Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/4nlwxAqL#SRB6SE9FtsJVXmVM_OuUWGUL2GJM7t2fe08Ym2dbty8 was found to be: Known bad.
Malicious Activity Summary
Exela Stealer
Exelastealer family
Grants admin privileges
Modifies Windows Firewall
Loads dropped DLL
Clipboard Data
Reads user/profile data of web browsers
Executes dropped EXE
Looks up external IP address via web service
Network Service Discovery
Legitimate hosting services abused for malware hosting/C2
Hide Artifacts: Hidden Files and Directories
UPX packed file
Enumerates processes with tasklist
Drops file in Windows directory
Drops file in Program Files directory
Launches sc.exe
System Network Configuration Discovery: Wi-Fi Discovery
Event Triggered Execution: Netsh Helper DLL
Permission Groups Discovery: Local Groups
Browser Information Discovery
Detects Pyinstaller
System Network Connections Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Gathers network information
Kills process with taskkill
NTFS ADS
Suspicious use of FindShellTrayWindow
Collects information from the system
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Enumerates system info in registry
Gathers system information
Views/modifies file attributes
Modifies data under HKEY_USERS
Runs net.exe
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-09 20:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 20:00
Reported
2024-11-09 20:02
Platform
win10ltsc2021-20241023-en
Max time kernel
111s
Max time network
112s
Command Line
Signatures
Exela Stealer
Exelastealer family
Grants admin privileges
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Clipboard Data
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Tools.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Tools.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\ARP.EXE | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Hide Artifacts: Hidden Files and Directories
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c7463fb2-6ffd-4419-ac8d-809398b1a0b3.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241109200056.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\CBS\CBS.log | C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Permission Groups Discovery: Local Groups
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
System Network Connections Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
Collects information from the system
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756561197074574" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 525939.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/4nlwxAqL#SRB6SE9FtsJVXmVM_OuUWGUL2GJM7t2fe08Ym2dbty8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff97bf846f8,0x7ff97bf84708,0x7ff97bf84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff7ae035460,0x7ff7ae035470,0x7ff7ae035480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6384 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x2fc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6116 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2208,1426029680493000943,14515432902983703750,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6836 /prefetch:8
C:\Users\Admin\Downloads\Tools.exe
"C:\Users\Admin\Downloads\Tools.exe"
C:\Users\Admin\Downloads\Tools.exe
"C:\Users\Admin\Downloads\Tools.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe""
C:\Windows\system32\attrib.exe
attrib +h +s "C:\Users\Admin\AppData\Local\ExelaUpdateService\Exela.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\mshta.exe
mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1208"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1208
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1628"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1628
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2700"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2700
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5108"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5108
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4360"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4360
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4720"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4720
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 1140"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 1140
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 4884"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /PID 4884
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 2236"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2236
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5192"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5192
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /PID 5200"
C:\Windows\system32\taskkill.exe
