Analysis Overview
Threat Level: Likely malicious
The file https://github.com/MATTIAloyoutuber/SYS-HALTER.EXE was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Disables RegEdit via registry modification
Possible privilege escalation attempt
Modifies file permissions
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
System Location Discovery: System Language Discovery
Program crash
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-15 12:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-15 12:23
Reported
2024-08-15 12:28
Platform
win10v2004-20240802-en
Max time kernel
274s
Max time network
283s
Command Line
Signatures
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll | C:\Windows\system32\svchost.exe | N/A |
Browser Information Discovery
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Windows Media Player\wmplayer.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\unregmp2.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\unregmp2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files (x86)\Windows Media Player\wmplayer.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/MATTIAloyoutuber/SYS-HALTER.EXE
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f8c46f8,0x7ffa2f8c4708,0x7ffa2f8c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4943428873257642451,16286765418057513520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5588 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "C:\Users\Admin\Downloads\SYS-HALTER.EXE-main\SYS-HALTER.EXE-main\SysHalter.py"
C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
C:\Windows\system32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5988 -ip 5988
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 2264
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SYS-HALTER.EXE-main\SYS-HALTER.EXE-main\README.md
C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SysHalter.zip\SysHalter.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\RIP.bat"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers /grant Administrators:F /t
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x430
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault356562deh0fach4a13h9da9h32c861adf7ca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffa2f8c46f8,0x7ffa2f8c4708,0x7ffa2f8c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,568499311806029460,8451608618261229627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,568499311806029460,8451608618261229627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2648 /prefetch:3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_4276_RZLPPPCZDLVOTEQI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b5c653c81098e527e0bd89fbffc62d7a |
| SHA1 | fa9d338dbdaa9f0de644bc9c86f063ef1bddd293 |
| SHA256 | e0db24c99ebe88b04a2cc7cf773bed3111f82ce2cf15889f049acbe84e3863fc |
| SHA512 | ae659bdcb803ab8fbc81de08446c06845121c420a51c02c45948d06a2a772a2fb104ee07b644c243c4e6959a9f63e5422a8a2d81164cbfe3dc47960ed8efa18f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f574516aaf860d19a4f3b46c9f80b840 |
