Malware Analysis Report

2025-08-06 00:10

Sample ID 240223-v25wgsfa4z
Target https://dosya.co/6ao95x0upo1x/Insta_Stalker_2.0.rar.html
Tags
persistence pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://dosya.co/6ao95x0upo1x/Insta_Stalker_2.0.rar.html was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence pyinstaller

Drops startup file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Drops file in Windows directory

Enumerates physical storage devices

Detects Pyinstaller

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 17:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 17:30

Reported

2024-02-23 17:32

Platform

win10v2004-20240221-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/6ao95x0upo1x/Insta_Stalker_2.0.rar.html

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\Windows\IMF\Windows Services.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Insta Stalker 2.0\Insta Stalker 2.0.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "C:\\Windows\\IMF\\\\Windows Services.exe" C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\IMF\LICENCE.zip C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File created C:\Windows\IMF\Runtime Explorer.exe.tmp C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File opened for modification C:\Windows\IMF\Secure System Shell.exe C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File opened for modification C:\Windows\IMF\Windows Services.exe C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File created C:\Windows\IMF\LICENCE.zip C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File created C:\Windows\IMF\LICENCE.dat C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File opened for modification C:\Windows\IMF\Runtime Explorer.exe C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File created C:\Windows\IMF\Secure System Shell.exe.tmp C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
File created C:\Windows\IMF\Windows Services.exe.tmp C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
N/A N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\IMF\Windows Services.exe N/A
N/A N/A C:\Windows\IMF\Windows Services.exe N/A
N/A N/A C:\Windows\IMF\Windows Services.exe N/A
N/A N/A C:\Windows\IMF\Windows Services.exe N/A
N/A N/A C:\Windows\IMF\Windows Services.exe N/A
N/A N/A C:\Windows\IMF\Secure System Shell.exe N/A
N/A N/A C:\Windows\IMF\Secure System Shell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\IMF\Windows Services.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\IMF\Secure System Shell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2800 wrote to memory of 2708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 2708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 1408 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 2604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2800 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dosya.co/6ao95x0upo1x/Insta_Stalker_2.0.rar.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a7c46f8,0x7ffa9a7c4708,0x7ffa9a7c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6100 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Insta Stalker 2.0.rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\Insta Stalker 2.0\Insta Stalker 2.0.exe

"C:\Users\Admin\Desktop\Insta Stalker 2.0\Insta Stalker 2.0.exe"

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe

"C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe

"C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe"

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe

"C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe"

C:\Windows\system32\mode.com

mode con cols=50 lines=30

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c mode con cols=50 lines=30

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\IMF\Windows Services.exe

"C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}

C:\Windows\IMF\Secure System Shell.exe

"C:\Windows\IMF\Secure System Shell.exe"

C:\Windows\IMF\Runtime Explorer.exe

"C:\Windows\IMF\Runtime Explorer.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Insta Stalker 2.0\main.py

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2416219622964241750,12299245632141965016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6712 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 dosya.co udp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 49.111.201.195.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 198.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 15.242.123.52.in-addr.arpa udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 142.251.173.157:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 server4.dosya.co udp
DE 116.202.156.22:443 server4.dosya.co tcp
US 8.8.8.8:53 22.156.202.116.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:52471 tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 854f73d7b3f85bf181d2f2002afd17db
SHA1 53e5e04c78d1b81b5e6c400ce226e6be25e0dea8
SHA256 54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4
SHA512 de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

