Analysis Overview
SHA256
bb3d8ba65f4589ea9072d6b26ff12145c38d66c9e6cbd2743d2f66cb735d4f2a
Threat Level: Known bad
The file checkers.exe was found to be: Known bad.
Malicious Activity Summary
Gozi
Downloads MZ/PE file
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Looks up external IP address via web service
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Modifies Internet Explorer settings
NTFS ADS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Suspicious use of UnmapMainImage
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-15 12:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-15 12:15
Reported
2024-03-15 12:18
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Gozi
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\checkers.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\python-3.12.2-amd64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\checkers.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{b6178a40-1665-4565-b73e-48dd6e039a65} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{b6178a40-1665-4565-b73e-48dd6e039a65}\\python-3.12.2-amd64.exe\" /burn.runonce" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | checkip.amazonaws.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6C6C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e596acb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6DE4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e596ac6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e596acb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e596ac6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{4534F2ED-1616-434D-98A6-0DA358DCD466} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e596aca.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\Explorer.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\LogicalViewMode = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{9D42636A-C8F9-4B10-9565-35DBD8B8938D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\DisplayName = "Python 3.12.2 (64-bit)" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466} | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874385" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Version = "3.12.2150.0" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command\DelegateExecute = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 3a002e8005398e082303024b98265d99428e115f260001002600efbe11000000db89bb4ac668da01bd41d89cd276da01c2afe09cd276da0114000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7a003200145f13006f581d622000424c414e4b2d7e312e5a495000005e0009000400efbe6f581c626f581d622e000000000000000000000000000000000000000000000000002f6a0d0142006c0061006e006b002d0047007200610062006200650072002d006d00610069006e002e007a006900700000001c000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874369" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\DisplayName = "Python 3.12.2 Executables (64-bit)" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Mode = "4" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:PID = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Rev = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12 | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\ms-settings\shell\open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\japanpear4332125.vbs" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents\{b6178a40-1665-4565-b73e-48dd6e039a65} | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\ = "{4534F2ED-1616-434D-98A6-0DA358DCD466}" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\Version = "3.12.2150.0" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\IconSize = "16" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\Dependents | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A} | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\DisplayName = "Python 3.12.2 Core Interpreter (64-bit)" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}\ = "{097D2A37-E94B-4FAD-8C89-D63443BD4D4A}" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\CPython-3.12\ = "{b6178a40-1665-4565-b73e-48dd6e039a65}" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Installer\Dependencies\{4534F2ED-1616-434D-98A6-0DA358DCD466}\Version = "3.12.2150.0" | C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 442568.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\checkers.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\checkers.exe | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\checkers.exe