taskkill /F /PID 5200
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
C:\Windows\system32\cmd.exe
cmd.exe /c chcp
C:\Windows\system32\cmd.exe
cmd.exe /c chcp
C:\Windows\system32\chcp.com
chcp
C:\Windows\system32\chcp.com
chcp
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe Get-Clipboard
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4467_none_7e0f83e07c8c1985\TiWorker.exe -Embedding
C:\Windows\system32\HOSTNAME.EXE
hostname
C:\Windows\System32\Wbem\WMIC.exe
wmic logicaldisk get caption,description,providername
C:\Windows\system32\net.exe
net user
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user
C:\Windows\system32\query.exe
query user
C:\Windows\system32\quser.exe
"C:\Windows\system32\quser.exe"
C:\Windows\system32\net.exe
net localgroup
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup
C:\Windows\system32\net.exe
net localgroup administrators
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup administrators
C:\Windows\system32\net.exe
net user guest
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user guest
C:\Windows\system32\net.exe
net user administrator
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator
C:\Windows\System32\Wbem\WMIC.exe
wmic startup get caption,command
C:\Windows\system32\tasklist.exe
tasklist /svc
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\system32\ROUTE.EXE
route print
C:\Windows\system32\ARP.EXE
arp -a
C:\Windows\system32\NETSTAT.EXE
netstat -ano
C:\Windows\system32\sc.exe
sc query type= service state= all
C:\Windows\system32\netsh.exe
netsh firewall show state
C:\Windows\system32\netsh.exe
netsh firewall show config
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff96e36cc40,0x7ff96e36cc4c,0x7ff96e36cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2028,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3164 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3712,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3788,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4944,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,13997502721834994177,3024343501860914853,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5148 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gfs302n510.userstorage.mega.co.nz | udp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.25.206.185.in-addr.arpa | udp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CA | 185.206.25.20:443 | gfs302n510.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.242.104:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| FR | 45.112.123.227:443 | store1.gofile.io | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| N/A | 127.0.0.1:53421 | tcp | |
| N/A | 127.0.0.1:53428 | tcp | |
| N/A | 127.0.0.1:53431 | tcp | |
| N/A | 127.0.0.1:53433 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:53591 | tcp | |
| N/A | 127.0.0.1:53593 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cc10dc6ba36bad31b4268762731a6c81 |
| SHA1 | 9694d2aa8b119d674c27a1cfcaaf14ade8704e63 |
| SHA256 | d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f |
| SHA512 | 0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56 |
\??\pipe\LOCAL\crashpad_1208_AECAEQESCLJNHFWO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 467bc167b06cdf2998f79460b98fa8f6 |
| SHA1 | a66fc2b411b31cb853195013d4677f4a2e5b6d11 |
| SHA256 | 3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd |
| SHA512 | 0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8defe7701720c812ae283f7fe6101ae |
| SHA1 | d2713d27a5f668e56bf3e93d4f2246206d566574 |
| SHA256 | 5d7e3b3dca48a5227b999a99dcce3bc8eb79ae9ca9bd996f59a3e8bf46fb3633 |
| SHA512 | ca508e16a0d8bd7438fe209b33fc303aef91507fe6e38a518f27b5466ca62e37dbdf7f93ef89570eeab90b9530235b47ad45a6db8bfabcbbb288650b76a52cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3b964859deef3a6f470b8021df49b34d |
| SHA1 | 62023dacf1e4019c9f204297c6be7e760f71a65d |
| SHA256 | 087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5 |
| SHA512 | c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 2df49e8e11448f089e879ae7b4f30577 |
| SHA1 | 01216d23fce2cf14865e52a9951b4862a3aaef74 |
| SHA256 | 2750685d210f1f3de4eba397a780568f9c939e2f933039027978298eecaa6a5e |
| SHA512 | 300509d02aa0ee67ebe4257eeb752105b79b1d41df996ad1e1e53a0cf156d02b847f277aa12a6f1999e8b3168d9826b595d9eb7eeddec3b7ea684a657546be0c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f23c33eb347265e0c491cbbaa04d217f |
| SHA1 | afbd9f7fc777632cd7b06025546c5070a18c5e63 |
| SHA256 | 0aa9cd1d44966c48d3d1d70aeeab51d38800f714cbffaf15f5bbcbb1993d0bed |
| SHA512 | 3c0745e3e94161e8c8eecd3d9b2cb75940607ba8c69d6c7cf9611e83113b1349e77dfee1efe698f9bca80918091540dfacd5acdde9b7f1680461e785808be33b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f50cb573bf68fc7fdd739ba328fa61d6 |