\??\pipe\LOCAL\crashpad_2800_XWVFJZKMNBEVMKJY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a65ab4f620efd5ba6c5e3cba8713e711
SHA1 f79ff4397a980106300bb447ab9cd764af47db08
SHA256 3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76
SHA512 90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c176442833dbe1d9d039855f606e0e7
SHA1 43b35b1aa733c84ad6317418b3230326619175ef
SHA256 d8174b80f22b66e10f37b36774dfad929cdb09b93a5d4bfbca23cc53cf5f1327
SHA512 b9f6ddd90ac76b38722b0e1fb83de7685951f82fc3be309f170c97cc2b5db0e785a5402c7ab9b400d9e28f949fcd9901e15d262f19b790ba9c197c8f91a215d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8b9249f6f1f965f1d66d5e457d47f89d
SHA1 00b4ed3cb8d6d96e5d182b3d445cf1dae6786f15
SHA256 a89bb1096ae07a6afd7d6ab975e184650424c1310db6508f16829ff9b1538e4f
SHA512 9672753ab1e448bdf80888dcd696aa5b9a7b402c0a468f443f5c04cb011ee7174fe5564cc1e24ca32dd0bceab3225178aca1f2887930c213f7771c04dcecf6b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6f8bf2183eeb92543bf04564751800ab
SHA1 5607a94d8fe8aa8ebfd175bb251ec5855aed313a
SHA256 6ab6eb5c84b2196c7a677f04f41bfe75050abc2202315ee65dff0fe92ca983f0
SHA512 1aca07d412ee59801c0a2d3c3ad262556fe15270f41fc53bc3a19a9b566a1399fc19072836d18b32343ff3ae45d2984600b922d13f4e3ff94540e1fab581a0d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4efc736a16d14288702d198fdef84fb
SHA1 105f865ad2de76ea4e44f2b5889763e3a35581e2
SHA256 bfc1ecad528ff7b66b5dc7f7d502ebbf9c9b26f1568058b430fbdd24b28949df
SHA512 adfb3d6b42d5c949da8925a5c505e38ddbb184972c532893153b825864da0738c6d0612bef148d03eaec5576a94767fdbceb0bb11e0f131ea841d54bb1da9f60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1d8c5186a3d7828fc02966d7e3946bb2
SHA1 582b92dee10d8918638acff2b661cf220738be80
SHA256 110bd01d7bf00e72f6d52e03d2c660c9287226eec8c6fac762bc57e416a11320
SHA512 f0643c62ed138bef205029400ca1aa15223eea1840d10c80e0a761419d16d713672feb52f06289f907a5b1b12dff085fea74a2d7c9ec9688eb9d5dee31bb384a

C:\Users\Admin\Downloads\Insta Stalker 2.0.rar

MD5 7da3b986e7ef3f4c97474d3a07516827
SHA1 62c8f45e0ef15f52316b173ac68ae094ff831d18
SHA256 aee42f4b920c6d7f460b96e128adf639585eb685e8fe246c0c2e7c7ec8aef76a
SHA512 59dd938cb7c96921058b090b2ae1fb7a32e52f831ef727ce621aea602b978a406bfffce7bf5875c54b004f8e6edfd4f7b52a46e02746b479b4be72f7ba23299c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28806c776219ddc06e2952be1267190b
SHA1 5e99c14ab7a8a30bcd9b27adfeb18f4c7922b184
SHA256 e3b2df66a6540742594efeae7e654d0f0b3607c9fdc476df56bd9263f94199a9
SHA512 3e6a1d747a61b57f96fa89fca5d9d95701fe647ff3184471a5748959e3c4fca03b64e1678efb54a867dec5344629e2b5f844b30473dfb3d77bcd45c21aac4026

C:\Users\Admin\Desktop\Insta Stalker 2.0\LICENSE

MD5 c11c45a654bbe8575f7649fd794c7375
SHA1 dcff8325a679341774a6aaf78d898aabff02d429
SHA256 21ebd02e5bcf679f6579bca571e7c922729f34c79ad2b095c45f1a5646bfc70a
SHA512 2bcc947ad4e0454bf40ed16de9e56e72ce95f5902a66bd90f4c7125baa25b1725e1779d7718b7831a48cb6f0d59d305378ff7f1577e6c3d99771263786bd2bfd