| SHA1 | 5b24380125b13ebe2c1f81d4202d55a03271423d |
| SHA256 | 35f006b5265da1ff95ed71ac300b9e30be3051384e9888e9129f0ec51ad26372 |
| SHA512 | f496b71f4c0f0208fcc18c14447236b33dddf7274ade380de006526f37843c720cae99a13096b1968d213b53e89d0796a00dfcde022aa6951c35cb8bae65f05f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a5915b54e1ea122e87f3b5ea77f57552 |
| SHA1 | fb90652c0a4e0970f0b585a0d27cd367d1755a54 |
| SHA256 | eb81eca0e7c41aa8a5a3d60706a944f1279a1f8e8f0e4541e078c9ef3ce97ad1 |
| SHA512 | 9c05c902c1dd9b492454078183c4c52b960d1327508a4eeeac5ac6b5fcb68d2d1aec3135d4d2e544d6e2605ad2df54942e9c87a157b21d3439a577d3834a2fac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed2e7399c396fa6b440d44548bc49333 |
| SHA1 | 9332796d1d23fd1b84d1a27d9d293a3bf1e6dfad |
| SHA256 | a3d84f5ec3afcfe79872bd3853280c3615dd864ce532d939a1c0638b7912f2fe |
| SHA512 | 7ae4323d7110e5f5f6fcd2628bdb3f8894896e14a1e386599fa3f4c1166adedb458c302331dba5ba8f609a193f6a5612d698571eb1c2974a2059bcab830bb316 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e6930aa8942db6b30cac8a01407eae93 |
| SHA1 | 8365d3e0edc1a51e6052fc0aea9f8be01188d578 |
| SHA256 | bdb3335d89afdd19150dea227d7c8dcc55612a8f0e02d701e1895dbdaecef0f5 |
| SHA512 | 1a2fdfdf68634e85017cd561fbba7f6c3d9a3d667eef8e75ffbe69c55290264387b44705b05c9ff222146fca1711cad13df1dc25488630189c54d8e0a093b81e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c4cb3d7c61eb388584d0af05292e9c13 |
| SHA1 | b5f93c9aa025e55f936935ce1de972ad6f05742e |
| SHA256 | 4c729cb0409fd0d350972b14a2297e034c464c45f28dfd6b9560faa56155ce4e |
| SHA512 | a7e9dc12bcbe79c24e012ade3caefe81daf30aec82e46256a7c06d4ff30ee9b5c1a6b54c791997b994ded9f3b8cf6f12d90ebf38210a8686268b2eac9f8953b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 62426cf85d27e893391c4b97a5a6c284 |
| SHA1 | 31a3ed676c74413d9f55b277582a9dfef963d358 |
| SHA256 | 69a0e6803fa688903ffd049e6f67cb9b92e7fec1551b9a53f73cc7ad558c5ca5 |
| SHA512 | 624b1e2aad921b0cba95039e87e9d0dcf7aaabb25bed080897b397b69caaf49dc4e938938bda8ae39ce463588baff69c755a2fafc39670db0c0e6b32eac61305 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5873a4.TMP
| MD5 | 561ffa7b7f650ded403a689ac38a10b8 |
| SHA1 | 1e41aad77e86a1937655df0c669f281111dd44d1 |
| SHA256 | 4e138a64c60e570043d7f0b98ef0a8ad6b558842c19e40abfedf952c27b9733b |
| SHA512 | 20f9b042046b155de1415388897b1fa5e6ff27730ceb3883032bbdf97bc5c385b2c205f401677155a7f1e1948d621bbb169f4a3d3b81f6a849cb7838f62088ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a672b86288b8c790f798a24e9a675b97 |
| SHA1 | 0f4e04f338694a968dee1283d69ce777702aae10 |
| SHA256 | 9beac5655f8d70eafbae1b3143a711347f4134a60b5595dfd7eedf571ae9f2ef |
| SHA512 | 93da0d1d8a28d0c7c7ec5280262fa504b9e9e834e02b43e0932fc84458592ad7cef2e321eb91a0b0bc72d3c8ead8f32d65051d3e851feffe9a9a262accf2e10b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 632d7e39dfdf4ee691543d908de46d01 |
| SHA1 | 368665b6b4f64559cfacea1c12660c742086e180 |
| SHA256 | 8244f48ea06126d10a42bd41aa3d03cb68ed5b263bf0cc1276e5a454e19edb77 |
