Malware Analysis Report

2025-08-06 01:42

Sample ID 241108-2gdptszrc1
Target patchnewworking12.exe
SHA256 6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01
Tags
pyinstaller discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01

Threat Level: Shows suspicious behavior

The file patchnewworking12.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller discovery spyware stealer

Loads dropped DLL

Reads user/profile data of web browsers

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Browser Information Discovery

Unsigned PE

Detects Pyinstaller

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 22:33

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 22:32

Reported

2024-11-08 22:36

Platform

win7-20240903-en

Max time kernel

52s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2140 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe
PID 2140 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe
PID 2140 wrote to memory of 880 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe
PID 1760 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 1732 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1760 wrote to memory of 880 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ef9758,0x7fef6ef9768,0x7fef6ef9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb27688,0x13fb27698,0x13fb276a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2708 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2408 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_RedTiger-Tools-main.zip\RedTiger-Tools-main\Setup.bat" "

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_RedTiger-Tools-main.zip\RedTiger-Tools-main\requirements.txt

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=572 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4192 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2340 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2404 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2100 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4668 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3188 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3484 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4608 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2564 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4748 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4636 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4360 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4468 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4668 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1228,i,13654272746479836437,16922385910892439717,131072 /prefetch:8

C:\Users\Admin\Downloads\python-3.13.0-amd64.exe

"C:\Users\Admin\Downloads\python-3.13.0-amd64.exe"

C:\Windows\Temp\{5F3293D5-EED9-426A-A258-4C80C2B402B5}\.cr\python-3.13.0-amd64.exe

"C:\Windows\Temp\{5F3293D5-EED9-426A-A258-4C80C2B402B5}\.cr\python-3.13.0-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.13.0-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.python.org/downloads/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.187.195:443 id.google.com tcp
US 8.8.8.8:53 packaging.python.org udp
US 104.16.253.120:443 packaging.python.org tcp
US 104.16.253.120:443 packaging.python.org tcp
US 104.16.253.120:443 packaging.python.org udp
US 8.8.8.8:53 plausible.io udp
GB 79.127.237.132:443 plausible.io tcp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 media.ethicalads.io udp
US 104.26.5.62:443 media.ethicalads.io tcp
GB 142.250.187.195:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
US 8.8.8.8:53 www.python.org udp
US 151.101.128.223:443 www.python.org tcp
US 151.101.128.223:443 www.python.org tcp
GB 142.250.187.214:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.213.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.67:80 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 support.google.com udp
GB 172.217.169.14:443 support.google.com tcp
GB 172.217.169.14:443 support.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 172.217.169.14:443 support.google.com udp
GB 172.217.16.238:443 www.youtube.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 216.58.201.110:443 www.youtube.com udp
GB 142.250.178.14:443 ogs.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 151.101.128.223:443 www.python.org tcp
US 151.101.128.223:443 www.python.org tcp
US 151.101.128.223:443 www.python.org tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.212.202:443 ajax.googleapis.com tcp
GB 216.58.212.202:443 ajax.googleapis.com udp
US 104.26.5.62:443 media.ethicalads.io tcp
US 8.8.8.8:53 s3.dualstack.us-east-2.amazonaws.com udp
US 8.8.8.8:53 ssl.google-analytics.com udp
US 3.5.132.175:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.132.175:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.132.175:443 s3.dualstack.us-east-2.amazonaws.com tcp
US 3.5.132.175:443 s3.dualstack.us-east-2.amazonaws.com tcp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 2p66nmmycsj3.statuspage.io udp
GB 142.250.200.40:443 ssl.google-analytics.com udp
FR 3.165.136.74:443 2p66nmmycsj3.statuspage.io tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 www.python.org udp
US 8.8.8.8:53 www.python.org udp
US 151.101.192.223:443 www.python.org tcp
US 151.101.192.223:443 www.python.org tcp
US 151.101.192.223:443 www.python.org tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21402\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

\??\pipe\crashpad_1760_WBXVSFNGOVKTVZBQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 be6e3fee895d6f7199b6baec1fd91a42
SHA1 ad1737800ca5131804a96aeb85cb2960a1193e71
SHA256 bdc06a7b06c22b3ce84142c08c006ccaa78d9beb5125ffb971775d8177af1dbd
SHA512 4bd3a667114cc4f7134e1ff120a291aa7bdbbd3f0b81b9884345df6d4ed407e1237b742fd21eec6498369962f04ad4726e1f8eee4856dee03bfefba329f7e70e

C:\Users\Admin\AppData\Local\Temp\CabFA87.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarFA99.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8036d60daf21c0a6647081543bb63796
SHA1 b627a5cdec2059b9e7629450b1a5a3cc47f049d5
SHA256 89ace02cc682bf89b0a5e31bb2335bda13d2f478909274b1f17f3e974d917328
SHA512 6b2bad0d87345b3d68c6ea7a8dd1f31c264da712a4b4099b4f688b7fa8d76e741c3cb86d5ceec21df7189a81d9af9e6070a1e2619c5237306620b553a99c02c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6458cd84c5738c86aaae7167d2039ba2
SHA1 fb67934ccaf2d011985a95671dd42d31c0c5b2cc
SHA256 7e8c009ab85326992b21f1141a3d8c0172cc482557799b0720d74741754e169a
SHA512 9814e83cf84e328ba178aa740293fd7b9c441705073f468ae40d2910693530f647ad899922260697d4e0c8fc54738fa8d907cbb32f56e6e1c4c685b82f92baab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 546fb1d272cc4d30bfe8dc3bad220b33
SHA1 5c3fee314a81ad1f6d2b26766ff5469f33173f0e
SHA256 ab82c78c8d3160f28fb0fca2d76b89c7ccf000001d4acf12c00e8e67b243a1fc
SHA512 9a42df196fbdb62188940ee61931e0a840720e10edf605ff07800e1a438e16b21f2e2aab1425eb9160a00423a7d0bbb5159eac0a200d7e4b277849d8d5b539a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2221fb369f2705423288da685ee94770
SHA1 c4206a9b5f99709db87d49ed25adc4384d382f67
SHA256 c0ecc87b7a1334fdb60931e4b12d46e0489462e074401ee544389d41cff2a381
SHA512 7bbd0104d4306e88b9320601f8020a6f38f2eca350bb57b277a83ae83f259e436fb59f66b70b4a0a71ee8c67f664d0f4c79183fab5617f4b3b66c2059ee86ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02a8ebdcd1f9defe97de3be29f3856dc
SHA1 284c161e9239bc1a5b0e87ba2394e52eceba7df4
SHA256 54955a5b3e006572bfb8955ddd052ad5d0265702dc57e7f50dcf5faeaded120b
SHA512 b59888deb5dc765be5d178899282572f7837906e5d49caf929483f8572e2feef2fcb72ad4a860ed7499488665bec010b62a7f0bb27e101a53e153766bbce7783