C:\Users\Admin\Desktop\Insta Stalker 2.0\requirements.bat

MD5 9794eb882758dbecd4ec6756571d6446
SHA1 b27fd1feddc60be8d2f0a581073a7b9fcfd17416
SHA256 86d15dfe859126d3dce2067794239787a58d7a9acedbb1789be7760e167939e0
SHA512 b6382dc04f43fca3016b9a8eaedeb506f088bc936596824f3590f60d403d1e328babf5e8c0a899729e27f8dfc128631a1dbfa8b98fd712bc75341a829f4b17f0

C:\Users\Admin\Desktop\Insta Stalker 2.0\README.md

MD5 d7e591514c425196b8d1f0b2fe2b767b
SHA1 2e7005a5c7bc8373f03cf4bd514c96d7e39057e6
SHA256 9cd1e518e804a93a0df652c635a8be14dab0b28e887fccd4802808975f770b38
SHA512 9ea682743c0313b200445fb12c3d16f02bb58d7a3ec8f6591e7de522f9c7b99d6d1b783b145bc67d9ca0f6f5833ca44bb7242068af9fe193e15e30a00795e3ea

C:\Users\Admin\Desktop\Insta Stalker 2.0\main.py

MD5 abb8ceb9a9ec31e91dab6a11a979f263
SHA1 ac3e5fb5cc31ada6da35dbbbb2d816cb4d169ea7
SHA256 ea7978ee6454bc900a0a6728ff8a1f132c7cf3f978b64bdee24adbec9363c8ad
SHA512 709b597124b19726b41e6d2b627161bc787c2d755b9db4088bb502cd182b41f303cc7222fc44749ac180841731a951e66da405f12b868e1e4d54faf1bf4f313f

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\[DATA]\DrivingAutomatically.exe

MD5 b031ff16359372ed2791e3a67ec47119
SHA1 057c42b346cd7840997a9485c25f7127409d981b
SHA256 2a7bea6c02a530eafe51cd93f8594518b012484221ebd8781003c31b8eabc568
SHA512 eaa9ebe0bf6a6391c1b80ac7172d0dd5042d4a6d2766d9db8acd99cb1af88e70d27c7d22566746c4a606c575389aabf5fc35330ae428fad648aa12c59ef53651

C:\Users\Admin\Desktop\Insta Stalker 2.0\Insta Stalker 2.0.exe

MD5 fafbabb74ff1a0ae62d42c0317101e08
SHA1 91ec66f806ec2579280d270474a343d6c7f8e6a1
SHA256 6dff5084bde1d43bdbe8db753dcf950dd17436b490492b88f5965c6e902db5a4
SHA512 52b2516c408c776cea22ac48d1399297882475b8b28aab65e9b7a56eb77b71d87639734765cef1e9cd202fcb9085f71b83d37c0780795ceb7607d96f284d6063

memory/2016-226-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/2016-225-0x0000000000840000-0x0000000000874000-memory.dmp

memory/2016-227-0x00000000052C0000-0x000000000535C000-memory.dmp

memory/2016-228-0x0000000005910000-0x0000000005EB4000-memory.dmp

memory/2016-229-0x0000000005360000-0x00000000053F2000-memory.dmp

memory/2016-230-0x0000000005530000-0x0000000005540000-memory.dmp

memory/2016-231-0x0000000005220000-0x000000000522A000-memory.dmp

memory/2016-232-0x0000000005540000-0x0000000005596000-memory.dmp

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Launcher.exe

MD5 c6d4c881112022eb30725978ecd7c6ec
SHA1 ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
SHA256 0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
SHA512 3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

memory/4256-235-0x00000000009B0000-0x00000000009C4000-memory.dmp

memory/4256-236-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/4256-237-0x00000000053E0000-0x00000000053F0000-memory.dmp