"C:\Users\Admin\AppData\Local\Temp\checkers.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb422746f8,0x7ffb42274708,0x7ffb42274718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs" /f
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /v DelegateExecute /d "0" /f
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C computerdefaults.exe
C:\Windows\SysWOW64\ComputerDefaults.exe
computerdefaults.exe
C:\Windows\SysWOW64\wscript.exe
"wscript.exe" C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C schtasks /Create /SC ONLOGON /TN UpdateFirefoxComponents_phFehpiq08w1HvqzO050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\phFehpiq08w1HvqzO050MX.exe" /RL HIGHEST /IT
C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /SC ONLOGON /TN UpdateFirefoxComponents_phFehpiq08w1HvqzO050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\Windows\Notifications\wpnidm\phFehpiq08w1HvqzO050MX.exe" /RL HIGHEST /IT
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe
"C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe" explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6896 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,11350824123451609766,15410456701314587959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:8
C:\Users\Admin\Downloads\python-3.12.2-amd64.exe
"C:\Users\Admin\Downloads\python-3.12.2-amd64.exe"
C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe
"C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.2-amd64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=556
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | textpubshiers.top | udp |
| US | 188.114.96.2:443 | textpubshiers.top | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| GB | 92.123.128.157:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 157.128.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| GB | 92.123.128.168:443 | r.bing.com | tcp |
| GB | 92.123.128.168:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | arc.srv.lan | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| US | 8.8.8.8:53 | 200.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.python.org | udp |
| GB | 151.101.60.223:443 | www.python.org | tcp |
| GB | 151.101.60.223:443 | www.python.org | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 223.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | media.ethicalads.io | udp |
| US | 172.67.71.230:443 | media.ethicalads.io | tcp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | console.python.org | udp |
| US | 167.99.21.118:443 | console.python.org | tcp |
| US | 8.8.8.8:53 | 2p66nmmycsj3.statuspage.io | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| GB | 18.165.160.69:443 | 2p66nmmycsj3.statuspage.io | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 74.125.206.157:443 | stats.g.doubleclick.net | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 118.21.99.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s3.dualstack.us-east-2.amazonaws.com | udp |
| US | 52.219.110.121:443 | s3.dualstack.us-east-2.amazonaws.com | tcp |
| US | 52.219.110.121:443 | s3.dualstack.us-east-2.amazonaws.com | tcp |
| US | 52.219.110.121:443 | s3.dualstack.us-east-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.110.219.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 172.67.71.230:443 | media.ethicalads.io | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | ntp.srv.lan | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 92.123.128.181:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | checkip.amazonaws.com | udp |
| IE | 52.215.63.165:80 | checkip.amazonaws.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 188.114.96.2:443 | textpubshiers.top | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 165.63.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| US | 8.8.8.8:53 | 218.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.138:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 138.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ntp.srv.lan | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge.msiserver.lan | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.msiserver.lan | udp |