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23aec50fe13d6b8962920272d3ba7f2
SHA1 f7cb7fdda09dfadafd431f9a07509e5a46b9fb78
SHA256 2e2a57ff182137b0e5593fbcb25e6ae42da2c9f037cc0b484ec1f09564c06ab9
SHA512 c4ce2270fcd70e9da015597782f81b882896c842a0d15ac14ea3852bc0a1f554358c1b89dbd0b9b55c2a9ee5859eb4e71d1057871e237da7722770699faa23d8

C:\Users\Admin\Downloads\RedTiger-Tools-main.zip.crdownload

MD5 cbe01ed3f054ff5c3a43d93c9725cb61
SHA1 55218312b9addedbee3c380f9b30b5501549c8b8
SHA256 235d16e7430c9b47791b73ce78023875d05efae7a45169994571798014f24f68
SHA512 4b5df8ea236c1a27280e11e01088e4ba0a06efa1c483d8f03fd44aff92fd9506050025308c99a956953c5d0035b02d002cad56de638ad389d101bf33820ef379

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7394405e1df34eaec8af295970b610f8
SHA1 9b1480acc79aa6de6c37975bace0d413086e3c3e
SHA256 a23f3b6afa32b0d119d93510944abfea60b6eb0ffd11aa76f38af8f2429445a3
SHA512 33a56f627da41fe0c7cfac86e049ce19ec106929818429c30c727bcb2cc46347d87cca4cecbf38e165fb5decfff43b441de79979a7381fba2d38d21f21160f37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb59e077973354b750d3e99e25dc6ad9
SHA1 b49e15cae54032fb7a665790d00a63e60798be83
SHA256 45179a533984a11470723a1cf75942b71a5adad279cd42373806746e2af386ed
SHA512 f82522cba42bf50be9835ae9094df7021014c48cf5f105d0b7ecf1ab2a7c331f598964434111869ce2f49114f4417fe4a7c55f3d2d5116025924d82a5c1f9bcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 94252136eb2d293d0c9cba19636563cf
SHA1 d6ce0be0119d0b54f0c8bdfad38e37dc2f7db21e
SHA256 5ba1f2aee1fadef0e2190820d39890d15994dcd4f26f709a37904f937bd14096
SHA512 d8fb23f70c2581c6b56e5e193ce7729781e71e73bd98c81c02d23d2cdb8a6ff8a89c26825bc476afa2e5b70f625df6ffcab22b6f217f5d44290763c7ee4acd85

C:\Program Files\Google\Chrome\Application\SetupMetrics\20241108223345.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3b6d8f4d-bc39-440f-a109-9472a613b3fb.tmp

MD5 231efbcd1d103c6ac9d3b20d40c211da
SHA1 94496e15fedb04db3b0514c5105ae484b4909870
SHA256 00fce436f0476db827e5c22e4f0a4262db4dfc616e6e874534b8609b623aafca
SHA512 6bbb8cd37bf6481637a17fe0461ef87ae0417e60905086e77324180b410f7a3cf118557ca0d7f9a7e7b89051a2d3ca81ed31548afba02c7191cc71d0c96163b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c214e4cd4f63922b08261f52f5b43c6
SHA1 9787916a6cdb6600c2106632861ea5a06c34cd58
SHA256 1530083b1c9b1c46b0bd40ec5f8a34d7b19be9e07e289aa701efc7ff74883df9
SHA512 c3c8d6be0e964763a448563721506a8b58939adeca60ae841d895f875b1dd4734c09bf10b79f8ecfb5489ed0ad3f2dc3d98117f579a9084feec60cd712def72b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 703ff76cacc56c3b30b81aed87d60c9c
SHA1 11dc640a02755d7b5926c4925ce942d42879fbaf
SHA256 a17514f3f76633de00954a6926564de3e1c2a4e43e83edea47e7fa04e681f6ef
SHA512 668eae5549d02bd5ed4cc82c34869341f32bb082065bfd0aa98b6721ec6ff1080115d30a027b13c9df4b65dd09dd72f53c409ecb455a2597b2508046edb37ef5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 24393e2ccc4e7a164f062df993d27335
SHA1 c8f960244677439e72295d499440f295ae5be7c5
SHA256 3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130
SHA512 a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 d4586933fabd5754ef925c6e940472f4
SHA1 a77f36a596ef86e1ad10444b2679e1531995b553
SHA256 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA512 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 6e16a0e00a70defc9c40ae9ece97c9e5
SHA1 9772b4012ee94ed05356c98ba7e27e71283211d7
SHA256 82c83658c88de47b8e7da9904ca19299fc174763fcee974dd3c087b80b9bd532
SHA512 5e3984a7985a21d5644f5b579f32f408b28bfcb4de59764f403e4e10e08085e7b3f099748fa6e22180b6097edb4d8c20b676de182999155b13fdec4fae93367d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d8ed1d721b292b43672fdd5cb64276
SHA1 67f80cafa83e828ea908eb8263ad181f0abe33ce
SHA256 1662a997e58308e2581736ea8604c047ce64cedd4e508538ec78cfc141be45f6
SHA512 75d2b795ff463ab06360d26c3a8f12d2bf0bdfe8d254a096c888753ab5bc0389a41da2b468d63bdc4aed0ba80cd69597d2153bb6dd7be7479e31dfaa62a0f686