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\Ionic.Zip.dll

MD5 f6933bf7cee0fd6c80cdf207ff15a523
SHA1 039eeb1169e1defe387c7d4ca4021bce9d11786d
SHA256 17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
SHA512 88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

memory/4256-241-0x0000000006940000-0x00000000069BE000-memory.dmp

memory/4256-242-0x00000000053E0000-0x00000000053F0000-memory.dmp

memory/4052-243-0x0000000002FA0000-0x0000000002FD6000-memory.dmp

memory/4052-244-0x0000000005980000-0x0000000005FA8000-memory.dmp

memory/4052-245-0x00000000747D0000-0x0000000074F80000-memory.dmp

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe

MD5 380d44d294774b7d3f1e6e041f068c46
SHA1 17fc13ab25159cd76ee073abd68cd0f92795ebbf
SHA256 631d1171a2e1da753c8686453634cac0275468f45c782450ef7adbffda144219
SHA512 6ff484f2072d9020b3b583a1003c3fe69d7ade98f5097c21780d9a4a0ad9bd8c21814fdae4724e8879e77e859296175570737776effa03c7039afdbee64d4676

memory/4052-246-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe

MD5 c12f50cbbd39cc947e134472c22d9188
SHA1 6b75baef307c7e50fd7b353ee9cbf7ad6f2bd09d
SHA256 3e98308eab5719ad89c44ed83cac293a657501929fe363815b592ba9b0628150
SHA512 90384bd0794b09e1ed1cb4c46b439e3d40a415c922135a7f3f2a3efb0e84b30682e1439da813dd0ef64a562ee431e89f2ef6f7e885ea6c57742db4d44e6adac4

memory/4052-250-0x00000000058F0000-0x0000000005912000-memory.dmp

memory/2016-251-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/4052-253-0x0000000006250000-0x00000000062B6000-memory.dmp

memory/4052-252-0x00000000061E0000-0x0000000006246000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_awxwtam3.nqf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4052-284-0x00000000063C0000-0x0000000006714000-memory.dmp

C:\Users\Admin\Desktop\Insta Stalker 2.0\urlmon\WinTypes.exe

MD5 49b0e08741750b94cd1214b3400d305b
SHA1 59316b716fd8681f60e8f892bd5b52bc5e29732f
SHA256 8575868788f6e5c2ffa7ff258d2379bf2964c4671f2f921d28ce6f456b5d7ab0
SHA512 c08c3683bd155232d2e68922a9a444df343457d16129479b099c6958e562b8d5772c0a9f4f0fb497fdb75316058054aecceff5f70fa5633ceffb97ce337ee27a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\VCRUNTIME140.dll

MD5 8697c106593e93c11adc34faa483c4a0
SHA1 cd080c51a97aa288ce6394d6c029c06ccb783790
SHA256 ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833
SHA512 724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

C:\Users\Admin\AppData\Local\Temp\_MEI41882\python39.dll

MD5 0e117e6917a07de7420a8a77825d3455
SHA1 125d3af73340cd3720984fe834674480ad9d39da
SHA256 95407d255f55586e06b0f368199a1fa244a1e2598bb2a719fd4cb003fe799c15
SHA512 c5c7386b8f2723e9392c83d71bbeb3fc60f9078b7c53958a2255f7fa6de881b910dc29b59425399aee321b9920946160c15ec6688c4337d25d9d709737e33d74

C:\Users\Admin\AppData\Local\Temp\_MEI41882\python39.dll

MD5 865ee54c49fe959c043dac73046cf4b5
SHA1 54fefb047a16e90e0ba7f92c53e0af5cdb375730
SHA256 6627940387f94867c2b9c6093288fe8e8328015a00cd85850326792079bc051e
SHA512 3c41dcae930a10a1d00c108a16c505090dfe1e3f52399e3c3a5a3018a5dc79230ef69276f72e91f2f5dfd0dce2aa6b08d5eec2f6ed92499b82bdaed5b5baf4ac

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ctypes.pyd

MD5 29da9b022c16da461392795951ce32d9
SHA1 0e514a8f88395b50e797d481cbbed2b4ae490c19
SHA256 3b4012343ef7a266db0b077bbb239833779192840d1e2c43dfcbc48ffd4c5372
SHA512 5c7d83823f1922734625cf69a481928a5c47b6a3bceb7f24c9197175665b2e06bd1cfd745c55d1c5fe1572f2d8da2a1dcc1c1f5de0903477bb927aca22ecb26a

