969889175b26f7b14b5164289aa0e8411e173798a6c
Tags
pyinstaller crealstealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fef04bade6811de31ed43969889175b26f7b14b5164289aa0e8411e173798a6c

Threat Level: Known bad

The file Energy_Gamer.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller crealstealer spyware stealer

An infostealer written in Python and packaged with PyInstaller.

Crealstealer family

Downloads MZ/PE file

Drops startup file

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Unsigned PE

Enumerates physical storage devices

Detects Pyinstaller

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Enumerates processes with tasklist

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-01 00:59

Signatures

An infostealer written in Python and packaged with PyInstaller.

Description Indicator Process Target
N/A N/A N/A N/A

Crealstealer family

crealstealer

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-01 00:59

Reported

2024-02-01 01:20

Platform

win11-20231222-en

Max time kernel

1197s

Max time network

1200s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe"

Signatures

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Energy_Gamer.exe C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Energy_Gamer.exe C:\Users\Admin\Downloads\Energy_Gamer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Energy_Gamer.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4286256601-2211319207-2237621277-1000\{6EAC6D58-7076-4BCF-ACC4-39E93946164F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 586175.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5032 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe
PID 5032 wrote to memory of 1540 N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe
PID 1540 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe C:\Windows\system32\cmd.exe
PID 1540 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe C:\Windows\system32\cmd.exe
PID 3364 wrote to memory of 2220 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 3364 wrote to memory of 2220 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\tasklist.exe
PID 1764 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 4528 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1764 wrote to memory of 1596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe

"C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe"

C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe

"C:\Users\Admin\AppData\Local\Temp\Energy_Gamer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd5923cb8,0x7ffbd5923cc8,0x7ffbd5923cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004B4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,9019729037093458245,4311586672244360921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 /prefetch:8

C:\Users\Admin\Downloads\Energy_Gamer.exe

"C:\Users\Admin\Downloads\Energy_Gamer.exe"

C:\Users\Admin\Downloads\Energy_Gamer.exe

"C:\Users\Admin\Downloads\Energy_Gamer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\system32\tasklist.exe

tasklist

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 api.gofile.io udp
US 173.231.16.76:443 api.ipify.org tcp
FR 51.178.66.33:443 api.gofile.io tcp
FR 45.112.123.226:443 store15.gofile.io tcp
US 8.8.8.8:53 76.16.231.173.in-addr.arpa udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 173.231.16.76:443 api.ipify.org tcp
US 162.159.133.233:443 discordapp.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.133.233:443 discordapp.com tcp
FR 51.178.66.33:443 api.gofile.io tcp
FR 31.14.70.252:443 store10.gofile.io tcp
US 173.231.16.76:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.133.233:443 discordapp.com tcp
US 173.231.16.76:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.133.233:443 discordapp.com tcp
N/A 224.0.0.251:5353 udp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.149:443 r.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 204.79.197.200:443 www2.bing.com tcp
US 104.21.66.32:443 www.emailgenerator.org tcp
US 104.21.66.32:443 www.emailgenerator.org tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 selfishsnake.com udp
FR 142.250.74.228:443 www.google.com tcp
US 34.110.253.203:443 selfishsnake.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
FR 172.217.18.206:443 fundingchoicesmessages.google.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 172.217.18.206:443 fundingchoicesmessages.google.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 18.172.89.73:443 static.adsafeprotected.com tcp
GB 18.172.89.73:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.161:443 lh3.googleusercontent.com tcp
FR 142.250.74.228:443 www.google.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 228.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 162.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 83.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 161.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 73.89.172.18.in-addr.arpa udp
US 34.110.253.203:443 selfishsnake.com udp
US 52.224.31.34:443 h.clarity.ms tcp
FR 142.250.74.228:443 www.google.com udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 204.79.197.200:443 c.bing.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 216.58.214.162:443 www.googletagservices.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com tcp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
BE 173.194.76.157:443 bid.g.doubleclick.net tcp
FR 142.250.179.102:443 s0.2mdn.net tcp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 gcdn.2mdn.net udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
FR 142.250.179.78:443 gcdn.2mdn.net tcp
FR 142.250.179.102:443 s0.2mdn.net udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net tcp
GB 88.221.134.88:443 use.typekit.net tcp
GB 88.221.134.88:443 use.typekit.net tcp
US 8.8.8.8:53 r2---sn-f5f7lne6.c.2mdn.net udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 102.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 134.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
PL 172.217.133.71:443 r2---sn-f5f7lne6.c.2mdn.net tcp
GB 88.221.134.122:443 p.typekit.net tcp
GB 88.221.134.122:443 p.typekit.net tcp
BE 173.194.76.157:443 bid.g.doubleclick.net udp
PL 172.217.133.71:443 r2---sn-f5f7lne6.c.2mdn.net udp
FR 142.250.179.78:443 gcdn.2mdn.net udp
GB 88.221.134.88:443 use.typekit.net tcp
PL 173.194.15.6:443 r1---sn-f5f7lnld.c.2mdn.net tcp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
PL 173.194.15.6:443 r1---sn-f5f7lnld.c.2mdn.net tcp
PL 173.194.15.6:443 r1---sn-f5f7lnld.c.2mdn.net udp
FR 142.250.201.162:443 ade.googlesyndication.com tcp
US 52.224.31.34:443 h.clarity.ms tcp
FR 142.250.201.162:443 ade.googlesyndication.com udp
FR 142.250.201.162:443 ade.googlesyndication.com udp
FR 142.250.179.102:443 s0.2mdn.net udp
FR 172.217.18.206:443 fundingchoicesmessages.google.com udp
FR 216.58.214.162:443 www.googletagservices.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.3:443 csi.gstatic.com udp
GB 18.172.89.95:443 static.adsafeprotected.com tcp
FR 142.250.74.228:443 www.google.com udp
US 34.110.253.203:443 selfishsnake.com udp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 z.moatads.com udp
FR 172.217.20.162:443 googleads4.g.doubleclick.net udp
GB 96.16.109.251:443 z.moatads.com tcp
US 8.8.8.8:53 px.moatads.com udp
US 8.8.8.8:53 mb.moatads.com udp
BE 173.194.76.157:443 bid.g.doubleclick.net udp
GB 141.147.81.223:443 mb.moatads.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
FR 142.250.179.78:443 gcdn.2mdn.net udp
US 8.8.8.8:53 essencedigitalemea2015301593033067.s.moatpixel.com udp
US 8.8.8.8:53 r4---sn-f5f7lnl7.c.2mdn.net udp
GB 23.44.233.148:443 essencedigitalemea2015301593033067.s.moatpixel.com tcp
GB 23.44.233.148:443 essencedigitalemea2015301593033067.s.moatpixel.com tcp
GB 23.44.233.148:443 essencedigitalemea2015301593033067.s.moatpixel.com tcp
GB 23.44.233.148:443 essencedigitalemea2015301593033067.s.moatpixel.com tcp
PL 74.125.104.169:443 r4---sn-f5f7lnl7.c.2mdn.net tcp
US 8.8.8.8:53 223.81.147.141.in-addr.arpa udp
US 8.8.8.8:53 148.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 169.104.125.74.in-addr.arpa udp
PL 74.125.104.169:443 r4---sn-f5f7lnl7.c.2mdn.net udp
FR 142.250.179.65:443 tpc.googlesyndication.com udp
FR 216.58.214.162:443 www.googletagservices.com udp
FR 142.250.179.102:443 s0.2mdn.net udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.76:443 api.ipify.org tcp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 store8.gofile.io udp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 206.168.191.31:443 store8.gofile.io tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 8.8.8.8:53 discordapp.com udp
US 162.159.129.233:443 discordapp.com tcp
US 173.231.16.76:443 api.ipify.org tcp
US 8.8.8.8:53 31.191.168.206.in-addr.arpa udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.129.233:443 discordapp.com tcp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 store18.gofile.io udp
FR 31.14.70.253:443 store18.gofile.io tcp
US 173.231.16.76:443 api.ipify.org tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.129.233:443 discordapp.com tcp
US 173.231.16.76:443 api.ipify.org tcp
US 8.8.8.8:53 253.70.14.31.in-addr.arpa udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.129.233:443 discordapp.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.74.228:443 www.google.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 52.224.31.34:443 h.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI50322\python312.dll

