Analysis Overview
Threat Level: Known bad
The file https://github.com/Mikeykorby/Educational-Purposes. was found to be: Known bad.
Malicious Activity Summary
Xenorat family
Detect XenoRat Payload
Modifies WinLogon for persistence
XenorRat
Command and Scripting Interpreter: PowerShell
Event Triggered Execution: AppInit DLLs
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-15 12:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-15 12:45
Reported
2025-03-15 12:48
Platform
win11-20250314-en
Max time kernel
155s
Max time network
156s
Command Line
Signatures
Detect XenoRat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\System32\\userinit.exe,C:\\Users\\Admin\\AppData\\Roaming\\System" | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
XenorRat
Xenorat family
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Event Triggered Execution: AppInit DLLs
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\SKIBI TOLIET.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\test2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bloxstrap (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\wbem\WmiApSrv.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000\Software\Microsoft\Windows\CurrentVersion\Run\xdwdfghfghfg = "C:\\Users\\Admin\\AppData\\Roaming\\Windows" | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1107858922\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1107858922\typosquatting_list.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1107858922\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\product_page.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\shopping.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\edge_checkout_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\edge_confirmation_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\shopping.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\auto_open_controller.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\shopping_iframe_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\_platform_specific\win_x64\widevinecdm.dll | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\edge_driver.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\shoppingfre.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\edge_tracking_page_validator.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\shopping_fre.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\_platform_specific\win_x64\widevinecdm.dll.sig | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\xdwd.dll | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Bloxstrap (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SKIBI TOLIET.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\test2.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bloxstrap.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\test2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\test2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\SKIBI TOLIET.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Bloxstrap (1).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\BootstrapperNew.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\shell | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\shell\open | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" -player \"%1\"" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\shell | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\shell\open | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe\" -player \"%1\"" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Bloxstrap\\Bloxstrap.exe" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\ = "URL: Roblox Protocol" | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox-player\URL Protocol | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{87988EBC-A566-48FB-B0D3-51C87C53D6E7} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\roblox\shell\open\command | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\SKIBI TOLIET.