Analysis Overview
SHA256
8e09c50294d3bb0eef1ab0586d759944b78d7c0d158d7cdc65f341f01ebae61e
Threat Level: Likely malicious
The file 2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar was found to be: Likely malicious.
Malicious Activity Summary
Uses browser remote debugging
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
UPX packed file
Drops file in Windows directory
Unsigned PE
Browser Information Discovery
Detects Pyinstaller
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies registry class
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-06-30 17:11
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-30 17:11
Reported
2025-06-30 17:13
Platform
win10v2004-20250610-en
Max time kernel
103s
Max time network
146s
Command Line
Signatures
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957771014041913" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{D9B31041-B039-4565-96C2-14EFC3E0BF2B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"
C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im opera.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im opera_gx.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im msedge.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x234,0x238,0x23c,0x230,0x258,0x7ffa782ff208,0x7ffa782ff214,0x7ffa782ff220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2192,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2672,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3652,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3600,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --extension-process --renderer-sub-type=extension --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4200,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4184,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=4004,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5276,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5516,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5472,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6168,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6168,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5384,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6356,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6572,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6600,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5392,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6868,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6996,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=3988,i,11841079854877783701,8267042729421616071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
C:\Windows\SYSTEM32\taskkill.exe
taskkill /F /IM msedge.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.18.190.206:443 | assets.msn.com | tcp |
| GB | 2.18.190.206:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.174:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.190.206:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.18.190.206:443 | assets.msn.com | udp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| US | 13.226.155.104:443 | sb.scorecardresearch.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.42.73.31:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.18.190.206:443 | assets.msn.com | udp |
| GB | 2.18.190.206:443 | assets.msn.com | tcp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.18.190.206:443 | assets.msn.com | udp |
| GB | 2.16.153.198:443 | www.bing.com | udp |
| GB | 2.18.190.206:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| GB | 2.16.153.222:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.16.153.222:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | udp |
| US | 20.42.73.31:443 | browser.events.data.msn.com | tcp |
| US | 20.42.73.31:443 | browser.events.data.msn.com | tcp |
| GB | 2.16.153.198:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | thaka.bing.com | udp |
