Analysis Overview
Threat Level: Likely malicious
The file https://github.com/xyz1337top/JuiceNuker/raw/main/juicenuker.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Detects Pyinstaller
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 19:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 19:36
Reported
2024-06-20 19:38
Platform
win10v2004-20240508-en
Max time kernel
112s
Max time network
112s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\juicenuker.exe | N/A |
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 57483.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/xyz1337top/JuiceNuker/raw/main/juicenuker.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffecfacab58,0x7ffecfacab68,0x7ffecfacab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1860,i,8351376183674115553,17856216706551920533,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,9110120992609888092,3098109250936639586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
C:\Users\Admin\Downloads\juicenuker.exe
"C:\Users\Admin\Downloads\juicenuker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.77.117.104.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1ty.me | udp |
| US | 192.228.101.160:80 | 1ty.me | tcp |
| US | 192.228.101.160:80 | 1ty.me | tcp |
| US | 192.228.101.160:443 | 1ty.me | tcp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | seal.godaddy.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 173.201.249.4:443 | seal.godaddy.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.101.228.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | 4.249.201.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 192.228.101.160:443 | 1ty.me | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:60605 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:60853 | tcp | |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:60886 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4592_JDBKGFBHXJKWHJIO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\030b5c2b-312f-4b94-8c10-6668f9703fdf.tmp
| MD5 | a2c7c06d8244a990252f9127dfe59361 |
| SHA1 | 3253adb2c98bf85d0bfb61843c3393fe6760bb5e |
| SHA256 | 3bb9fe9c868a2edf72ab7d6cbc096e6d7c264bc5e27dbf5e96d0f480d4b158b5 |
| SHA512 | af77018ed1f0b8ccf085b0b58ee1bc1e52ef358395dfda189a99af297180df6d4394432a94d873ad72d83a6d6eb74382e5d7571f8fddf54c08a4287f194fee9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01700d31b226bedcbe8eef478bda6659 |
| SHA1 | b33dbd224560b2b1fb4631d02b33eca42644e319 |
| SHA256 | 6e929593f4b06c98371cf9deb39ca6d7cac74c2b51367d9c3f833f0a02742514 |
| SHA512 | 96684a5e6deb60c039e2d123c8625c1229c68d55b398c79ca1558fd5fecc75e7cd17120ea28297ddd3189cb98cdd9f3cfc4196c84c30df21a39a14b28c451b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 904f3b05491b74c73c795b642c831f93 |
| SHA1 | 37e7dddaae95ed3144c7ebb3812d89dca41c31bd |
| SHA256 | bcb8e8f5d2bcfe592a397536475b56534b0c9bf36f7105518005c15d54906299 |
| SHA512 | b658ec82214b7be0ccc7ae31e37e5ba909e108c33c8ac570b10daeca1f3f9c00b50bfef784bb39e6071136b68de5b67956471262fc92f499864a75ae10e6e791 |
C:\Users\Admin\Downloads\Unconfirmed 57483.crdownload
| MD5 | b07cb94b80af25734c7d4897536ad689 |
| SHA1 | 6ab23888d8d80c6b997263bd0bf41c2522271db9 |
| SHA256 | 1607cae66c16adc106c123edb245faac16df049abe47ea663a78eef1c2e336e4 |
| SHA512 | c43ce307d27b96d9409dc9df6d5a9009d04e3660a6af9b8a7fda0162812e905c1079c5b21e05a4f55d010c9f0478c710ef094618e51db73e4c5977fcd4b6512c |
C:\Users\Admin\AppData\Local\Temp\_MEI44042\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI44042\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_wmi.pyd
| MD5 | 8a9a59559c614fc2bcebb50073580c88 |
| SHA1 | 4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d |
| SHA256 | 752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12 |
| SHA512 | 9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\multidict\_multidict.cp312-win_amd64.pyd
| MD5 | ab3685f651c7821bbf03baf1d436b617 |
| SHA1 | f6306217ecaf5fa1dc8c78260d02dd2716903316 |
| SHA256 | 1ef9e6eaff88cdcc0a32346b7b266a0e1d19716ecac07f16a189a7057ce971f9 |