| SHA1 | 12d574bf118fa1cb4d1cfa1b314705a2209858df |
| SHA256 | eb335cee61af7d0aae01f89740ac26ec9822cb155e924bc9d62b505f261b2551 |
| SHA512 | da09c678ba78bfd251c61ef109bb8df4a01c04dc5ccd6c0d8665beb5e1bcaeabc964670f7b2c13c12ea27363460ea7c1c01940b57bc4a289c972ce4ec67e6022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d94b053ace1199438cd3f853f6b45af |
| SHA1 | 7e9c5b02dc67c59c0864b104e7ac7c5dbd41a6ea |
| SHA256 | c7e647b0278bf2805c1a6106a6d3afbac0d7429135760971b4e4640665492c73 |
| SHA512 | 23b43bbb775094a2eed06df331fbd34486e41f509eab2656ca6707aa4c978501475e5a217d2b69fef26aa2f258865272c3c9a0d431b57704a1249de69af55926 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5c2d5c900312f44e72209416d45723cb |
| SHA1 | 68fb8909308589149399c3fb74605600833fbbc1 |
| SHA256 | 56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8 |
| SHA512 | 07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6d6fa7e8b98e22a229f140a85a303322 |
| SHA1 | e11c3d97fd66fa24fc863274853ca8eb7197e665 |
| SHA256 | 151d279fbfc89cc69f461ba4d50d048d4a977ad881ecd512b9dafc571e7e5dac |
| SHA512 | 72940adaffa94cf1653b7dc032c3b4ed7b12877618119f3241b39a76fec9770ef321762f73c6a3cdf57f40a2b8819bbcab188ee72589601c45cf112ec877933e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40c08d56c5feaced74b97ce197f08750 |
| SHA1 | f71cfa4a4b48f984eb060106888867e8c17cd7e1 |
| SHA256 | ffcaf28ad64b5769cdf720bd804af7c5fb5563dd373e13954c8ac88e5247f543 |
| SHA512 | bd20fb8daa8844c72e2c8f855d64d76e116bf25e617454a8dda582e7520f62c325862230f600ae0f50b3556eb5934990bd1bda20c6b4a3d4c3b92bb023d7e79c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 580d30a6d681949e596f05ce3ca93643 |
| SHA1 | 042cc44e68a563f0c4eb269a8592103d7313d5f0 |
| SHA256 | 60bcf5242a7d70e213c8c5626c4438287fba94c0fdbc256b86a44e9dfda077a8 |
| SHA512 | b70cfae648b3f55cba3eca54b5e6fa5310c7048f0163f111678350fa3220b2f3b54fd85f0aec4ab537645203f6dd8111a273776f1a85310bd3001ba70125d8bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c1e8.TMP
| MD5 | 24649e46612a671375a1ab65ee29b5c3 |
| SHA1 | 9cc1b5fd3108d9e81d4bfeab14add156ae55119f |
| SHA256 | a656f4728e2d21532f30a015a662b689a762805ab30b23bceaf1b4207be6141e |
| SHA512 | 7bbd3eed84bd5fd4e13e00fbcf3345cce520b2d455ff4347351c00e445f8d7c2c2fa47bba3873111491320bf72638d8856389a6d595c509f1d261e9a1be4ea74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\Tools.exe
| MD5 | 9ef872cbbbbc5bb4b1ee521ef0203930 |
| SHA1 | a0be1aff9a8feec9f847e6d1ef2a1f41eb5c062d |
| SHA256 | 41d0d7f4aeb95e0ef2b69f00b443b82f9cfab03dd47ca80cbb61ac8ae9b714ea |
| SHA512 | 4e250cd530e00b302082579fca6ae2a2d44058e5a288fc5fe809a040866702da84305060ced7f6fa89210e1e5811391142e4a4fe1917c71d60583378f4446dc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcacdae72b723d06ede44142131945d1 |
| SHA1 | ca2158fe18e5cd5a3568b0c1d4b5d560add4d59c |
| SHA256 | afcb5499beb28348ce5ee421903fa4a2a4352ce64ca48d2ec73ceddd088983d3 |
| SHA512 | 588d5bdc4621e6db265fd675812d567d96064c7e9a7f353a30f9a505625d3ecac152910ea81b1feb327ea827ec379eb5b00512b1ad4e5543439f5d916cf255db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5163964754e61aea387d5ae647cee41e |
| SHA1 | f37072bd81913515c8199cfef6bc58c89b547720 |
| SHA256 | 24a38b2059bdf38820b3a55ac8414aacf386b4d0f5aff8fb4fa1d46b4ddeada9 |
| SHA512 | 705dd1293022c886b19607699ea3fc1c543b7f3e62db1487292835289634a07408e4e86f38d41e4c7a2c73f20ab7904948410f0722315c0b4eed893ffabe1188 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\python311.dll
| MD5 | db09c9bbec6134db1766d369c339a0a1 |
| SHA1 | c156d9f2d0e80b4cf41794cd9b8b1e8a352e0a0b |
| SHA256 | b1aac1e461174bbae952434e4dac092590d72b9832a04457c94bd9bb7ee8ad79 |
| SHA512 | 653a7fff6a2b6bffb9ea2c0b72ddb83c9c53d555e798eea47101b0d932358180a01af2b9dab9c27723057439c1eaffb8d84b9b41f6f9cd1c3c934f1794104d45 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
memory/5888-414-0x00007FF969590000-0x00007FF969B78000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\base_library.zip
| MD5 | 2a138e2ee499d3ba2fc4afaef93b7caa |
| SHA1 | 508c733341845e94fce7c24b901fc683108df2a8 |
| SHA256 | 130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c |
| SHA512 | 1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_ctypes.pyd
| MD5 | b4c41a4a46e1d08206c109ce547480c7 |
| SHA1 | 9588387007a49ec2304160f27376aedca5bc854d |
| SHA256 | 9925ab71a4d74ce0ccc036034d422782395dd496472bd2d7b6d617f4d6ddc1f9 |
| SHA512 | 30debb8e766b430a57f3f6649eeb04eb0aad75ab50423252585db7e28a974d629eb81844a05f5cb94c1702308d3feda7a7a99cb37458e2acb8e87efc486a1d33 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_sqlite3.pyd
| MD5 | d9eeeeacc3a586cf2dbf6df366f6029e |
| SHA1 | 4ff9fb2842a13e9371ce7894ec4fe331b6af9219 |
| SHA256 | 67649e1e8acd348834efb2c927ab6a7599cf76b2c0c0a50b137b3be89c482e29 |
