Malware Analysis Report

2025-01-22 18:58

Sample ID 240315-pfdxzsab57
Target checkers.exe
SHA256 bb3d8ba65f4589ea9072d6b26ff12145c38d66c9e6cbd2743d2f66cb735d4f2a
Tags
gozi banker discovery isfb persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bb3d8ba65f4589ea9072d6b26ff12145c38d66c9e6cbd2743d2f66cb735d4f2a

Threat Level: Known bad

The file checkers.exe was found to be: Known bad.

Malicious Activity Summary

gozi banker discovery isfb persistence spyware stealer trojan

Gozi

Downloads MZ/PE file

Reads user/profile data of web browsers

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Looks up external IP address via web service

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

NTFS ADS

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Suspicious use of UnmapMainImage

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-15 12:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-15 12:15

Reported

2024-03-15 12:18

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Gozi

banker trojan gozi

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{b6178a40-1665-4565-b73e-48dd6e039a65} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{b6178a40-1665-4565-b73e-48dd6e039a65}\\python-3.12.2-amd64.exe\" /burn.runonce" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.amazonaws.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6C6C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e596acb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6DE4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e596ac6.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e596acb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e596ac6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{4534F2ED-1616-434D-98A6-0DA358DCD466} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e596aca.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\LogicalViewMode = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{9D42636A-C8F9-4B10-9565-35DBD8B8938D} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\DisplayName = "Python 3.12.2 (64-bit)" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466} C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874385" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Version = "3.12.2150.0" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command\DelegateExecute = "0" C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 3a002e8005398e082303024b98265d99428e115f260001002600efbe11000000db89bb4ac668da01bd41d89cd276da01c2afe09cd276da0114000000 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7a003200145f13006f581d622000424c414e4b2d7e312e5a495000005e0009000400efbe6f581c626f581d622e000000000000000000000000000000000000000000000000002f6a0d0142006c0061006e006b002d0047007200610062006200650072002d006d00610069006e002e007a006900700000001c000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874369" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\DisplayName = "Python 3.12.2 Executables (64-bit)" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Mode = "4" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:PID = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12 C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\japanpear4332125.vbs" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\ = "{4534F2ED-1616-434D-98A6-0DA358DCD466}" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\Version = "3.12.2150.0" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\IconSize = "16" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\DisplayName = "Python 3.12.2 Core Interpreter (64-bit)" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\ = "{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\ = "{b6178a40-1665-4565-b73e-48dd6e039a65}" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Version = "3.12.2150.0" C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 442568.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\checkers.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4928 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4928 wrote to memory of 1328 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\checkers.exe

"C:\Users\Admin\AppData\Local\Temp\checkers.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb422746f8,0x7ffb42274708,0x7ffb42274718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs" /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /v DelegateExecute /d "0" /f

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C computerdefaults.exe

C:\Windows\SysWOW64\ComputerDefaults.exe

computerdefaults.exe

C:\Windows\SysWOW64\wscript.exe

"wscript.exe" C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /Create /SC ONLOGON /TN UpdateFirefoxComponents_phFehpiq08w1HvqzO050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\phFehpiq08w1HvqzO050MX.exe" /RL HIGHEST /IT

C:\Windows\SysWOW64\schtasks.exe

schtasks /Create /SC ONLOGON /TN UpdateFirefoxComponents_phFehpiq08w1HvqzO050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\phFehpiq08w1HvqzO050MX.exe" /RL HIGHEST /IT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe

"C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe" explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8

C:\Users\Admin\Downloads\python-3.12.2-amd64.exe

"C:\Users\Admin\Downloads\python-3.12.2-amd64.exe"

C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe

"C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.2-amd64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=556

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 188.114.96.2:443 textpubshiers.top tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
GB 92.123.128.157:443 www.bing.com tcp
GB 92.123.128.157:443 www.bing.com tcp
US 8.8.8.8:53 157.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.181:443 th.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.168:443 r.bing.com tcp
GB 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 168.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.0:443 login.microsoftonline.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 arc.srv.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 200.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 www.python.org udp
GB 151.101.60.223:443 www.python.org tcp
GB 151.101.60.223:443 www.python.org tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 223.60.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 media.ethicalads.io udp
US 172.67.71.230:443 media.ethicalads.io tcp
GB 142.250.179.234:443 ajax.googleapis.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 console.python.org udp
US 167.99.21.118:443 console.python.org tcp
US 8.8.8.8:53 2p66nmmycsj3.statuspage.io udp
GB 142.250.187.232:443 ssl.google-analytics.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
GB 18.165.160.69:443 2p66nmmycsj3.statuspage.io tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 apps.identrust.com udp
BE 74.125.206.157:443 stats.g.doubleclick.net tcp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 118.21.99.167.in-addr.arpa udp
US 8.8.8.8:53 69.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 157.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 52.219.110.121:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.110.121:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 52.219.110.121:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 121.110.219.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 172.67.71.230:443 media.ethicalads.io tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 92.123.128.181:443 th.bing.com tcp
US 8.8.8.8:53 checkip.amazonaws.com udp
IE 52.215.63.165:80 checkip.amazonaws.com tcp
US 8.8.8.8:53 github.com udp
US 188.114.96.2:443 textpubshiers.top tcp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 165.63.215.52.in-addr.arpa udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.10:443 codeload.github.com tcp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.8.8:53 10.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 196.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.138:443 r.bing.com tcp
US 8.8.8.8:53 138.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:443 gofile.io tcp
FR 51.38.43.18:443 gofile.io tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 234.17.178.52.in-addr.arpa udp