| US | 8.8.8.8:53 | 234.17.178.52.in-addr.arpa | udp |
Files
memory/116-0-0x0000000000270000-0x000000000027C000-memory.dmp
memory/116-1-0x0000000005160000-0x000000000517A000-memory.dmp
memory/116-2-0x0000000074420000-0x0000000074BD0000-memory.dmp
memory/116-3-0x0000000005200000-0x0000000005210000-memory.dmp
memory/116-4-0x0000000005150000-0x000000000515A000-memory.dmp
memory/116-5-0x00000000052B0000-0x0000000005342000-memory.dmp
memory/116-6-0x0000000005900000-0x0000000005EA4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1eb86108cb8f5a956fdf48efbd5d06fe |
| SHA1 | 7b2b299f753798e4891df2d9cbf30f94b39ef924 |
| SHA256 | 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40 |
| SHA512 | e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d |
\??\pipe\LOCAL\crashpad_4928_SXISUHQSRXFHZLPB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f35bb0615bb9816f562b83304e456294 |
| SHA1 | 1049e2bd3e1bbb4cea572467d7c4a96648659cb4 |
| SHA256 | 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71 |
| SHA512 | db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6623a0862afcb3c4647689e6ace1e35 |
| SHA1 | 8d2b7dd069fc66c28de0713988990416c108ff2b |
| SHA256 | 44a18c2d1887ff02a12e0d8a682161f76e570d9809fa39fb3c970caf12c4ae2d |
| SHA512 | e5a2ed10bc1abc16253f37e0bc55a07ca79bda5b34c4b992190056c8d5529c20108d192dc0358cd932e28935edf258d0ac730d283a257b250e065e18c5f9e4d5 |
C:\Users\Admin\AppData\Local\Temp\japanpear4332125.vbs
| MD5 | a34267102c21aff46aecc85598924544 |
| SHA1 | 77268af47c6a4b9c6be7f7487b2c9b233d49d435 |
| SHA256 | eba7ab5c248e46dbe70470b41ebf25a378b4eff9ce632adff927ac1f95583d44 |
| SHA512 | 5d320312b93b46c9051a20c82d6405a3f2c78b23adb3ab3e71aad854b65b500937de7ca2986cf79967386d689beecccf676d89afde8ecc5d5ad0cb4ae2bf38a3 |
memory/116-41-0x000000000AF20000-0x000000000BB20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ada11c2ed71a6b8e5230f0a87e8e0841 |
| SHA1 | 36197961b7e388a9bfd6f8dc1c4d761f959d21ab |
| SHA256 | dfb01e92fb0f69aa87bbdf2aa1f01633765e3cc7464ca94a4af07f372cf2b9a0 |
| SHA512 | 9c211a64c3eb32d981f7f627fbe076d16b0b5b4f1d17545858b64585748037ec6e998b3c3b5e57c00951266518b5eb8b6d6882707d06eccf22d1aa683f7ea674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a14946c8aa53f132b46e73b0f5bbd4f8 |
| SHA1 | 0cb65a1ec1e3ab8165412ec3c9dce71d39cae88c |
| SHA256 | 1405a0bb0d6f0efbe6712efe0a1a4457447ae573dc8416d723cd5f30b061031d |
| SHA512 | 95d2cdd3c1f139e7ef9ffb21aef238c16005e75d6a534707ea89f8af5320074f7d0ac7a2146ac4c6b1b74d3523b4c9bfd30af037b36db9649328f9ab3a48114f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/116-258-0x0000000011CB0000-0x0000000012952000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\40BD99E3E2E3C109881E4ECA2DEDC617\32\sqlite.interop.dll
| MD5 | 6f2fdecc48e7d72ca1eb7f17a97e59ad |
| SHA1 | fcbc8c4403e5c8194ee69158d7e70ee7dbd4c056 |
| SHA256 | 70e48ef5c14766f3601c97451b47859fddcbe7f237e1c5200cea8e7a7609d809 |
| SHA512 | fea98a3d6fff1497551dc6583dd92798dcac764070a350fd381e856105a6411c94effd4b189b7a32608ff610422b8dbd6d93393c5da99ee66d4569d45191dc8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | b582b2eca79a750948dbb3777aeaaadb |
| SHA1 | bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f |
| SHA256 | 04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82 |
| SHA512 | 35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 33411bb179575dfc40cc62c61899664f |
| SHA1 | d03c06d5893d632e1a7f826a6ffd9768ba885e11 |
| SHA256 | 274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f |
| SHA512 | dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7 |
C:\Users\Admin\AppData\Local\Temp\0uvnpevc.exe
| MD5 | e898826598a138f86f2aa80c0830707a |
| SHA1 | 1e912a5671f7786cc077f83146a0484e5a78729c |
| SHA256 | df443ccf551470b3f9f7d92faf51b3b85ae206dd08da3b6390ce9a6039b7253a |
| SHA512 | 6827068b8580822ded1fb8447bdb038d0e00633f5ef7f480a8cdeaab6928ac23022a0b7a925058e0926ce9b41a6c8c22a5692e074621b2fccdb7edd29a0d4cfb |
memory/3472-314-0x0000000001080000-0x0000000001088000-memory.dmp
memory/3472-315-0x0000000002E10000-0x0000000002E11000-memory.dmp
memory/3472-316-0x0000000001080000-0x0000000001088000-memory.dmp
memory/3472-318-0x0000000001080000-0x0000000001088000-memory.dmp
memory/3472-319-0x0000000001080000-0x0000000001088000-memory.dmp