| SHA512 | 0b9f1d80fb92c796682dba94a75fbce0e4fbeaedccd50e21d42d4b9366463a830109a8cd4300aa62b41910655f8ca96ecc609ea8a1b84236250b6fd08c965830 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_ssl.pyd
| MD5 | fd0f4aed22736098dc146936cbf0ad1d |
| SHA1 | e520def83b8efdbca9dd4b384a15880b036ee0cf |
| SHA256 | 50404a6a3de89497e9a1a03ff3df65c6028125586dced1a006d2abb9009a9892 |
| SHA512 | c8f3c04d87da19041f28e1d474c8eb052fe8c03ffd88f0681ef4a2ffe29755cfd5b9c100a1b1d2fdb233cb0f70e367af500cbd3cd4ce77475f441f2b2aa0ab8a |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_uuid.pyd
| MD5 | 3377ae26c2987cfee095dff160f2c86c |
| SHA1 | 0ca6aa60618950e6d91a7dea530a65a1cdf16625 |
| SHA256 | 9534cb9c997a17f0004fb70116e0141bdd516373b37bbd526d91ad080daa3a2b |
| SHA512 | 8e408b84e2130ff48b8004154d1bdf6a08109d0b40f9fafb6f55e9f215e418e05dca819f411c802792a9d9936a55d6b90460121583e5568579a0fda6935852ee |
memory/5888-455-0x00007FF96A1A0000-0x00007FF96A313000-memory.dmp
memory/5888-457-0x00007FF96A170000-0x00007FF96A19E000-memory.dmp
memory/5888-461-0x00007FF969590000-0x00007FF969B78000-memory.dmp
memory/5888-465-0x00007FF97C140000-0x00007FF97C164000-memory.dmp
memory/5888-481-0x00007FF9690D0000-0x00007FF9690EB000-memory.dmp
memory/5888-491-0x00007FF96A0B0000-0x00007FF96A168000-memory.dmp
memory/5888-494-0x00007FF968870000-0x00007FF968FFA000-memory.dmp
memory/5888-496-0x00007FF968830000-0x00007FF968867000-memory.dmp
memory/5888-503-0x00007FF97A770000-0x00007FF97A785000-memory.dmp
memory/5888-495-0x00007FF974B90000-0x00007FF974BA2000-memory.dmp
memory/5888-493-0x00007FF969210000-0x00007FF969585000-memory.dmp
memory/5888-492-0x0000026261440000-0x00000262617B5000-memory.dmp
memory/5888-490-0x00007FF96A170000-0x00007FF96A19E000-memory.dmp
memory/5888-489-0x00007FF969000000-0x00007FF96901E000-memory.dmp
memory/5888-488-0x00007FF97C110000-0x00007FF97C11A000-memory.dmp
memory/5888-487-0x00007FF969020000-0x00007FF969031000-memory.dmp
memory/5888-486-0x00007FF969040000-0x00007FF96908D000-memory.dmp
memory/5888-485-0x00007FF969090000-0x00007FF9690A9000-memory.dmp
memory/5888-484-0x00007FF9690B0000-0x00007FF9690C6000-memory.dmp
memory/5888-483-0x00007FF96A1A0000-0x00007FF96A313000-memory.dmp
memory/5888-482-0x00007FF96A320000-0x00007FF96A343000-memory.dmp
memory/5888-480-0x00007FF96A990000-0x00007FF96A9BD000-memory.dmp
memory/5888-479-0x00007FF9690F0000-0x00007FF96920C000-memory.dmp
memory/5888-478-0x00007FF96A060000-0x00007FF96A082000-memory.dmp
memory/5888-477-0x00007FF96A970000-0x00007FF96A984000-memory.dmp
memory/5888-476-0x00007FF97C120000-0x00007FF97C139000-memory.dmp
memory/5888-475-0x00007FF96A090000-0x00007FF96A0A4000-memory.dmp
memory/5888-474-0x00007FF974B90000-0x00007FF974BA2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\yarl\_quoting_c.cp311-win_amd64.pyd
| MD5 | 1fa0ad3deb7f851a231c1a973b121b93 |
| SHA1 | 65ae7bb5fec98da8665c70290c40082c8358b688 |
| SHA256 | 0054d20391ebcd1ed30ef2d5aaa1efbbc5aceb7d8f716c16de0ac0d9d2680121 |
| SHA512 | 64b6cf9d90daca0fb5e2d0eb91c853edaa2fb90edea064b96032ce968ee46961464772e353bf503e05b05471330c5afc8ffc72273e6ebdb6b1ad22fbce331fbf |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_hashlib.pyd
| MD5 | 0629bdb5ff24ce5e88a2ddcede608aee |
| SHA1 | 47323370992b80dafb6f210b0d0229665b063afb |
| SHA256 | f404bb8371618bbd782201f092a3bcd7a96d3c143787ebea1d8d86ded1f4b3b8 |
| SHA512 | 3faeff1a19893257c17571b89963af37534c189421585ea03dd6a3017d28803e9d08b0e4daceee01ffeda21da60e68d10083fe7dbdbbde313a6b489a40e70952 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\multidict\_multidict.cp311-win_amd64.pyd
| MD5 | 5587c32d9bf7f76e1a9565df8b1b649f |
| SHA1 | 52ae204a65c15a09ecc73e7031e3ac5c3dcb71b2 |
| SHA256 | 7075185db068e3c8f1b7db75e5aa5c500fc76ed8270c6abc6f49681d7119a782 |
| SHA512 | f21d0530389138457d6fdcdb3487a3c8b030338c569b2742f9e691e43af1d9e779c98426bad81b152f343b324a9375fe1322ef74030b1c8f8ba606d19e562e97 |
memory/5888-469-0x00007FF97A770000-0x00007FF97A785000-memory.dmp
memory/5888-468-0x00007FF9801A0000-0x00007FF9801AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_overlapped.pyd
| MD5 | 97a40f53a81c39469cc7c8dd00f51b5d |
| SHA1 | 6c3916fe42e7977d8a6b53bfbc5a579abcf22a83 |
| SHA256 | 11879a429c996fee8be891af2bec7d00f966593f1e01ca0a60bd2005feb4176f |
| SHA512 | 02af654ab73b6c8bf15a81c0e9071c8faf064c529b1439a2ab476e1026c860cf7d01472945112d4583e5da8e4c57f1df2700331440be80066dbb6a7e89e1c5af |
memory/5888-464-0x00007FF969210000-0x00007FF969585000-memory.dmp
memory/5888-463-0x0000026261440000-0x00000262617B5000-memory.dmp
memory/5888-462-0x00007FF96A0B0000-0x00007FF96A168000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_asyncio.pyd
| MD5 | 1b8ce772a230a5da8cbdccd8914080a5 |
| SHA1 | 40d4faf1308d1af6ef9f3856a4f743046fd0ead5 |
| SHA256 | fa5a1e7031de5849ab2ab5a177e366b41e1df6bbd90c8d2418033a01c740771f |