Files

memory/116-0-0x0000000000270000-0x000000000027C000-memory.dmp

memory/116-1-0x0000000005160000-0x000000000517A000-memory.dmp

memory/116-2-0x0000000074420000-0x0000000074BD0000-memory.dmp

memory/116-3-0x0000000005200000-0x0000000005210000-memory.dmp

memory/116-4-0x0000000005150000-0x000000000515A000-memory.dmp

memory/116-5-0x00000000052B0000-0x0000000005342000-memory.dmp

memory/116-6-0x0000000005900000-0x0000000005EA4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

\??\pipe\LOCAL\crashpad_4928_SXISUHQSRXFHZLPB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f6623a0862afcb3c4647689e6ace1e35
SHA1 8d2b7dd069fc66c28de0713988990416c108ff2b
SHA256 44a18c2d1887ff02a12e0d8a682161f76e570d9809fa39fb3c970caf12c4ae2d
SHA512 e5a2ed10bc1abc16253f37e0bc55a07ca79bda5b34c4b992190056c8d5529c20108d192dc0358cd932e28935edf258d0ac730d283a257b250e065e18c5f9e4d5

C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs

MD5 a34267102c21aff46aecc85598924544
SHA1 77268af47c6a4b9c6be7f7487b2c9b233d49d435
SHA256 eba7ab5c248e46dbe70470b41ebf25a378b4eff9ce632adff927ac1f95583d44
SHA512 5d320312b93b46c9051a20c82d6405a3f2c78b23adb3ab3e71aad854b65b500937de7ca2986cf79967386d689beecccf676d89afde8ecc5d5ad0cb4ae2bf38a3

memory/116-41-0x000000000AF20000-0x000000000BB20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ada11c2ed71a6b8e5230f0a87e8e0841
SHA1 36197961b7e388a9bfd6f8dc1c4d761f959d21ab
SHA256 dfb01e92fb0f69aa87bbdf2aa1f01633765e3cc7464ca94a4af07f372cf2b9a0
SHA512 9c211a64c3eb32d981f7f627fbe076d16b0b5b4f1d17545858b64585748037ec6e998b3c3b5e57c00951266518b5eb8b6d6882707d06eccf22d1aa683f7ea674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a14946c8aa53f132b46e73b0f5bbd4f8
SHA1 0cb65a1ec1e3ab8165412ec3c9dce71d39cae88c
SHA256 1405a0bb0d6f0efbe6712efe0a1a4457447ae573dc8416d723cd5f30b061031d
SHA512 95d2cdd3c1f139e7ef9ffb21aef238c16005e75d6a534707ea89f8af5320074f7d0ac7a2146ac4c6b1b74d3523b4c9bfd30af037b36db9649328f9ab3a48114f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

memory/116-258-0x0000000011CB0000-0x0000000012952000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\40BD99E3E2E3C109881E4ECA2DEDC617\32\sqlite.interop.dll

MD5 6f2fdecc48e7d72ca1eb7f17a97e59ad
SHA1 fcbc8c4403e5c8194ee69158d7e70ee7dbd4c056
SHA256 70e48ef5c14766f3601c97451b47859fddcbe7f237e1c5200cea8e7a7609d809
SHA512 fea98a3d6fff1497551dc6583dd92798dcac764070a350fd381e856105a6411c94effd4b189b7a32608ff610422b8dbd6d93393c5da99ee66d4569d45191dc8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 b582b2eca79a750948dbb3777aeaaadb
SHA1 bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f
SHA256 04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82
SHA512 35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 33411bb179575dfc40cc62c61899664f
SHA1 d03c06d5893d632e1a7f826a6ffd9768ba885e11
SHA256 274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f
SHA512 dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe

