Analysis Overview
Threat Level: Likely malicious
The file https://github.com/xy-leex/Ro-Booster/releases/download/vypix/fpsbooster.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
UPX packed file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Drops startup file
Looks up external IP address via web service
Maps connected drives based on registry
Legitimate hosting services abused for malware hosting/C2
Detects Pyinstaller
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:56
Reported
2024-06-20 11:57
Platform
win11-20240508-en
Max time kernel
50s
Max time network
47s
Command Line
Signatures
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpsbooster.exe | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fpsbooster.exe | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\fpsbooster.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 427995.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fpsbooster.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/xy-leex/Ro-Booster/releases/download/vypix/fpsbooster.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9dadf3cb8,0x7ff9dadf3cc8,0x7ff9dadf3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,13828968270549771711,12389974064714574052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
C:\Users\Admin\Downloads\fpsbooster.exe
"C:\Users\Admin\Downloads\fpsbooster.exe"
C:\Users\Admin\Downloads\fpsbooster.exe
"C:\Users\Admin\Downloads\fpsbooster.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "<Response [200]>"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2> nul
C:\Windows\system32\reg.exe
REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
C:\Windows\System32\Wbem\wmic.exe
wmic csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.26.2.16:443 | rentry.co | tcp |
| N/A | 127.0.0.1:50118 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
\??\pipe\LOCAL\crashpad_5012_IKGNJACYKIQAWZHX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6d8907ee11eb9147f1462e0420e6eaf |
| SHA1 | 5e200e55f98f39710c541acdefe3a945d27a729d |
| SHA256 | 16564ec0c8a7d0932308500e88e0efe0eb9807bc6859f20770d3f32286945917 |
| SHA512 | 05ae2847b32810f160dff48c7f969b992daa61c93eb4bd2248af1f1ba8f1a0b538b018a3dee638bd5c0d56d51e6e651698d162df2a8b85402d59003690095c60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94c33d7b63a0e0356c4962b948ba8870 |
| SHA1 | b35519a005cc3a820399df79bc3c3936f56a2021 |
| SHA256 | ab1f6fbb7984d9847e3c1e547aa8a679b0d7976b2f8f7931dd5f95a2db606527 |
| SHA512 | a5e48763176ed2f99d1f2c90d3a7b30b699c1a59a148c4692b05848f9004ee98f2ff21acd8f2c16dbd84457ed3ae5c3fd574b8fafeaee2088046fa9e53f4a86f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79978076157b9700bcd531e013332ce4 |
| SHA1 | b8e0bf5178924c1ebef304ac3170913d242f3793 |
| SHA256 | 1efdeb818f5540471a2a1f63dee2ab92206e729bea6e3bbd8d3169d6011be8d8 |
| SHA512 | 7face6292a923244fe397c910e4b0d08491f3aad0687785184b6668cb8219339c18c4a78edf1f4dfacc99d32d85f938de517feecb8dcd0b800f9953f9efbf84a |
C:\Users\Admin\Downloads\Unconfirmed 427995.crdownload
| MD5 | 8e148c086c3c73ad907fc44f0a56c126 |