memory/116-325-0x0000000007B70000-0x0000000007B82000-memory.dmp
memory/116-326-0x0000000074420000-0x0000000074BD0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bb41bc47146b6ba53e0cf37eac94d45 |
| SHA1 | 77c84b2ed752afd2b177857db51e8134ebdc7709 |
| SHA256 | 9535ff7d462948dc9a75016712be423cf4126e0442c55c054b3a752af9750ede |
| SHA512 | 209a93a93bfa8f6aec26474b5d335a940f5ceefdba47bfbf9c0e43405ee173815312842436ecb62379fe2c0c60b61cdb49da469686931a004a3336494c605d6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c7e86b73a7dc9fe58e5cb5b95dee653 |
| SHA1 | ddd2bd5fd249d8f2c42cfe82c6ba7b4771035b0b |
| SHA256 | a2d1d24f97020fdf8cedf9604da1b70d0d46677478d0a87d695a9ba954ce96d0 |
| SHA512 | 35b4050a67f8707dea1c29839e5ba32ea069ff080ffc56c8d54084ae9f298beba89d71b09e7ae2168d1a0735e3c2edeae2c1a71c13c82b72bc59e0da576ec823 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b1fa.TMP
| MD5 | f934e50985cec7c32420cdb744770225 |
| SHA1 | f216bdef787b28c9cbf9fbe87563d5eea24bd032 |
| SHA256 | ec23bb932794f5145db8a4a47b03422f6c25f2f84408ed5ce4339b5b10ee7896 |
| SHA512 | 8e4316253717330de50438bc84d2ce9f74e8cc569f9ff0274e98bea52ead8d3305a73007529a0f27bb374655f07bae9d4e32664ac356fd114b34ed819bd8e8f8 |
memory/116-349-0x0000000005200000-0x0000000005210000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8455ac77c61d5bc7f20d53807dc55479 |
| SHA1 | 5d1906724d21115895ff3dd1e7eaa344fe62775c |
| SHA256 | 0bf516cab8bea7bdc91cd467e5c1f58f9dd6d1865449ca0492512158338ef9c5 |
| SHA512 | 69fdbf36e6acbc50499e090d3dc66e04dbb52e652578afd579f2c35f8ee81b5e6a07cd2951228701b78e26e80e5dbe30560c6936e888eddd45250d827a950b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1becae4caf8c37c9c6f53b99328c96c4 |
| SHA1 | df8d36960a26be7bde00a0d8817454f45247a3f6 |
| SHA256 | 4d39b3d5a242469340cbb4a69b5873ec9bfa299bb5436803030df789c1964e69 |
| SHA512 | 97bba459997c64cfd2179aa07e65e5ef6ca638d833685c309c3d0c3702f12f6f720df526d19e8849ac936c6190f4f1f6229dd35e97ecd22ff712ab23a9e83d75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 88a552e6be1ac3978c49143983276b3a |
| SHA1 | dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423 |
| SHA256 | 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5 |
| SHA512 | 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | d123640e4489ba9b9e03078e2fdc4aa1 |
| SHA1 | 416dfe8c6f45deb1b797a18062e8c8dc9b83b7f4 |
| SHA256 | 9973ad4815ac7c73d9108fa2b6de0c7122af623fb89d423e831a56b9a55b23ff |
| SHA512 | f3f0ef5d092ae8d2ffdd9d4a43a2284352bc8a25d4c9cc62adf812a525060d8727e231569afef71c1801926743ea84efd54877173a027870d0fd46cf904249a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 24a16440d5b663d0d87263e812e3fd90 |
| SHA1 | 0ffec5a540218892b440703dfbf04bf1252def68 |
| SHA256 | c3af8b6de514fe12fef4987e8a1a9c6294ea0ebf46d0537bf02d18595abbe799 |
| SHA512 | 9845ca0adcbdf6e77a021073f5f01c6b0ecc0593d2c7e13d58b7717368d466d69f74c51934c77f21aaaf0704815fdefdf285748aa3e17441b700ba092a6df9cc |
memory/116-504-0x0000000008620000-0x0000000008686000-memory.dmp
memory/116-711-0x0000000008750000-0x000000000875A000-memory.dmp
memory/116-712-0x0000000005200000-0x0000000005210000-memory.dmp
memory/116-713-0x00000000086B0000-0x00000000086BA000-memory.dmp
memory/116-714-0x0000000008690000-0x000000000869C000-memory.dmp
memory/116-715-0x00000000086F0000-0x00000000086F8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Gongle\a9JZS5AM91\on1px6pk.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
| MD5 | 6e4c15aa7a4d20e163e0c3f3fee7944a |
| SHA1 | fddb968c80d118c306a7d64cd4837db139f4467a |
| SHA256 | ff6a1f78d407d487386f3484c2985d62302ca7437f96fa92ae07b5a2c2c848ee |
| SHA512 | b59c1fe583a77aa60171928af5092e57cf4cb77b3b145b814f26d8bba8dd6a726a51b15df78f6698bd8dda9adf1b2e17d958f9c63e1906d2285d27e8c415f705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a1d7c0a1-5df4-416b-b45a-bfa83f51bd49.tmp
| MD5 | 50e629b99b4e62cbb8dd336d9eddc4f9 |
| SHA1 | a35c9923ae173b8150400554228cea3876444b63 |
| SHA256 | 9f1d22f3ccccc6f7c40489f51ef7104c75009705ece3b799079dd3612d30472f |
| SHA512 | 6e8ab4b83c30784798ff3b8b062b2681d1242a18e5baa220cdfc90ede67d840cae4a50580b63cc37d37cdb22c90f2644ff566a2c9701fdabed994c5d28f5e162 |
C:\Users\Admin\Downloads\Unconfirmed 494202.crdownload
| MD5 | cf1622e33a46b0a9b7f88d0f031d679c |
| SHA1 | 6af28cb842e880d2121cc6f1ea9176c07d852bef |