MD5 e898826598a138f86f2aa80c0830707a
SHA1 1e912a5671f7786cc077f83146a0484e5a78729c
SHA256 df443ccf551470b3f9f7d92faf51b3b85ae206dd08da3b6390ce9a6039b7253a
SHA512 6827068b8580822ded1fb8447bdb038d0e00633f5ef7f480a8cdeaab6928ac23022a0b7a925058e0926ce9b41a6c8c22a5692e074621b2fccdb7edd29a0d4cfb

memory/3472-314-0x0000000001080000-0x0000000001088000-memory.dmp

memory/3472-315-0x0000000002E10000-0x0000000002E11000-memory.dmp

memory/3472-316-0x0000000001080000-0x0000000001088000-memory.dmp

memory/3472-318-0x0000000001080000-0x0000000001088000-memory.dmp

memory/3472-319-0x0000000001080000-0x0000000001088000-memory.dmp

memory/116-325-0x0000000007B70000-0x0000000007B82000-memory.dmp

memory/116-326-0x0000000074420000-0x0000000074BD0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bb41bc47146b6ba53e0cf37eac94d45
SHA1 77c84b2ed752afd2b177857db51e8134ebdc7709
SHA256 9535ff7d462948dc9a75016712be423cf4126e0442c55c054b3a752af9750ede
SHA512 209a93a93bfa8f6aec26474b5d335a940f5ceefdba47bfbf9c0e43405ee173815312842436ecb62379fe2c0c60b61cdb49da469686931a004a3336494c605d6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c7e86b73a7dc9fe58e5cb5b95dee653
SHA1 ddd2bd5fd249d8f2c42cfe82c6ba7b4771035b0b
SHA256 a2d1d24f97020fdf8cedf9604da1b70d0d46677478d0a87d695a9ba954ce96d0
SHA512 35b4050a67f8707dea1c29839e5ba32ea069ff080ffc56c8d54084ae9f298beba89d71b09e7ae2168d1a0735e3c2edeae2c1a71c13c82b72bc59e0da576ec823

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b1fa.TMP

MD5 f934e50985cec7c32420cdb744770225
SHA1 f216bdef787b28c9cbf9fbe87563d5eea24bd032
SHA256 ec23bb932794f5145db8a4a47b03422f6c25f2f84408ed5ce4339b5b10ee7896
SHA512 8e4316253717330de50438bc84d2ce9f74e8cc569f9ff0274e98bea52ead8d3305a73007529a0f27bb374655f07bae9d4e32664ac356fd114b34ed819bd8e8f8

memory/116-349-0x0000000005200000-0x0000000005210000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8455ac77c61d5bc7f20d53807dc55479
SHA1 5d1906724d21115895ff3dd1e7eaa344fe62775c
SHA256 0bf516cab8bea7bdc91cd467e5c1f58f9dd6d1865449ca0492512158338ef9c5
SHA512 69fdbf36e6acbc50499e090d3dc66e04dbb52e652578afd579f2c35f8ee81b5e6a07cd2951228701b78e26e80e5dbe30560c6936e888eddd45250d827a950b44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1becae4caf8c37c9c6f53b99328c96c4
SHA1 df8d36960a26be7bde00a0d8817454f45247a3f6
SHA256 4d39b3d5a242469340cbb4a69b5873ec9bfa299bb5436803030df789c1964e69
SHA512 97bba459997c64cfd2179aa07e65e5ef6ca638d833685c309c3d0c3702f12f6f720df526d19e8849ac936c6190f4f1f6229dd35e97ecd22ff712ab23a9e83d75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 88a552e6be1ac3978c49143983276b3a
SHA1 dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423
SHA256 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5
SHA512 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d123640e4489ba9b9e03078e2fdc4aa1
SHA1 416dfe8c6f45deb1b797a18062e8c8dc9b83b7f4
SHA256 9973ad4815ac7c73d9108fa2b6de0c7122af623fb89d423e831a56b9a55b23ff
SHA512 f3f0ef5d092ae8d2ffdd9d4a43a2284352bc8a25d4c9cc62adf812a525060d8727e231569afef71c1801926743ea84efd54877173a027870d0fd46cf904249a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 24a16440d5b663d0d87263e812e3fd90
SHA1 0ffec5a540218892b440703dfbf04bf1252def68
SHA256 c3af8b6de514fe12fef4987e8a1a9c6294ea0ebf46d0537bf02d18595abbe799
SHA512 9845ca0adcbdf6e77a021073f5f01c6b0ecc0593d2c7e13d58b7717368d466d69f74c51934c77f21aaaf0704815fdefdf285748aa3e17441b700ba092a6df9cc

memory/116-504-0x0000000008620000-0x0000000008686000-memory.dmp

memory/116-711-0x0000000008750000-0x000000000875A000-memory.dmp

memory/116-712-0x0000000005200000-0x0000000005210000-memory.dmp

memory/116-713-0x00000000086B0000-0x00000000086BA000-memory.dmp

memory/116-714-0x0000000008690000-0x000000000869C000-memory.dmp

memory/116-715-0x00000000086F0000-0x00000000086F8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Gongle\a9JZS5AM91\on1px6pk.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 6e4c15aa7a4d20e163e0c3f3fee7944a
SHA1 fddb968c80d118c306a7d64cd4837db139f4467a
SHA256 ff6a1f78d407d487386f3484c2985d62302ca7437f96fa92ae07b5a2c2c848ee
SHA512 b59c1fe583a77aa60171928af5092e57cf4cb77b3b145b814f26d8bba8dd6a726a51b15df78f6698bd8dda9adf1b2e17d958f9c63e1906d2285d27e8c415f705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a1d7c0a1-5df4-416b-b45a-bfa83f51bd49.tmp