| SHA1 | 74f5c301256e843e80c14658aa4ea2dba8b4c95c |
| SHA256 | aa92d281e165aec16595ade2508dcb73c18853d3043abb61cfb5a6fd1672774c |
| SHA512 | 006e950e70fefd0f4c5555340ff81d7e5ddf4c1f9d616fececb94a47083f5d016df6a572e3b25a4fc599e8c2a606f6754fec5f0e8106deab5bfdd65f2411b7e3 |
C:\Users\Admin\Downloads\fpsbooster.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be711550159becdae68b2b141e045a8c |
| SHA1 | 09ce164ddc68c71494e8c00c2942c8543b3ea7b0 |
| SHA256 | 55a0ba12b051a6437242da49ffc44aeddcfa85d3bc4206dc49a8098ae905501f |
| SHA512 | 88cc279fab4db4cdd40deb4661fd298c4a2bf82e725bb28eb5ecb4a4b90d3996760d724bccac3c2904bf176fce5ed90abe0f8c831b7dd6d4aaca41f742d7ebc7 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\python310.dll
| MD5 | 76cb307e13fbbfb9e466458300da9052 |
| SHA1 | 577f0029ac8c2dd64d6602917b7a26bcc2b27d2b |
| SHA256 | 95066c06d9ed165f0b6f34079ed917df1111bd681991f96952d9ee35d37dc615 |
| SHA512 | f15b17215057433d88f1a8e05c723a480b4f8bc56d42185c67bb29a192f435f54345aa0f6d827bd291e53c46a950f2e01151c28b084b7478044bd44009eced8f |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
memory/1236-222-0x00007FF9C7EE0000-0x00007FF9C834E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\base_library.zip
| MD5 | 8cdeb07c80a8f7448c39ab9463743986 |
| SHA1 | b7dcd4626e357988522d21a1d9b6ae13743b111b |
| SHA256 | 7fc612b8cc6c55ea5750bcf250853339aabad080ebe73cd9a688ec0f8c497a3e |
| SHA512 | b0f471591b1159207fd07dfecccdae8d3d2e9ce9fd6219dc1703c3b329120bd603cdb9b2677dfff15ddca216027ad4323d27e55406bb3dc06c5bcfa05902cd05 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\python3.DLL
| MD5 | 07bd9f1e651ad2409fd0b7d706be6071 |
| SHA1 | dfeb2221527474a681d6d8b16a5c378847c59d33 |
| SHA256 | 5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5 |
| SHA512 | def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\libffi-7.dll
| MD5 | 6f818913fafe8e4df7fedc46131f201f |
| SHA1 | bbb7ba3edbd4783f7f973d97b0b568cc69cadac5 |
| SHA256 | 3f94ee4f23f6c7702ab0cc12995a6457bf22183fa828c30cc12288adf153ae56 |
| SHA512 | 5473fe57dc40af44edb4f8a7efd68c512784649d51b2045d570c7e49399990285b59cfa6bcd25ef1316e0a073ea2a89fe46be3bfc33f05e3333037a1fd3a6639 |
memory/1236-232-0x00007FF9DB810000-0x00007FF9DB81F000-memory.dmp
memory/1236-231-0x00007FF9DB5D0000-0x00007FF9DB5F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_ctypes.pyd
| MD5 | 69ca8c196ff662dfa9d0bfa8b2472325 |
| SHA1 | 4cb5d942c7bf6eb43c79c18611d484aa51cd4fb1 |
| SHA256 | c703676858f6da01e9d8648b35b4c33a7b323e19ecbc2816051b4e37531ba54c |
| SHA512 | 2941bd2a5c217647aaf2401c049a1fdab15ede8e49a3ab0862e089c2df8d1f96b35918751e8b8b4a2304113622b9e132770527a906a345a6b98b0bb9a70398ae |
memory/1236-235-0x00007FF9D0D20000-0x00007FF9D0D39000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_bz2.pyd
| MD5 | f6477a01e4e6bbe3313ac3cf04a1d5f3 |
| SHA1 | dd913b071156082831b3d0249a388ea3c63c3d52 |
| SHA256 | 6992bc1575170af4280681f832f3cc4754d49c6d4347f04c1d45243190ddf09a |
| SHA512 | 0cdc6e7754e289296802c1544b36c628c11787ffd8da1be2fb09b43d55766153a52e3a4641910ce20184d175412717254c2c6d0a8ae577b231c9dbeb36a35da0 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_lzma.pyd