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET (1).exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\test2.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bloxstrap.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bloxstrap (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SKIBI TOLIET.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\XenoManager\test2.exe\:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\test2.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Client.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Mikeykorby/Educational-Purposes.
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffaabadf208,0x7ffaabadf214,0x7ffaabadf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1700,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3412,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3420,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5264,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1128
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5884,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6608,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:14
C:\Users\Admin\Downloads\SKIBI TOLIET.exe
"C:\Users\Admin\Downloads\SKIBI TOLIET.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5988,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:14
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Sinkerboi" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDA52.tmp" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6976,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:14
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5204,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:14
C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe
"C:\Users\Admin\Downloads\SKIBI TOLIET (1).exe"
C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET (1).exe
"C:\Users\Admin\AppData\Roaming\XenoManager\SKIBI TOLIET (1).exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Sinkerboi" /XML "C:\Users\Admin\AppData\Local\Temp\tmp6F8E.tmp" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=3576,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:14
C:\Users\Admin\Downloads\test2.exe
"C:\Users\Admin\Downloads\test2.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\test2.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\test2.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "Solara Bootstrapper Dependinces" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB699.tmp" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6752,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=4416,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6460,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7056,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7288,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6140,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6456,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6576,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:14
C:\Users\Admin\Downloads\Bloxstrap (1).exe
"C:\Users\Admin\Downloads\Bloxstrap (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5964,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:10
C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe
"C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5680,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:14
C:\Windows\SYSTEM32\CMD.exe
"CMD" /C SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "Microsoft Publisher" /tr "C:\Users\Admin\AppData\Roaming\System" & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /CrEAte /F /sc OnLoGoN /rl HighEst /tn "Microsoft Publisher" /tr "C:\Users\Admin\AppData\Roaming\System"