C:\Users\Admin\AppData\Local\Temp\_MEI41882\base_library.zip

MD5 fab551a33a1ffce7c8c690f391f7080f
SHA1 2e6cc6a26c3748414fd7f2a5eac82d5c0af750f9
SHA256 44726b7c2912ddc096ba7ab039ee2584e42249f67a3a18dae24be9abbad78382
SHA512 c030b5a740cb64bfbd92de529d78215132b78ccf2d9390fdf823144c183d8d115c8f71f9e9e1449fee6c4583e77548a8830c3b3f364103a7088ff58a56cf8d11

C:\Users\Admin\AppData\Local\Temp\_MEI41882\select.pyd

MD5 7a442bbcc4b7aa02c762321f39487ba9
SHA1 0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83
SHA256 1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad
SHA512 3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_bz2.pyd

MD5 6c7565c1efffe44cb0616f5b34faa628
SHA1 88dd24807da6b6918945201c74467ca75e155b99
SHA256 fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a
SHA512 822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_hashlib.pyd

MD5 f377a418addeeb02f223f45f6f168fe6
SHA1 5d8d42dec5d08111e020614600bbf45091c06c0b
SHA256 9551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac
SHA512 6f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280

C:\Users\Admin\AppData\Local\Temp\_MEI41882\selenium\webdriver\remote\isDisplayed.js

MD5 313589fe40cbb546415aec5377da0e7d
SHA1 bc2b6e547b1da94682e379af1ea11579e26de65b
SHA256 c1a04024e5414fca8c1deedb452be77a8b9d13bb3cf67ff4230d5983537a3096
SHA512 bbdfa98ecd07a27f20966b5eb0cdcc0fac6085bebd6868a061563d210262f61d630b823e6eabd3217175b7f01516cda9c162adbfe063130d6510e0a3f4be2f7d

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_queue.pyd

MD5 4ab2ceb88276eba7e41628387eacb41e
SHA1 58f7963ba11e1d3942414ef6dab3300a33c8a2bd
SHA256 d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839
SHA512 b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888

C:\Users\Admin\AppData\Local\Temp\_MEI41882\MSVCP140.dll

MD5 cd0c37f1875b704f8eb08e397381ac16
SHA1 249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256 d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512 d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_asyncio.pyd

MD5 05f37b6be4cd6b5dc8f165128913cf89
SHA1 04aab6f380f40dcae85cbe0c397356187bd7bfeb
SHA256 0ed512e410a8604821f74c84396dd61e71756dbe8e36e8a96261c707b659721a
SHA512 263726f87375a29335b4dcaec38bb79c8f019a7240be9af82d52aacc93611227b77ae61d03dc05f92edf138715e0d262901d824285a7a1caacd30110e093d6f7

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_uuid.pyd

MD5 c9d5a1a4b6186b5ad1242e6c5cca31e5
SHA1 40c29c4b192ab421038d7ba2f407ad52bd0e1dc5
SHA256 eec57d615873e2065ed83da6164774b9396b4984ad39e1c2166f2c9b45626272
SHA512 a2a3afd56350c7de3ca55b105928eceb8952e9bac08aaf171ef6644d50385afb836fc39abd1d9b372e65edfff4c6e686a084dcd03231487b96f1674401cca290

C:\Users\Admin\AppData\Local\Temp\_MEI41882\VCRUNTIME140_1.dll

MD5 21ae0d0cfe9ab13f266ad7cd683296be
SHA1 f13878738f2932c56e07aa3c6325e4e19d64ae9f
SHA256 7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7
SHA512 6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_brotli.cp39-win_amd64.pyd