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77fddf.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b06875bc67cea08a686844ec84316695
SHA1 b64b6d4a993c896866dfb7860ff5b1b449b71a12
SHA256 30ce0deca9f8a569193aa8c7ec9d6752875d80861199792fb2e99dfc9c70bd3d
SHA512 3279226237062231e07e5e4d19fdf9bf7f8ab108906c53b6f86ebb0246018cb972cb6e4984b243f3ed90f8287c6229ebcd1aa0445f1bb3c0630ec01871b583ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2589a45d466ba73b9c0164bee3860cc0
SHA1 d738de323868011be3d2b3ae2826dc301892cadf
SHA256 673cda88f17d73bfd269f2381a1745851a2c5973ed5836fe85e3433b8c351348
SHA512 3ab2c499e31186c2d7955b60806214199fa96ca0ce05d5e8afa755420d48423ff24bd407f6237dd8cfddb62c365e3a9e328f9de01906c30503f83985f32d0631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2cb9c6f6bde28ce75edb3423f666a832
SHA1 07bc40573b76e6e4df72dcd1915016b838189692
SHA256 76138370f6a25fdec8d14e09116ace53ae79048eeeda2bc58aaee54103ac900d
SHA512 560d3404e2f17e9256b55e8ed3895f0e3219e63b71c13e13a6e0c8751db66ea1ed9b1a2bc3c118397012592ff01b9c467f21d21a5fd7ea50529fe3c1e11d6c28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 92e69accc467641a7e96ccf768e4c508
SHA1 63ec87f74015e199ab8038926a3a90874065a195
SHA256 ca2a84f8e8fd0c1e792243fcdf910213e790169d3e24755b1f19a7e528171293
SHA512 f0e1aaffb0029bb4f076703097b997c2fce3a1d229d452e922739a9945dbd78673a751d3df0c6ac7ec58ccd84ad21a2d439edca7e52148ad3a29ec09b7cac424

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95765c0b81bebb319544f64f9bcd0985
SHA1 db7e61abfaa3e5c75254d04f4742f632647d09a0
SHA256 885374c2ffdc6e55d10afad9704517f39f887605f7e5138f799621d90039c77c
SHA512 4f518cfc88c3aef47bc9efc6ce5f6ae37f98a2892a67f1d03e83083468437a4be7ddc44a500a1de55379817dbf673f9738e8c37cf61291d975a0a0fd3ea5a5cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6168a8ac6c91fd10bac5bd9d4d3b1306
SHA1 2bbff9345bf1016a50579745267d49a76fcf430b
SHA256 35457a442b7892e2d16a3118a0cbe4302e2861c9ad08bf4030026cbc42d60071
SHA512 ecedc049b44850b9cebd83c2f91363a62765f6bd06bb43ff5343d8698fd1e1fd670dca2953fc687a80e328f852e3b5564a5d2e58c18a777058eac977d5fd9c31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7c23c2db8202e04b012300516573b22
SHA1 fa500e6c82e1875bc1fe19b2733cec136fba841a
SHA256 19ab1460fa6387f61b4f3b6aca571ab54542a6ea49e4de3c84d280b53ebe7ad8
SHA512 4c676e161420a4dace3828e9fad99562d97fe05b240f3d49b74bc11da435b4b73ec81effcfdcd1bb7de94ba0f2ddfebfac6efa4b64c402f08f50ed7ae44e0fc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c2e5de4594c4d4452a0d43f68a69f5b
SHA1 7255d57b4ccc57668f847742dc37a3a6d3c89ce3
SHA256 3e083b6f7c6f47647226f78b3b8a899a3560d7c0f77cb1a9951b64fa11a1a25a
SHA512 669fa6b3d4028cfdd52833a2939c5a06aa74cca470f7955a8fda604122a5b7010e7303fe2e46a3a2eca4371ef04ca747e594f1017c1426e838cca62449e0ca85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf35f4bffb4871beddb716982fadd80b
SHA1 679b12b67a53e86bd9360ff005ed7d39c146da51
SHA256 6afe80063fb4530dfcfe51df1c3a00562535852358ecf85e19e14a0bc0a85296
SHA512 79aabec77adff61e04694efd0c2c914b65f6723eecea73f664cd769487e23d8740d0c32fbd37cc5ae7b6f91177e3719ea4a4efea613444eb3275fda4ea451893

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 01ffd01af1b0917507ba13b4cc92c762
SHA1 965044356dc8bf8c51d6a14f9c6a55d68eec3b42
SHA256 f61db5a134a7a3f0ed17d5a42a2e9358be67d701f3057a14e1884665bb503678
SHA512 d8a1565270cf04920e54db3a5ba5de82ce992b9e4d535e3d8f3c11d70c9a0a9b331f3c42f96fce0788f1622f1fe1783a646e9fdc3efbfbd1b194889bb89a67cb

C:\Users\Admin\Downloads\python-3.13.0-amd64.exe

MD5 f5e5d48ba86586d4bef67bcb3790d339
SHA1 118838d3bc5d1a13ce71d8d83de52427b1562124
SHA256 78156ad0cf0ec4123bfb5333b40f078596ebf15f2d062a10144863680afbdefc
SHA512 ffaef212d55e3bdd87e79cbfacebc0612ffc1c8c4b495585392746202dce6332383199f0206113ee95ebb4a76d718d0700e1aed9ad518d43b7569a44f0a39427