MD5 1f8ccdf9675d29f03a9dba855455a78b
SHA1 77b77df85b935c673289957f19b50848da53755a
SHA256 424e7ee7f6e9e43e25c0a441336390b8c5544044e4caa497cb9bcd40f04f8fdb
SHA512 98c9f564a0fbef3b3a193a0ae2d75ae89b65b6d0b545d46c1bf28881373ecd99b2a023a7c066e67349260fb9747b95f33f1cc81d7785f400f5a6efa39de800d9

C:\Users\Admin\AppData\Local\Temp\_MEI50322\python312.dll

MD5 48ebfefa21b480a9b0dbfc3364e1d066
SHA1 b44a3a9b8c585b30897ddc2e4249dfcfd07b700a
SHA256 0cc4e557972488eb99ea4aeb3d29f3ade974ef3bcd47c211911489a189a0b6f2
SHA512 4e6194f1c55b82ee41743b35d749f5d92a955b219decacf9f1396d983e0f92ae02089c7f84a2b8296a3062afa3f9c220da9b7cd9ed01b3315ea4a953b4ecc6ce

C:\Users\Admin\AppData\Local\Temp\_MEI50322\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_ctypes.pyd

MD5 452305c8c5fda12f082834c3120db10a
SHA1 9bab7b3fd85b3c0f2bedc3c5adb68b2579daa6e7
SHA256 543ce9d6dc3693362271a2c6e7d7fc07ad75327e0b0322301dd29886467b0b0e
SHA512 3d52afdbc8da74262475abc8f81415a0c368be70dbf5b2bd87c9c29ca3d14c44770a5b8b2e7c082f3ece0fd2ba1f98348a04b106a48d479fa6bd062712be8f7c

C:\Users\Admin\AppData\Local\Temp\_MEI50322\base_library.zip

MD5 ccee0ea5ba04aa4fcb1d5a19e976b54f
SHA1 f7a31b2223f1579da1418f8bfe679ad5cb8a58f5
SHA256 eeb7f0b3e56b03454868411d5f62f23c1832c27270cee551b9ca7d9d10106b29
SHA512 4f29ac5df211fef941bd953c2d34cb0c769fb78475494746cb584790d9497c02be35322b0c8f5c14fe88d4dd722733eda12496db7a1200224a014043f7d59166

C:\Users\Admin\AppData\Local\Temp\_MEI50322\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_bz2.pyd