| SHA256 | 1072efad667d604f609fd850a13e54507e23b5ad33b836436267144a4cbd28e2 |
| SHA512 | d5768cab8a7c44f569dd9abbade6eb0a4cdce530e62e3b59ae19ddc7cab6782f2015c0b231568c9945c9fcb9e28ac8f7c4488d390416173c30a292f3e8b6dc57 |
C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\LOG
| MD5 | 8e063d07fc7a5914582586450af5c99d |
| SHA1 | 23ec3f519037c31bd7200354342722f5f10b4386 |
| SHA256 | f10fd103f787358904added427e02cd5f36d6034607d3d957e2881fc19abf788 |
| SHA512 | b0657dba2da989817bafa3340cc5ff6c9a8268e5caf57d1ce567ca95c0933d2a0c4f835a6f32061553523c93b30f93bff5210aa3aab89630e42391299949e64f |
C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\LOG.old
| MD5 | b3697e44ce9e8c25147c68be0b5bdd1b |
| SHA1 | fc1c76870339494466901f7c0b59d28ea4405efd |
| SHA256 | 503fbc7cac1bba50e9f746a76451445d3e8002ba2cbf2b946a9b185728222309 |
| SHA512 | c48f1f2d8bf9f71b317a8139d56ea790c45a035e95354bb7964745af317628947d8fcc1f5991716117d16b2dbcf27e1be0e7df722f083bd24ef7d1ea6d2c8b4c |
C:\Users\Admin\AppData\Roaming\Gongle\a8VZCGVPLX\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b708a72719beed3ef3fe7a34a655b2e |
| SHA1 | a2e82a555dbb22ddb1a8e93b27811b83e4862813 |
| SHA256 | 7051bbc9e8cffa6c7eccaa6fb238cc541cb96cfe4a582cbb91cd162b835338c9 |
| SHA512 | 8b1b1196e6819d0174c8640c846534665ef83f37550935519074e72f30f12b03da1fc76b535e62a2012e0fbbcc11be3eca35403872ffaeb1a38cb6809520e3c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 1b5cf6b0057b444c1ea9b1ec96602a16 |
| SHA1 | aa81c95d8c24f71fff7636c428e9b7bf49b5959b |
| SHA256 | e8d344b80fef24f7b656bb02ff16b1daf50ca5feabb0441e5e8fb5cc97e145c9 |
| SHA512 | aeff6d5dbd9b9e039b4aad3ac54908347fba047af963cb417232ca40639cba173070bb72ad8d9dc66611481e7f542e487333717c20c0efc992337499ac55231c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 1ba804b44649a6eaf18ab35e542c21fe |
| SHA1 | 2b015afa81389653eb54230d6b6ec1614a8704c7 |
| SHA256 | 54445f6dcfe85468ff4acc7985566d596c74900b8a89ab4bee3536430bba92e1 |
| SHA512 | d7c5e2cdb43942b0689703ea4e83c7dbe47723f4543048beb580846ccfec33d2d0ec207f0d03475dde63839acd57802ca8e3689545b38a2bd24d0deb384f3c60 |
C:\Users\Admin\AppData\Roaming\Gongle\aS7XPSJFHE\LOG.old
| MD5 | fef6883012ecec324b2c7c407ee62a48 |
| SHA1 | e21dae8f7b1194e4bb93b97a65f985c953362be4 |
| SHA256 | 5ce48668353e40aadfb584c66cb38fcaaf987ecf31456638e28abbb6184a253b |
| SHA512 | 935155363d4d04b0d7f7200bc172c7f4d7211447f6e7c266dd854c48cb0a536e9d6b41fe0b5dd1ac60ddb522def4440c79d19a474f10d0339e60f4f3a2f8cae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01da76b4dd7d74dcb3a0966da34a89db |
| SHA1 | 7f16b4d7db099e94bc0dbdc9caa973c655be69e7 |
| SHA256 | 56c8194efabec7bae6563a4ea1789a9c83f6727047883423645bd5f008b75c57 |
| SHA512 | 48e53d7cd1c1bf97011a81e0bfdc03bec651e418b644ef5fa447667c01e46aa12d157dfb01d8a13e2418086c845cb8ad3380aff4e01c6fed13ae8b09e2422fad |
memory/116-889-0x00000000069A0000-0x0000000006A52000-memory.dmp
memory/116-890-0x0000000006AB0000-0x0000000006AD2000-memory.dmp
memory/116-891-0x0000000006B60000-0x0000000006BD6000-memory.dmp
memory/116-892-0x0000000006B20000-0x0000000006B3E000-memory.dmp
memory/116-893-0x0000000006C30000-0x0000000006C80000-memory.dmp
memory/116-894-0x0000000006C80000-0x0000000006CEA000-memory.dmp
memory/116-895-0x0000000006CF0000-0x0000000007044000-memory.dmp
memory/116-896-0x0000000007050000-0x000000000709C000-memory.dmp
memory/116-900-0x0000000007120000-0x000000000715C000-memory.dmp
memory/116-901-0x00000000070E0000-0x0000000007101000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fa0936b92ec1487f803f8e5dd322bc3e
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\2c37aa48360a465a8eff2767f0f539be
| MD5 | 4874ac24428a22889392db317c1d01eb |
| SHA1 | ca31226baea5697df077423fd5e9c8d3d6d7e91a |
| SHA256 | ce0787b06c812fe43a12a089e2fc607358995c9901d10c3f98bcf49cb44a6ca2 |
| SHA512 | 883ada5076c82d04acb067cc51f14a7e23f22f0ceede394741acbc48e1c1800ed3a96bbde42cbb5a2b1f4bb3fedf61df4fe072ce5b5747342fcbe712b99fe8ec |
memory/116-916-0x00000000071B0000-0x00000000071BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 808c476d550514c5c1b81200c3335a41 |
| SHA1 | cef2ae526872245e07a58c121aee61211eee8c85 |
| SHA256 | dbb78162b5843e0f25ea5eb33f2a35a30c2090f44f05b16be7cef7b848e72389 |