| MD5 | 424eec0e3492ee58562f8b92591a6aa7 |
| SHA1 | c25124aa25909330a2f7e2accbeaee62c67859a7 |
| SHA256 | 6aeae844143f9062684c8348212c3c4bb62ef18ad423f769d2fe12e10fa616d8 |
| SHA512 | 7b4d933712ea0f3536f8afb0853b07335f678476fe25acd38dd9c277c0e00ece17449924ba6197e2ee55c6549de4e892b57abfe46d2a69c399a943308a409f76 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_uuid.pyd
| MD5 | 6676e416275b44dfc0c16aa6602d7fbf |
| SHA1 | a34282b9e7fd3b71b6ce580d52c4996a92f6ac82 |
| SHA256 | 31c98810fa313b67296dd706bb9f40e1c3a0e1d49cb81ecf52f91fbd1b587222 |
| SHA512 | 79140cfe47d3c1ab84410841f89a7f3ab3b487b50da66319d681aa9d7b7ba2603ece1133870f157bbfd40148a28875696b39e6ffb1e580f9581d71fe2f3af38c |
memory/1236-257-0x00007FF9CEBF0000-0x00007FF9CEC1D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_ssl.pyd
| MD5 | dfd4d34ec478a4d7a174bc1759bb0a6b |
| SHA1 | 36feee9500b2239d59cd95caeebfba8ba19ec0fe |
| SHA256 | a2b20ec5cc6200b089b3583a9171b8cb2b577db5357fde8b85ca28501862abba |
| SHA512 | 2fa61c5063d525bad21e7f2bca64a01aa7e4311c506f76d6369da8ffe7b9ff153ee2c37f1eb30eb6f9e20c762113c87ef6f39cef945eff81e48873af41d2cf83 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_sqlite3.pyd
| MD5 | 6434cac41b2190d0d47bafd44b92a43c |
| SHA1 | 33e3538b736c6612bb1d44d319f17cd516797a28 |
| SHA256 | 90ae12afaac740cf649c521d2996ae7e0f0150639b9b0b90a59cb58aa02089a0 |
| SHA512 | 781d91141b48f39c44d750da6590952c2ed5f0778d6b17919c426e5af569562985b9f0f06490560e3a01a6f55285a864596f74a03b4ec96e1c06e88071010b01 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_socket.pyd
| MD5 | 55a554964e2098c6bbeaaa79ec4c7712 |
| SHA1 | a46ba3b9130547de046002724db04e44ba8b0709 |
| SHA256 | 34be0fb39dc9248567010c1be1373ba71ff74563e8894419aec5f6cbd1f3beef |
| SHA512 | fbaed7a48e39e02a330130628c709c6896f1c1dd926cea5e4468515fe9107c19a8764b38393dcd276e17ba5652a61825cc9e46ed70f23b9f23084162681637bc |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_queue.pyd
| MD5 | 10af3794224636d66932ed92950995c1 |
| SHA1 | 5dd69930b9c34d7108877b44c346eab92339affe |
| SHA256 | 78fa6f3f5c9578d33aed0104c1aeccb7bd9a999c6d0aa803b654932f971ecf2c |
| SHA512 | 56b164d6c6bbc48e59b8f0767cb3ca653080e7a9bdddb033f97dc7132bc29b859ea2b020997c27791d578f1d12cd334ecf53f7ae2a7b33273d37e6ed92067889 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_overlapped.pyd
| MD5 | f89b1712fe6ac87cfccb5042374f8a5a |
| SHA1 | aabbc9c621276186be2fb2f3b1405362e8a98094 |
| SHA256 | 2fb44f115f11421872e1528c90268d3b9b16289c0beeca7189c3228c7a3aeade |
| SHA512 | d610ea6d9986c577082fbe265bc9f334dc6d1cbf335582096d0fd8bfdb4afa9f67b68857ee44f9db1d13e55f405dfccd2a3e5e9e799c47f1c81b64b6b326aeeb |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_multiprocessing.pyd
| MD5 | 93eeaa95af88c87a73d7af3bf9cb8241 |
| SHA1 | 873075d75ad6aa807bf52606080ceb6efa0c9b8f |
| SHA256 | 43c59bff61f6d0c0effc7770615f8bd2dde96f1c61b05fb01638199df319b193 |