MD5 90f58f625a6655f80c35532a087a0319
SHA1 d4a7834201bd796dc786b0eb923f8ec5d60f719b
SHA256 bd8621fcc901fa1de3961d93184f61ea71068c436794af2a4449738ccf949946
SHA512 b5bb1ecc195700ad7bea5b025503edd3770b1f845f9beee4b067235c4e63496d6e0b19bdd2a42a1b6591d1131a2dc9f627b2ae8036e294300bb6983ecd644dc8

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_lzma.pyd

MD5 cf8de1137f36141afd9ff7c52a3264ee
SHA1 afde95a1d7a545d913387624ef48c60f23cf4a3f
SHA256 22d10e2d6ad3e3ed3c49eb79ab69a81aaa9d16aeca7f948da2fe80877f106c16
SHA512 821985ff5bc421bd16b2fa5f77f1f4bf8472d0d1564bc5768e4dbe866ec52865a98356bb3ef23a380058acd0a25cd5a40a1e0dae479f15863e48c4482c89a03f

C:\Users\Admin\AppData\Local\Temp\_MEI50322\libcrypto-3.dll

MD5 51e8a5281c2092e45d8c97fbdbf39560
SHA1 c499c810ed83aaadce3b267807e593ec6b121211
SHA256 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a
SHA512 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb

C:\Users\Admin\AppData\Local\Temp\_MEI50322\pyexpat.pyd

MD5 e2d1c738d6d24a6dd86247d105318576
SHA1 384198f20724e4ede9e7b68e2d50883c664eee49
SHA256 cdc09fbae2f103196215facd50d108be3eff60c8ee5795dcc80bf57a0f120cdf
SHA512 3f9cb64b4456438dea82a0638e977f233faf0a08433f01ca87ba65c7e80b0680b0ec3009fa146f02ae1fdcc56271a66d99855d222e77b59a1713caf952a807da

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_overlapped.pyd

MD5 54c021e10f9901bf782c24d648a82b96
SHA1 cf173cc0a17308d7d87b62c1169b7b99655458bc
SHA256 2e53cc1bfa6e10a4de7e1f4081c5b952746e2d4fa7f8b9929ad818ce20b2cc9f
SHA512 e451226ece8c34c73e5b31e06fdc1d99e073e6e0651a0c5e04b0cf011e79d0747da7a5b6c5e94aca44cfceb9e85ce3d85afff081a574d1f53f115e39e9d4ff6c

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_uuid.pyd

MD5 b9e2ab3d934221a25f2ad0a8c2247f94
SHA1 af792b19b81c1d90d570bdfedbd5789bdf8b9e0c
SHA256 d462f34aca50d1f37b9ea03036c881ee4452e1fd37e1b303cd6daaecc53e260e
SHA512 9a278bfe339f3cfbd02a1bb177c3bc7a7ce36eb5b4fadaaee590834ad4d29cbe91c8c4c843263d91296500c5536df6ac98c96f59f31676cecdccf93237942a72

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_wmi.pyd

MD5 cb0564bc74258cb1320c606917ce5a71
SHA1 5b2bfc0d997cc5b7d985bfadddbfc180cb01f7cf
SHA256 0342916a60a7b39bbd5753d85e1c12a4d6f990499753d467018b21cefa49cf32
SHA512 43f3afa9801fcf5574a30f4d3e7ae6aff65c7716462f9aba5bc8055887a44bf38fba121639d8b31427e738752fe3b085d1d924de2633f4c042433e1960023f38

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_ssl.pyd

MD5 6774d6fb8b9e7025254148dc32c49f47
SHA1 212e232da95ec8473eb0304cf89a5baf29020137
SHA256 2b6f1b1ac47cb7878b62e8d6bb587052f86ca8145b05a261e855305b9ca3d36c
SHA512 5d9247dce96599160045962af86fc9e5439f66a7e8d15d1d00726ec1b3b49d9dd172d667380d644d05cb18e45a5419c2594b4bcf5a16ea01542ae4d7d9a05c6e

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_sqlite3.pyd

MD5 de8b1c6df3ed65d3c96c7c30e0a52262
SHA1 8dd69e3506c047b43d7c80cdb38a73a44fd9d727
SHA256 f3ca1d6b1ab8bb8d6f35a24fc602165e6995e371226e98ffeeed2eeec253c9df
SHA512 a532ef79623beb1195f20537b3c2288a6b922f8e9b6d171ef96090e4cc00e754a129754c19f4d9d5e4b701bcff59e63779656aa559d117ef10590cfafc7404bb

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_socket.pyd

MD5 439b3ad279befa65bb40ecebddd6228b
SHA1 d3ea91ae7cad9e1ebec11c5d0517132bbc14491e
SHA256 24017d664af20ee3b89514539345caac83eca34825fcf066a23e8a4c99f73e6d
SHA512 a335e1963bb21b34b21aef6b0b14ba8908a5343b88f65294618e029e3d4d0143ea978a5fd76d2df13a918ffab1e2d7143f5a1a91a35e0cc1145809b15af273bd

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_queue.pyd

MD5 5aa4b057ba2331eed6b4b30f4b3e0d52
SHA1 6b9db113c2882743984c3d8b70ec49fc4a136c23
SHA256 d43dca0e00c3c11329b68177e967cf5240495c4786f5afa76ac4f267c3a5cdb9
SHA512 aa5aa3285ea5c177eca055949c5f550dbd2d2699202a29efe2077213cbc95fff2a36d99eecce249ac04d95baf149b3d8c557a67fc39ead3229f0b329e83447b7