| US | 8.8.8.8:53 | thaka.bing.com | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| TR | 185.169.180.199:5000 | 185.169.180.199 | tcp |
| TR | 185.169.180.199:5000 | 185.169.180.199 | tcp |
| N/A | 127.0.0.1:51672 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI23642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\python312.dll
| MD5 | 71fe51a2c45e725214784e1cfec8584e |
| SHA1 | bc2e6d46077e1298a1b483bc9ed2d5695be43066 |
| SHA256 | 679dba446f0db100cb02b116f402a9c19c3519756135f9b034e2580ea028f392 |
| SHA512 | 6427025c6775c0b9dbe2f18e0c59ae9d7c876ce1c0516060bfab6bed6e02ded9241c0145040ff8af6d0df84eb164d79aa221fbc0a00f31a1c613521f0522e8e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
memory/3704-1362-0x00007FFA79C60000-0x00007FFA7A330000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\python3.dll
| MD5 | 77896345d4e1c406eeff011f7a920873 |
| SHA1 | ee8cdd531418cfd05c1a6792382d895ac347216f |
| SHA256 | 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb |
| SHA512 | 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ctypes.pyd
| MD5 | a6d6d8f2a102364d1a3be27d394bedba |
| SHA1 | a3ccf649df22393686da3cd1157d69bd40e6ed48 |
| SHA256 | 08e75a6878a045e20597490b65bfe3608ae9551d4d008718c3e8b6a4647575ef |
| SHA512 | c6a4bb8a65cd7c7782551d24a29298ddfcde448ebe4b134ca801a6cd7c96d1c793ba34a1e33386c269c8ff4ba9a965961e28ac44ed9ed6f7a067c5b446511c55 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\base_library.zip
| MD5 | 1d8a38a5042bec4cb843de04303fe981 |
| SHA1 | 91e045fcdb5029662161c5af0041028b3a528b7a |
| SHA256 | 84c76c910e25de0345e3658eff19bce4532bf3e29eeb706b6acd861610a2837a |
| SHA512 | 9892a3707e575fcc8c36f50a6406c8b7b2cd5ec051cb84e07f819c43380c015ab96809cf427f24324cf04f09834e10e58b8a5d8b5cc8409c68a70d63703430a2 |
memory/3704-1370-0x00007FFA89020000-0x00007FFA89045000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_bz2.pyd
| MD5 | 952c6711be1b2ab7680be10a576e3e4f |
| SHA1 | 499a120c8d48529868c87686b3675a9f5492f858 |
| SHA256 | 851eb2739e6ea60cdc1052579f61e7896dc8fc81fca37d8c4c5a21b3f7ae441a |
| SHA512 | f103085229c3535d739d32fc84b5b5cc27b603013401ae4e8922ef346cdaff7d542e92311ee8972b965d7b2c69fa8ece5fb700bf0d4bebb51b000e0daee3e9c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_lzma.pyd
| MD5 | 5220b72fcbc170a74aae0f869ed984d6 |
| SHA1 | c97dcc30507c416bdb974dfbbe39dbc7c895c723 |
| SHA256 | 244c5c409005884509d77c1026cc68a2db929181ef21673ca3738785a42ea49f |
| SHA512 | cbbebb7e2bef3246484b1e5abe26eee20fbcabd22452a9f1044de767177f60a3947b38606fe3eae202a0e4dd4af935eceb9b39a52a9ae115063c25287b7ade83 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_wmi.pyd
| MD5 | bf56a25a3757c3e80bca545e1b0edb10 |
| SHA1 | cce5e3e104e9c9a7a3e2f6acef3736c1670fc00e |
| SHA256 | 76ac15dc3a7018d523475d6079bca6e8b8b1ed4b1a96808c850a71c7aa81472c |
| SHA512 | b6d0750a9c234eab7e5e6adf374296ce0638b0e6cb0b896ef52015fdcee99e78fc9d4e5da6a427cbb2bdd0fe3ef3e4142626fab9e0fe0f7b9e3ffdb877c7b619 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_uuid.pyd
| MD5 | 3c8737723a903b08d5d718336900fd8c |
| SHA1 | 2ad2d0d50f6b52291e59503222b665b1823b0838 |
| SHA256 | bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b |
| SHA512 | 1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_tkinter.pyd
| MD5 | bc1ca587d49cf50ade69bb6c0bc3b590 |
| SHA1 | 7916a82233098310ba622008dc110e702175d741 |
| SHA256 | 9e6287c316d465149b8255018a805f0253067640c350a3c9d020768dc7c1ecbc |
| SHA512 | b2a9c582213e219ef2644d39122501538a269c7765d9a8c00a6f23e64507300872106b477b53fa3f3ab38e54c5ad0a4508d4e5699b17952ace80e205a7db7e24 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_ssl.pyd
| MD5 | d3fd48d121a9bcac935057e5e57b33ee |
| SHA1 | 157dd5978b30dd7a5bd844d5ea08dde265d1ea0f |
| SHA256 | 296141c7cff0483ab1cd8ba9bcd623b73c897323752f6d3e00cac860f2f2ea20 |