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 54e6e47521348168343c4e17aabbd41d
SHA1 325e7c460a968f2b52046a5e3a1ad83c30b42fa7
SHA256 c50d693ac454e43dd4c0bb34d86ffa8359b22661a9e1183ac6f8f59d5072d69c
SHA512 0542eec3312746bf102561515947c8384731088d111b50fab29aba6121668e09efd77a6b2d34dc5e4bbf4932f6b0114f75057c2d3dcc83147357c5adbfc5053c

\Windows\Temp\{5F3293D5-EED9-426A-A258-4C80C2B402B5}\.cr\python-3.13.0-amd64.exe

MD5 a9b28dd6caf9f5cef0271e9230fd63a7
SHA1 1b83a794bf2f657ac17da5443970f59c255a6bd5
SHA256 e28657d542725e31c0683557b2125b7f031b17cdd36177dbf030871cba83e10d
SHA512 4ce57206031fa0e43f14a389f3aac2256002631126020829ff429768faa1c729c0e97b2b90e9934e593ea212cbb370c79587eac165c623680b38784f64a6b931

\Windows\Temp\{4A562F3B-52C7-4307-A9F5-A17ADB476583}\.ba\PythonBA.dll

MD5 9751bbeaa1ccffa70003201b43f727c3
SHA1 8a6cedbe54a955ef25477c961679ae7482481b2c
SHA256 b76b8a4ff515ee27ba9da62e64a39b3140fcb35a83d42c5126442c9b4c5d5f59
SHA512 b9f0474e311635aa13b4c7d234101e2f08206a6853c825bc8772b977427ce7ce33e45b998cf051d5b70148b511c81d8c630b4757c662d0519ffe42bd18f906ad

C:\Windows\Temp\{4A562F3B-52C7-4307-A9F5-A17ADB476583}\.ba\SideBar.png

MD5 888eb713a0095756252058c9727e088a
SHA1 c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA256 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA512 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 594a3cbbaeffafbce4163cf09ab12f7f
SHA1 be0acc38ac09719313716cafe076bc56d1d3f3ed
SHA256 00ecd0e315200b70307a4d95f0de12731ddafb5d938c29d07431752fbe557241
SHA512 b519ceaee623ba6fb768b4fd4a3f15f4778fd6c9164774288a2de06124dede8b782e684baf85788cd78a8956ab80c2e3944da9eb10dc34de732cb2af35ce5737

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d8d2f88fb66b4827ad1b07c683d94ffb
SHA1 741ea930cb270d8ab392e91f1a25d5e6f13781d0
SHA256 ccf1423dfd89b29236b6878b03aaa46ac35397ad2118c035743fc6c01f8b072d
SHA512 03b44a520e1fc69bc9eb156e7d9d8116dfa72eec91077775808bc4ca76ecbf64df05edea7fc0709be43836e46d1079cab4ab5fe5ff99d6e365aea3badc2a3e9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 81c5e87ce4e1a92b033af9f49079a22e
SHA1 32d0dad75226f3e71a8a1659b45f7494ef7d15af
SHA256 58485a824d17b0db85752a9c595eed465abfcdeec5b080a2bf82eb0bee47bff6
SHA512 7b27900110e17127221e1fd3f328d7d93701160a42dc5e7291a9a89390ec7998107a228067144f3a0aa67ddf8ec85dc7012ce0915cfb0414298b0a057cf7128e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a637b3bd9258cc7454f3af84a5e98205
SHA1 ba6d0e1946acfe9174948f6ed0a3564863279ee7
SHA256 ecb15eecd8b73b991e1c2259308690733336d4d8640144d677a8f27f0e596022
SHA512 16885650a090e9b3234b3d15b3cb703e9d2d8edbc11f2c7fb369be68d62092b751f740565d3dfa7c8c2aea59cb65290fb13a0c3171a79b4339adc99824cb3f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 75e5f6b6f3f6186913234ba077e53f68
SHA1 c5cfba3c34d83eb2bb21e2311e27226e0390a7e4
SHA256 2c332c785c2bd392dccbfffbab96374aec838f2a72f07b03169fe42942592a2e
SHA512 bd01d392b7deb79e2fef27aa0e738a86a4f6cfa35734795302a6937d09ab449c58bc544f6aaf5351d9541016584c69c737e4ed2176fc6bfb2b7b18cf0539beb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a11efd9409b870f05e096d01f94540b7
SHA1 985a2b5de69314710ba75609775f2c9e933636c2
SHA256 8ebba88bc6020d03d39b304859b6d862e41dfccec5587e02bc4c475b5e2c7768
SHA512 415cd731aaf87c6d2586bcaca275ee793d65da51cda69d04c55d249439364c29810e4141c577318cbc8cbcb3752e5f5b42e8cb64373354122ef36614c33cd933

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e538ba40ddab028b5d0f12cae4098972
SHA1 0fd354a0841ef3e0f98477562534e947f0c62de4
SHA256 94b5cb18b3ec782173c5cb2258f36cce97cd8822d8599a3a97052d5c44589dfe
SHA512 227c1a766296dcd138221bcb9952cc37f6b3a0b5d366819339d01e1950c1137d30e6249344e3d5be6b9988bbcf3073f68c0ede190bc4853eacfcbf419d507324