MD5 50e629b99b4e62cbb8dd336d9eddc4f9
SHA1 a35c9923ae173b8150400554228cea3876444b63
SHA256 9f1d22f3ccccc6f7c40489f51ef7104c75009705ece3b799079dd3612d30472f
SHA512 6e8ab4b83c30784798ff3b8b062b2681d1242a18e5baa220cdfc90ede67d840cae4a50580b63cc37d37cdb22c90f2644ff566a2c9701fdabed994c5d28f5e162

C:\Users\Admin\Downloads\Unconfirmed 494202.crdownload

MD5 cf1622e33a46b0a9b7f88d0f031d679c
SHA1 6af28cb842e880d2121cc6f1ea9176c07d852bef
SHA256 1072efad667d604f609fd850a13e54507e23b5ad33b836436267144a4cbd28e2
SHA512 d5768cab8a7c44f569dd9abbade6eb0a4cdce530e62e3b59ae19ddc7cab6782f2015c0b231568c9945c9fcb9e28ac8f7c4488d390416173c30a292f3e8b6dc57

C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\LOG

MD5 8e063d07fc7a5914582586450af5c99d
SHA1 23ec3f519037c31bd7200354342722f5f10b4386
SHA256 f10fd103f787358904added427e02cd5f36d6034607d3d957e2881fc19abf788
SHA512 b0657dba2da989817bafa3340cc5ff6c9a8268e5caf57d1ce567ca95c0933d2a0c4f835a6f32061553523c93b30f93bff5210aa3aab89630e42391299949e64f

C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\LOG.old

MD5 b3697e44ce9e8c25147c68be0b5bdd1b
SHA1 fc1c76870339494466901f7c0b59d28ea4405efd
SHA256 503fbc7cac1bba50e9f746a76451445d3e8002ba2cbf2b946a9b185728222309
SHA512 c48f1f2d8bf9f71b317a8139d56ea790c45a035e95354bb7964745af317628947d8fcc1f5991716117d16b2dbcf27e1be0e7df722f083bd24ef7d1ea6d2c8b4c

C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b708a72719beed3ef3fe7a34a655b2e
SHA1 a2e82a555dbb22ddb1a8e93b27811b83e4862813
SHA256 7051bbc9e8cffa6c7eccaa6fb238cc541cb96cfe4a582cbb91cd162b835338c9
SHA512 8b1b1196e6819d0174c8640c846534665ef83f37550935519074e72f30f12b03da1fc76b535e62a2012e0fbbcc11be3eca35403872ffaeb1a38cb6809520e3c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 1b5cf6b0057b444c1ea9b1ec96602a16
SHA1 aa81c95d8c24f71fff7636c428e9b7bf49b5959b
SHA256 e8d344b80fef24f7b656bb02ff16b1daf50ca5feabb0441e5e8fb5cc97e145c9
SHA512 aeff6d5dbd9b9e039b4aad3ac54908347fba047af963cb417232ca40639cba173070bb72ad8d9dc66611481e7f542e487333717c20c0efc992337499ac55231c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 1ba804b44649a6eaf18ab35e542c21fe
SHA1 2b015afa81389653eb54230d6b6ec1614a8704c7
SHA256 54445f6dcfe85468ff4acc7985566d596c74900b8a89ab4bee3536430bba92e1
SHA512 d7c5e2cdb43942b0689703ea4e83c7dbe47723f4543048beb580846ccfec33d2d0ec207f0d03475dde63839acd57802ca8e3689545b38a2bd24d0deb384f3c60

C:\Users\Admin\AppData\Roaming\Gongle\aS7XPSJFHE\LOG.old

MD5 fef6883012ecec324b2c7c407ee62a48
SHA1 e21dae8f7b1194e4bb93b97a65f985c953362be4
SHA256 5ce48668353e40aadfb584c66cb38fcaaf987ecf31456638e28abbb6184a253b
SHA512 935155363d4d04b0d7f7200bc172c7f4d7211447f6e7c266dd854c48cb0a536e9d6b41fe0b5dd1ac60ddb522def4440c79d19a474f10d0339e60f4f3a2f8cae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 01da76b4dd7d74dcb3a0966da34a89db
SHA1 7f16b4d7db099e94bc0dbdc9caa973c655be69e7
SHA256 56c8194efabec7bae6563a4ea1789a9c83f6727047883423645bd5f008b75c57
SHA512 48e53d7cd1c1bf97011a81e0bfdc03bec651e418b644ef5fa447667c01e46aa12d157dfb01d8a13e2418086c845cb8ad3380aff4e01c6fed13ae8b09e2422fad