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo 5 /tn "Camtasia" /tr "C:\Users\Admin\AppData\Roaming\Windows" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo 5 /tn "Camtasia" /tr "C:\Users\Admin\AppData\Roaming\Windows" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\Downloads\BootstrapperNew.exe
"C:\Users\Admin\Downloads\BootstrapperNew.exe"
C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
"C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe"
C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe
"C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe"
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,14408854157782864120,2350353922055332908,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:14
C:\Windows\SYSTEM32\CMD.exe
"CMD" /c SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST & exit
C:\Windows\system32\schtasks.exe
SchTaSKs /create /f /sc minute /mo -1 /tn "Corel VideoStudio Upgrade" /tr "C:\Users\Admin\AppData\Roaming\System" /RL HIGHEST
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 204.79.197.239:80 | edge.microsoft.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 8.8.8.8:53 | xpaywalletcdn.azureedge.net | udp |
| US | 13.107.246.64:443 | xpaywalletcdn.azureedge.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| GB | 88.221.135.17:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | found-politicians.gl.at.ply.gg | udp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 88.221.135.17:443 | www.bing.com | udp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| US | 108.77.173.66:1194 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 108.77.173.66:1194 | tcp | |
| GB | 95.101.143.34:443 | www.bing.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 104.21.66.155:443 | bloxstraplabs.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 147.185.221.26:47806 | found-politicians.gl.at.ply.gg | tcp |
| US | 108.77.173.66:4758 | tcp | |
| US | 108.77.173.66:4758 | tcp | |
| US | 104.21.93.27:443 | getsolara.dev | tcp |
| US | 108.77.173.66:1194 | tcp |
Files
\??\pipe\crashpad_448_SMKANSHKONPAFHQP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 509e630f2aea0919b6158790ecedff06 |
| SHA1 | ba9a6adff6f624a938f6ac99ece90fdeadcb47e7 |
| SHA256 | 067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b |
| SHA512 | 1cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f6c6e63c5c0901c1c94c18eed0930760 |
| SHA1 | e49eb8da272b6d4a1a5ae1a7297905a4416c4269 |
| SHA256 | 6ef6576c63be326f37f1ab88493e0e3b8021094b211bbeb5fa8620e3150287e7 |
| SHA512 | 30ebc30c4cc19f674efe23aadb250df191a540d9f334991bea3f1c74d5c8d4b56458caf07f001355349ff8f544a0b25766abfd0efe77fcec4e35358fd8d109f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 761b31efe8dae3b7a6cdb97af25a8ad2 |
| SHA1 | c0c44b63ae47828307f236e48f9879097150d8fd |
| SHA256 | d44189d581e12a919482c27220f6e5a2bb42137163ef9af4a98d4c915ef8dae8 |
| SHA512 | c42871b82a50a3cadf6395fff958f461f5a50123cd44c4058d86f33afe33e9e78ce3ef87b29822895532d987ce810536b38f52010c461a8a5604047f0242fc85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff3fda944f8f00526094ea498a7139d1 |
| SHA1 | daea553f01789370b6366cdc5bce955582ec93d5 |
| SHA256 | f82e7be2059dd065b7d9b0dd496600812d28fa9afa6aa5808075232fca2ff1b6 |
| SHA512 | 640ac2e4ebbea5e32f666ae69c1efeb0ee5a4e32276ecb0c40f3f07641b9bb3c9db93f6d575b72cee4e7bb686afd639da0460e2d7f0abae8d45ec00d66f7dfc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3b0017a907769075b20edfc95d810496 |
| SHA1 | bbf14f621c1212626b41c4bb35a138d5249eb31f |
| SHA256 | e4c121a1c5a343cdb2a5da3a82d99576da4e797b55f5da3112f1ed9a1d37b470 |
| SHA512 | 2287d783c9e46f3c99132df748bfd51a699cc6ee8309b24ef1bd0ed193ab2dad3bbcfc1ceaf643ce276332ed6e3f6d738dd0e029cd3dfbdb02635b4cf15c60c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 6ce288337cae886428ab3d81c37f7bba |
| SHA1 | e661780c9d87c61b4ef552436cc5cbf0f9f88e8c |