| SHA512 | fcf221718b01388796dc31fc7229e4b55ea64b80944573d84950689aeec667163cd9540b2432e85f7014cb180ea361e9940382548c348223fae982a832c1446d |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_msi.pyd
| MD5 | c1a7244fcf5d3d7bce8933b0ceedbb1f |
| SHA1 | 27420f576ceb2bdd0df028512fc3499b197f11ec |
| SHA256 | 6417323f06666caf9645b55b6ffde558abdc21e2e4a3b38f29055ba053f650ee |
| SHA512 | ddc3e042ddcb1e92c9d167784d23ea1188fbb9a65649d5650f406a5599f1e66bd08e61243bc9e127c7731a0badf60f1e3c11384ca88f79f44b2bc53c078fbb47 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_hashlib.pyd
| MD5 | 6e6b2f0e5c7cbb740879e9784d5e71af |
| SHA1 | 1a67d420e741b37d4777f2479d5d798b4323e7b1 |
| SHA256 | c74dd7056aac0f359af00954868daf4f3a9d2d99f38c27f4971de9d0f24e549c |
| SHA512 | 768bb6daf106384d7977905a9d59e48b1cab26442782f34e50824bc6df867dae32b1544056b795ed8ee12c610dafb745c3547db0483d21fb39c0fb612f741e59 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_decimal.pyd
| MD5 | 5fdd63c44c1c97d2d40145219acc3f6c |
| SHA1 | 686f04e245ee0eaaf9ae49d9cefc6438e3a3ae6b |
| SHA256 | 45e619386ab8220f5fb3195e85a0389606e4e4cf926765d7ea4a82294341335e |
| SHA512 | 6df1e6e36a22e171c9504da75778c530854d68d93f22456a149e7e3b4aaa0c90c4136750e86727b089c7935137109de7eb6f52dd65e836313d5f1ac4389b0ae3 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_cffi_backend.cp310-win_amd64.pyd
| MD5 | 76041575bfb6c23f89168485ba802cd3 |
| SHA1 | 740dbbbfb5a48985ee866139b2c3edcc33e88587 |
| SHA256 | 3adf6b1cfcb47d99653c284dc74b13764f960873edf651e99b52a1b6ba1df590 |
| SHA512 | 800fcac9c2e1312a6f3d46148a9d621ecbde07b473681d88a383d385c30adcc660d763a8babf32b8a4e815b2c2ce4a23d86660403c341f3dbc9ee021df341070 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\_asyncio.pyd
| MD5 | 480184d2176ca85b61de4b4c0a32b52a |
| SHA1 | 2ffeb0ae6e48a8da910621c8de6a6e7dda0a41c0 |
| SHA256 | f9b4a020db4bfe9bc67c6ee400eb4ba3feeaf21a8c8ca5d9dcbf5ac5bf243cda |
| SHA512 | 6d941d9450f1e402e598ca527a40ac2a909eaf1bf3907aea8753761e38ad4bbb6a6dc4c9d1fff59ecab46f16d5e1716bce81d345a39c8e6e371dfb2d0cc5a779 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\unicodedata.pyd
| MD5 | 7506fa8830457626126300e7c6c7f464 |
| SHA1 | 6e49bad3776ae6167ae6ed9374f23442d4e3f542 |
| SHA256 | 1f0fee5cfaebaa0c6370cb6b9e473957244565c6ee5a7185fbf8a571a531ddac |
| SHA512 | e73954fd3660c4fc76199cfb6a5a6b16f5f4714153a7f2e8cec6cdeb27875cd311042c5ec93e67cd71b65a79b32f84dbb803772d9f7f15eb4acda9dc0da06163 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\sqlite3.dll
| MD5 | 66419fef57a0fd3120eb5e3257af2a71 |
| SHA1 | 07227047083145297e654af227390c04fb7b4b62 |
| SHA256 | 187712738c37bc1679c9643a1bf4ef0713ce4cfc4588e031f0e05462dc604f7a |
| SHA512 | dfb2d661057e0bf3ff836b0bd8c687eb348f50f687fa5a3223fc3fedab54eaf45d804d2c29957f8b6c486ed5dec11a32c58cb5524eae511e1b83d7b04ff7b925 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\select.pyd
| MD5 | ffede8a6f94f79eb55d9c8d044a17ce3 |
| SHA1 | 8610d77c66d99a3af0e418d0482d816b8194370b |
| SHA256 | 3d2ded172a9100a5b13734985d7168f466b66b77e78794d0d91a90869d0b0e31 |