| SHA512 | 5cba3cdd6d1a2292b87bfa0272a80370c5efd669d17efe0242ee968aa38427c56af9fbc62e9ba63471de11c1051ea51e3ccd5f2b042e1231efb88420039ac4f4 |
C:\Users\Admin\Desktop\Blank-Grabber-main\.github\workflows\image.png
| MD5 | f8262f15edbf09c8c1468a044721f58f |
| SHA1 | 1746570cee010eec6e647091bf5fa0e6a73d827c |
| SHA256 | 82de6192b19aa090d932997b3e243fee5c2351181b282e238aebd505833fdd03 |
| SHA512 | b148f152706a1d87508d22631c0555d665328be6c4320bb97cc0700b16327e034c963c72a1b6c8babe66493eab687534cef63bfb9d0fdd74a1653ad2afeff2e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b62e23c3e2a44f2d7ccbb52f12245ff6 |
| SHA1 | 4f9a7ade895b8180736cf0421e4ab47e26e3e85a |
| SHA256 | 4a4e9c18085f51586a42275e9166ce0deaa48113cebdafed95981d592aaf1fb7 |
| SHA512 | 9443fa87e372423443bc00c197374600da182a22c3d129d7b1aace432d54db2c9a06e7b79ff464f09aa6add0182c589593271823f35b048fa6e01c1cd6aaaa0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 192429c58c9e23999b6de9a5cd465de5 |
| SHA1 | 331937d20c4425700774ea5e91ccc926b213ff23 |
| SHA256 | de087b774d9894c36035db401b4aa2c6475e2133de20e7c314e462d4da9bc7b8 |
| SHA512 | 691d0f077e68e98328487c823c3e3a37863b527f9c6d4da2485b305c21e0b6c4aa5ccd99d262c40c0a02d37f297a3a2c94f49ba243e79995e5e78f3b9c83cbc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8c9d78b75eaf7eb56b0b8689fdfb1fa1 |
| SHA1 | 72e160fbd24afe99e7b8f1327edc687221a57083 |
| SHA256 | bf3900bd57d8ab3690fbfd718984dbef440273817af976d1fda288fbd0651cea |
| SHA512 | fe25a81727751718edcea174a4012d208ebcac4ff84ec715ea6c8590ef9af3f5131593457ffcce461bb6a6fca01977626c5052c7ebff9a0ba7b20369023128f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 536e92d976baa62749ca239f0fa998d5 |
| SHA1 | 125546444c540f28ed1f1bfabbcb226059ff882e |
| SHA256 | 8ba73676f15ccb4020438ad23d50dd41ef2cb736e20e5d0014822b10f04c93bf |
| SHA512 | 8ac307cf6f18a4a0e9557bba364c1845ac08eb81ecb20d3face89056c31cb8460fc0d38586e2cb30a9e64c187ac8929692f07cf543f209b5af0917e5dc45559d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2f904faab9bdc8bad111754fbf02a0c |
| SHA1 | 18e0b7795cff273be557064b5e85fc10e8c3475d |
| SHA256 | 02ccb30b9c8b26ae4677fab88f8bf5c8db00369913eab7913af23ff228cd1b43 |
| SHA512 | 0f1892a9139547476e170ff41b665ace297f5d9bd90159bb0fa83e95f954e8ed3ac83a49a8244227cf8d775eaed8ca0089abbf5331b7ca99f13e0020a2a06da6 |
memory/116-1344-0x0000000005200000-0x0000000005210000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9757d76f65a62f4783710d4160d93b1 |
| SHA1 | 5ec0341caf199e515be151edfc9c534d85030e28 |
| SHA256 | 5080143f1b952e59ca5632f8569cf6f3ba0e4c2a1ca2449e3e5423e3e344880a |
| SHA512 | c8963b9f208cfd9530c9bd2cd045aeea3366cc3cf91018363d06fbd99c06929f56331994edb68a25c0be176267530ff4a276ad769a9375fedebc4d3de07ddb49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b24eac893809ad6b7d34defede6f5ccd |
| SHA1 | 55e6b701e5753c7de1c328e5eb3fa14c8998db78 |
| SHA256 | bf290285fe9def1d6453084c888b79465cd996fa577688927fba191c5c47034c |
| SHA512 | 74d6cdbd61333c92a55f220bb06a19371c8e4c66bf240aade440ba9857c0d9b448c00161e791173c4e58529c62eec07c54264c91a117915917455a0daa6a5955 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc83d4929a589315a6493ec5cb368c0a |
| SHA1 | c7c800ad75f47d744ec17f94f88a3f331b36bf2d |
| SHA256 | e041a993f024fc654d79fa98abc6f5e181a5b415840e7c550a8c423c8fbcc61b |
| SHA512 | eedc61eb124aaecfd18e95f57f972ff4f786795cb9278b8c8d3c8f4787cfb3c76831891b06b534f6d668d9dede959671f7f24858e5d6d05c75291f7bf413a5ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b96ed5d86dd7ef26a6fdde97e86394a7 |
| SHA1 | a467d4fbc61776c46106a21c6771a3bfe33ec4bc |
| SHA256 | f31a60febd1e63621cf650f6d4c988e73da938f92daa848f03e3e303d93689e8 |
| SHA512 | cca85bd623eb75ae8cc8eb07bee8991de4c02a1811f93ec8bd495a705cdc308060c067daaa107c6005f4cac4a315d60d838ab3a0765a4ab976922df5e297f9db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9880863293173360062bb0647908f3f7 |
| SHA1 | b438d5025dbcbf0e04099f9452a846312af6a13d |
| SHA256 | 6e76b0a3f670e247e226ce80b61162b3915536f1e9836008ce05b5f3d97362e0 |
| SHA512 | 4d5b9eddb0378f97b53b4e4c27e9eb2c01a95cfe5519968385db0207d267522ca5607a805fec3ef99df8311d3d1f2a39cb4f1db9bbf4ff84cbb6be4f34fbe3f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | ecb90e64f3242c5444569e4bfe843760 |
| SHA1 | 67a8cbeb0fbb6f5b6be405fcca093c5446c60e27 |
| SHA256 | 0bb052601590b84252c905a9bbc2c5a49512e943917295b97e773533898e0d9e |