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3ccc073babab9aabc1f7e6e8a65253c
SHA1 d51bd93caf11649400167ca5f416d01f6ae82efc
SHA256 015cab2ea95043f839069ceef631357ef12f7d3b9f60f9587a77c32d2a3f1c02
SHA512 e9e6d08664f824fd86e414a2a49229333114e484938347b01b0afcb5f6eae4d6efa79aaad5663981f485626bb3acb6645849397ac60c26b66513e4fe605084cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f50df7da9c5021af66ddd9f9cde8a404
SHA1 09b36a57dcbab3ef854a2cc5ac8d36bb59563f5a
SHA256 2a603b7757bf67482a58f3722acad711e937f44c3fabec85a28394c12ce7ca99
SHA512 cc1aaad76a7acfa7a286637a97f03ae574fe436f80641ca5bd995c7b6839577cd39e90140db8e23b073a3732f3e96e86ee76da47dcd66e8343f9857372d61241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b093ecc0668d17a8c8d0b29fefb85ab
SHA1 d7903d2f932acbe5c248560d01b7006c75b84407
SHA256 28a419d2164531457963454377dc92d308d5e79845d0e0374d29e80604006057
SHA512 4830c9dcd2021e81ece25357a8643d339e55b43d114e686afee25f8ca33e139797740f588d4e2f6ffd770efacbd0332a7666ad64f3bed8c0398cd38cc89cbfaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0553bdeeed8bfdf9343bba29f6dfe330
SHA1 e6ddb175ac4750094af4c61683bd657add6a999c
SHA256 2128114ab5ee754f1c4212066c69063027f19666b3c38d580383820761850145
SHA512 0a0875b253e7bc955c2fc1ded5547e321d7867486a3b92617525487b4d47079c2d8d356cf55f08b86539551f8a7ce05d8c40041c45d379d52d3131fbff50280a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c982c085bd1d87a58eea1a869de37a79
SHA1 1ba6d8a71355ed65e8e9bbc9471c69f3e34a4ca9
SHA256 bd1bdb07baea226a3adb7fa1a2e77e4a24435843f5e3238e67263540bdd4284f
SHA512 668d22cfab0ab5ac75fcfd43e05bfe3fbc460892b901d780019e3ed313d96b42f63937ecfe243ab41ad461a1346184a3600d2a1c396bd3dd58119b5c6349e9c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d91fbee8ff1329f7504170e64ecbc4
SHA1 915aca9f00ba49a8f249b693ba1e58a410fff8e8
SHA256 c76dd90a1c3264ab1861e0b72fe9cbc4c16044ae87c53346a933b08e6bafc244
SHA512 9f0040d223d132176ea941e7a6292459878eddbd93e18f5b514e2229e31b8db6851e9386fc9bcd21f933476c8c39796061677eafc761446f2b4b55d13d38c583

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42272a946eecaf648bb5fa354b9156d5
SHA1 6e735178c5d6f3f778ead39369f0cfb1db27dd00
SHA256 b0bbc30a1ef91c658098784c7e712c18af755588130575ec4882cdbff8e0e585
SHA512 eeebc160891acaf5ff0abffb2c8b867de46f98814da77d2c4797709970b05a8ac2f973653ecfd5c7bfc8f570a060d38a744ff6a8a07d6291a8335a6014c1b1e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16a3692add7a6770187790c160d2e456
SHA1 9ea677958c35b6c1c6bc19a25a7a9e63c7698548
SHA256 2b4f09229c4642aa5945a22db4c5b2398594151e9e52f18ed872a6ac5237e38a
SHA512 8e72f85a16cd6b876a0b63a5a4bb8c2c683e07d2281ed5adefe436d377e63e128bdc5c46980d3ce78d95cb24b8ca819b23d23c2f49358d1a357ba50a56c024cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16b0c08c2e09e61445e5d99f4021fb66
SHA1 b6aeef43ed38efb19d6a5ecd9bd22a9a38ee39ab
SHA256 77f077c683c5c062206e047f2e7d56bb2729edd8ff0478ed0674135fc973afe1
SHA512 84c0be920fa15fe36817ccdfab5cb217ae7a8dc0de38a9698be07565d328ce4d33de2c8e5fbd62f9f175ca6c3c90a21a99978049ce96e6081ed888c644dc819c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6bca831c17bfb11ba65477a03c53b45
SHA1 75f8520ac000f5496eedc2fbec702fc816343182
SHA256 b85d76fe998e609a44badd5a182894223811deeefed57dc9057c30e16b865d2c
SHA512 88e5d37f9213141808eae4067e69e4bafc099ecfc0779dd7029e38c9fbe728815997d1bf898df7f557761046f8963aa75dd0abbe3b646d6a2a6eca97d5a37232

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e31d565b91d07735b027018f3b9e7f4
SHA1 78f62ecbdc63fc571276e9beee0c0f5aa756dedf
SHA256 3372b321f35edadbe84f3bd6f09dfa3faf120d98fc2723ea1aa8d59258b4e7a5
SHA512 36f1832ad07782f0ef9818341cd8108bc81084dadde536c48c8c5b57b1b339ff4d322cda9fb1248e48459e5ed1984a1879143be7add7d5c318463b185e9c8661