| SHA512 | 8a48f64243b3bd1d9e4a22c31e6af4f6abfceed7d0ffad92d903382b2182e7a7b35e9bc8e807d2d6df0b712057c1ea3401a0e348cb9c36f7f9ef17e1c497a654 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\pyexpat.pyd
| MD5 | 8c08fab95ce6afa90f736a1fdc69cb57 |
| SHA1 | b3756036db3491970ae134df03a58e421882f1ea |
| SHA256 | ec8f1791619eef18aa17f9543bf83b311be122d284516d30321d34f5f0860c84 |
| SHA512 | 8ffca47f339224288fb49db635589954eb44e556ae49de3872b8d3034d5cae8b2307c5690bc06d0bc50ada0718a8a68a74295f7c4b0ce83a3d19fc9f84af3934 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\libssl-1_1.dll
| MD5 | 7f77a090cb42609f2efc55ddc1ee8fd5 |
| SHA1 | ef5a128605654350a5bd17232120253194ad4c71 |
| SHA256 | 47b63a9370289d2544abc5a479bfb27d707ae7db4f3f7b6cc1a8c8f57fd0cf1f |
| SHA512 | a8a06a1303e76c76d1f06b689e163ba80c1a8137adac80fab0d5c1c6072a69d506e0360d8b44315ef1d88cbd0c9ac95c94d001fad5bc40727f1070734bbbbe63 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\libcrypto-1_1.dll
| MD5 | 3cc020baceac3b73366002445731705a |
| SHA1 | 6d332ab68dca5c4094ed2ee3c91f8503d9522ac1 |
| SHA256 | d1aa265861d23a9b76f16906940d30f3a65c5d0597107ecb3d2e6d470b401bb8 |
| SHA512 | 1d9b46d0331ed5b95dda8734abe3c0bd6f7fb1ec9a3269feab618d661a1644a0dc3bf8ac91778d5e45406d185965898fe87abd3261a6f7f2968c43515a48562c |
memory/1236-259-0x00007FF9C7EA0000-0x00007FF9C7ED4000-memory.dmp
memory/1236-263-0x00007FF9DB800000-0x00007FF9DB80D000-memory.dmp
memory/1236-262-0x00007FF9C7E80000-0x00007FF9C7E99000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\pywin32_system32\pywintypes310.dll
| MD5 | 004c56c566863587f81ac8fdf831ad7c |
| SHA1 | 13e07a667e1a34acc263495654740af41899caae |
| SHA256 | 775b9ed9a1981481f1e65135568e2ec7b2df8e7e9a484f15a0f8fbce4c3a9e9c |
| SHA512 | 792e6e2814504b5191946270e39d8b80478ce0457f157113a3c48a7b28c387942ec0b9a6bbee54d4a179fc5b97fcbc8a07b3fc4abdc8826097f38f20c89726d0 |
C:\Users\Admin\AppData\Local\Temp\_MEI7722\pywin32_system32\pythoncom310.dll
| MD5 | 2734510f76721a1c8ea6a51b09a75a96 |
| SHA1 | 06fbf486565e48adf1194b61d59f89762c1744bd |
| SHA256 | 24e5ac372291424c9c6fd8447932ee326eb79e907d19f0e95fa21b274d5782d6 |
| SHA512 | 0d9fa8728099c141d832cbeb419d7b0185ac03a9a40900872026bb21a52f9ccf4a5489f35e37e89917298f6b82ac8c8f9fdc1e87439ccbbd471c35221e6d5449 |
memory/1236-271-0x00007FF9C7E50000-0x00007FF9C7E7E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI7722\win32\win32api.pyd
| MD5 | 1151dc5d219fc1d5a2504484d416c64e |
| SHA1 | e253e8cd01a6729927d6e2e391b2582214fade56 |
| SHA256 | bf3ead408174e1107396bfc989428db75dc11bb22cc464c886bc3bd42d1d6d94 |
| SHA512 | a8862d878b26339bc24aadaa979e0f289f26eadb83c39420ef1d16abf2607e648aa4c17e82fe18926246d90002fc6fda4492bcf7796d5115a69cf12da33b13bb |
memory/1236-272-0x00007FF9C7D90000-0x00007FF9C7E4C000-memory.dmp
memory/1236-266-0x00007FF9DB4F0000-0x00007FF9DB4FD000-memory.dmp
memory/1236-277-0x00007FF9C7D60000-0x00007FF9C7D8B000-memory.dmp
memory/1236-276-0x00007FF9DB5D0000-0x00007FF9DB5F4000-memory.dmp
memory/1236-275-0x00007FF9C7EE0000-0x00007FF9C834E000-memory.dmp
memory/1236-279-0x00007FF9C7D30000-0x00007FF9C7D5E000-memory.dmp
memory/1236-281-0x00007FF9C78F0000-0x00007FF9C79A7000-memory.dmp