| SHA512 | d247694d17194a3f9ed8b8c0b53eda155991627f1b5bf30e99d9865537a504f3e1cdd909db5f6d6081207d003224818afc433798731871a389549520837b65c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
| MD5 | 302450586f7ed1fe16145883c99d8518 |
| SHA1 | c958a3243fd8d126aee19f4ea5f85b7467539ffa |
| SHA256 | d7e6632c116ebf92487a81ce9e316d9f4208673933773188deb654c724897ae5 |
| SHA512 | 152131e4424928da98d097babc7edb3fe73edb193738ece90efc4737f433671920076afb4e9f325a91e42ae69954afa4f48bc9b504d6d952e3b7f7410a0074b2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | f5a94d23a1dfd3499adf0f8ccbe8ecc5 |
| SHA1 | bdb19bb2615dbe55176589df57597f8ccf20abf0 |
| SHA256 | 6d10292b15b9298bc9fa335f49515213eb0d4a1037c74515f669a9a210578e8e |
| SHA512 | 03f8fe8502c11fa04a068dd6209122bffc58b7a7c95de960be927016257a72d2935250e47580b9c7b4e0ac141f24e512f31992d330bf558dce1e2153d7fc5deb |
C:\Users\Admin\Downloads\python-3.12.2-amd64.exe
| MD5 | 1d440be741ebbf5f725e1a1f406df2e7 |
| SHA1 | 53fbb917e0626bfde069a201f1c766cb6022f267 |
| SHA256 | c25e0629ae19d32a2db8062f69456bfe0f28169f9e3d1d066b793f1e257dd98e |
| SHA512 | 577ba019852728c0e72321465f40f3e81e45bc4a36288d0b799b632a76e9358679e3cda39e73541720b6c72f019bf78fc9d334afa1a9a22b8d0294ef9f0ddce7 |
C:\Users\Admin\Downloads\python-3.12.2-amd64.exe
| MD5 | 44abfae489d87cc005d50a9267b5d58d |
| SHA1 | af778548383c17cb154530f1c06344c9cced9272 |
| SHA256 | b9314802f9efbf0f20a8e2cb4cacc4d5cfb0110dac2818d94e770e1ba5137c65 |
| SHA512 | e955f0bee350cd8f7e4da6a8e8f02db40e477b7465a77c8ecab46a54338c0a9d8acf3d22d524af2c45c25685df2468970ea1b70b83321c7f8e3fae230f3c7f16 |
C:\Windows\Temp\{0A4C2E19-4596-4A1A-A733-0E04AF4B19C0}\.cr\python-3.12.2-amd64.exe
| MD5 | ab21a1bea9e3eaab64a2c062ab613221 |
| SHA1 | 310b1f7921af8edf125eacba71944b6e5356acdf |
| SHA256 | 1474dbd6a33da8f2f0b50007ba48f0c1ddb3e0e6f8c969722eed1e683a9af68a |
| SHA512 | b39b5a24bb7b2d3ead8aed284452c94280398a9e4855f17a8e3593fe718e9b3573e88b15f1dd4659030827e754b17e7f918ba24803e4d522ad9601167fb70df4 |
C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\.ba\PythonBA.dll
| MD5 | 8294dc8850dd596d0ce8455167496832 |
| SHA1 | 5c75c685c95bee8c1a39187da8af46b6c7892757 |
| SHA256 | 565f03893da383e5bec8c6eaa7c8fbb3e6db0b9bddd5a1399b0dec66fa44d64d |
| SHA512 | 21015ca201b64e3316f3d1ee32e4c562d0142111c1ed576f03aa078619fe656c56848b5998313af23aabb97293c5452be0e27d5c44878be5d90ac2d2d2f05851 |
C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\.ba\SideBar.png
| MD5 | 888eb713a0095756252058c9727e088a |
| SHA1 | c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4 |
| SHA256 | 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067 |
| SHA512 | 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0 |
C:\Windows\Temp\{A3EBAD32-3285-4771-BFA4-116E05FAE4AB}\pip_JustForMe
| MD5 | 083842cfa5cb8331820b45599cb883ef |
| SHA1 | 2858179692c35368251f72894a8612db25fecc74 |
| SHA256 | cfe1f73cd965e2cf1bcb94143fd87b7a6cb0d315977cab1da3002f5029948b98 |
| SHA512 | e3325c99fc05280dc05d2d458ee942aa406b13b95993d2415817ab3c55752cb66a8d1613514382b092eb55c08c2319b57dd261120db525253398b7a456091229 |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe
| MD5 | cedd6738fae24edddfff69b10e4f46dd |
| SHA1 | 97538a7df13e0354a5eaccee7057192d10466a9f |
| SHA256 | f0d5c603ff7d87412f5a1e45e8ab7bd95d6f40bb90fd107125964421d7f06233 |
| SHA512 | 0c75c2d1263eeb6ed638d49b1cf3c3004353fff8452ed7288a8853133dc2ad32fe913cc7020b864aaf362b5b29be55e4ec0b38ef978a811c6462552c8cf32e1b |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe
| MD5 | edcbe1500d9c8cef819eda7f46f5b103 |
| SHA1 | 402d32a0b9049a7dfc6f106b101832fa4c3624dc |
| SHA256 | af7b6e1b27c6ee7a2e40b947fda039ad26827ac12ed4d0ffa80a6576f5b5fb8b |
| SHA512 | 01ed6f251e0dbaa7e52e6f995b85e22a70fcec8b0eb65e6a1022c4017306775f4298f9e9c90702bf42324491f32ccffdbbc80efdee3ad158515f82d5e4a0aab6 |
C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe
| MD5 | 5fc6e030f31d0aae7b95068bf17a72fc |
| SHA1 | 1daa17c033f29c122c76409dd5636716351bf7a2 |
| SHA256 | 02cc5a3a1d6c54390d68ee97f6c08c2a061a457780e48919c29462ef95a92b09 |
| SHA512 | 0fc29106e0263815ee7418a32d8f52c258d0a1378fc6b5e59b68ccef2fa34e2164f4dc9f4b1ba0232497f95155d9e71b6571dea4e8e446af1faf11d194bb94ec |
C:\Users\Admin\AppData\Local\Temp\Python 3.12.2 (64-bit)_20240315121822_000_core_JustForMe.log