MD5 2c7528407abfd7c6ef08f7bcf2e88e21
SHA1 ee855c0cde407f9a26a9720419bf91d7f1f283a7
SHA256 093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441
SHA512 93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libssl-1_1.dll

MD5 bc778f33480148efa5d62b2ec85aaa7d
SHA1 b1ec87cbd8bc4398c6ebb26549961c8aab53d855
SHA256 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843
SHA512 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_ssl.pyd

MD5 ef4755195cc9b2ff134ea61acde20637
SHA1 d5ba42c97488da1910cf3f83a52f7971385642c2
SHA256 8a86957b3496c8b679fcf22c287006108bfe0bb0aaffea17121c761a0744b470
SHA512 63ad2601fb629e74cf60d980cec292b6e8349615996651b7c7f68991cdae5f89b28c11adb77720d7dbbd7700e55fdd5330a84b4a146386cf0c0418a8d61a8a71

C:\Users\Admin\AppData\Local\Temp\_MEI41882\selenium\webdriver\remote\getAttribute.js

MD5 e6b3169414f3b9c47a9b826bb71a0337
SHA1 d22278a492d03863ce51569482dcfb30a0b006e9
SHA256 1198a9999dde24dd2da0d9877cc2e8f8dd70bfdaeee0b5012b24e5474b50e88c
SHA512 bf9e48caf03e19274b5020d5eae6a3d6d75b611676f307346cf28117da71410e6022a72da0f82a8f2c6ca06a2c503c8e6528c6a164c4fb488c5195d6aa3e3819

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libcrypto-1_1.dll

MD5 cc4cbf715966cdcad95a1e6c95592b3d
SHA1 d5873fea9c084bcc753d1c93b2d0716257bea7c3
SHA256 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1
SHA512 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_lzma.pyd

MD5 b5355dd319fb3c122bb7bf4598ad7570
SHA1 d7688576eceadc584388a179eed3155716c26ef5
SHA256 b9bc7f1d8aa8498cb8b5dc75bb0dbb6e721b48953a3f295870938b27267fb5f5
SHA512 0e228aa84b37b4ba587f6d498cef85aa1ffec470a5c683101a23d13955a8110e1c0c614d3e74fb0aa2a181b852bceeec0461546d0de8bcbd3c58cf9dc0fb26f5

C:\Users\Admin\AppData\Local\Temp\_MEI41882\_socket.pyd

MD5 f5dd9c5922a362321978c197d3713046
SHA1 4fbc2d3e15f8bb21ecc1bf492f451475204426cd
SHA256 4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626
SHA512 ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99

memory/4052-305-0x00000000068C0000-0x00000000068DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI41882\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8056b2c66a688554be25252109671568
SHA1 dae466422350de22a154268ae1595af49f424614
SHA256 25d35f68fd66afca2e755fa0ef283a835ffddce9f6537dad4af507d70bb5ce0f
SHA512 95369b355c1e69ab36a2ea023dd389663651cb4bc3085bb7ea64f2b78518fe88d89252bae0b76364e212bc6eeb09873f91b462c38f590c92f8d213c801df7063

memory/4052-364-0x0000000006EA0000-0x0000000006EEC000-memory.dmp

C:\Windows\IMF\LICENCE.zip

MD5 f7d55578b3709f1519805272e3e64c33
SHA1 5f1f8f05a629052ef5289c0f7e438625c559339d
SHA256 3147a9c9015f7e54c8acdb8d413da93ef3e4b04fb27ec578dcd188a70bb53301
SHA512 3a853dd66f731dc0c929b1f65f28a64a51e47c82058e05689e6ca0877d50bcd32503c734bf1e4f246f3cf341029496685cf4c741d0af54f0428f07ded24b65fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 49e97212fba744bbae9062c689956d2a
SHA1 c9c75ce8eb5159c236b27143bdd177be7fa26b23
SHA256 af477dcb8203b0e5600150bda24ddf0cbe0e7d7a083438742371765e30d66df3
SHA512 49f047afb9e5fdb586d990fc33308a90b0beffdb7b31bb882650033401a8ad3fbf4ad9654c0e82fe131df137e4dad4e29b66fafd1ec41c386169b86bab055b06