| SHA512 | d2fc21b9f58b57065b337c3513e7e6c3e2243b73c5a230e81c91dafcb6724b521ad766667848ba8d0a428d530691ffc4020de6ce9ce1eaa2bf5e15338114a603 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\libcrypto-1_1.dll
| MD5 | 86cfc84f8407ab1be6cc64a9702882ef |
| SHA1 | 86f3c502ed64df2a5e10b085103c2ffc9e3a4130 |
| SHA256 | 11b89cc5531b2a6b89fbbb406ebe8fb01f0bf789e672131b0354e10f9e091307 |
| SHA512 | b33f59497127cb1b4c1781693380576187c562563a9e367ce8abc14c97c51053a28af559cdd8bd66181012083e562c8a8771e3d46adeba269a848153a8e9173c |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\libssl-1_1.dll
| MD5 | 6cd33578bc5629930329ca3303f0fae1 |
| SHA1 | f2f8e3248a72f98d27f0cfa0010e32175a18487f |
| SHA256 | 4150ee603ad2da7a6cb6a895cb5bd928e3a99af7e73c604de1fc224e0809fdb0 |
| SHA512 | c236a6ccc8577c85509d378c1ef014621cab6f6f4aa26796ff32d8eec8e98ded2e55d358a7d236594f7a48646dc2a6bf25b42a37aed549440d52873ebca4713e |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\sqlite3.dll
| MD5 | 895f001ae969364432372329caf08b6a |
| SHA1 | 4567fc6672501648b277fe83e6b468a7a2155ddf |
| SHA256 | f5dd29e1e99cf8967f7f81487dc624714dcbec79c1630f929d5507fc95cbfad7 |
| SHA512 | 05b4559d283ea84174da72a6c11b8b93b1586b4e7d8cda8d745c814f8f6dff566e75f9d7890f32bd9dfe43485244973860f83f96ba39296e28127c9396453261 |
memory/5888-453-0x00007FF96A320000-0x00007FF96A343000-memory.dmp
memory/5888-451-0x00007FF96A990000-0x00007FF96A9BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_lzma.pyd
| MD5 | bfca96ed7647b31dd2919bedebb856b8 |
| SHA1 | 7d802d5788784f8b6bfbb8be491c1f06600737ac |
| SHA256 | 032b1a139adcff84426b6e156f9987b501ad42ecfb18170b10fb54da0157392e |
| SHA512 | 3a2926b79c90c3153c88046d316a081c8ddfb181d5f7c849ea6ae55cb13c6adba3a0434f800c4a30017d2fbab79d459432a2e88487914b54a897c4301c778551 |
memory/5888-449-0x00007FF97A790000-0x00007FF97A7A9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_bz2.pyd
| MD5 | 80c69a1d87f0c82d6c4268e5a8213b78 |
| SHA1 | bae059da91d48eaac4f1bb45ca6feee2c89a2c06 |
| SHA256 | 307359f1b2552b60839385eb63d74cbfe75cd5efdb4e7cd0bb7d296fa67d8a87 |
| SHA512 | 542cf4ba19dd6a91690340779873e0cb8864b28159f55917f98a192ff9c449aba2d617e9b2b3932ddfeee13021706577ab164e5394e0513fe4087af6bc39d40d |
memory/5888-447-0x00007FF97D840000-0x00007FF97D84D000-memory.dmp
memory/5888-446-0x00007FF97C120000-0x00007FF97C139000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\select.pyd
| MD5 | c39459806c712b3b3242f8376218c1e1 |
| SHA1 | 85d254fb6cc5d6ed20a04026bff1158c8fd0a530 |
| SHA256 | 7cbd4339285d145b422afa280cee685258bc659806be9cf8b334805bc45b29c9 |
| SHA512 | b727c6d1cd451d658e174161135d3be48d7efda21c775b8145bc527a54d6592bfc50919276c6498d2e2233ac1524c1699f59f0f467cc6e43e5b5e9558c87f49d |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_socket.pyd
| MD5 | 04e7eb0b6861495233247ac5bb33a89a |
| SHA1 | c4d43474e0b378a00845cca044f68e224455612a |
| SHA256 | 7efe25284a4663df9458603bf0988b0f47c7dcf56119e3e853e6bda80831a383 |
| SHA512 | d4ea0484363edf284ac08a1c3356cc3112d410dd80fe5010c1777acf88dbd830e9f668b593e252033d657a3431a79f7b68d09eb071d0c2ceb51632dbe9b8ed97 |
memory/5888-516-0x00007FF96A060000-0x00007FF96A082000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_queue.pyd
| MD5 | 0614691624f99748ef1d971419bdb80d |
| SHA1 | 39c52450ed7e31e935b5b0e49d03330f2057747d |
| SHA256 | ac7972502144e9e01e53001e8eec3fc9ab063564678b784d024da2036ba7384d |
| SHA512 | 184bc172c7bb8a1fb55c4c23950cbe5e0b5a3c96c1c555ed8476edf79c5c729ed297112ee01b45d771e5c0055d2dc402b566967d1900b5abf683ee8e668c5b26 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_multiprocessing.pyd
| MD5 | 849b4203c5f9092db9022732d8247c97 |
| SHA1 | ed7bd0d6dcdcfa07f754b98acf44a7cfe5dcb353 |
| SHA256 | 45bfbab1d2373cf7a8af19e5887579b8a306b3ad0c4f57e8f666339177f1f807 |
| SHA512 | cc618b4fc918b423e5dbdcbc45206653133df16bf2125fd53bafef8f7850d2403564cf80f8a5d4abb4a8928ff1262f80f23c633ea109a18556d1871aff81cd39 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_decimal.pyd
| MD5 | e9501519a447b13dcca19e09140c9e84 |
| SHA1 | 472b1aa072454d065dfe415a05036ffd8804c181 |
| SHA256 | 6b5fe2dea13b84e40b0278d1702aa29e9e2091f9dc09b64bbff5fd419a604c3c |
| SHA512 | ef481e0e4f9b277642652cd090634e1c04702df789e2267a87205e0fe12b00f1de6cdd4fafb51da01efa726606c0b57fcb2ea373533c772983fc4777dc0acc63 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 0f0f1c4e1d043f212b00473a81c012a3 |
| SHA1 | ff9ff3c257dceefc74551e4e2bacde0faaef5aec |
| SHA256 | fda255664cbf627cb6a9cd327daf4e3eb06f4f0707ed2615e86e2e99b422ad0b |
| SHA512 | fcfa42f417e319bddf721f298587d1b26e6974e5d7589dfe6ddd2b013bc554a53db3725741fbc4941f34079ed8cb96f05934f3c2b933cda6a7e19cda315591a7 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\unicodedata.pyd
| MD5 | 06a5e52caf03426218f0c08fc02cc6b8 |