memory/116-889-0x00000000069A0000-0x0000000006A52000-memory.dmp

memory/116-890-0x0000000006AB0000-0x0000000006AD2000-memory.dmp

memory/116-891-0x0000000006B60000-0x0000000006BD6000-memory.dmp

memory/116-892-0x0000000006B20000-0x0000000006B3E000-memory.dmp

memory/116-893-0x0000000006C30000-0x0000000006C80000-memory.dmp

memory/116-894-0x0000000006C80000-0x0000000006CEA000-memory.dmp

memory/116-895-0x0000000006CF0000-0x0000000007044000-memory.dmp

memory/116-896-0x0000000007050000-0x000000000709C000-memory.dmp

memory/116-900-0x0000000007120000-0x000000000715C000-memory.dmp

memory/116-901-0x00000000070E0000-0x0000000007101000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\fa0936b92ec1487f803f8e5dd322bc3e

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\2c37aa48360a465a8eff2767f0f539be

MD5 4874ac24428a22889392db317c1d01eb
SHA1 ca31226baea5697df077423fd5e9c8d3d6d7e91a
SHA256 ce0787b06c812fe43a12a089e2fc607358995c9901d10c3f98bcf49cb44a6ca2
SHA512 883ada5076c82d04acb067cc51f14a7e23f22f0ceede394741acbc48e1c1800ed3a96bbde42cbb5a2b1f4bb3fedf61df4fe072ce5b5747342fcbe712b99fe8ec

memory/116-916-0x00000000071B0000-0x00000000071BA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 808c476d550514c5c1b81200c3335a41
SHA1 cef2ae526872245e07a58c121aee61211eee8c85
SHA256 dbb78162b5843e0f25ea5eb33f2a35a30c2090f44f05b16be7cef7b848e72389
SHA512 5cba3cdd6d1a2292b87bfa0272a80370c5efd669d17efe0242ee968aa38427c56af9fbc62e9ba63471de11c1051ea51e3ccd5f2b042e1231efb88420039ac4f4

C:\Users\Admin\Desktop\Blank-Grabber-main\.github\workflows\image.png

MD5 f8262f15edbf09c8c1468a044721f58f
SHA1 1746570cee010eec6e647091bf5fa0e6a73d827c
SHA256 82de6192b19aa090d932997b3e243fee5c2351181b282e238aebd505833fdd03
SHA512 b148f152706a1d87508d22631c0555d665328be6c4320bb97cc0700b16327e034c963c72a1b6c8babe66493eab687534cef63bfb9d0fdd74a1653ad2afeff2e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b62e23c3e2a44f2d7ccbb52f12245ff6
SHA1 4f9a7ade895b8180736cf0421e4ab47e26e3e85a
SHA256 4a4e9c18085f51586a42275e9166ce0deaa48113cebdafed95981d592aaf1fb7
SHA512 9443fa87e372423443bc00c197374600da182a22c3d129d7b1aace432d54db2c9a06e7b79ff464f09aa6add0182c589593271823f35b048fa6e01c1cd6aaaa0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 192429c58c9e23999b6de9a5cd465de5
SHA1 331937d20c4425700774ea5e91ccc926b213ff23
SHA256 de087b774d9894c36035db401b4aa2c6475e2133de20e7c314e462d4da9bc7b8
SHA512 691d0f077e68e98328487c823c3e3a37863b527f9c6d4da2485b305c21e0b6c4aa5ccd99d262c40c0a02d37f297a3a2c94f49ba243e79995e5e78f3b9c83cbc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8c9d78b75eaf7eb56b0b8689fdfb1fa1
SHA1 72e160fbd24afe99e7b8f1327edc687221a57083
SHA256 bf3900bd57d8ab3690fbfd718984dbef440273817af976d1fda288fbd0651cea
SHA512 fe25a81727751718edcea174a4012d208ebcac4ff84ec715ea6c8590ef9af3f5131593457ffcce461bb6a6fca01977626c5052c7ebff9a0ba7b20369023128f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 536e92d976baa62749ca239f0fa998d5
SHA1 125546444c540f28ed1f1bfabbcb226059ff882e
SHA256 8ba73676f15ccb4020438ad23d50dd41ef2cb736e20e5d0014822b10f04c93bf
SHA512 8ac307cf6f18a4a0e9557bba364c1845ac08eb81ecb20d3face89056c31cb8460fc0d38586e2cb30a9e64c187ac8929692f07cf543f209b5af0917e5dc45559d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2f904faab9bdc8bad111754fbf02a0c
SHA1 18e0b7795cff273be557064b5e85fc10e8c3475d
SHA256 02ccb30b9c8b26ae4677fab88f8bf5c8db00369913eab7913af23ff228cd1b43
SHA512 0f1892a9139547476e170ff41b665ace297f5d9bd90159bb0fa83e95f954e8ed3ac83a49a8244227cf8d775eaed8ca0089abbf5331b7ca99f13e0020a2a06da6