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_multiprocessing.pyd

MD5 c0a06aebbd57d2420037162fa5a3142b
SHA1 1d82ba750128eb51070cdeb0c69ac75117e53b43
SHA256 5673b594e70d1fdaad3895fc8c3676252b7b675656fb88ef3410bc93bb0e7687
SHA512 ddf2c4d22b2371a8602601a05418ef712e03def66e2d8e8814853cdd989ed457efbd6032f4a4a3e9ecca9915d99c249dfd672670046461a9fe510a94da085fbf

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_hashlib.pyd

MD5 8baeb2bd6e52ba38f445ef71ef43a6b8
SHA1 4132f9cd06343ef8b5b60dc8a62be049aa3270c2
SHA256 6c50c9801a5caf0bb52b384f9a0d5a4aa182ca835f293a39e8999cf6edf2f087
SHA512 804a4e19ea622646cea9e0f8c1e284b7f2d02f3620199fa6930dbdadc654fa137c1e12757f87c3a1a71ceff9244aa2f598ee70d345469ca32a0400563fe3aa65

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_decimal.pyd

MD5 f78f9855d2a7ca940b6be51d68b80bf2
SHA1 fd8af3dbd7b0ea3de2274517c74186cb7cd81a05
SHA256 d4ae192bbd4627fc9487a2c1cd9869d1b461c20cfd338194e87f5cf882bbed12
SHA512 6b68c434a6f8c436d890d3c1229d332bd878e5777c421799f84d79679e998b95d2d4a013b09f50c5de4c6a85fcceb796f3c486e36a10cbac509a0da8d8102b18

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI50322\_asyncio.pyd

MD5 70fb0b118ac9fd3292dde530e1d789b8
SHA1 4adc8d81e74fc04bce64baf4f6147078eefbab33
SHA256 f8305023f6ad81ddc7124b311e500a58914b05a9b072bf9a6d079ea0f6257793
SHA512 1ab72ea9f96c6153b9b5d82b01354381b04b93b7d58c0b54a441b6a748c81cccd2fc27bb3b10350ab376ff5ada9d83af67cce17e21ccbf25722baf1f2aef3c98

C:\Users\Admin\AppData\Local\Temp\_MEI50322\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI50322\select.pyd

MD5 e1604afe8244e1ce4c316c64ea3aa173
SHA1 99704d2c0fa2687997381b65ff3b1b7194220a73
SHA256 74cca85600e7c17ea6532b54842e26d3cae9181287cdf5a4a3c50af4dab785e5
SHA512 7bf35b1a9da9f1660f238c2959b3693b7d9d2da40cf42c6f9eba2164b73047340d0adff8995049a2fe14e149eba05a5974eee153badd9e8450f961207f0b3d42

C:\Users\Admin\AppData\Local\Temp\_MEI50322\libssl-3.dll

MD5 bfc834bb2310ddf01be9ad9cff7c2a41
SHA1 fb1d601b4fcb29ff1b13b0d2ed7119bd0472205c
SHA256 41ad1a04ca27a7959579e87fbbda87c93099616a64a0e66260c983381c5570d1
SHA512 6af473c7c0997f2847ebe7cee8ef67cd682dee41720d4f268964330b449ba71398fda8954524f9a97cc4cdf9893b8bdc7a1cf40e9e45a73f4f35a37f31c6a9c3

C:\Users\Admin\AppData\Local\Temp\_MEI50322\unicodedata.pyd

MD5 fc47b9e23ddf2c128e3569a622868dbe
SHA1 2814643b70847b496cbda990f6442d8ff4f0cb09
SHA256 2a50d629895a05b10a262acf333e7a4a31db5cb035b70d14d1a4be1c3e27d309
SHA512 7c08683820498fdff5f1703db4ad94ad15f2aa877d044eddc4b54d90e7dc162f48b22828cd577c9bb1b56f7c11f777f9785a9da1867bf8c0f2b6e75dc57c3f53

C:\Users\Admin\AppData\Local\Temp\_MEI50322\sqlite3.dll

MD5 31cd2695493e9b0669d7361d92d46d94
SHA1 19c1bc5c3856665eca5390a2f9cd59b564c0139b
SHA256 17d547994008f1626be2877497912687cb3ebd9a407396804310fd12c85aead4
SHA512 9dd8d1b900999e8cea91f3d5f3f72d510f9cc28d7c6768a4046a9d2aa9e78a6ace1248ec9574f5f6e53a6f1bdbfdf153d9bf73dba05788625b03398716c87e1c

C:\Users\Admin\AppData\Local\Temp\_MEI50322\charset_normalizer\md.cp312-win_amd64.pyd

MD5 d9e0217a89d9b9d1d778f7e197e0c191
SHA1 ec692661fcc0b89e0c3bde1773a6168d285b4f0d
SHA256 ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0
SHA512 3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

C:\Users\Admin\AppData\Local\Temp\_MEI50322\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

MD5 bf9a9da1cf3c98346002648c3eae6dcf
SHA1 db16c09fdc1722631a7a9c465bfe173d94eb5d8b
SHA256 4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637
SHA512 7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_cbc.pyd

MD5 20708935fdd89b3eddeea27d4d0ea52a
SHA1 85a9fe2c7c5d97fd02b47327e431d88a1dc865f7
SHA256 11dd1b49f70db23617e84e08e709d4a9c86759d911a24ebddfb91c414cc7f375
SHA512 f28c31b425dc38b5e9ad87b95e8071997e4a6f444608e57867016178cd0ca3e9f73a4b7f2a0a704e45f75b7dcff54490510c6bf8461f3261f676e9294506d09b