| SHA1 | ae232c63620546716fbb97452d73948ebfd06b35 |
| SHA256 | 118c31faa930f2849a14c3133df36420a5832114df90d77b09cde0ad5f96f33a |
| SHA512 | 546b1a01f36d3689b0fdeeda8b1ce55e7d3451731ca70fffe6627d542fff19d7a70e27147cab1920aae8bed88272342908d4e9d671d7aba74abb5db398b90718 |
C:\Users\Admin\AppData\Local\Temp\_MEI56202\pyexpat.pyd
| MD5 | fe0e32bfe3764ed5321454e1a01c81ec |
| SHA1 | 7690690df0a73bdcc54f0f04b674fc8a9a8f45fb |
| SHA256 | b399bff10812e9ea2c9800f74cb0e5002f9d9379baf1a3cef9d438caca35dc92 |
| SHA512 | d1777f9e684a9e4174e18651e6d921ae11757ecdbeb4ee678c6a28e0903a4b9ab9f6e1419670b4d428ee20f86c7d424177ed9daf4365cf2ee376fcd065c1c92d |
memory/5888-424-0x00007FF9801A0000-0x00007FF9801AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI56202\libffi-8.dll
| MD5 | decbba3add4c2246928ab385fb16a21e |
| SHA1 | 5f019eff11de3122ffa67a06d52d446a3448b75e |
| SHA256 | 4b43c1e42f6050ddb8e184c8ec4fb1de4a6001e068ece8e6ad47de0cc9fd4a2d |
| SHA512 | 760a42a3eb3ca13fa7b95d3bd0f411c270594ae3cf1d3cda349fa4f8b06ebe548b60cd438d68e2da37de0bc6f1c711823f5e917da02ed7047a45779ee08d7012 |
memory/5888-422-0x00007FF97C140000-0x00007FF97C164000-memory.dmp
memory/5888-520-0x00007FF9690F0000-0x00007FF96920C000-memory.dmp
memory/5888-559-0x00007FF9851B0000-0x00007FF9851BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fpiahoi5.jy3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5856-571-0x0000023C9B550000-0x0000023C9B572000-memory.dmp
memory/5888-576-0x00007FF968870000-0x00007FF968FFA000-memory.dmp
memory/5888-585-0x00007FF96A1A0000-0x00007FF96A313000-memory.dmp
memory/5888-577-0x00007FF969590000-0x00007FF969B78000-memory.dmp
memory/5888-598-0x00007FF969040000-0x00007FF96908D000-memory.dmp
memory/5888-590-0x00007FF974B90000-0x00007FF974BA2000-memory.dmp
memory/5888-589-0x00007FF97A770000-0x00007FF97A785000-memory.dmp
memory/5888-578-0x00007FF97C140000-0x00007FF97C164000-memory.dmp
memory/5888-605-0x00007FF968830000-0x00007FF968867000-memory.dmp
memory/5888-597-0x00007FF969090000-0x00007FF9690A9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Desktop\EnterOut.xlsx
| MD5 | 880dae70b2022931ac7259ff2b6cb587 |
| SHA1 | 6d0e13222c5ac1b61470525885002c6a8a1ace5d |
| SHA256 | 03545ee011b3724f77ed178df31eab23d40b26c65be095ebef9bf73aabb682fa |
| SHA512 | b0c770455431a673f8570b6f486b40db773afa0a1fac9938648374d2c5a2292b5ae52ed5a7ee153a111da59cc3c804296927f310e1391f9012acdc2554040994 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Desktop\ShowComplete.docx
| MD5 | bfd3c6838dd6567689830b0c99021718 |
| SHA1 | f7a15bbb3732c52bbf422a75c2f2e242dc1bafb7 |
| SHA256 | a6e3e745e6f5590f0e11c706999c7f71c9c560d93f13580cc34e10ca4feac748 |
| SHA512 | 27d64e401a4606d6f2c86e52f0ec70ebfc066676aa092291a6cc170ab52b0588367d80dced7373af2188f6e341dec72660d26cb025137f5b309177927d8dddad |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Documents\BackupConnect.vsdx
| MD5 | 008d9948364685c06f3456c4f3e7af80 |
| SHA1 | 9bc6abc0d6a737ec2b12466686cdb2f64c3cd94f |
| SHA256 | 3107f161000b6e7940c08888c54add2d6a08ad4ad26e563245433d92987d8dc7 |
| SHA512 | dd03e3a053c5dc016b11ac1b618e28c947da9bc4b20e9e8425ee43e202a095eedb31d16ffc1ae1bbc735cfcf218cf425843800aa54f200fe3d9fcaad8ac8868c |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Documents\LimitMount.txt
| MD5 | 967cec8a3a639ceed08e9018c1ac3ffe |
| SHA1 | fad7e0a79ef7b5a0d59201468f3cc207c9f809cc |
| SHA256 | ef54aad74251c872bc9a696373fce59f11c6a0b84ac1f1885317f0a0d963b75a |
| SHA512 | 7a27018544874e69e415c914c2c55fb9012e56edfafff74b203e5abb77c685d4d3c468db8386199949237f7940551cc280639405144ea28ef9d60c16d50b80f3 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Documents\StopOut.docx
| MD5 | 366e7210ba3f85c4154110a8008791f3 |
| SHA1 | 837f73de0ce93dc01a4ee36868dedda26ff5a9af |
| SHA256 | 1ede48099dd1dc48fac0b92f5cc15208d953f6c2f87fad35858d508ada125c6a |
| SHA512 | 8b4d31500be401d9f2e0df7757f28a010e02f77fe559a523f55af4b7c5d7c111f861f4e92ab7e5bad510e684cc5947d354d674004ec58cadcbefd12b00de2fd5 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Downloads\DisconnectReset.jpeg
| MD5 | 7b226696d6ade9a018bd174abab7b4ac |
| SHA1 | 0e4d69f70f4aa56a305afb07dcd59a0c3a71ac73 |
| SHA256 | 39074d220f53ca9096f559ee7ac802c27d060615406217c228ca04dbb1ea8e63 |
| SHA512 | 00980a8bf12031d9e81f18e7ea684fba599b2b78d306b5938c496c594eac3ee121605e6893ee03a2f4f248b94446989be54bcce53be55e666f054122fc6b40bc |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Downloads\NewEdit.mp3
| MD5 | 365077271d110ccc54476cb9f42245bd |
| SHA1 | 27985cded8f8396cb37cbbced051d33efc9c2e32 |
| SHA256 | 7690f0cb21b285dfb17ab2db1a0318a96ea1fd4f3fa7e134774c8bbdb35f2022 |
| SHA512 | a412ef5876c82e640c93036e70c5ffd001f220cf2709906978b1fa86f96cb3ce8369b4febe981c0673bea4a5cf82928a9e6ef396c7d91aacfc8b0bf01dd658aa |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Downloads\BackupPing.m4a