memory/116-1344-0x0000000005200000-0x0000000005210000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9757d76f65a62f4783710d4160d93b1
SHA1 5ec0341caf199e515be151edfc9c534d85030e28
SHA256 5080143f1b952e59ca5632f8569cf6f3ba0e4c2a1ca2449e3e5423e3e344880a
SHA512 c8963b9f208cfd9530c9bd2cd045aeea3366cc3cf91018363d06fbd99c06929f56331994edb68a25c0be176267530ff4a276ad769a9375fedebc4d3de07ddb49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b24eac893809ad6b7d34defede6f5ccd
SHA1 55e6b701e5753c7de1c328e5eb3fa14c8998db78
SHA256 bf290285fe9def1d6453084c888b79465cd996fa577688927fba191c5c47034c
SHA512 74d6cdbd61333c92a55f220bb06a19371c8e4c66bf240aade440ba9857c0d9b448c00161e791173c4e58529c62eec07c54264c91a117915917455a0daa6a5955

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bc83d4929a589315a6493ec5cb368c0a
SHA1 c7c800ad75f47d744ec17f94f88a3f331b36bf2d
SHA256 e041a993f024fc654d79fa98abc6f5e181a5b415840e7c550a8c423c8fbcc61b
SHA512 eedc61eb124aaecfd18e95f57f972ff4f786795cb9278b8c8d3c8f4787cfb3c76831891b06b534f6d668d9dede959671f7f24858e5d6d05c75291f7bf413a5ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b96ed5d86dd7ef26a6fdde97e86394a7
SHA1 a467d4fbc61776c46106a21c6771a3bfe33ec4bc
SHA256 f31a60febd1e63621cf650f6d4c988e73da938f92daa848f03e3e303d93689e8
SHA512 cca85bd623eb75ae8cc8eb07bee8991de4c02a1811f93ec8bd495a705cdc308060c067daaa107c6005f4cac4a315d60d838ab3a0765a4ab976922df5e297f9db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9880863293173360062bb0647908f3f7
SHA1 b438d5025dbcbf0e04099f9452a846312af6a13d
SHA256 6e76b0a3f670e247e226ce80b61162b3915536f1e9836008ce05b5f3d97362e0
SHA512 4d5b9eddb0378f97b53b4e4c27e9eb2c01a95cfe5519968385db0207d267522ca5607a805fec3ef99df8311d3d1f2a39cb4f1db9bbf4ff84cbb6be4f34fbe3f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 ecb90e64f3242c5444569e4bfe843760
SHA1 67a8cbeb0fbb6f5b6be405fcca093c5446c60e27
SHA256 0bb052601590b84252c905a9bbc2c5a49512e943917295b97e773533898e0d9e
SHA512 d247694d17194a3f9ed8b8c0b53eda155991627f1b5bf30e99d9865537a504f3e1cdd909db5f6d6081207d003224818afc433798731871a389549520837b65c0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

MD5 302450586f7ed1fe16145883c99d8518
SHA1 c958a3243fd8d126aee19f4ea5f85b7467539ffa
SHA256 d7e6632c116ebf92487a81ce9e316d9f4208673933773188deb654c724897ae5
SHA512 152131e4424928da98d097babc7edb3fe73edb193738ece90efc4737f433671920076afb4e9f325a91e42ae69954afa4f48bc9b504d6d952e3b7f7410a0074b2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 f5a94d23a1dfd3499adf0f8ccbe8ecc5
SHA1 bdb19bb2615dbe55176589df57597f8ccf20abf0
SHA256 6d10292b15b9298bc9fa335f49515213eb0d4a1037c74515f669a9a210578e8e
SHA512 03f8fe8502c11fa04a068dd6209122bffc58b7a7c95de960be927016257a72d2935250e47580b9c7b4e0ac141f24e512f31992d330bf558dce1e2153d7fc5deb

C:\Users\Admin\Downloads\python-3.12.2-amd64.exe

MD5 1d440be741ebbf5f725e1a1f406df2e7
SHA1 53fbb917e0626bfde069a201f1c766cb6022f267
SHA256 c25e0629ae19d32a2db8062f69456bfe0f28169f9e3d1d066b793f1e257dd98e
SHA512 577ba019852728c0e72321465f40f3e81e45bc4a36288d0b799b632a76e9358679e3cda39e73541720b6c72f019bf78fc9d334afa1a9a22b8d0294ef9f0ddce7

C:\Users\Admin\Downloads\python-3.12.2-amd64.exe

MD5 44abfae489d87cc005d50a9267b5d58d
SHA1 af778548383c17cb154530f1c06344c9cced9272
SHA256 b9314802f9efbf0f20a8e2cb4cacc4d5cfb0110dac2818d94e770e1ba5137c65
SHA512 e955f0bee350cd8f7e4da6a8e8f02db40e477b7465a77c8ecab46a54338c0a9d8acf3d22d524af2c45c25685df2468970ea1b70b83321c7f8e3fae230f3c7f16