| MD5 | 2e170da609f3e728eabc13d8855dbf6f |
| SHA1 | aa22310330c683fd34f95fd19e8c1ea560230c06 |
| SHA256 | b0a0c3e0effc7d931ed89f8390764a0ac530826e752d1cee74dd5130149ab353 |
| SHA512 | 116d9a8f78f0a69bd8da4312d8c81bd320dadeb5a5d959dba4a63c1caa6737c73f9e8a8129b307bce33cceff2533bb918a72eb30a6bf6c4eec93a7e817345f61 |
C:\Users\Admin\AppData\Local\Package Cache\{4534F2ED-1616-434D-98A6-0DA358DCD466}v3.12.2150.0\core.msi
| MD5 | 1c1df711824f2575637d68f9e79f0467 |
| SHA1 | 28de3cc8ad3d32739a4eb9d93106c18f028aaedd |
| SHA256 | e747ceb205400dcdd45cbedc372f9c3cacdd158277e4d27ae1b95d223e323918 |
| SHA512 | 7a9d7d1f5823c36504e645562117cd494f8de79b5c0724326b6cbee7add3c617c7ba1a1a69012646840071ccbc29e8b3ed518875cce8466fb7208fd272de87c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509
| MD5 | d72cdac6ca4e66507bde51538b74a52a |
| SHA1 | b6d2483b954e8be16d50b3ba6d6fcb97c44c5598 |
| SHA256 | 79ddb5522da33b37eb73e62da7cc5df70f59321252c770f60f89c5369436df9f |
| SHA512 | 195a078f6a7c68ababbd3453b7a8fc4597e2f2af9889fdc6417297d2a8580b59f60a612cc8684e0302e7d51c2e775152d4c406e70248b2adb627862548a8f810 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_26B14BC5FFF8CCADF0E4994815CF2509
| MD5 | db34f3aa6a9090eb1a4142b0834978ca |
| SHA1 | 00b8792e5bdfc2f838666a53798e10523dd94dc1 |
| SHA256 | a46a407c05857bca19d6b4b752fab3aa8d7867913fe79091ed4a3914fde28519 |
| SHA512 | 4e8f11885ab69af6d574a9f70ba08947810b1b3226796739b5ae766321ea1a37da2798b56cf6386bd4c5cc1e1f24b88bfa727002ec0575a5c6a00d98df9a2495 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 7bf3c086147542fbe29b478d9e9290ae |
| SHA1 | c0b4d97e034c77bc38ab515bb0c2f9c8799b7b8f |
| SHA256 | f97c9d2eb3c47d04ff22be0a1d74279cbd436200fb5678d1fd84e30faf143825 |
| SHA512 | 1af4a1e322a26a2bd7af4c02cfcc517a098757d45700e8c7fe577dda133bdf2d8e3810a1acb0561d7c9378507ffb3e1a7abefc63214e519b8039b6a10a661d8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 5ac9ce44b194bc342b9bfe73011a7e15 |
| SHA1 | 79211b7672073747139e4ec0265a3bfaa9f901c7 |
| SHA256 | c84380497eaff982b1dc50031110ed1aa99ca031a5a7c5e0075472e77b93c5d6 |
| SHA512 | 23c4d11fa63ff7024c768dbc0854cf8ac086d99c0f896e7a638890bed6a1d9acbbd6f410ab81f3d89cf334ca37ea6807c6f59e5b9fdd3c6cb161b9df9ce815dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | 656018322dd4a0a1d0d45d6e1afd9aa8 |
| SHA1 | 50c52d392a825057aaa8cdf7487767983dc4049d |
| SHA256 | 59b0d523749dff91a8eb4424146519ec4421b3740c253dbb04c04500d1c39087 |
| SHA512 | 876ccc4d2fc518b2e85270d455817f57abcc8adb7897aa1f219c751d996379062ac9a4c2284b0aa15ced977a638441447db5b2d97ec6a41b9b7c601535f95de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | b4cddbe9d521009dbec38052d58bd9e0 |
| SHA1 | f3f4d9e70404b213a4f15098939012899023ebb7 |
| SHA256 | f39a7b99fa9372213b0832c59d313e22d496a8851f425a355008b92b0457b4f2 |
| SHA512 | ac6d38ff889bdd9e4fd4a02f04a90ca20c53f8cc09a2d46ca52bf7f21a167df2261f4d1fba044c5e78731c0d401faeaf0e3c54c3973a17885a8b6c420a0b4bfc |
C:\Config.Msi\e596ac9.rbs
| MD5 | a857af959669d8f8ddd6249c429f24b2 |
| SHA1 | f38485c112c85ffe7b7966e207085dc3253b8a37 |
| SHA256 | 6d74eb30a618110bad287bbf78c41b127c4e30e8afff70f525af258279d36382 |
| SHA512 | 61f411a70477838da6cd267afed8219b85b845eab387f424a7b4456e194b1da00e6a8d4e907c7a1fd228170bd698d999ada40db392eb35c0cd0a5b2ceb88c17a |
C:\Config.Msi\e596ace.rbs
| MD5 | 5e80a06166c0f5ebee6783dca1d0529a |
| SHA1 | 613461c8f7e51a4589bc8b58fddbf66ff08950b4 |
| SHA256 | 70c63f1e55c726537bcda18f4df5dd115e1e38360d61749d3c8192aa689a8a6e |
| SHA512 | c356aa30ad626154a67d5bfcb5fa0ae53c9d623742db71bc7a80580756b44828420a351ee37f2d67d6278d8a6ddead430a1e61ed2b80dd905fbcf4cc45632fbe |
C:\Config.Msi\e596ad3.rbs
| MD5 | 21fa620b3858611fdac5e4e708517150 |
| SHA1 | d0eb249c0f75b74533ca2c72a49b48892983c0a9 |
| SHA256 | 1d9842850d781a83c3f6d815f767ccf04352339658fd36b970653c3f9fb3ffb6 |
| SHA512 | 9d6260226a0ba6438e474490db6ab97c3ebefc78bf3ce23b1f1b9102a879b93eaee52db41c3192863aa724ceb6167116c9b1be2d8964dd9a26cfa8bdbc74f7ff |
C:\Config.Msi\e596ad8.rbs
| MD5 | e4fb671fd1622335911e946e50b1725e |
| SHA1 | 1dc28032ac7d9f4a549f452ce7acd1f35f5f5532 |
| SHA256 | 414248788fb3665b9fe5dbcfd5bc19188784685589bc087c2cab2e8522dd693d |
| SHA512 | d0f65a3ceaee0c44859ec3ea598d1b933a766bfc5c543851027752f905c34421d3fb5548ecff9cca0bf6190836125ed322f6e1e56825406c9b7c80216aa49cde |