memory/1236-280-0x00007FF9C79B0000-0x00007FF9C7D27000-memory.dmp
memory/1236-282-0x00007FF9C78D0000-0x00007FF9C78E5000-memory.dmp
memory/1236-284-0x00007FF9CEBE0000-0x00007FF9CEBF0000-memory.dmp
memory/1236-283-0x00007FF9D0D20000-0x00007FF9D0D39000-memory.dmp
memory/1236-286-0x00007FF9C7740000-0x00007FF9C78A9000-memory.dmp
memory/1236-285-0x00007FF9C78B0000-0x00007FF9C78CF000-memory.dmp
memory/1236-289-0x00007FF9C7700000-0x00007FF9C7714000-memory.dmp
memory/1236-288-0x00007FF9C7E80000-0x00007FF9C7E99000-memory.dmp
memory/1236-287-0x00007FF9C7720000-0x00007FF9C7736000-memory.dmp
memory/1236-293-0x00007FF9C75E0000-0x00007FF9C76F8000-memory.dmp
memory/1236-297-0x00007FF9C7570000-0x00007FF9C7588000-memory.dmp
memory/1236-296-0x00007FF9C7D90000-0x00007FF9C7E4C000-memory.dmp
memory/1236-295-0x00007FF9C7E50000-0x00007FF9C7E7E000-memory.dmp
memory/1236-294-0x00007FF9C7590000-0x00007FF9C75D2000-memory.dmp
memory/1236-298-0x00007FF9C74E0000-0x00007FF9C751E000-memory.dmp
memory/1236-303-0x00007FF9C7490000-0x00007FF9C74B6000-memory.dmp
memory/1236-302-0x00007FF9C74C0000-0x00007FF9C74CB000-memory.dmp
memory/1236-301-0x00007FF9C78F0000-0x00007FF9C79A7000-memory.dmp
memory/1236-300-0x00007FF9C79B0000-0x00007FF9C7D27000-memory.dmp
memory/1236-299-0x00007FF9C7D30000-0x00007FF9C7D5E000-memory.dmp
memory/1236-305-0x00007FF9C7450000-0x00007FF9C7488000-memory.dmp
memory/1236-304-0x00007FF9C78D0000-0x00007FF9C78E5000-memory.dmp
memory/1236-306-0x00007FF9C7740000-0x00007FF9C78A9000-memory.dmp
memory/1236-310-0x00007FF9C7430000-0x00007FF9C743B000-memory.dmp
memory/1236-309-0x00007FF9C78B0000-0x00007FF9C78CF000-memory.dmp
memory/1236-308-0x00007FF9C7420000-0x00007FF9C742C000-memory.dmp
memory/1236-307-0x00007FF9C7440000-0x00007FF9C744B000-memory.dmp
memory/1236-315-0x00007FF9C73D0000-0x00007FF9C73DC000-memory.dmp
memory/1236-326-0x00007FF9C7340000-0x00007FF9C7352000-memory.dmp
memory/1236-325-0x00007FF9C70E0000-0x00007FF9C7325000-memory.dmp
memory/1236-324-0x00007FF9C7330000-0x00007FF9C733C000-memory.dmp
memory/1236-323-0x00007FF9C7360000-0x00007FF9C736D000-memory.dmp
memory/1236-322-0x00007FF9C75E0000-0x00007FF9C76F8000-memory.dmp
memory/1236-321-0x00007FF9C7370000-0x00007FF9C737C000-memory.dmp
memory/1236-320-0x00007FF9C7380000-0x00007FF9C738C000-memory.dmp
memory/1236-319-0x00007FF9C7390000-0x00007FF9C739B000-memory.dmp
memory/1236-318-0x00007FF9C73A0000-0x00007FF9C73AB000-memory.dmp
memory/1236-317-0x00007FF9C73B0000-0x00007FF9C73BC000-memory.dmp
memory/1236-316-0x00007FF9C73C0000-0x00007FF9C73CE000-memory.dmp
memory/1236-314-0x00007FF9C73E0000-0x00007FF9C73EC000-memory.dmp
memory/1236-313-0x00007FF9C73F0000-0x00007FF9C73FB000-memory.dmp
memory/1236-312-0x00007FF9C7400000-0x00007FF9C740C000-memory.dmp
memory/1236-311-0x00007FF9C7410000-0x00007FF9C741B000-memory.dmp
memory/1236-327-0x00007FF9C70B0000-0x00007FF9C70D9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acffebbae0276293fa5a8a2f729ebbbe |
| SHA1 | 3844552490c4998ec9c6cfe56742f8c264f56379 |
| SHA256 | 23e6395006c815df34318060d524ef26a5ffac57693108f894a352e79a0b95f8 |