C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe

MD5 ab21a1bea9e3eaab64a2c062ab613221
SHA1 310b1f7921af8edf125eacba71944b6e5356acdf
SHA256 1474dbd6a33da8f2f0b50007ba48f0c1ddb3e0e6f8c969722eed1e683a9af68a
SHA512 b39b5a24bb7b2d3ead8aed284452c94280398a9e4855f17a8e3593fe718e9b3573e88b15f1dd4659030827e754b17e7f918ba24803e4d522ad9601167fb70df4

C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\.ba\PythonBA.dll

MD5 8294dc8850dd596d0ce8455167496832
SHA1 5c75c685c95bee8c1a39187da8af46b6c7892757
SHA256 565f03893da383e5bec8c6eaa7c8fbb3e6db0b9bddd5a1399b0dec66fa44d64d
SHA512 21015ca201b64e3316f3d1ee32e4c562d0142111c1ed576f03aa078619fe656c56848b5998313af23aabb97293c5452be0e27d5c44878be5d90ac2d2d2f05851

C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\.ba\SideBar.png

MD5 888eb713a0095756252058c9727e088a
SHA1 c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA256 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA512 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\pip_JustForMe

MD5 083842cfa5cb8331820b45599cb883ef
SHA1 2858179692c35368251f72894a8612db25fecc74
SHA256 cfe1f73cd965e2cf1bcb94143fd87b7a6cb0d315977cab1da3002f5029948b98
SHA512 e3325c99fc05280dc05d2d458ee942aa406b13b95993d2415817ab3c55752cb66a8d1613514382b092eb55c08c2319b57dd261120db525253398b7a456091229

C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe

MD5 cedd6738fae24edddfff69b10e4f46dd
SHA1 97538a7df13e0354a5eaccee7057192d10466a9f
SHA256 f0d5c603ff7d87412f5a1e45e8ab7bd95d6f40bb90fd107125964421d7f06233
SHA512 0c75c2d1263eeb6ed638d49b1cf3c3004353fff8452ed7288a8853133dc2ad32fe913cc7020b864aaf362b5b29be55e4ec0b38ef978a811c6462552c8cf32e1b

C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe

MD5 edcbe1500d9c8cef819eda7f46f5b103
SHA1 402d32a0b9049a7dfc6f106b101832fa4c3624dc
SHA256 af7b6e1b27c6ee7a2e40b947fda039ad26827ac12ed4d0ffa80a6576f5b5fb8b
SHA512 01ed6f251e0dbaa7e52e6f995b85e22a70fcec8b0eb65e6a1022c4017306775f4298f9e9c90702bf42324491f32ccffdbbc80efdee3ad158515f82d5e4a0aab6

C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe

MD5 5fc6e030f31d0aae7b95068bf17a72fc
SHA1 1daa17c033f29c122c76409dd5636716351bf7a2
SHA256 02cc5a3a1d6c54390d68ee97f6c08c2a061a457780e48919c29462ef95a92b09
SHA512 0fc29106e0263815ee7418a32d8f52c258d0a1378fc6b5e59b68ccef2fa34e2164f4dc9f4b1ba0232497f95155d9e71b6571dea4e8e446af1faf11d194bb94ec

C:\Users\Admin\AppData\Local\Temp\Python 3.12.2 (64-bit)_20240315121822_000_core_JustForMe.log

MD5 2e170da609f3e728eabc13d8855dbf6f
SHA1 aa22310330c683fd34f95fd19e8c1ea560230c06
SHA256 b0a0c3e0effc7d931ed89f8390764a0ac530826e752d1cee74dd5130149ab353
SHA512 116d9a8f78f0a69bd8da4312d8c81bd320dadeb5a5d959dba4a63c1caa6737c73f9e8a8129b307bce33cceff2533bb918a72eb30a6bf6c4eec93a7e817345f61

C:\Users\Admin\AppData\Local\Package Cache\{4534F2ED-1616-434D-98A6-0DA358DCD466}v3.12.2150.0\core.msi

MD5 1c1df711824f2575637d68f9e79f0467
SHA1 28de3cc8ad3d32739a4eb9d93106c18f028aaedd
SHA256 e747ceb205400dcdd45cbedc372f9c3cacdd158277e4d27ae1b95d223e323918
SHA512 7a9d7d1f5823c36504e645562117cd494f8de79b5c0724326b6cbee7add3c617c7ba1a1a69012646840071ccbc29e8b3ed518875cce8466fb7208fd272de87c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509