| SHA512 | 08e4d615ce5f9c565d54a16b1f475b6ad746b5d8e7f17248d235b5acd474333036bb33671c887bb64794b56ec910af28efbb7bed8bdea2eddd4bcd81c1b1fb70 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_overlapped.pyd
| MD5 | 7e4553ca5c269e102eb205585cc3f6b4 |
| SHA1 | 73a60dbc7478877689c96c37107e66b574ba59c9 |
| SHA256 | d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91 |
| SHA512 | 65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_asyncio.pyd
| MD5 | 477dba4d6e059ea3d61fad7b6a7da10e |
| SHA1 | 1f23549e60016eeed508a30479886331b22f7a8b |
| SHA256 | 5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6 |
| SHA512 | 8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_ssl.pyd
| MD5 | c87c5890039c3bdb55a8bc189256315f |
| SHA1 | 84ef3c2678314b7f31246471b3300da65cb7e9de |
| SHA256 | a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2 |
| SHA512 | e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_socket.pyd
| MD5 | dd8ff2a3946b8e77264e3f0011d27704 |
| SHA1 | a2d84cfc4d6410b80eea4b25e8efc08498f78990 |
| SHA256 | b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085 |
| SHA512 | 958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_uuid.pyd
| MD5 | 50521b577719195d7618a23b3103d8aa |
| SHA1 | 7020d2e107000eaf0eddde74bc3809df2c638e22 |
| SHA256 | acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78 |
| SHA512 | 4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_queue.pyd
| MD5 | b7e5fbd7ef3eefff8f502290c0e2b259 |
| SHA1 | 9decba47b1cdb0d511b58c3146d81644e56e3611 |
| SHA256 | dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173 |
| SHA512 | b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_multiprocessing.pyd
| MD5 | 2bd43e8973882e32c9325ef81898ae62 |
| SHA1 | 1e47b0420a2a1c1d910897a96440f1aeef5fa383 |
| SHA256 | 3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d |
| SHA512 | 9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_hashlib.pyd
| MD5 | da02cefd8151ecb83f697e3bd5280775 |
| SHA1 | 1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7 |
| SHA256 | fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354 |
| SHA512 | a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_decimal.pyd
| MD5 | 492c0c36d8ed1b6ca2117869a09214da |
| SHA1 | b741cae3e2c9954e726890292fa35034509ef0f6 |
| SHA256 | b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1 |
| SHA512 | b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_brotli.cp312-win_amd64.pyd
| MD5 | 9ad5bb6f92ee2cfd29dde8dd4da99eb7 |
| SHA1 | 30a8309938c501b336fd3947de46c03f1bb19dc8 |
| SHA256 | 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8 |
| SHA512 | a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\pyexpat.pyd
| MD5 | 958231414cc697b3c59a491cc79404a7 |
| SHA1 | 3dec86b90543ea439e145d7426a91a7aca1eaab6 |
| SHA256 | efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f |
| SHA512 | fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\_lzma.pyd
| MD5 | 195defe58a7549117e06a57029079702 |
| SHA1 | 3795b02803ca37f399d8883d30c0aa38ad77b5f2 |
| SHA256 | 7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a |
| SHA512 | c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI17482\base_library.zip
| MD5 | 292be05825dd5792d6a067a58709d007 |
| SHA1 | e4de8c8cbff33e8fb8d8a2b6b79e652c66d69f79 |
| SHA256 | 18ca159778c9b0322a3103578c5b3bcfa20f3f78fceab93735d8b5ee72c7a4e1 |
| SHA512 | bec16bc3d217aea51901af532793328b573e5c1aa27ea13e407ff3a87018b0c4de5664a1f3eaaa952a39c93be22daaff295a2f8f2208fe500f0bc1084f025ac0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 884b8635639773c02ee6831c2b85b067 |
| SHA1 | 3f92d3e6d2d9df51f55c717c92535c49a964e300 |
| SHA256 | b28d1823185e4f631fe0501ea6de3c11759d1342d7c2d98df3591f3ec664b3b1 |
| SHA512 | 1b7d04f2e8ed7958d8d19a0412343ec64a09f09df3748fa62b449d901d8fa588b594feeead123b9141d92ca07293c9fb661f87fb07daad84e32045c938c8974e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e8a0f80766c660cb9b1240aad618d92 |
| SHA1 | d10f1be8b8ce3255e0af8046bdd8207822ec1b4d |
| SHA256 | 15bf7b22aadff4366a62fbe4a926c45530edfc54029d221bb77189aed93db002 |