| SHA512 | 25e7350fd854425915384f2b9bcb872da938db90a68c77ed88ec2b1874db1cc2d5ffd7bd9e1cc7e64f6d674b614fb4f680e0b292fd739843c9cfd7e13dd2ca39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4b3b40fcaf13457bc419e850d781cdc |
| SHA1 | f64581b3e051d8f17f440d35be5250385dad0822 |
| SHA256 | 9d582f38b6b00981eef3eebf074780186770a9538c7f3abdbfb6b497cbeacbd4 |
| SHA512 | a0e856b3c954fd09f783718ea8dd0edc87550ef93d00dd66422b23453c6fdcce7280f83746eee50a7f1720df67eab0c73e72dc3162106f6a0ee19067b80e7fec |
C:\Users\Admin\Downloads\Unconfirmed 647782.crdownload
| MD5 | cffe78ff02e96183dd96f1a7a850eb61 |
| SHA1 | 471c88d9abdad9ccba1fd18925ad22c7c71e2abe |
| SHA256 | 9d92af0a2bf6773f512a0b6771c4729da7001a4ff3bfdf995a49d524a270c38a |
| SHA512 | 90dc6973ab984ff69439fe54761c47d6577a5a5460c11a9a6eac64cee2dec836b0ca98ddc8ce251304280af52aa26dc79794ce024cfd5951f7e54f69c98b20bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 5433eab10c6b5c6d55b7cbd302426a39 |
| SHA1 | c5b1604b3350dab290d081eecd5389a895c58de5 |
| SHA256 | 23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131 |
| SHA512 | 207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
| MD5 | 90be2701c8112bebc6bd58a7de19846e |
| SHA1 | a95be407036982392e2e684fb9ff6602ecad6f1e |
| SHA256 | 644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf |
| SHA512 | d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | f63420442b67dfd4d341e8db8dd5ec7f |
| SHA1 | 6472a539757ba7ccade29887f2d86eea95b36af0 |
| SHA256 | 48ef6c07237ebb2772b4ace5a724b6fe081eb4dc3f596955ab0fbe8d0fc064d7 |
| SHA512 | d43f7f4dedaf56f2b54951ef05fc7168e9d0d3829d5a8678ed6df4c10509259a4a86b0bc6e017397aa981a3908c5b00688bb668f7bec32a2a73fd6333fa82c83 |
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
| MD5 | 69f19d4852871a84a8a0ed1d866f85d5 |
| SHA1 | 4beb1e6c1821f42ab832503de703b9e12f292c9a |
| SHA256 | 3f63b0021c1b7cb9b9ab2b69768a78ddfc20fb616e9df714897d3b103dbda233 |
| SHA512 | c1dae9b9fbbf52f7d35707db1f62d304167a69a178df77679fdb531a869a1917765235a89dcbf71635785f06814b8afa71fe3926460f681c038dbc2e2ef6cf81 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 2a33558693766372beb89f3c639e4065 |
| SHA1 | 06c34c545532ff13c98a9cb4b5743b600ee48583 |
| SHA256 | 7054e910d3ddf85dcf3c3aa434fa3a854defb8ab03e735352b4d6938b408fde5 |
| SHA512 | 23b68e750ae420cd3b55e2accb14a21e8aeaa32cd2ceb4ac52bd2d0311224104c364d06a9fea72fde3b6eade0336cfdb41fea5d0f3723fa7dfb1ed3e9d3361fc |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\python312.dll
| MD5 | 550288a078dffc3430c08da888e70810 |
| SHA1 | 01b1d31f37fb3fd81d893cc5e4a258e976f5884f |
| SHA256 | 789a42ac160cef98f8925cb347473eeeb4e70f5513242e7faba5139ba06edf2d |
| SHA512 | 7244432fc3716f7ef27630d4e8fbc8180a2542aa97a01d44dca260ab43966dd8ac98b6023400b0478a4809aace1a128f1f4d6e544f2e591a5b436fd4c8a9d723 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_ctypes.pyd
| MD5 | 2a834c3738742d45c0a06d40221cc588 |
| SHA1 | 606705a593631d6767467fb38f9300d7cd04ab3e |