| SHA256 | 8545fac4597894cfac6f64d8a9de4c3241049daa0c41b3d2b7589df9554630ce |
| SHA512 | 89be0bb1427f1b1a3f54109a43999ccf1be25e6dc0061bb286d979502cf0bc8f64ace78ea3dab374a793d55f7a5a36a75403d029e93c6e767e513eebf6790310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | cafafc513a24cd32fadd98eb4759c0d3 |
| SHA1 | e217ee5e54cf646559002df6631e8d266187b6bd |
| SHA256 | bfdfbc07dc17f6e8ecdb03b6186664cedc55e954cc251249689de2b141a742c7 |
| SHA512 | f48665132d9d06d0ef0454e2f009c976953c876b678886995b8552bed956c3d68b8eb03e12145d3507e52a41a4615b2a99214391b7c45e960a7eaa034ed8426c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 40e2018187b61af5be8caf035fb72882 |
| SHA1 | 72a0b7bcb454b6b727bf90da35879b3e9a70621e |
| SHA256 | b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5 |
| SHA512 | a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\Downloads\SKIBI TOLIET.exe
| MD5 | 7190e8a17d3b610dd954e3bc85a76fae |
| SHA1 | 10683424e5bc52979d562aafe6e00953deaca45e |
| SHA256 | 2f3845685a5f0fbff420a7cf627f4172393012bdf8815e72c6975534d9bd718e |
| SHA512 | 5899f443cfd02d689f13043e7fd868e9486fd7b50f9d0514e917551d47c8e9897ec0b7c2d6c36532c6dffc94381c524ac6087c859780beca5aebdadb13b08d16 |
C:\Users\Admin\Downloads\SKIBI TOLIET.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
memory/2712-429-0x00000000009D0000-0x00000000009E2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SKIBI TOLIET.exe.log
| MD5 | 1294de804ea5400409324a82fdc7ec59 |
| SHA1 | 9a39506bc6cadf99c1f2129265b610c69d1518f7 |
| SHA256 | 494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0 |
| SHA512 | 033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1 |
C:\Users\Admin\AppData\Local\Temp\tmpDA52.tmp
| MD5 | 9191618190f6d712fff6af9b022564cf |
| SHA1 | 28c8b007fa99d7324307ea8fae1c3e0957db874e |
| SHA256 | 8250a4762d61699f2cf9e4c4c31397a680759d58f9761d3b3825b1dd2e7cd9c3 |
| SHA512 | 6678bf3d1866a57162795635dc65898b5b2eb21a37d673123a59bfa15754cd2187fef4a30c4e024227c336be18c21050b20167f3d1cfd72585dddc43bf7a4079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 440e1f3c2d90a2fa790d539cd6af6039 |
| SHA1 | 37350f7a8ac6dce8c9a33add8b7076df096d4681 |
| SHA256 | 86fe8d4e5f44029572a8667f5b145a22fed85ee9e3780c99fd937e093f9d6a92 |
| SHA512 | 3d9a31d2cc24e958eb2189bbe54ab684c1742094f09966861f9f44bfa7c0b41d22cc8926f21d3c07955798f9e22ec2f8eb657a67d4f750116308b2064d959196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57fcde.TMP
| MD5 | e510fa2c6fd77f36870d8fdbd63dd12f |
| SHA1 | b418650a28c28645fe0651f2a6c6761e73b35de0 |
| SHA256 | 1f22ab718979e82ecfa4099abc3f2d345681c12f7da42a1b737b5f7d61100206 |
| SHA512 | 41cee3193d0fbcb25f5bff8b830b705d7363793d89d84546bb5670492f1074c6794999821e43080000636f40233b94ad0ba611c3dce21226b1c2749c86053cf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 14ff9881a6e525f41a1bcc8c6a1d971b |
| SHA1 | d33612b410a8b16c7e582443fd20bc43dfd81602 |
| SHA256 | 75b1f527666c1ca34ea2237b0c6896aa191b57c9123ef6b3f79cdacc9dfb88b4 |
| SHA512 | bfac4282488ae319d90c54319f5782a1b0308a20b445659e6b96d4e878533f5cc3a63cd885cb6d2b0a9c1663779582e04384595dc43baf3ff15ae085b302c1c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf87222c1ebe85385b332bb73225041e |
| SHA1 | cfa61269be76edeace33c48f774fb5379be21377 |
| SHA256 | 6e0cb95d22814ed6bce06239328c95f5b293254d8c464b8725d73cd47ffacbb2 |
| SHA512 | 741af7df0385c35bcc0e502bfca0744781340a30d5d27207b32c53c3031922c31a79e18c87dba6bc46946907760cffdeade0d62ad03ba188284d80b9d85f2af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7dce05021c7e15be67ce72f158222c5 |
| SHA1 | 06dc8399bc40c308df1b0c82e397348f75522597 |
| SHA256 | 10cdfb94dc241ea2ecfdf3ef1943edb8d383f74683db6a09cd388a4873af2c10 |
| SHA512 | df438560335f39ccfa0bbd8ce5c79a1eab27784e72812d2a0c85122f2cc9db03f9136de60a6bf8ac3c558abf1ff6bea59a3fa1c643fceb3dcb1b23b2e8df6c67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 79792108f3607260209b1a61af9aaf35 |