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d225e26da94e4846fb2cc962e099a27b
SHA1 50c32aa661be5e95f34421c8bd97d9caa3ca411d
SHA256 289fb9d13a0fa5766a6de32b79a008fcfc4bbbdb80f183d71f45ec7b6c08413a
SHA512 724abdfbdbe835d5064781c455d62b83ffe2faf748c79053b67804c03ace974837f9868b42f12e444717447edf8288bcfceab671ffb39800821f7eded67f411e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa8218c62e75ff6239c812c59d6bf622
SHA1 2270d7cf130c531790258c26ca919b8bca6f163d
SHA256 b92794e6c281e1b75f05a87d059c5119a9f0a49d58620386936c0bd29c67f5a7
SHA512 d69bd0627fe76d06cac70810b099ae71c025876725fefc5abd73fd48db758d1696309b786dcee90582e6f74288e8e7ace00fca2b4b143ea306423dfae2f54051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbc5275a0c1d63119978d61513bc3042
SHA1 3d2dcd1c8bd8d3b3c211a51b8b0466c7ed6bc0b8
SHA256 5ea97a18db532f5580e3210801fbb07b78273eeecb0819761f582329a6393d4e
SHA512 a80a51fe7eb65c6c1c1aeb85f406fd8d59eaa1905663561a063f796bfc66dbbf1ddac82aeaac9fdc73c4d35f4dc27cba2fbc8afab10d7f410e0b3de7968537e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3d922d5a7153ae2029374b1844bb360
SHA1 60dfc7478d81a8ac54ba8f98a0b5d5c6d7d7f815
SHA256 95235311c75cf3be31b8167dbfc26117f8ffa96c7cf96ff31a205e3b35621809
SHA512 9971c39d8b086baa53ffb0e6fb78f17dbfc754a4df197c0e655f50ac4137457e31ce203ccba20046898e22885f0ced19a173755497b67fe76c095477a66daf29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfc3c6bd1cdcc22bb00ba030fa676828
SHA1 b04b4743bcefa8d410d1bfd30b8f880a4244161b
SHA256 545488b38025f22673552fc08a385cdf755297a3a0426792d923075460cc195d
SHA512 0ee0eadc70e248ba4bb5d87acf3c8292bd2007bfc3841e5cd2e3e5ab9c06097ee98fdce3b4c2857c6e50daf12f604c35213528e3d0524c0212463f5103317cf5

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-08 22:32

Reported

2024-11-08 22:36

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

Signatures

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ã…¤.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ã…¤.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Browser Information Discovery

discovery

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{EEEF14F3-C7FF-43C3-A6D3-8575F141D26B} C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2104 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe
PID 2104 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe
PID 1952 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 4980 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 4980 wrote to memory of 4816 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\wbem\WMIC.exe
PID 1952 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 928 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\system32\cmd.exe
PID 1952 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\SYSTEM32\control.exe
PID 1952 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe C:\Windows\SYSTEM32\control.exe
PID 1712 wrote to memory of 784 N/A C:\Windows\SYSTEM32\control.exe C:\Windows\system32\netplwiz.exe
PID 1712 wrote to memory of 784 N/A C:\Windows\SYSTEM32\control.exe C:\Windows\system32\netplwiz.exe

Processes

C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe

"C:\Users\Admin\AppData\Local\Temp\patchnewworking12.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\SYSTEM32\control.exe

control userpasswords2

C:\Windows\system32\netplwiz.exe

"C:\Windows\system32\netplwiz.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 redtiger.shop udp
FR 213.130.145.42:443 redtiger.shop tcp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.134.233:443 discordapp.com tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 42.145.130.213.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.134.233:443 discordapp.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI21042\python310.dll

MD5 deaf0c0cc3369363b800d2e8e756a402
SHA1 3085778735dd8badad4e39df688139f4eed5f954
SHA256 156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d
SHA512 5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

C:\Users\Admin\AppData\Local\Temp\_MEI21042\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_ctypes.pyd

MD5 ca4cef051737b0e4e56b7d597238df94
SHA1 583df3f7ecade0252fdff608eb969439956f5c4a
SHA256 e60a2b100c4fa50b0b144cf825fe3cde21a8b7b60b92bfc326cb39573ce96b2b
SHA512 17103d6b5fa84156055e60f9e5756ffc31584cdb6274c686a136291c58ba0be00238d501f8acc1f1ca7e1a1fadcb0c7fefddcb98cedb9dd04325314f7e905df3

C:\Users\Admin\AppData\Local\Temp\_MEI21042\base_library.zip

MD5 699b649fafc1acc8a7634e266bbf0ace
SHA1 af1f52e4a25cbedf30a2c521f7cb77583410553f
SHA256 3f60dee1b7f4a83845762f971095addac36dea72ba52086b30674be816b6dd82
SHA512 72bb0f6df7b43d3c355577f6d3eb8ffa44c992c500476b335e59573ad120c1c2fac86e81795e6100a5f58f40f9ea6fffb90ebb286ae409ef0ed61b934c6a179a

C:\Users\Admin\AppData\Local\Temp\_MEI21042\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI21042\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_bz2.pyd

MD5 bbe89cf70b64f38c67b7bf23c0ea8a48
SHA1 44577016e9c7b463a79b966b67c3ecc868957470
SHA256 775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723
SHA512 3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_uuid.pyd

MD5 041556420bdb334a71765d33229e9945
SHA1 0122316e74ee4ada1ce1e0310b8dca1131972ce1
SHA256 8b3d4767057c18c1c496e138d4843f25e5c98ddfc6a8d1b0ed46fd938ede5bb6
SHA512 18da574b362726ede927d4231cc7f2aebafbaaab47df1e31b233f7eda798253aef4c142bed1a80164464bd629015d387ae97ba36fcd3cedcfe54a5a1e5c5caa3

C:\Users\Admin\AppData\Local\Temp\_MEI21042\pyexpat.pyd

MD5 43e5a1470c298ba773ac9fcf5d99e8f9
SHA1 06db03daf3194c9e492b2f406b38ed33a8c87ab3
SHA256 56984d43be27422d31d8ece87d0abda2c0662ea2ff22af755e49e3462a5f8b65
SHA512 a5a1ebb34091ea17c8f0e7748004558d13807fdc16529bc6f8f6c6a3a586ee997bf72333590dc451d78d9812ef8adfa7deabab6c614fce537f56fa38ce669cfc

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_socket.pyd

MD5 0f5e64e33f4d328ef11357635707d154
SHA1 8b6dcb4b9952b362f739a3f16ae96c44bea94a0e
SHA256 8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe
SHA512 4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_queue.pyd

MD5 52d0a6009d3de40f4fa6ec61db98c45c
SHA1 5083a2aff5bcce07c80409646347c63d2a87bd25
SHA256 007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75
SHA512 cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