| SHA512 | 557a9261a22ae50f307881d8ad43a718422fe1680c32661962ed3a12b7f772c9db1bd5512ae2794002abe066b8c9cc25562d8adf38dd22033c3a3c568972b2c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2c2e6472d05e3832905f0ad4a04d21c3 |
| SHA1 | 007edbf35759af62a5b847ab09055e7d9b86ffcc |
| SHA256 | 283d954fa21caa1f3b4aba941b154fab3e626ff27e7b8029f5357872c48cbe03 |
| SHA512 | 8c4ce1ea02da6ffb7e7041c50528da447d087d9ee3c9f4a8c525d2d856cf48e46f5dd9a1fedd23dd047634e719c8886457f7e7240aa3cc36f1a6216e4c00ee37 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | db64e236ccd1b9ca3e733b8bd8ae68d3 |
| SHA1 | da1177ae34bab601b4193dda7b6e4bfb35d77c44 |
| SHA256 | cac1f699eec64acc8e7ea1a76135db8b9ef6d1f37b9aaf9182b026284ee6e644 |
| SHA512 | 69fd01cee5838b936332e076459ecf4251136224484214c776ca95c62948d67d8713772bf251d70e9985ed00bb2bc9349ed979e23cb173347946aa39e44551b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07dbb2e76d225b14ad830c0cf9506e3a |
| SHA1 | f9306c58674dbe7f4231ce386f722c96dc527f8f |
| SHA256 | c448937df8965963a152a7242e02486496a81f62f442aecb3418269486743e55 |
| SHA512 | bed25b6d0c5b3aaf280ee0d7e8775a2ba222147385e3aa90959b7b6e1f129c718051977e0e0842c474cb066382bc77744f614f08de0f75b9c5e546348bb912d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a459e5341d89850acc776b540af24a71 |
| SHA1 | af304e9227e4b29451ce0f9eb79aa45726ef38bf |
| SHA256 | dae7a0d1dace7e08a6c6cbed1a0a88fb2e1e3e6267245073405acf2455cbe98e |
| SHA512 | b2b64fafc6a24f171936372c09c7096ce85e64393eca44c74833e6db06c3f8e6d01d72789b987c8d863634bc745db17f7238a4da1053a1f01c03c8660b166a0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a592.TMP
| MD5 | c3b5018d5eca97375769449aa3eddb69 |
| SHA1 | 56a6b52078ae02b9621463f260e916acfe3cec0c |
| SHA256 | 4f894d2c1f56fac1427035960afe88ccf74bbffb7fbd4bcf3e382fb04f31d919 |
| SHA512 | 4e90d2af68e6bee6df57013e647af20d43208642093b93f7854f178f97942213bd5da55d5662f3192c39a9533ee279c5ea12fb21e7fe2b5c601171f85e0b6975 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f814d65d83b2708d45089885e79f25fe |
| SHA1 | 431dfa10debe514b53e07aebe79d2875ca4aa522 |
| SHA256 | 5f0c38b929bfe28a2282e6e6aa12d05628ca5ee253760b7fcb1e7c9d4104a7c8 |
| SHA512 | b95727644f04b70df8dbac05be8304bea160c66332aea577915a467add55ef0b80094b51e1ff1a240f28ffbf0355b9ff58852048394192a75ff5945b973ad07c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 78b796603f8727ca9ded1f580cffca91 |
| SHA1 | c1176d8dbe498da08ed702ae4fe192f1999a96de |
| SHA256 | 4840095a6852add2338578c0e94f3f616548f015dfd6c94277de511170089d7a |
| SHA512 | 632f889cb27c3976a3d337ad746487fc2c6094427b278d458cfa04aa708b2094f6b1f1f49641e47118c3ed1299fa7fbb40c46db71f2db61849521c6047f4fa61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0151d251f4ad5502aa6f68662e37201a |
| SHA1 | 5c6d1fe867d0c11064a89663b657fa2e12c8248f |
| SHA256 | 718bd612301f9550679c945685bc4af490ded76499c18715fb89a86814e85619 |
| SHA512 | 5fa13aea1b387ec7da942fd7c12492a01a56a678898564214049299a5e8a21b5e0aa1317cf667f9bbf82caeee5756f65c7147c42a31c7bdf294b59079124d983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c5c67ae7d5964e5dcd76db2e02f1aa79 |
| SHA1 | 15dbb8cf6db83100dbb418fe5faa8da1e4e099fe |
| SHA256 | 7ddb96181359c61895086afb175a09f7ac93e3ea1be7dd5a5c9e02979337f7a6 |
| SHA512 | 1d46fb1c99a9f3373e212fc2686fb2d74caec6c7ca4eade4d312d12d7130fa3875b6ddb46f15902d43923833fcaa5f285f5df4f44d974887132b3818c29ebcfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4271ab3b5a5c2bb22b2ecae8e178111b |
| SHA1 | ed7d30505d571d5a43161191798e158f374375c0 |
| SHA256 | e5c6b0fce505e0b0edd3657a22ba83f98fb4a5853cfb291e28c9186e7390598e |
| SHA512 | 0ae1c2414f68c21e5e426ad71fd999c8235b13af386d0cd9a40bb5d9f4ed2a9d7040fc7d588cc25e261068b99bfbce34c0c37db768ddb89195aac652b01eb43c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4a4383745a7fda8e54e984ac1eb5827 |
| SHA1 | 9899e86e967a81916838a8f639ea4f4e773656ff |
| SHA256 | 02a194fd8f3e7eb96c215414fd81da03668fd72115175ebdd37fe6c3618b58af |
| SHA512 | cda01367d4cfe263199ff65302165a8a1b2c3f461658152c4965472b1d0c668dd37d949c813450e76e1489b532e9b0de7465d86e8433f44de6e77c5be148b458 |