| SHA1 | b418c813bb0ba30ef1420a89a13e346d93d5734b |
| SHA256 | 64f0b09c28535c9cad69470d5cd97fbbbd9d7ca244d7c5faa632c2a796efb63f |
| SHA512 | 8d726a9629c15da05716f37c9965f30a29d678f29d07e22f9d56e49d55d9bc95236d6dbfd57f3aae2a334ecc9bba8ed819f7c5a95be185b84101436a6cf4e016 |
C:\Users\Admin\AppData\Local\Temp\tmp6F8E.tmp
| MD5 | 23a52417c7174d9370bf677445a235b6 |
| SHA1 | 43d7d3bdd68c9e0cfcf173f6731169c9bc7c23fb |
| SHA256 | 81a024cab76a5c76f19cf619c3a5c959f37f27e670ba3782eb10fe511f489f71 |
| SHA512 | ea5c798ec8e10c4d5541d34e56d3fccabf06c093a61defd1c7f7fcc85ae3dad1d1214d1c0a3594cc4ee03bc7a648ea07f2f079865755e24f1ca4036ba10ee29f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 54f044c340babc0f9a23652c11a07ee6 |
| SHA1 | 4ed228dfceac627e2962cb73cf13ba853033b2b2 |
| SHA256 | a68a5deebea0469e028f768c0f172b02b957e06b21e3e5bdc2747ea84d7d14a5 |
| SHA512 | 7c3b2a00fdace2a2d6a18ab5743a479176c27b2d57112bae2397833df52c3ff6a33ccad83dbd721d49959fe80f5a0cd964e2c411572942a939b83ac0c51b0561 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 818da65e61028b0a28ddf8f86de9f4ba |
| SHA1 | ad1a3a1e61ac802ac0dc05e8341e0123e45752c3 |
| SHA256 | bd62981117b924f4c564dd1cb009fb401aad1ff17ad60e380186b070ac0fd460 |
| SHA512 | 896f7820ad37d1d1fd94e01e1bb7c3cb09fe36b9a7c1f24a8090883f549290c8e33891a3a5da1ee3b0483edd3dd006f9ad3bd5e59d572cde5e5742488e27eee4 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\manifest.json
| MD5 | c3419069a1c30140b77045aba38f12cf |
| SHA1 | 11920f0c1e55cadc7d2893d1eebb268b3459762a |
| SHA256 | db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f |
| SHA512 | c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_889075687\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 61c8091337d2bc573f413f53ed10dd8e |
| SHA1 | e0fa07a6027093e873eb9d32b8eedd4fca3f992b |
| SHA256 | b6198244bcbc19fa5f53eb90dc7fceb7a1e662d1f7442037f1d4a7975824883a |
| SHA512 | f8810951748762241e9b07d83fe603bcfbe1c35b7790e89e51391df4d6445ed93acad7246ae1cb310574ad425abd23319dc2b6034e64433521bce87d32b7f686 |
C:\Users\Admin\Downloads\test2.exe
| MD5 | d5fe60017b61d111aeea15aa8301e890 |
| SHA1 | 78c36bbb06c1d22af46a5385ae87f920b975262d |
| SHA256 | 5f23cc691b16b3485b9c9a258508de067993c98e8c26917b1b03a09a81e530e6 |
| SHA512 | 9af5ca80ca4906b1ae0e174382319a33e3351692a0ce9238be470137fb4c14810547c96235d4a214d1778f44c9c102c5f148b3794c1b7752b38558e8a1571ebf |
memory/4928-637-0x0000000000750000-0x0000000000762000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpB699.tmp
| MD5 | a487f375d1dd4188cd1b92b00491a05e |
| SHA1 | d5865b4d928ceb0e6c91a8c46028a7741c5c5e9c |
| SHA256 | cfb054c08468f5b79352fc53f94a2268c6f27f1ce9d2c2f7e43a092a4b639381 |
| SHA512 | 3ddc334f48ce18ae9c6942f810fa83ddaf6fd1a47f9900a2964a4c396fb1c45df56a930dfc5f86ab9d6854b149b780b07b75753ed3e8688d030a4db84447831a |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1107858922\manifest.json
| MD5 | 56decbaf515f574521f86e481e880496 |
| SHA1 | cf86b7e930bccc9168458b7202ff89b50a41a8e3 |
| SHA256 | 4aa32c5d74a694c56869211d6ff4a3d61334b9b61659dab631eb6c285416c608 |
| SHA512 | 669804a28a9e1adde2e259c2a0442f2d8c054908fb1c382db27d6f08353f1d8e3ba495ac18ad4746aac4d19eeac67594f3b2b0789a607ceae70c445d07ba3196 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.15.1\typosquatting_list.pb
| MD5 | ad013f0723d332e26a9101a81483661e |
| SHA1 | a3db6536228681288dbf39d4a94d2d8f11e77d3f |
| SHA256 | 96fb259d4c8d3ed7d7c657b6aecc8ccd2b0730b11244a83499c0d8dab91087d5 |
| SHA512 | b2c700ac36657d288cbe0bdbbe7856299d6af24e00fce8f9d78434ac2f10fc82f9399b03cd5995817721a0d252976f99424062e5b79d0281d8163aa5af330f32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | a4f910df813dd02ad6fb3c7702366499 |
| SHA1 | 6596a1e0958eb03fe836043c52d4856e2227a14e |
| SHA256 | cb3b69f98744255a7834cc2d54bcd67f5d86b8f0c2edb2e81b1b0e2f7798159c |