MD5 d72cdac6ca4e66507bde51538b74a52a
SHA1 b6d2483b954e8be16d50b3ba6d6fcb97c44c5598
SHA256 79ddb5522da33b37eb73e62da7cc5df70f59321252c770f60f89c5369436df9f
SHA512 195a078f6a7c68ababbd3453b7a8fc4597e2f2af9889fdc6417297d2a8580b59f60a612cc8684e0302e7d51c2e775152d4c406e70248b2adb627862548a8f810

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509

MD5 db34f3aa6a9090eb1a4142b0834978ca
SHA1 00b8792e5bdfc2f838666a53798e10523dd94dc1
SHA256 a46a407c05857bca19d6b4b752fab3aa8d7867913fe79091ed4a3914fde28519
SHA512 4e8f11885ab69af6d574a9f70ba08947810b1b3226796739b5ae766321ea1a37da2798b56cf6386bd4c5cc1e1f24b88bfa727002ec0575a5c6a00d98df9a2495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 7bf3c086147542fbe29b478d9e9290ae
SHA1 c0b4d97e034c77bc38ab515bb0c2f9c8799b7b8f
SHA256 f97c9d2eb3c47d04ff22be0a1d74279cbd436200fb5678d1fd84e30faf143825
SHA512 1af4a1e322a26a2bd7af4c02cfcc517a098757d45700e8c7fe577dda133bdf2d8e3810a1acb0561d7c9378507ffb3e1a7abefc63214e519b8039b6a10a661d8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 5ac9ce44b194bc342b9bfe73011a7e15
SHA1 79211b7672073747139e4ec0265a3bfaa9f901c7
SHA256 c84380497eaff982b1dc50031110ed1aa99ca031a5a7c5e0075472e77b93c5d6
SHA512 23c4d11fa63ff7024c768dbc0854cf8ac086d99c0f896e7a638890bed6a1d9acbbd6f410ab81f3d89cf334ca37ea6807c6f59e5b9fdd3c6cb161b9df9ce815dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 656018322dd4a0a1d0d45d6e1afd9aa8
SHA1 50c52d392a825057aaa8cdf7487767983dc4049d
SHA256 59b0d523749dff91a8eb4424146519ec4421b3740c253dbb04c04500d1c39087
SHA512 876ccc4d2fc518b2e85270d455817f57abcc8adb7897aa1f219c751d996379062ac9a4c2284b0aa15ced977a638441447db5b2d97ec6a41b9b7c601535f95de3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 b4cddbe9d521009dbec38052d58bd9e0
SHA1 f3f4d9e70404b213a4f15098939012899023ebb7
SHA256 f39a7b99fa9372213b0832c59d313e22d496a8851f425a355008b92b0457b4f2
SHA512 ac6d38ff889bdd9e4fd4a02f04a90ca20c53f8cc09a2d46ca52bf7f21a167df2261f4d1fba044c5e78731c0d401faeaf0e3c54c3973a17885a8b6c420a0b4bfc

C:\Config.Msi\e596ac9.rbs

MD5 a857af959669d8f8ddd6249c429f24b2
SHA1 f38485c112c85ffe7b7966e207085dc3253b8a37
SHA256 6d74eb30a618110bad287bbf78c41b127c4e30e8afff70f525af258279d36382
SHA512 61f411a70477838da6cd267afed8219b85b845eab387f424a7b4456e194b1da00e6a8d4e907c7a1fd228170bd698d999ada40db392eb35c0cd0a5b2ceb88c17a

C:\Config.Msi\e596ace.rbs

MD5 5e80a06166c0f5ebee6783dca1d0529a
SHA1 613461c8f7e51a4589bc8b58fddbf66ff08950b4
SHA256 70c63f1e55c726537bcda18f4df5dd115e1e38360d61749d3c8192aa689a8a6e
SHA512 c356aa30ad626154a67d5bfcb5fa0ae53c9d623742db71bc7a80580756b44828420a351ee37f2d67d6278d8a6ddead430a1e61ed2b80dd905fbcf4cc45632fbe

C:\Config.Msi\e596ad3.rbs

MD5 21fa620b3858611fdac5e4e708517150
SHA1 d0eb249c0f75b74533ca2c72a49b48892983c0a9
SHA256 1d9842850d781a83c3f6d815f767ccf04352339658fd36b970653c3f9fb3ffb6
SHA512 9d6260226a0ba6438e474490db6ab97c3ebefc78bf3ce23b1f1b9102a879b93eaee52db41c3192863aa724ceb6167116c9b1be2d8964dd9a26cfa8bdbc74f7ff

C:\Config.Msi\e596ad8.rbs

MD5 e4fb671fd1622335911e946e50b1725e
SHA1 1dc28032ac7d9f4a549f452ce7acd1f35f5f5532
SHA256 414248788fb3665b9fe5dbcfd5bc19188784685589bc087c2cab2e8522dd693d
SHA512 d0f65a3ceaee0c44859ec3ea598d1b933a766bfc5c543851027752f905c34421d3fb5548ecff9cca0bf6190836125ed322f6e1e56825406c9b7c80216aa49cde