| MD5 | 04ff1e93752556f04979a9aee3370556 |
| SHA1 | 6bb3dccbb7761c84b2671d3fc7ab08fa90a9628a |
| SHA256 | ccc86b624814960c33863aaf54324dd3b75c02c023e9bd579054fac81d5d9853 |
| SHA512 | 4453acf6bb191fae3635bffc985d73914f53716b10cdccabc564f16b23aa40dc54142fb2a5fd63e6ab5b3f4d5d70b27b670bfd28ba271b3cf8d2714a148199bc |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Documents\RestartEdit.txt
| MD5 | 82cc37d43891ac36ec92652f207df547 |
| SHA1 | b6324c003257851b2c169c2a4910d36de58b03f2 |
| SHA256 | a71cb14875a3290904db852aa6fd14098705d82bc7cbc402e01aaeb415b09cde |
| SHA512 | f798c4a237e60c0a8323c9974627ed5c70929c91d3747f0916db973d9081d259608232476b7a5f0cb4611bbcbbd9a041e71221dc95eae421af0e06f5298de54d |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Documents\BackupMeasure.xltm
| MD5 | ace708a6df648a83b4a31bfd121b2ca1 |
| SHA1 | 0dc4c32f31a3bc7efc263fb19154cddf3f0c74b6 |
| SHA256 | fc0cd8422ceb0892ceefbffbcbccad97af3bd8e813808c45bb391c340a4902d2 |
| SHA512 | cb16d19a2bc40c9463415b96057d4c0ba51294e350e9acf96d28c9df2b19e5f244bfff5f6eecf501a1a7a6190e373ca7eedbb9548cae762668ddbd0868e1980f |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Desktop\UnregisterConfirm.docx
| MD5 | 3710aee34cc4b6cb3e89f8b2a52e17b1 |
| SHA1 | f00145afc0a4c83f06b38f6dbc9998ebfe115155 |
| SHA256 | b1d90554f94827be99762b40f1a266f42e8d09fb846aa3e0a4b3a60b2708db14 |
| SHA512 | 0f79916b30fb3b3eeb548a96863483d2cafacc62dbaf06d3ec9636c94553561f05a1eaf486f579afd838dd9eec0e4486d79193f8ab3e501d1df22f1e169a3970 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Downloads\SaveSelect.pdf
| MD5 | 7f2fd4e44967bc9a45a8b9a672d2b97d |
| SHA1 | ebabb758440f6913ed998618df7c032dc76bc4a5 |
| SHA256 | 1401507285fb7bc4e79b0bf85ada93860f91cfce55bff16247d9a3df0fbb4a56 |
| SHA512 | 5fead157fce9bcd544b02992562f58f36bf43f6fd0a174dfa710df28efe9e196be5fc1c4845357f898d8e195e196f639bea6682af084eaf1ee935615d4ebddce |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Music\JoinApprove.png
| MD5 | ca83ea35f7754990b1ad0b81b861778b |
| SHA1 | 1b0a8c1983cf1210914f4e00826ce87ae1314550 |
| SHA256 | 97fafbaa0576782593ab6e8fd800b41c1ed10f9e4d05346683d882724b144aed |
| SHA512 | 5a14101862b0c29ada130f84a5078ca94aa6bbb74e792b15879a9b2aed660524be7aaa5063b7204ff2b573ecb3115ca29573d14faa829498da0ccb88aff3dc9b |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Pictures\MountCompare.jpeg
| MD5 | e0f3efec69e6879c8a250e285f28d268 |
| SHA1 | 904b420a88a9d1b13ccd492ab6a515d9ca069f07 |
| SHA256 | 906c5b8a0e1f8a8deebfba62b43be5e02778ec0a07f95afb9fe358da2ba99975 |
| SHA512 | 7617c18632ca83ab77dea1aa315dea917cf060d4c6fa6f7e5ccb0b3a8e9b17d6af6d0249b2bdd6054f2ae4a1c2add4e15815a7ffe4c6dd6080c4bc29cb69c555 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Music\StepGet.jpeg
| MD5 | 907275399c8aa22e53a532188dbf808c |
| SHA1 | 92c5e58de66cab99bb4383ec509954f342d17167 |
| SHA256 | 6d507a07aa05af1c6383c68b17a2a3134be0ec2627be89c14eac7b8dda965f2d |
| SHA512 | 6d511f8a3873412d659810119bb69057272b00a7db0263599e6db902ca6c8e3afc8ba461b8d735275391ec4a6f934de1ec1afbae8c60542e7c750093fbcc0e99 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Pictures\MoveRead.jpeg
| MD5 | 5141279391c7c28776da496dfb71ab3a |
| SHA1 | 8ae654907adb66c51644a1eb71bdbc006723d601 |
| SHA256 | fd0e0062deaa097893d806ce2bd7c272bc9e0b251741c0dbad1d57a09b68b553 |
| SHA512 | 92da427528024932e890d3ed8cf7b444cabfdea5d37e21f83899d9fe4f2f42bb98cebad6ab43c9d7b0ea1a91452869465cf15c605a5549ab5ae0760bb70a2eb2 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Pictures\StepReset.jpg
| MD5 | f6802018860beab0e371d5bffa2c0329 |
| SHA1 | d3c2f68843921e8fb9f1e26b083a89c3a4275f3a |
| SHA256 | 90da474215a3c3ff24b08c098795d50891329685c1148831034f17f687ebd6bb |
| SHA512 | 95132b9a0227e15d89502d1ffaddb909063f7650c8f70f710bcbc94c9f84249e1698efca85d3360e7f5bcad636fad131c4c88256b7bcf5c07ead703e478d53f0 |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Pictures\My Wallpaper.jpg
| MD5 | a51464e41d75b2aa2b00ca31ea2ce7eb |
| SHA1 | 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d |
| SHA256 | 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f |
| SHA512 | b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff |
C:\Users\Admin\AppData\Local\Temp\StealedFilesByExela\Pictures\TraceSkip.png
| MD5 | 77b44a15785ed4445b2a564b5ea5c80a |
| SHA1 | 4aec53400cfc4ea9e0465adf5cd058a29af268bd |
| SHA256 | cc8c130993fd054c0883383c534de5345c72e3b14a99286ff31f8b704ae22ccb |
| SHA512 | ffda0603170c22e22699df5dc4b7c01d6232594ec56632043d685c497a3fd8354e6b9f69ca9dd3be1ebb679b2d4d089fa2a8211336a0a93eaba012563eb1e1da |
memory/5888-784-0x00007FF97A770000-0x00007FF97A785000-memory.dmp
memory/5888-793-0x00007FF969040000-0x00007FF96908D000-memory.dmp
memory/5888-792-0x00007FF969090000-0x00007FF9690A9000-memory.dmp