| SHA512 | 5321dbe276536bdb3a55107b0d15e206e1b72fc5beba0526636e3ef8b161ca04d536988381ef6e125c4550d6144e1d694b7075f698bc85726d382d46b3604978 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58d8a8.TMP
| MD5 | d4b4d2e866d1bb91be5929b907e4ddf8 |
| SHA1 | b1ee302b16acac7c4cc8d13f34ce100dcfdf1521 |
| SHA256 | 9fa67659eb510955f8f954b110612ccc95d73dce021a66aa0a0276314c1fb8e0 |
| SHA512 | 355ad86a46b3045f9374e1e0890031220ef5c690bfd6f326373f204e58bf20594e145fe7a03c3f0ebf5aadd7608298b0e4786f5478a3c911f5ffa406c0fe22ef |
C:\Users\Admin\Downloads\Bloxstrap.exe.crdownload
| MD5 | 81d3e2fc05949c2f39ad1e8270f5aa21 |
| SHA1 | ae504da7fc39d7509675c294dbfb447eb4b1ccf1 |
| SHA256 | e78b0c1627abbd320386fb1c790fdaaae74b1444ae5a986238ee9b81393f211d |
| SHA512 | 9ab183d86f87a6e9043fcc5f135699d293b634912a8b0eaff1885006840cc755a24cf9384357143a749d47e64c402723fb1a4391cb9198f990018b42cc780806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\61653b32-d880-4d11-b8ed-b939b37de6da\1
| MD5 | e483e2d44963d269ed229bf28feafa45 |
| SHA1 | ce8a26d343fffeaf53acee17c66c46a5ce18e63b |
| SHA256 | 24832e776d6681e5706c2680bf52b89c9f85f98648736f57c36d34a7ed09c6b0 |
| SHA512 | 48730b90eba52f524b53adb0502e5b4a32d61c174244d7a9523b4221bc681b97445a7d11bced2c2f3e94ac70e37006ebbbd4c308fa4bc6ce0d5e91cfa196589b |
C:\Users\Admin\Downloads\Bloxstrap.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8669310175de4fcd8dc789e57ffbc927 |
| SHA1 | 22d2bf4e2b4add66a1d3875748e4fabe33abffb2 |
| SHA256 | 47e96954e9bb01325ac3e91addb64b9394a8a0d4b8719ee1d9722c29fb8ec455 |
| SHA512 | 9de68dedab6512e70c75248ef79c6f3e7f5c4efd615ef3d75e34482a38542423ef1cb0fcdfab55e7b5d43d7ff818174e7f47d9d12545a989687cd12a602970f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2e188e7f2a545e26e21f431f4ea40066 |
| SHA1 | 728ba811bf42e9ea2350433e7da56775e711303d |
| SHA256 | e4452e9d95af8ff83dd109b27cf744e7039e46da9faa37149fbc80640ac47252 |
| SHA512 | 223d00c3b5575690d457ec72b015b59973cf3c55312d1cbdef111c94cded3b0944b156c2fdc1337047fa682a785e6befaac06b14a62de0e7ff54a083593dbdc8 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1184569553\manifest.json
| MD5 | 0df2306638bd60162686e9c4bafbd505 |
| SHA1 | ef9e16bf867f7950d5a30172e1d34d38686b0e72 |
| SHA256 | fd7b554588c5e72506a0bfed89bc298911a5649b9f5168ad7c1804d1c75de42e |
| SHA512 | 73fca229097631104cf352061d62455b6c5520bf59777520165719d2368b0e77f3ce66f52873fec53ac60e35274bf397ba321bc62610f0b7b172a7c5c4975174 |
C:\Users\Admin\AppData\Local\Temp\Client.exe
| MD5 | e725727347aba1f8f0e08aad4efbdfbf |
| SHA1 | 4eafdd169e23f0b6f4cd4455d53b0be48acbb297 |
| SHA256 | c800ec67dccfc9adf1048a3cf5eb5df750bd094de7c35dc22532bb5a7a914a98 |
| SHA512 | b32ca48410abccd3fec6b501609da81bf6577ebc952cd7c522dff49ed0544e51c444e00afa3ef05a51098d61e91d4230bfc59ca74d24805326620f56cd2f2f62 |
memory/444-864-0x0000000000420000-0x00000000004CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Bloxstrap (1).exe
| MD5 | 05fe4ab617fb8a0e6df903e14b3312c9 |
| SHA1 | 04500479b9e6cdfbaf431634cfbfd496214c80ca |
| SHA256 | b4e27af0caf72026adc98fa65d34d5fe22882b2c3b36291f39fb2c69b3183efc |
| SHA512 | acff0e95ba628ed724ad331b1e5701f5cef343cb8ee5aa44aff0c5907453abaca68b874c7275a61d835d982ac18e0a1ffafa9289c7e72b9cc8b79c564b46c3da |
memory/1600-876-0x0000000000400000-0x0000000000F8D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c3792721821b83c0ba436441cdd1d0ea |
| SHA1 | 0bd7f2abf8862edc185bbb672c05262d49fefb48 |
| SHA256 | 5723a311ddacb84b912ff15cd7c4cff4fbe335276b239a8ed332c1edd8a2d567 |
| SHA512 | 5e29052bee5b971d1fcf939258c7be525a8f6a41cb9ed006c916927a0707cc9161b285f99a5c30b5ed14190e902174936d4930b5cecb8a0c1af30aa7199c76ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 244ef2d292a6c82d669ea17855ab68a3 |
| SHA1 | c0c42584a9fcf45fe989320a672c0d83f9a37748 |
| SHA256 | dc69ed5f5784561f12f318897610fe99f18a04e86873d7e7457176722a28720b |