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ecb.pyd

MD5 fee13d4fb947835dbb62aca7eaff44ef
SHA1 7cc088ab68f90c563d1fe22d5e3c3f9e414efc04
SHA256 3e0d07bbf93e0748b42b1c2550f48f0d81597486038c22548224584ae178a543
SHA512 dea92f935bc710df6866e89cc6eb5b53fc7adf0f14f3d381b89d7869590a1b0b1f98f347664f7a19c6078e7aa3eb0f773ffcb711cc4275d0ecd54030d6cf5cb2

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ofb.pyd

MD5 4d9182783ef19411ebd9f1f864a2ef2f
SHA1 ddc9f878b88e7b51b5f68a3f99a0857e362b0361
SHA256 c9f4c5ffcdd4f8814f8c07ce532a164ab699ae8cde737df02d6ecd7b5dd52dbd
SHA512 8f983984f0594c2cac447e9d75b86d6ec08ed1c789958afa835b0d1239fd4d7ebe16408d080e7fce17c379954609a93fc730b11be6f4a024e7d13d042b27f185

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_cfb.pyd

MD5 43bbe5d04460bd5847000804234321a6
SHA1 3cae8c4982bbd73af26eb8c6413671425828dbb7
SHA256 faa41385d0db8d4ee2ee74ee540bc879cf2e884bee87655ff3c89c8c517eed45
SHA512 dbc60f1d11d63bebbab3c742fb827efbde6dff3c563ae1703892d5643d5906751db3815b97cbfb7da5fcd306017e4a1cdcc0cdd0e61adf20e0816f9c88fe2c9b

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Cipher\_raw_ctr.pyd

MD5 c6b20332b4814799e643badffd8df2cd
SHA1 e7da1c1f09f6ec9a84af0ab0616afea55a58e984
SHA256 61c7a532e108f67874ef2e17244358df19158f6142680f5b21032ba4889ac5d8
SHA512 d50c7f67d2dfb268ad4cf18e16159604b6e8a50ea4f0c9137e26619fd7835faad323b5f6a2b8e3ec1c023e0678bcbe5d0f867cd711c5cd405bd207212228b2b4

C:\Users\Admin\AppData\Local\Temp\_MEI50322\Crypto\Util\_strxor.pyd

MD5 8f4313755f65509357e281744941bd36
SHA1 2aaf3f89e56ec6731b2a5fa40a2fe69b751eafc0
SHA256 70d90ddf87a9608699be6bbedf89ad469632fd0adc20a69da07618596d443639
SHA512 fed2b1007e31d73f18605fb164fee5b46034155ab5bb7fe9b255241cfa75ff0e39749200eb47a9ab1380d9f36f51afba45490979ab7d112f4d673a0c67899ef4