C:\Users\Admin\AppData\Local\Temp\_MEI21042\win32\win32api.pyd

MD5 00e5da545c6a4979a6577f8f091e85e1
SHA1 a31a2c85e272234584dacf36f405d102d9c43c05
SHA256 ac483d60a565cc9cbf91a6f37ea516b2162a45d255888d50fbbb7e5ff12086ee
SHA512 9e4f834f56007f84e8b4ec1c16fb916e68c3baadab1a3f6b82faf5360c57697dc69be86f3c2ea6e30f95e7c32413babbe5d29422d559c99e6cf4242357a85f31

C:\Users\Admin\AppData\Local\Temp\_MEI21042\pywin32_system32\pythoncom310.dll

MD5 65dd753f51cd492211986e7b700983ef
SHA1 f5b469ec29a4be76bc479b2219202f7d25a261e2
SHA256 c3b33ba6c4f646151aed4172562309d9f44a83858ddfd84b2d894a8b7da72b1e
SHA512 8bd505e504110e40fa4973feff2fae17edc310a1ce1dc78b6af7972efdd93348087e6f16296bfd57abfdbbe49af769178f063bb0aa1dee661c08659f47a6216d

C:\Users\Admin\AppData\Local\Temp\_MEI21042\VCRUNTIME140_1.dll

MD5 bba9680bc310d8d25e97b12463196c92
SHA1 9a480c0cf9d377a4caedd4ea60e90fa79001f03a
SHA256 e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab
SHA512 1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

C:\Users\Admin\AppData\Local\Temp\_MEI21042\pywin32_system32\pywintypes310.dll

MD5 ceb06a956b276cea73098d145fa64712
SHA1 6f0ba21f0325acc7cf6bf9f099d9a86470a786bf
SHA256 c8ec6429d243aef1f78969863be23d59273fa6303760a173ab36ab71d5676005
SHA512 05bab4a293e4c7efa85fa2491c32f299afd46fdb079dcb7ee2cc4c31024e01286daaf4aead5082fc1fd0d4169b2d1be589d1670fcf875b06c6f15f634e0c6f34

C:\Users\Admin\AppData\Local\Temp\_MEI21042\select.pyd

MD5 c119811a40667dca93dfe6faa418f47a
SHA1 113e792b7dcec4366fc273e80b1fc404c309074c
SHA256 8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7
SHA512 107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_tkinter.pyd

MD5 470364d8abdc5c22828df8e22c095ed2
SHA1 4c707b1061012deb8ce4ab38772a21d3195624c2
SHA256 4262cabac7e97220d0e4bd72deb337ffd9df429860ab298b3e2d5c9223874705
SHA512 70eb15796ead54cdadf696ea6581ff2f979057c3be8c95c12ab89be51c02b2aba591f9ee9671e8c4f376c973b154d0f2e0614498c5835397411c876346429cd5

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_ssl.pyd

MD5 9ddb64354ef0b91c6999a4b244a0a011
SHA1 86a9dc5ea931638699eb6d8d03355ad7992d2fee
SHA256 e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab
SHA512 4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_asyncio.pyd

MD5 4543813a21958d0764975032b09ded7b
SHA1 c571dea89ab89b6aab6da9b88afe78ace90dd882
SHA256 45c229c3988f30580c79b38fc0c19c81e6f7d5778e64cef6ce04dd188a9ccab5
SHA512 3b007ab252cccda210b473ca6e2d4b7fe92c211fb81ade41a5a69c67adde703a9b0bc97990f31dcbe049794c62ba2b70dadf699e83764893a979e95fd6e89d8f

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_overlapped.pyd

MD5 02c0f2eff280b9a92003786fded7c440
SHA1 5a7fe7ed605ff1c49036d001ae60305e309c5509
SHA256 f16e595b0a87c32d9abd2035f8ea97b39339548e7c518df16a6cc27ba7733973
SHA512 2b05ddf7bc57e8472e5795e68660d52e843271fd08f2e8002376b056a8c20200d31ffd5e194ce486f8a0928a8486951fdb5670246f1c909f82cf4b0929efedac

C:\Users\Admin\AppData\Local\Temp\_MEI21042\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI21042\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_sqlite3.pyd

MD5 9f38f603bd8f7559609c4ffa47f23c86
SHA1 8b0136fc2506c1ccef2009db663e4e7006e23c92
SHA256 28090432a18b59eb8cbe8fdcf11a277420b404007f31ca571321488a43b96319
SHA512 273a19f2f609bede9634dae7c47d7b28d369c88420b2b62d42858b1268d6c19b450d83877d2dba241e52755a3f67a87f63fea8e5754831c86d16e2a8f214ad72

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_multiprocessing.pyd

MD5 62733ce8ae95241bf9ca69f38c977923
SHA1 e5c3f4809e85b331cc8c5ba0ae76979f2dfddf85
SHA256 af84076b03a0eadec2b75d01f06bb3765b35d6f0639fb7c14378736d64e1acaa
SHA512 fdfbf5d74374f25ed5269cdbcdf8e643b31faa9c8205eac4c22671aa5debdce4052f1878f38e7fab43b85a44cb5665e750edce786caba172a2861a5eabfd8d49

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_hashlib.pyd

MD5 d856a545a960bf2dca1e2d9be32e5369
SHA1 67a15ecf763cdc2c2aa458a521db8a48d816d91e
SHA256 cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3
SHA512 34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_decimal.pyd

MD5 6339fa92584252c3b24e4cce9d73ef50
SHA1 dccda9b641125b16e56c5b1530f3d04e302325cd
SHA256 4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96
SHA512 428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_cffi_backend.cp310-win_amd64.pyd