| SHA512 | 6ff8837071851113e438600c5b36c0eecbe27b5960c39cdb831ce26ac8d07ed8237da39e5156f1c5e4eb4a45bf5835e7ddec3283587256167db673a7ee381351 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | e8ad1182e1d05b5e208f7040f52e46cb |
| SHA1 | 1bf1eaab982f41dd74d9d2a4bd7ca81e45eecff8 |
| SHA256 | 049124dcf57707ecb895d6737d464a491427a171bf3c5874e6859b992b1a2704 |
| SHA512 | 90da8cb6477de339eca517747d062b71e4aa7a8d201eddb6723bccb3b611aaf9c78dac313336dd640e3ae71bbac3e8edc18be1ec3d6854223937dc247d8c3dec |
C:\Users\Admin\Downloads\BootstrapperNew.exe.crdownload
| MD5 | c40916bf88f90d7b219445b574db4525 |
| SHA1 | 31b82e3e61c4e06a2bd9f08c97f5569ee747e8c5 |
| SHA256 | f57a8361f3da23bb65b2498f4204cb6e22a129909bca742d8c2bb898590731b1 |
| SHA512 | af00103eca39bb936efe87f47f1fad0ad1e9c967f861460381db2061e1d3c8d0b59ee6eac0db1bf4bc1076a52253180912852e8cc4e38bb22377ad86b0b6a3cb |
C:\Windows\xdwd.dll
| MD5 | 16e5a492c9c6ae34c59683be9c51fa31 |
| SHA1 | 97031b41f5c56f371c28ae0d62a2df7d585adaba |
| SHA256 | 35c8d022e1d917f1aabdceae98097ccc072161b302f84c768ca63e4b32ac2b66 |
| SHA512 | 20fd369172ef5e3e2fde388666b42e8fe5f0c2bfa338c0345f45e98af6561a249ba3ecc48c3f16efcc73f02ecb67b3ddb1e2e8f0e77d18fa00ac34e6379e50b6 |
C:\Users\Admin\AppData\Local\Temp\BootstrapperNew.exe
| MD5 | 6ee9edd9d8bc2ccd5353b0638873dfd3 |
| SHA1 | abba123115cf917af56a664127460df2f0b5e400 |
| SHA256 | 1370f3806f222c0c3c839710b87706532827aec5d857daafc306b56d1995540c |
| SHA512 | f5368bfd9f1a2f9ada105c23cd69b6aa1288615215f90c1ffd40ef97b131fae44230160621d36ab864f40d6114b1543547278848c9a5e59cade8d7c728905b5c |
C:\Users\Admin\AppData\Local\Temp\weqweqwe.exe
| MD5 | f227cdfd423b3cc03bb69c49babf4da3 |
| SHA1 | 3db5a97d9b0f2545e7ba97026af6c28512200441 |
| SHA256 | cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8 |
| SHA512 | b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e |
memory/4496-1004-0x0000000000400000-0x0000000000776000-memory.dmp
memory/1672-1005-0x0000000000750000-0x00000000007E0000-memory.dmp
memory/3484-1006-0x000001E76D260000-0x000001E76D542000-memory.dmp
memory/3484-1007-0x000001E76F250000-0x000001E76F260000-memory.dmp
memory/3484-1008-0x000001E76FC50000-0x000001E76FC58000-memory.dmp
memory/3484-1009-0x000001E774290000-0x000001E7742C8000-memory.dmp
memory/3484-1010-0x000001E76FCA0000-0x000001E76FCAE000-memory.dmp
memory/3484-1011-0x000001E7742D0000-0x000001E7743D0000-memory.dmp
memory/3484-1012-0x000001E76FCB0000-0x000001E76FCBA000-memory.dmp
memory/3484-1013-0x000001E774260000-0x000001E774286000-memory.dmp
memory/3484-1015-0x000001E7743F0000-0x000001E774406000-memory.dmp
memory/3484-1016-0x000001E7743D0000-0x000001E7743DA000-memory.dmp
memory/3484-1014-0x000001E7743E0000-0x000001E7743E8000-memory.dmp
memory/3484-1017-0x000001E774250000-0x000001E77425A000-memory.dmp
memory/3484-1018-0x000001E774420000-0x000001E774428000-memory.dmp
memory/444-1020-0x000000001CBA0000-0x000000001CC16000-memory.dmp
memory/444-1021-0x000000001B770000-0x000000001B77C000-memory.dmp
memory/444-1022-0x000000001BB30000-0x000000001BB4E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e7ff6e98e275be3249d7be5891def44 |
| SHA1 | 07312524cff2d48a7f482de244a165374079e6d7 |
| SHA256 | 8ed0f75539f6f5c15b5cda1d1e5ba12a2a0337b4d3ded1a194fbd8415a68e048 |
| SHA512 | 986e8a90b868b5f23d0e0c2689226faf5516029bb717f911a11caf11794e19a4a30418e3799f5915626a5e5880ecc4554e05c83db0b44e815dda2aa34ed50a90 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xklnjzuj.xvh.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5508-1127-0x000002D7924E0000-0x000002D792502000-memory.dmp
memory/3484-1138-0x000001E74FA30000-0x000001E74FAE2000-memory.dmp
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping448_1195223607\manifest.json
| MD5 | 578c9dbc62724b9d481ec9484a347b37 |
| SHA1 | a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d |
| SHA256 | 005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0 |
| SHA512 | 2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640 |