C:\Users\Admin\AppData\Local\Temp\crcook.txt

MD5 155ea3c94a04ceab8bd7480f9205257d
SHA1 b46bbbb64b3df5322dd81613e7fa14426816b1c1
SHA256 445e2bcecaa0d8d427b87e17e7e53581d172af1b9674cf1a33dbe1014732108b
SHA512 3d47449da7c91fe279217a946d2f86e5d95d396f53b55607ec8aca7e9aa545cfaf9cb97914b643a5d8a91944570f9237e18eecec0f1526735be6ceee45ecba05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0bed556ffeb1e69835b408d733b041f0
SHA1 e2aec94abd489a26f36a9694c7ef3903af6409b6
SHA256 7d60b9117a935eaba25d7273a5b5e8ba04ece22672661ecb37a3c8a08f61def3
SHA512 47d492a7c72f9d12511f070d7d28451b1c52c5f0d446890e704b02bbc51330b1890c5ac4e050d514ff1bfd9c64421adeebee114718042af5aee3f5fdfb413fc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a20c174b9c3a5da9d87f2e12e5797f0
SHA1 9d775dc041efe967dbd9c2a0b60e1852e71c90d9
SHA256 e12e563e9bbe996e08083c8042610c6c8ffa8cc0eca3425e1ee2f04bafea3f77
SHA512 d17a630c835578af96c287973fbd37ce8bfae26e0087d8fdc1d09cbd0053e88e8455ff831c57e32a8e6e59b60f2ca68f349d1c9f7766377d1c7b0a22a5e5a6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 167564689cd0ff352286b034b4319989
SHA1 4c87938a354c360299b694992ca4ed3f5e0701e4
SHA256 f3feea5755bbf84e3feedc266164d7282abe294362a34c9d0a26c723b338dcb3
SHA512 771e278449918c72f68735e2d92b690e7c25f560a7eb64f12a50dd1bd24e19f7b79493fb41ff48d6b46edaec80eccab97f31b261232ba3cc4ce2c7123c3374e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e99d49cead39b394c6ecf19dfe7924be
SHA1 850767b1704b6ab6f8da4a4b3ec54fed2c22615f
SHA256 378399c9aa2dcea5e1e77b7ba7f50194f723f2ccca37b940b49e921e28e205bf
SHA512 3058c14e2ab4e269017593c19e5dad386cd3a48e00df743a8eae70e7165a534d37c67c7484fd56e2cf47cf02bcb97c239dce35939fd3f09d350e6bf093029344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 5e1542ec05a1840cfb56ae87d1c2e16e
SHA1 25bdd95b83b7c614a6446609cff6ecbcab58d9d8
SHA256 41acd6ffea81ff1b8b58a4693696a397817473eb899edbf6606314820a8e40b8
SHA512 12c32368cbedc3d2515907ab740c75022fc4eaecec9b45734f346db0df209e667b066b2fcd891e84193868ecec8b892e7b484c66a8b329562bad53a69b25c0db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f57d8003a125d87fc1c219731789a45
SHA1 32e54843ccd77884b980bade73ffe73e3a054023
SHA256 9412643a2a7a9abff481f4fa794b0bc1ee8127e25f2b958a52cc3999393b47f5
SHA512 b2526c2e312409ea0bda73e6bf2962661f0cb6f896a5b017ff67bc5572fbaeacbf30e93b5c1b1ccbb87d68a48421dd3e4f4dccd6ccd2e223b679026f47ac626e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 2b4a2c0d107bc671d4b39568a47aad66
SHA1 779b0775413e557f972fb43d07c4e1a09d2dbf01
SHA256 cccbd316b2e050d41ebf62c8c613d5bfae33cd43104ac3b772c9e10950a3dbd2
SHA512 26d41601eabd090a6f6fb2e99d270f1631e2a4ecbade927705cc1ade3495757b097f0832a8a1f915688fb6072322b10071c93bf81d4304863ed53ec41c71fbd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8c5c3ef23b5b9e81b7cfe2099b90ac9
SHA1 5a2ab39261d5e270237c534c2d4c7d1b2d08be23
SHA256 fe86332cf24d4260a633b6a9f66f0a49a25d473ec061f538b04dba7ac67e4ace
SHA512 daded1283210cb3919a8ebe72ab18b60d26e1912eed69e773492dcc8c2d4874e7ff31d8ab0ec26af42c123057a5ff3f87768c03a7b7bc916c861554497f5853f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 c58b2ad20e02980eee174a19b34311c4
SHA1 4bd6793cf28cbb126fd1e664316ecaaefc74028b
SHA256 4a620b6860da8b770eb0756cbbeb27e44ae716c08fe8982a69f632e4a6cdc7bf
SHA512 ee2b1e68bd28e011213350af1c758759648d1804de50c3dab90d486d194b0e61682497b63f0b7152b7444e99e1f3bac8b5f2586f02dade4661f01c5a2b74c68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 6529e24c1fc984ad62af8f3102997e39
SHA1 d262bd9ce4cdba28e6e45b3ec29de014d8f91ed4
SHA256 d4bbb9dceac625ac89699b2841bab4aa0ed758231ea011204cbfe040c4a15409
SHA512 421b5e898b2d83e4c061dd63e33c5dc5b0277e6267010a509b815c3208381442805cfcd77d686ad1e9c03e38e4e0c40742a8e9c9c51aa1f79449f4860cd5365c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1962a847cd09603d9e1ef5b79d441495
SHA1 81c6a2c06934188af1f3d1656c2ed4dd01f993eb
SHA256 53990c2f993b26bbfcbea788be843b7a74036b9a0ecb5c628a133e952a5d5102
SHA512 c331611abb64ec61aa9d6fc235ec04a3a15b9b86769867b07f4825ffd89069367250490fce8f4ffaed6161b82481986fb2329dfed891f8fc38527775bd8e825d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cebf93c32f728e3a8e3343b44d12f34d
SHA1 b4ed220d434d8d0b614cbe14a4ac904642f62269
SHA256 6879ff5edabfe282cfbf4f31d5d9e39cb9d98f8496c3f0777f62ed57bff75f14
SHA512 1e77bdd35a7facec1b944ab07b02384a4bfb23e4a4da236133bf3ed9ecf7aa7fe6e64d0e40f0f25ceab4c267d80f673f5a4b111fd33af7745b17d8f3ea4f982d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5fdcad.TMP

MD5 009401ed8dfcfbaedba17cbe1bbc26a5
SHA1 d2539c657531b8740ebc1b8a680dffa00240d165
SHA256 319aefcc0acfb96a22ed4918f991ee7e70a3f421988b21e642ab51773d83bcdb
SHA512 c638f3e6970539e64c11c6b045a246eb5ba2f60973ecce420d4fccdd0447879063b8f539b64ad1b6bccf61876d8ab29f176c31fbc4e724d8959391fa98b3fce9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41aeaf1b23c718cc45446d59022584b0
SHA1 015d0b95c2301e0ded8ff317d752c6abcf50c385
SHA256 ac04bb7cb63fd9507730278cae67d45a7f0a4b542b162ddd78d9eed3c57644e4
SHA512 9fd1bddf809a1cfa69504efa1deb52972063d2dc78e250056e564e75b159d0ebb308ed94ebedf9ff84ddd7c5fa2553859c80421e4b61b44eea0f3f861eef435f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ec267ae6772b2c11b0c7e787f6e796f4
SHA1 44be852f28239c70e5cd0b2b9fed031dd0201503
SHA256 eeeab1571e609da0becafeec63b03b519a493747b509f35e6727d15430b98c54
SHA512 d3cf765e90a7b95b4c19b7454a454954da4bed3d51f145742e79c6a0f6493f8766047972f766faaf491840350d78f21f550b7a884ded312ad321ff94993ec156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 87da94cb663dd37c8168d050550a5a31
SHA1 10af33cc7415dbdb209b484e80dc66f36d742d0d
SHA256 2ce8a4785b0bba6f3f30868bd47048d82eb4d0a404b478e22bf34bb9c736a5a1
SHA512 51c702495d693b3d3a4017967555650764fe7bf1b56afaf682d33eadcc420769066e24b137addfc4cd1f2a9141f81978e72d1f5b949c9070585c97b24a9653ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53531c39eddfce_0