| SHA256 | f20dfa748b878751ea1c4fe77a230d65212720652b99c4e5577bce461bbd9089 |
| SHA512 | 924235a506ce4d635fa7c2b34e5d8e77eff73f963e58e29c6ef89db157bf7bab587678bb2120d09da70594926d82d87dbaa5d247e861e331cf591d45ea19a117 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_wmi.pyd
| MD5 | c1654ebebfeeda425eade8b77ca96de5 |
| SHA1 | a4a150f1c810077b6e762f689c657227cc4fd257 |
| SHA256 | aa1443a715fbf84a84f39bd89707271fc11a77b597d7324ce86fc5cfa56a63a9 |
| SHA512 | 21705b991e75efd5e59b8431a3b19ae5fcc38a3e7f137a9d52acd24e7f67d61758e48abc1c9c0d4314fa02010a1886c15ead5bca8dca1b1d4ccbfc3c589d342e |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_ssl.pyd
| MD5 | ddb21bd1acde4264754c49842de7ebc9 |
| SHA1 | 80252d0e35568e68ded68242d76f2a5d7e00001e |
| SHA256 | 72bb15cd8c14ba008a52d23cdcfc851a9a4bde13deee302a5667c8ad60f94a57 |
| SHA512 | 464520ecd1587f5cede6219faac2c903ee41d0e920bf3c9c270a544b040169dcd17a4e27f6826f480d4021077ab39a6cbbd35ebb3d71672ebb412023bc9e182a |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_socket.pyd
| MD5 | 9c6283cc17f9d86106b706ec4ea77356 |
| SHA1 | af4f2f52ce6122f340e5ea1f021f98b1ffd6d5b6 |
| SHA256 | 5cc62aac52edf87916deb4ebbad9abb58a6a3565b32e7544f672aca305c38027 |
| SHA512 | 11fd6f570dd78f8ff00be645e47472a96daffa3253e8bd29183bccde3f0746f7e436a106e9a68c57cc05b80a112365441d06cc719d51c906703b428a32c93124 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_queue.pyd
| MD5 | f3eca4f0b2c6c17ace348e06042981a4 |
| SHA1 | eb694dda8ff2fe4ccae876dc0515a8efec40e20e |
| SHA256 | fb57ee6adf6e7b11451b6920ddd2fb943dcd9561c9eae64fdda27c7ed0bc1b04 |
| SHA512 | 604593460666045ca48f63d4b14fa250f9c4b9e5c7e228cc9202e7692c125aacb0018b89faa562a4197692a9bc3d2382f9e085b305272ee0a39264a2a0f53b75 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_overlapped.pyd
| MD5 | 61193e813a61a545e2d366439c1ee22a |
| SHA1 | f404447b0d9bff49a7431c41653633c501986d60 |
| SHA256 | c21b50a7bf9dbe1a0768f5030cac378d58705a9fe1f08d953129332beb0fbefc |
| SHA512 | 747e4d5ea1bdf8c1e808579498834e1c24641d434546bffdfcf326e0de8d5814504623a3d3729168b0098824c2b8929afc339674b0d923388b9dac66f5d9d996 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_multiprocessing.pyd
| MD5 | 4ccbd87d76af221f24221530f5f035d1 |
| SHA1 | d02b989aaac7657e8b3a70a6ee7758a0b258851b |
| SHA256 | c7bbcfe2511fd1b71b916a22ad6537d60948ffa7bde207fefabee84ef53cafb5 |
| SHA512 | 34d808adac96a66ca434d209f2f151a9640b359b8419dc51ba24477e485685af10c4596a398a85269e8f03f0fc533645907d7d854733750a35bf6c691de37799 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_lzma.pyd
| MD5 | b71dbe0f137ffbda6c3a89d5bcbf1017 |
| SHA1 | a2e2bdc40fdb83cc625c5b5e8a336ca3f0c29c5f |
| SHA256 | 6216173194b29875e84963cd4dc4752f7ca9493f5b1fd7e4130ca0e411c8ac6a |
| SHA512 | 9a5c7b1e25d8e1b5738f01aedfd468c1837f1ac8dd4a5b1d24ce86dcae0db1c5b20f2ff4280960bc523aee70b71db54fd515047cdaf10d21a8bec3ebd6663358 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_hashlib.pyd
| MD5 | b0262bd89a59a3699bfa75c4dcc3ee06 |
| SHA1 | eb658849c646a26572dea7f6bfc042cb62fb49dc |