C:\Windows\IMF\Secure System Shell.exe

MD5 7d0c7359e5b2daa5665d01afdc98cc00
SHA1 c3cc830c8ffd0f53f28d89dcd9f3426be87085cb
SHA256 f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809
SHA512 a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

memory/4256-384-0x0000000006520000-0x0000000006596000-memory.dmp

C:\Windows\IMF\Windows Services.exe

MD5 ad0ce1302147fbdfecaec58480eb9cf9
SHA1 874efbc76e5f91bc1425a43ea19400340f98d42b
SHA256 2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3
SHA512 adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

C:\Windows\IMF\Runtime Explorer.exe

MD5 ec70c6f4dc443c5ab2b91d64ae04fa8e
SHA1 43eb3b3289782fced204f0b4e3edad2ba1b085b7
SHA256 276f1bfc6256f4c1ddd544d5a556d299ebddcf200a64ee7c9c3edef686df727d
SHA512 6217c232edbcf60ae1337120aa9b51956e06f591c660fd720b02fe8abf01923dd4dca28f69ece88c12c705a4c3a392d0cbb6f4f6c6759306123db141ed05d584

memory/4256-385-0x0000000006500000-0x000000000651E000-memory.dmp

memory/4256-400-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/5028-399-0x00000000000D0000-0x00000000000E2000-memory.dmp

memory/5028-398-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/5028-401-0x0000000004A40000-0x0000000004A50000-memory.dmp

memory/4052-404-0x0000000006E50000-0x0000000006E82000-memory.dmp

memory/4052-405-0x000000006F600000-0x000000006F64C000-memory.dmp

memory/4052-403-0x000000007EE10000-0x000000007EE20000-memory.dmp

memory/4052-417-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

memory/4052-416-0x00000000078B0000-0x00000000078CE000-memory.dmp

memory/4052-412-0x0000000002FE0000-0x0000000002FF0000-memory.dmp

memory/4052-418-0x00000000078D0000-0x0000000007973000-memory.dmp

memory/3468-420-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/3468-419-0x0000000000BA0000-0x0000000000BB2000-memory.dmp

memory/4052-424-0x0000000008230000-0x00000000088AA000-memory.dmp

memory/4052-425-0x0000000007BF0000-0x0000000007C0A000-memory.dmp

memory/3468-423-0x0000000005670000-0x0000000005680000-memory.dmp

memory/4052-426-0x0000000007C60000-0x0000000007C6A000-memory.dmp

memory/4052-427-0x0000000007E70000-0x0000000007F06000-memory.dmp

memory/4052-428-0x0000000007DF0000-0x0000000007E01000-memory.dmp

memory/4052-432-0x0000000007E20000-0x0000000007E2E000-memory.dmp

memory/4052-433-0x0000000007E30000-0x0000000007E44000-memory.dmp

memory/4052-434-0x0000000007F30000-0x0000000007F4A000-memory.dmp

memory/4052-435-0x0000000007F10000-0x0000000007F18000-memory.dmp

memory/4052-438-0x00000000747D0000-0x0000000074F80000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 498c669d704a712af62b34d1176bdf70
SHA1 43ec72d9923fa48675de97c4adb5ccedf1bafb4a
SHA256 dc9ee9f955a9e4ced30f1dda2d35afc5b6178aa7a771c01eb897a1bfaf61fd82
SHA512 500eb28f65fbfacae392515da17f0033b45ab4993e1482406d95e12ab36dbcdeb241d0dbfe55413d7f4ea6ae7e36348d28c213b4fe2002b95845ef23bda858b5

memory/5028-462-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/3468-463-0x00000000747D0000-0x0000000074F80000-memory.dmp

memory/3468-464-0x0000000005670000-0x0000000005680000-memory.dmp