MD5 2baaa98b744915339ae6c016b17c3763
SHA1 483c11673b73698f20ca2ff0748628c789b4dc68
SHA256 4f1ce205c2be986c9d38b951b6bcb6045eb363e06dacc069a41941f80be9068c
SHA512 2ae8df6e764c0813a4c9f7ac5a08e045b44daac551e8ff5f8aa83286be96aa0714d373b8d58e6d3aa4b821786a919505b74f118013d9fcd1ebc5a9e4876c2b5f

C:\Users\Admin\AppData\Local\Temp\_MEI21042\unicodedata.pyd

MD5 4c8af8a30813e9380f5f54309325d6b8
SHA1 169a80d8923fb28f89bc26ebf89ffe37f8545c88
SHA256 4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05
SHA512 ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

C:\Users\Admin\AppData\Local\Temp\_MEI21042\tk86t.dll

MD5 4b6270a72579b38c1cc83f240fb08360
SHA1 1a161a014f57fe8aa2fadaab7bc4f9faaac368de
SHA256 cd2f60075064dfc2e65c88b239a970cb4bd07cb3eec7cc26fb1bf978d4356b08
SHA512 0c81434d8c205892bba8a4c93ff8fc011fb8cfb72cfec172cf69093651b86fd9837050bd0636315840290b28af83e557f2205a03e5c344239356874fce0c72b9

C:\Users\Admin\AppData\Local\Temp\_MEI21042\tcl86t.dll

MD5 75909678c6a79ca2ca780a1ceb00232e
SHA1 39ddbeb1c288335abe910a5011d7034345425f7d
SHA256 fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512 91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf

C:\Users\Admin\AppData\Local\Temp\_MEI21042\sqlite3.dll

MD5 aaf9fd98bc2161ad7dff996450173a3b
SHA1 ab634c09b60aa18ea165084a042d917b65d1fe85
SHA256 f1e8b6c4d61ac6a320fa2566da9391fbfd65a5ac34ac2e2013bc37c8b7b41592
SHA512 597ffe3c2f0966ab94fbb7ecac27160c691f4a07332311f6a9baf8dec8b16fb16ec64df734c3bdbabf2c0328699e234d14f1b8bd5ac951782d35ea0c78899e5f

C:\Users\Admin\AppData\Local\Temp\_MEI21042\_lzma.pyd

MD5 0a94c9f3d7728cf96326db3ab3646d40
SHA1 8081df1dca4a8520604e134672c4be79eb202d14
SHA256 0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31
SHA512 6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

C:\Users\Admin\AppData\Local\Temp\_MEI21042\zstandard\backend_c.cp310-win_amd64.pyd

MD5 ee146c36c6f83a972594c2621e34212d
SHA1 71f41b8f4b779060fc96de58122e6c184cbe259c
SHA256 4378881d850bc5796f2d66f7689e7966915b11dfd9130449137fbcb61c296b84
SHA512 2964939a0091ffd3b0ec85afab65d6b447af8fc09e39d9f655f1fb0edaaa52b9b5cb8258b4621b787e787b9b1eccc53335ca83090be7d4739d77340dc31e46b1

C:\Users\Admin\AppData\Local\Temp\_MEI21042\charset_normalizer\md.cp310-win_amd64.pyd

MD5 f4f7f634791f26fc62973350d5f89d9a
SHA1 6be643bd21c74ed055b5a1b939b1f64b055d4673
SHA256 45a043c4b7c6556f2acfc827f2ff379365088c3479e8ee80c7f0a2ceb858dcc6
SHA512 4325807865a76427d05039a2922f853287d420bcebda81f63a95bf58502e7da0489060c4b6f6ffd65aa294e1e1c1f64560add5f024355922103c88b2cf1fd79b

C:\Users\Admin\AppData\Local\Temp\_MEI21042\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

MD5 47ee4516407b6de6593a4996c3ae35e0
SHA1 293224606b31e45b10fb67e997420844ae3fe904
SHA256 f646c3b72b5e7c085a66b4844b5ad7a9a4511d61b2d74153479b32c7ae0b1a4c
SHA512 efa245c6db2aee2d9db7f99e33339420e54f371a17af0cf7694daf51d45aebfbac91fc52ddb7c53e9fc73b43c67d8d0a2caa15104318e392c8987a0dad647b81

C:\Users\Admin\AppData\Local\Temp\_MEI21042\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

memory/1952-1146-0x00000219AA540000-0x00000219AA541000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\downloads_db

MD5 f310cf1ff562ae14449e0167a3e1fe46
SHA1 85c58afa9049467031c6c2b17f5c12ca73bb2788
SHA256 e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855
SHA512 1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

C:\Users\Admin\AppData\Local\Temp\downloads_db

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Temp\Browser_Admin\Cards_Admin.txt

MD5 a7a1f4f644a683d90617c1a9f6ca9322
SHA1 855f6f20969993ae7aad210eea07ba2c3c199896
SHA256 053190fb92c05eb92b1eb35ae1f662055b5f5fd9652580e6e08058401c871e7d
SHA512 f945d675c22f8b099306d5b68ec04046af919d2a47201d021cbd95d40d5a4f8b042de5c83e85d1b93b302a2c8ac55695f55fb62a64e6cb1a7371efa26effb65e

C:\Users\Admin\AppData\Local\Temp\Browser_Admin\Cookies_Admin.txt

MD5 724ac9319448d341030898e33a03f09a
SHA1 7408dfb5c791ebcdfe2d826232e0b922ac14b3a4
SHA256 34e5d0c4db91d03fd6183e294a262269f1b644a9af46e104a63ae2e6182f1c2d
SHA512 6a8674466799c1e5f1c4fd5f9a79ad8502430d3f576578fba4a0c96a4095a17845edf936917683bfbd58db32f3fadf27266f109ab0d2c9f53356c5c8e1f15f4e