| SHA256 | 4adfbbd6366d9b55d902fc54d2b42e7c8c989a83016ed707bd7a302fc3fc7b67 |
| SHA512 | 2e4b214de3b306e3a16124af434ff8f5ab832aa3eeb1aa0aa9b49b0ada0928dcbb05c57909292fbe3b01126f4cd3fe0dac9cc15eaea5f3844d6e267865b9f7b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_decimal.pyd
| MD5 | f930b7550574446a015bc602d59b0948 |
| SHA1 | 4ee6ff8019c6c540525bdd2790fc76385cdd6186 |
| SHA256 | 3b9ad1d2bc9ec03d37da86135853dac73b3fe851b164fe52265564a81eb8c544 |
| SHA512 | 10b864975945d6504433554f9ff11b47218caa00f809c6bce00f9e4089b862190a4219f659697a4ba5e5c21edbe1d8d325950921e09371acc4410469bd9189ee |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_bz2.pyd
| MD5 | 59d60a559c23202beb622021af29e8a9 |
| SHA1 | a405f23916833f1b882f37bdbba2dd799f93ea32 |
| SHA256 | 706d4a0c26dd454538926cbb2ff6c64257c3d9bd48c956f7cabd6def36ffd13e |
| SHA512 | 2f60e79603cf456b2a14b8254cec75ce8be0a28d55a874d4fb23d92d63bbe781ed823ab0f4d13a23dc60c4df505cbf1dbe1a0a2049b02e4bdec8d374898002b1 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\_asyncio.pyd
| MD5 | 209cbcb4e1a16aa39466a6119322343c |
| SHA1 | cdcce6b64ebf11fecff739cbc57e7a98d6620801 |
| SHA256 | f7069734d5174f54e89b88d717133bff6a41b01e57f79957ab3f02daa583f9e2 |
| SHA512 | 5bbc4ede01729e628260cf39df5809624eae795fd7d51a1ed770ed54663955674593a97b78f66dbf6ae268186273840806ed06d6f7877444d32fdca031a9f0da |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\unicodedata.pyd
| MD5 | 04f35d7eec1f6b72bab9daf330fd0d6b |
| SHA1 | ecf0c25ba7adf7624109e2720f2b5930cd2dba65 |
| SHA256 | be942308d99cc954931fe6f48ed8cc7a57891ccbe99aae728121bcda1fd929ab |
| SHA512 | 3da405e4c1371f4b265e744229dcc149491a112a2b7ea8e518d5945f8c259cad15583f25592b35ec8a344e43007ae00da9673822635ee734d32664f65c9c8d9b |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\select.pyd
| MD5 | 8a273f518973801f3c63d92ad726ec03 |
| SHA1 | 069fc26b9bd0f6ea3f9b3821ad7c812fd94b021f |
| SHA256 | af358285a7450de6e2e5e7ff074f964d6a257fb41d9eb750146e03c7dda503ca |
| SHA512 | 7fedae0573ecb3946ede7d0b809a98acad3d4c95d6c531a40e51a31bdb035badc9f416d8aaa26463784ff2c5e7a0cc2c793d62b5fdb2b8e9fad357f93d3a65f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\pyexpat.pyd
| MD5 | f179c9bdd86a2a218a5bf9f0f1cf6cd9 |
| SHA1 | 4544fb23d56cc76338e7f71f12f58c5fe89d0d76 |
| SHA256 | c42874e2cf034fb5034f0be35f7592b8a96e8903218da42e6650c504a85b37cc |
| SHA512 | 3464ece5c6a0e95ef6136897b70a96c69e552d28bfedd266f13eec840e36ec2286a1fb8973b212317de6fe3e93d7d7cc782eb6fc3d6a2a8f006b34f6443498de |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\base_library.zip
| MD5 | d73f2d62474958d7c089e983ebebfaf6 |
| SHA1 | 01d85fc529b000b712484529a55919b674740365 |
| SHA256 | c56e96fe2f5bfa9eb2572e7a10274479925c361cde4aa20668f9b37c9bbf5df3 |
| SHA512 | 23ba2591b5568dd848d4c8030d08e97fca6469ad3b2e16d93a90b978b3883cfed4334b32c44faef74a5f8c2b63a7d580dac00018876721cab63784ea41db4ec5 |
C:\Users\Admin\AppData\Roaming\RIP.bat
| MD5 | 999f00923538a55650a57875fd81b242 |
| SHA1 | ba8fafd279479ace0208206a755cf7d401660ac7 |