memory/5888-772-0x00007FF969590000-0x00007FF969B78000-memory.dmp
memory/5888-781-0x00007FF96A170000-0x00007FF96A19E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cd2dacffc275c8071fcde956de153272 |
| SHA1 | 98953146e634d1e999baf09ceb9485edd175edf5 |
| SHA256 | 271198889a5e286834e20e834b3a9a33a8505f2077e2bfc09b4dc3683c5b7bc4 |
| SHA512 | 3d955334ed40b97f1a9a7d4048819fccce1c42163d4ab04e3c6b35ecb5cd4ddc8f0d9f4e32f8c9fa5b2e2cf570290bf502684d1123832e3799789ef693ed0e33 |
memory/5888-825-0x00007FF969590000-0x00007FF969B78000-memory.dmp
memory/5888-857-0x00007FF97D840000-0x00007FF97D84D000-memory.dmp
memory/5888-863-0x00007FF9690F0000-0x00007FF96920C000-memory.dmp
memory/5888-876-0x00007FF969210000-0x00007FF969585000-memory.dmp
memory/5888-875-0x00007FF97C110000-0x00007FF97C11A000-memory.dmp
memory/5888-874-0x00007FF969020000-0x00007FF969031000-memory.dmp
memory/5888-873-0x00007FF969040000-0x00007FF96908D000-memory.dmp
memory/5888-872-0x00007FF969090000-0x00007FF9690A9000-memory.dmp
memory/5888-871-0x00007FF9690B0000-0x00007FF9690C6000-memory.dmp
memory/5888-870-0x00007FF9690D0000-0x00007FF9690EB000-memory.dmp
memory/5888-869-0x00007FF96A0B0000-0x00007FF96A168000-memory.dmp
memory/5888-868-0x00007FF96A1A0000-0x00007FF96A313000-memory.dmp
memory/5888-867-0x00007FF974B90000-0x00007FF974BA2000-memory.dmp
memory/5888-866-0x00007FF96A090000-0x00007FF96A0A4000-memory.dmp
memory/5888-865-0x00007FF96A970000-0x00007FF96A984000-memory.dmp
memory/5888-864-0x00007FF97A770000-0x00007FF97A785000-memory.dmp
memory/5888-862-0x00007FF96A170000-0x00007FF96A19E000-memory.dmp
memory/5888-861-0x00007FF96A060000-0x00007FF96A082000-memory.dmp
memory/5888-860-0x00007FF96A320000-0x00007FF96A343000-memory.dmp
memory/5888-859-0x00007FF96A990000-0x00007FF96A9BD000-memory.dmp
memory/5888-858-0x00007FF97A790000-0x00007FF97A7A9000-memory.dmp
memory/5888-856-0x00007FF97C120000-0x00007FF97C139000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1d42430e9378bd108d5e306facb79651 |
| SHA1 | 05cb764caa3e6930deb3bbca9596c5d6cbca1e5f |
| SHA256 | c1e45616f720502abc8fc51e5ea798a3de41bb111c69b49e91791ff91e35fd65 |
| SHA512 | 95fb28b2ee55d668116e378ec9fcfc893447881df4018cebe3924b14d7370c5e98c87cf5d6b73c83b2a7c1bfd3b1c0521338f9cbed3e654d2c045bdaf4152501 |
memory/5888-889-0x00007FF9851B0000-0x00007FF9851BD000-memory.dmp
memory/5888-888-0x00007FF968830000-0x00007FF968867000-memory.dmp
memory/5888-887-0x00007FF968870000-0x00007FF968FFA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43911a6ffeaa35874ca541a21e66bf20 |
| SHA1 | f181b23dcf3f85c78950a2183fa45225b066d6fe |
| SHA256 | fbb3cc8bc95dd3bd4afa16b3795d111ff984ef9f9c7565124bfab441f230b66c |
| SHA512 | a2a8dba517e04911264d79b474d03316479f396d1614b28988b76b61331efa822fd0c3f93484d4fae710b252d08eb10b6c0a50953736092d1e725b4348da708d |
memory/5888-855-0x00007FF9801A0000-0x00007FF9801AF000-memory.dmp
memory/5888-854-0x00007FF97C140000-0x00007FF97C164000-memory.dmp
memory/5888-853-0x00007FF969000000-0x00007FF96901E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8cee74b8bf3e55857f3fff6e59a656e0 |
| SHA1 | 9dc75ec8d277ebda5d48597f33d562ae4648a967 |
| SHA256 | 1d7421e027a4196b3a487579ad7e1619d38946e8825f4392181a03a2d0042774 |
| SHA512 | 245d519245d583eecc6ec0eca623d6908b26d7894962d00dbbfdb89d8f9334b57b2564a8457f064e77b306cc8314f83af558da707f0959d36fdbdd14f9a2c71e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 9b2a8d2d15c662128004b668f359f58b |
| SHA1 | 26aa26ab6a8b1b67b7019eea76f518d43e129c1f |
| SHA256 | c1b5c302139f096820266794dfaa284c378ac0123d9f0408b1330f0a3c8dfdc6 |
| SHA512 | 19e72ce43b3f86844d022da25d2ce0cea87f571a871d43cdc40c9eca9e96ce9c25c21ef5bd87dc5f03dae6429add39a6975c9220fe290240a8cb84d63cd757b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6b074037473fee489fffc7eb2d24a257 |
| SHA1 | 4c3160d727f0255b03104f267561d07faebda23c |
| SHA256 | 5475342061ffe579d89c700e48186991e567c4d06ca5e8c58d39a5fd78edec78 |
| SHA512 | b2a7225bdf9faba9abc5159cdbc5c252b7d32f404241f77e6e501e1d9e3afb973f47526a4243102ea9e96888a7127a9e5222ac2b9e943b5fa6677a8d9ca8e4ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b5b9b494f0e8fc00e5b0bd39a7213d7 |
| SHA1 | e97cea936739dae5fb4c6a77dfd25772c0b85128 |
| SHA256 | 6ebdd29129c520c0f3dfeed3e69da82d1b57802f07f7d1c78f8700242ad7538e |
| SHA512 | 75ba22bea60b0c9fcdd76c0fd3a81733f5c32d03321eec0b7d1db876ff667a5a6f51097225de05aea4f966ae5f4cb8eadab8df86dc3c3f6924cd7d486a859d81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | abadc8379cec0bc27226d9b12898de4a |
| SHA1 | 17984b18a40d8ef2a532f62875739abb05f08b41 |
| SHA256 | dca9da4ffa855a6dab31ff50f79869b1fed4c79bc8405cd398138aacd1163cd5 |
| SHA512 | db458803936044f42c8a656ada4ff930a4da9bb12540872278b23a9268caa48be6bfbaafe6b3c9b0b54d7ce5793ae4a068d10f19ad7658353dbec45c36737f54 |