MD5 94229fa95706166dcdb5dcf8e453f4bc
SHA1 7fd572574e385780ceb6ce65f47d8a30f3e7544f
SHA256 dac6e9168d0025c39d9ef25d69f9f71cf6f298534e2724db482fecdd25bade41
SHA512 53f7696218e7b4d970ff68016e53fcf2b3d4df69746d885fbefcb949e7af69b9837e3218b2cafb48f8242c67a6bab365bb46f3f98e88267d3800c4aade66a2e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e945a2f4002960330e68dfc71f3a3741
SHA1 9e74b53ef1a8fd9dfe84b4889abe61cd323a58d3
SHA256 3414bc28deb3d295f6fbdf6cf7ec3ba62610746f72138260a27d84d07a273335
SHA512 bac1ba289bf2a73dbad7db2a0d1045e202af7381e46f66acbdfd19c001e152e3e040a96c81530cd9c3839d63c3e7dba6c2b20ba1e03e880d612dc1d4f48edf24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a27c203cc9faf9dec4e2552ae5b88db0
SHA1 978ccac26fcd1887811f845c7d8633161ea8c23a
SHA256 5e06ae31ba389cef49ead97408553d95ef30561156db3059a1beffd5e11ec9eb
SHA512 2d5293aab7a3b403343669573f368e33ad43702e95d0c00f2f4dc68d05fe9fff4a0a6bd43c120b8eb2b38e4a869ca2bbc2f9527c954623dee1c878f9b0231165

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 c558e40a182c4a78b74f061692e5155b
SHA1 e1797787822a9158f03c4d83db7939b38a8de91c
SHA256 4d7309a18428052a646c7619ece204cd0dc19f742cec4de30f0e6b34873f0046
SHA512 3838af3867f4506749c1d330e19b39d8067ca8c1410e65633ee43244994da0d5f0e7b28ae01e5d0d2ce30b1b28ecd054b6a766ab46c6385bd98a3bc5dc522b8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 3c26fac8aad02d2517e8c06719b6cce1
SHA1 d5ce131e3655423325afa78d8c71678973858637
SHA256 fc385ea6263a74a86a120c8cdbe2d3ce3e9f734d98adfd426da212a5155b15c7
SHA512 9789520bf05eb231f57c84d0cdb66272e841c566ec73fbfae6252d096e1f525d45dd0476a253533ccf832b533171cbe9fbfe2e4fdc88ca1099297afa46819dd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b2eb4c1ca9bc955_0

MD5 207dcf4b8c4d80eac9aa5a5064ae1454
SHA1 8e5ad4bd7e2ecabfa0f973956fa8c1cfe780d27b
SHA256 8bd247d61c40f6b4f14c3cc10320ba45e79b50e42f13fa76973db6e03181c624
SHA512 a9f4895639d98f20c2f36ad68cd5117258fc40c10d2afdb05f5abd06234aef805a128c6e1021294651ba788417a0569b96bbcf1418345c2de603e7cdf11cdaa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 4397bcf1afe5e63765921bdef5cbb38c
SHA1 72483d9c0082766d14aee7585e326d426e111af3
SHA256 c7a25832defc3886d142b88ad33501f8e04284ca58bce52358415a3ccbae988b
SHA512 2c7d9b7bcc14eaa8735cf9b51ca49cb5b2f57f9b634631c8a49315388087211342a57f04c20f771dfdd156f47170fe7b39f7cd5c8fa0b268ba8d37a843cff5d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 035cde12b31cb78103dfb6dbd1571d97
SHA1 c179474b7d6ed60e4977095049cef4074ecc57bb
SHA256 91d458575f988091fbc5f6c0c5669c28ef15f0b049b967867cdf94c4d286b32e
SHA512 88cd0209d54dfe0c279473c19ca7e78d3a78f8e55f8c7be8cdd52f594923516d6389f4debcd9c2255f4e07b352634175b2f62b3f20f4b85261bbd6dd047cb4d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 219d69394afe68fd635edbf41e5a45d9
SHA1 ec71d259f23b94ecc800a13464d23203907527f5
SHA256 5937a00cab0cde6081b10b614721a1accb8f677b5060276f0c5c2b57a1c5ca15
SHA512 bc57c435ce04a391587b98b1506bfc48214622749fafa16ac8c744d1cfd4856f0c4d41442202c37297ae9fe65d227e49e6d0343f3ed0e5c8ef6cf831658ed1b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 a84583afce667a477db8a079b61d2fc6
SHA1 d0f5f273650553b8c36577b1cb18846360b4abd4
SHA256 e70a01efe5f97dfebc02fde522ee541db1c2b6e397fa0a9ca92cb6b46e28cd1f
SHA512 68ce0a8bc037de53c3a006ae95e2d708f441fea4da70908f776d8c47817f959bba09b52e12c82fb279242de3256fa03da2fc63cc41f6ee7d496a525622d1c5c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 321b546f0e2dc315a0788fca234ada2e
SHA1 6e46a9c217b48d4e88ad966a2d385a655e6a0901
SHA256 41d65429da0b66dbd14e2952d05a2484283f677a3c859a2f6f6fccb59e8bd3e0
SHA512 6e016d30c2e373fed8cdf143d82f95dbdd09e150e56c01d3edbd87086672211c711c2be226c5ce0b2ce901537c395cde4de2b6b26d8a2530d6012eb16bd742e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 772921a67ff6a39c4b4447ea06576497
SHA1 deaeaa4770a806c4effdf626bee5646150c10e19
SHA256 33ec947034d642e2eafe5c2663ac97375eddcc21c54a67a3a13ee79e4f783954
SHA512 83d8e5063f5bda2e7ab29c2b693fe3a2cfe1a373340ff1437da8d6a03bcd82cb9f6747ed7be8db78a024f940b0bff307e05d7806d8718a5f39098ad7f188c5ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3518dd71ada23570071e75cc73aefc24
SHA1 b70325704025eaefbcb18b03108734526074cc92
SHA256 e0251e8f250d14860449c5608ee2365a71f52ea2d54124acafd08dccbf46296c
SHA512 aa574124ab84458d7eae04126d813121c9463e0973e8225ca0a9c135e9cfb6ae3c839f7dc33971cedb858985ff26b573a61d2ab32b6667279fe7144e439ccf09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0feb2284e26b3ba5f9ad347edb172a1
SHA1 8857c76a8dcd3725447fe0b4e39178afc5c1f37b
SHA256 a95a23ec738ecb19d146440ae1ca2b59cf6103b1187d8fb6bcb80ba0f39bf27e
SHA512 8cd5da30fbf667c495960ed04b4aaeed8e6fe997eef9a0f95d35a5c8cfb4d5f0339c625e0e9d9ab215d6f1fc87c7e075f9115854f173039f25b01b0920dff06f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 44647e2afaf65981be2f927ddbc92195
SHA1 43429015387821ddb08a8f0209df2e35e2183910
SHA256 af405dfd42260075e38838e2ce1b3b306bd0a72bdbad5cb21ef420d90744e3da
SHA512 58762626f1d7f007c274c10c5d6636e590d00294ecfedb98268ab1cc4c659afe1ebc81dcef6e038bc7d4100b991aadf94723ea8afc7dc2300d1f20ed59873b4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a97c845d6f85bcfd09ec033acea1a9e3
SHA1 7b83409ed2f1036246aaecde0cccc46a35df2b8c
SHA256 a4316a649f1b2d6434ebb2e6b6df39b468633b6b5ed92657dd16c79acbd03a2e
SHA512 3db1440cebfaad2c88e9df14a140cc38ef86bfd178889458cf437ca265f00ebdbd4d4babc913bb11f0177e6d173667a6b3cc3d8f60566590af8d6e68375c7fd8