| SHA256 | 69a6104d56521c1576b75b48cfe9c33bb8efd6923d203b2df0854cf8cddc9c90 |
| SHA512 | 555329ab1aab654d916fe68892a51545b7e06aa13493467b58dc50a0056f6cad549979ea97a2d61753e868495a9c4185063152efe91983b93c5a3befe32c6d6d |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\numpy\_core\_multiarray_umath.cp312-win_amd64.pyd
| MD5 | ac23ec7cbb7017edf1c375c307662a74 |
| SHA1 | d11204dbffd2f3b011894748188de1780641157a |
| SHA256 | 61f1c7ace31fbfbfaae8417d5fab2a459494486cdd69d357cda7e00ecaa07a07 |
| SHA512 | f866989d1446bb27ec6dfcd9150d461edab779f3c21f1520ae03b9fe9efc6897575f8d690becb8d86a87d6dc6d01e309d0a444b338418ef1c2474bbdc07fd495 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\numpy.libs\msvcp140-8021418012832a07a8ca5105a33b1086.dll
| MD5 | ec84e4662e892982a726c3742547b64e |
| SHA1 | 7ebf56e97e586c05acffab4375a38c906d3f3d9e |
| SHA256 | 85448e376dfad1859740aedaa2544b565e8a6e4e2e555de6c4638f4ab1b28843 |
| SHA512 | 837e4127f5aef404d75155c207ed8aaf1573793869453e3ff8e615b5ee06851b005f61b9071d40e820b493fe3d3be202b87d0be464765943241a07269df20c82 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\numpy.libs\libscipy_openblas64_-fb1711452d4d8cee9f276fd1449ee5c7.dll
| MD5 | 6228837855e10997ad5cfa204aaeb620 |
| SHA1 | 23ec44b63a8203cac64180d044ba0ce2e5baafee |
| SHA256 | 39e80d3d5fd1e998cb7c5c7b5d54136af75a688dfa6c38470e8bf89b01eec134 |
| SHA512 | 1364a21bbacc2a2fc688eba7a998631050a75566b950c10320468b51d9660c18b881c9bbe1af1ca1ee4f86238c6e85fd4516435fecf1a606afea931dc59b25d3 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\numpy\_core\_multiarray_tests.cp312-win_amd64.pyd
| MD5 | cd54222449f4aa8ae4bb7fba50f26d38 |
| SHA1 | 53782abe8ff0da6f4072f0a5cc26795332d5ff39 |
| SHA256 | dbb7a1d545feb54ba1b7cd124e20f7d6c8cc328879bd5f72969d0ff3aa8e5056 |
| SHA512 | b6ad326466794403917fcb6b5dae5d5bbc42f0aa16a9ae68b3b6e49028a584a63c97b45bfefa455bb38f8ba3c402b2bc53793b55c7e68e27df054641543f58d8 |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\pyaudio\_portaudio.cp312-win_amd64.pyd
| MD5 | a7d01fcc8a52d8833f0fc8a1abaffc61 |
| SHA1 | 09249e6e0fdea1dc5acf9785fec376c1f2f561cd |
| SHA256 | 68a0a2aae8097aa20bf7e9b403a37829db9f00d9feb0dd5e6b7dc2e7fbcd7819 |
| SHA512 | 4bd174b8a5fe054aa447f5c9dcbb0fbdd48b1ca6a4a8db78d885a5d031147d84be92fa74a077c8ae3879cf5e53bea71f5759f82ec5863f05faf377b122fd0d0e |
C:\Users\Admin\AppData\Local\Temp\_MEI32162\numpy\linalg\_umath_linalg.cp312-win_amd64.pyd
| MD5 | 5ec5faf7db65a5e922533a8dd4c55ffe |
| SHA1 | bf2149229f1f15df0d19515baf56a0ec4f5c873d |
| SHA256 | ce80fddec4b670d8f11bfd3ff7b793f7f31dfaa2c97131b8e72fe8b0a67f950e |
| SHA512 | a2e6b1a1fd174700735c3826ba2190f87246cae773eb8ce5ab2f8ec5a73cd9f03d5edfadf3e9805602059f950f6034321b90ba0684f5504e4f4da93ece5eb009 |
memory/2384-472-0x00007FFA15AE0000-0x00007FFA17BBA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c7571cbcc1448aa5246016ad0feba7b4 |
| SHA1 | 36490fa23f20b45bdd8cda5f72facf47583ebb10 |
| SHA256 | 8dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8 |
| SHA512 | c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f |