| SHA512 | cf9aed7918b208c9e9a348765ad4e61d396e9af4f2d25d3a4af1baf5890421605a62a96756e24bde3c09aff8a0c7dd02a7e4a796a1d29be51b97c8e8494ceda0 |
memory/4904-347-0x000001C927F70000-0x000001C927F92000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oznhwkt5.tnp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1236-376-0x00007FF9C78F0000-0x00007FF9C79A7000-memory.dmp
memory/1236-387-0x00007FF9C7450000-0x00007FF9C7488000-memory.dmp
memory/1236-377-0x00007FF9C78D0000-0x00007FF9C78E5000-memory.dmp
memory/1236-375-0x00007FF9C79B0000-0x00007FF9C7D27000-memory.dmp
memory/1236-374-0x00007FF9C7D30000-0x00007FF9C7D5E000-memory.dmp
memory/1236-362-0x00007FF9C7EE0000-0x00007FF9C834E000-memory.dmp
memory/1236-363-0x00007FF9DB5D0000-0x00007FF9DB5F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7caa7b06f52f2ff80d48bd11baaf3f02 |
| SHA1 | 81eb6216e45c24c12db53fd5ad134adf46a105b7 |
| SHA256 | 9288ee3c9acb8c1c5f3243d9723cf8b9a4b59a43d666439a67489ec519804e93 |
| SHA512 | f0b2a35376a3de7a99d37b9caa09abf26aec11c0c4423ba19405a6721d65125e7218dfd23d213c06c648909887f74d524813d490a1c2bc110d8aa68563086c01 |
memory/1236-425-0x00007FF9DB5D0000-0x00007FF9DB5F4000-memory.dmp
memory/1236-426-0x00007FF9DB810000-0x00007FF9DB81F000-memory.dmp
memory/1236-427-0x00007FF9D0D20000-0x00007FF9D0D39000-memory.dmp
memory/1236-424-0x00007FF9C7EE0000-0x00007FF9C834E000-memory.dmp
memory/1236-429-0x00007FF9C7EA0000-0x00007FF9C7ED4000-memory.dmp
memory/1236-431-0x00007FF9DB800000-0x00007FF9DB80D000-memory.dmp
memory/1236-434-0x00007FF9C7D90000-0x00007FF9C7E4C000-memory.dmp
memory/1236-437-0x00007FF9C79B0000-0x00007FF9C7D27000-memory.dmp
memory/1236-438-0x00007FF9C78F0000-0x00007FF9C79A7000-memory.dmp
memory/1236-448-0x00007FF9C74E0000-0x00007FF9C751E000-memory.dmp
memory/1236-447-0x00007FF9C7570000-0x00007FF9C7588000-memory.dmp
memory/1236-446-0x00007FF9C7590000-0x00007FF9C75D2000-memory.dmp
memory/1236-453-0x00007FF9C70B0000-0x00007FF9C70D9000-memory.dmp
memory/1236-452-0x00007FF9C70E0000-0x00007FF9C7325000-memory.dmp
memory/1236-451-0x00007FF9C7450000-0x00007FF9C7488000-memory.dmp
memory/1236-450-0x00007FF9C7490000-0x00007FF9C74B6000-memory.dmp
memory/1236-449-0x00007FF9C74C0000-0x00007FF9C74CB000-memory.dmp
memory/1236-445-0x00007FF9C75E0000-0x00007FF9C76F8000-memory.dmp
memory/1236-444-0x00007FF9C7700000-0x00007FF9C7714000-memory.dmp
memory/1236-443-0x00007FF9C7720000-0x00007FF9C7736000-memory.dmp
memory/1236-442-0x00007FF9C7740000-0x00007FF9C78A9000-memory.dmp
memory/1236-441-0x00007FF9C78B0000-0x00007FF9C78CF000-memory.dmp
memory/1236-440-0x00007FF9CEBE0000-0x00007FF9CEBF0000-memory.dmp
memory/1236-439-0x00007FF9C78D0000-0x00007FF9C78E5000-memory.dmp
memory/1236-436-0x00007FF9C7D30000-0x00007FF9C7D5E000-memory.dmp
memory/1236-435-0x00007FF9C7D60000-0x00007FF9C7D8B000-memory.dmp
memory/1236-433-0x00007FF9C7E50000-0x00007FF9C7E7E000-memory.dmp
memory/1236-432-0x00007FF9DB4F0000-0x00007FF9DB4FD000-memory.dmp
memory/1236-430-0x00007FF9C7E80000-0x00007FF9C7E99000-memory.dmp
memory/1236-428-0x00007FF9CEBF0000-0x00007FF9CEC1D000-memory.dmp