C:\Users\Admin\Downloads\Unconfirmed 586175.crdownload

MD5 569ebceef6b93d2b6df145be2b579e2b
SHA1 a95f84dc080ffbab7f2e3c9b295c867a148d4a3b
SHA256 fef04bade6811de31ed43969889175b26f7b14b5164289aa0e8411e173798a6c
SHA512 18bb9bf8d490e67d58ac7cb11ee491c8a796607771ee2a055d9465afa2949f073dfcaff1c8eb8fe965956e1ec32548330a5bd0240b70ba2ccf0b6c6ccdd48d9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce28f094fb19ef8a5c27052e556993dc
SHA1 81b45472dee16ed4c6933b8404dcf00fedd145ad
SHA256 aee14409cd79dc7029efc3b0b4518fbe368711ee8e3f1be8be84db02d92764a4
SHA512 866c802bfc43f5dbf222bbf962d6dad61fa6067b1ee0bbfb5f7618de0e762676557064a772ebe4934d810f0ba2fd625eefed5e713a78ca3e01034d7195f3c544

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c46d539d06e27cfa0e0218efd9815920
SHA1 6b01ca54b2bc6620106f08a214630738fb91fbb5
SHA256 dede78f2475a6c795be7d5ea5662a931db786f0340a6fc7d9da21620f5043fc8
SHA512 5152e42163c95071fc28804fc7d2ebe4d2fcb722faa24501688183b8767426a54f207742d1a6be75f781b8422f6c6ef6c83a40a2a9f7e840a07a9a7bc0fff31c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 894991ac4bccab5b01d89d89402e4317
SHA1 67aba137808d314b3ce4e5460603debbc2d4e520
SHA256 a4872a459035beb5146bd6b4f517adf70429fd6250393e643b92197cc90509b6
SHA512 abdc2f0a2f3b151564a95dc0a9f096e5e2440d88b8f02b35751ca508cdc90051e159d34f0e112492c58044d48be0ccb54c258be3ec4b419a26ee11442e409a8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\27bf86a7e0b8ccbe_0

MD5 379c4131a8b2abd6f5012635663b428d
SHA1 125cb2971d7bf0433d7e2e36e5e3b07670d17558
SHA256 bc114b7f17de33f067095cc6c0c776bd3af6db85bfff7b3983028071d5036d14
SHA512 7072871b9c945da86bb2ea364976110f0b53e7d20636a156d06e6f62fd1eb7070aea9966e3c77d6cc8f9537c5976020821be337c4cee86f8cf7002c5cda1c15d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 efa0581c61fb7197aacd3b191a005371
SHA1 accacbfd4971c4e7b92b352ddb799f0f30a0550c
SHA256 54cba7af5ab15f7691c347d0846d1d87f468d358b1d30a88050cd2567e6aa9d2
SHA512 c36c3887cdadf91e5217ac1a665468c95a17f67b2511081774abf21a43d7a284e7d488696d85e3e251a6e4f4f875fe1d78bca30fc108ea5b73a9982ea8b226ad

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-01 00:59

Reported

2024-02-01 01:23

Platform

win11-20231215-en

Max time kernel

672s

Max time network

1172s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Files

N/A