| SHA512 | d3b30458616623dff1c2c0d40413dd63be8b5918fbb67833836900e1e8be7f4d372133e55710cd0b34f6f624eed4e91831ad4d456f4c04c70459dedb79b9ef52 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_sqlite3.pyd
| MD5 | 7c71aac32d1b4bd05bfb6cae2607667e |
| SHA1 | ce52307ed6a813e36434864846c4c0b36df99ffc |
| SHA256 | 1c073f2b602cc97eefc042207e1a573373686f33b37347ce611a877b10660606 |
| SHA512 | b4561961ba0276ef02e547f3a2bed21b44c7cc1a06a6b5a3193053021aec7233559040219d0ca155f5e0a76294c2991e8abc67df9900cc6819ddb4495c9b05f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_socket.pyd
| MD5 | d1e6edc3870e122e85006aa8ab84312f |
| SHA1 | b373dbc1c887256951da05ba756c874c10a97db5 |
| SHA256 | 03ae38714bef826c4aeb043844966e5cc41fa9fe085010cc5d1b4f77831d8c3c |
| SHA512 | 6383f3592917a5b48f93d54037a703d59e5cf89d515d14574c883cc86e82a39718b5b50b8fefa39d5b5250089b02d90704df5c27d850072d7f4061fb647ce9aa |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_queue.pyd
| MD5 | 1c7efdc2c88314a7bb52f7a3e9c591f2 |
| SHA1 | 8f8bf4ae5c320b10a272c377bb787cee49e8bc03 |
| SHA256 | fbc2677a615f220a9bf98d9e0a5f5b9fc80ce4ec60ce5dc5b2af0ccb99058279 |
| SHA512 | 3af89b47deb1481d0631eb2c6e828a07573131f4f1a4900de7b7dbbb271c9f6502715a5608a51bad0e8f89e3c995b586e9e36c4a42bcf7dedc7f1a243179a1f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_overlapped.pyd
| MD5 | 9089cdfddf30d48a36c3cef8f7e7122c |
| SHA1 | ee4cb3b69fe457cee93a8d240cb0e6bc74ea8057 |
| SHA256 | 51ef644948b031805ba862fb11c5506e844f5159f77175a849e500390ad9b369 |
| SHA512 | f9c77347ca226365071480ecc2aee05a7dce4834de2b79f2f31cc8fc138fafd821a56a16f45e2b0c1e31d45208a4ae9e558fec94f90e0379f430f2fe8bd605a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_multiprocessing.pyd
| MD5 | 7ae6edb97538f95a8fc8d763602b80c2 |
| SHA1 | b3b9544fb57b9310820565820c504edc09b5ab17 |
| SHA256 | 5948c0603e4d966b649029f0908950b8216c6c7ee2c923b0cc4d01c78aebad4e |
| SHA512 | 7b02343038fc5589ef07b649014cca260f16c55f7e89aecda18c73252805982ce601051dcb16e51417e42e3cea0ebd287466815527d8849a19dd398e6bc81fae |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_hashlib.pyd
| MD5 | 22efd8aa6a80c1a6688325dd949f350b |
| SHA1 | d642acaca968b265e63953af419c4dc15f9e016f |
| SHA256 | 567122aedde94177892eb3d8a5ee8dc2b2639ce119ae79d7346fbdece87c1741 |
| SHA512 | d24eb5281700cecf59feb01310cfce170259054c481c63b2a0620685a467d91754b5b6f119be0575741628acf52db84cdb5b12af8d9e18549e69989f6ef3c8cd |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_elementtree.pyd
| MD5 | 038cc7b4decd8df0ccbcc8720fef8221 |
| SHA1 | ef5ffa037e4274726a4f8a34690188bcd78c0448 |
| SHA256 | e9d6f41e10899cb9c3eed3cd282d3eab1e657ac308fadc917bae5701a26b6ffa |
| SHA512 | ccc911a57ec7635651b6c75e0b41b1bbfbc288ce1906ad9633f9054f0b83ea3bf4b51cabce785d54fe25d733ecfab2c460cf04d2a631891c63f34d7530616265 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_decimal.pyd
| MD5 | 6d91f1ca9c0a2fd069d271ceaad5ee27 |
| SHA1 | 194e9d731e253aea2a580238ba2146538fa1c74c |
| SHA256 | 6bd36ff0bc14d359945318786ce549708655ad6ed4109e661f45b14e884313c4 |
| SHA512 | e7475904edbea968b0eddacd1d5c83dc703b7f893020ac3826ae1a828118e1bac5978c31e187d50e7f88277ce31e0114d15fd9b43cc170dd067a589d6f086de1 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 94a963793144f26e8905e1e8ce3c28d9 |
| SHA1 | 4606d58f98ea2755c30696a4253105da8dbc206f |
| SHA256 | 53ddba12f45666326a9c0c217d1cbc6c68f26829b3890dbc71b55f7eda8b30f2 |
| SHA512 | c946d32756a881ad23e5acb7b88b72047936ac35311579db9fb4c49dfc2bd526047d52df4eb4f34f4b1db0cbe2bef3ab040a9287262322a6692d45e634e90228 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\_asyncio.pyd
| MD5 | 80c155e092888174656c9c98b320bc05 |
| SHA1 | 7bd55d6e0541d6749d82df3bbf4c3030fb2622c3 |
| SHA256 | 2a7c9831564bab073130e588c38a4c9410ac91b14d1489d535527f648242629e |
| SHA512 | f3a74fd1f86d02ad94b93738c76994de561df316afaec8a42e626819c3d5197e5602eee7dfec6af2ceeb37cad1b5f73854a5e87b3b9019512793f39c79fe91a8 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\zlib1.dll
| MD5 | a8de51d75e64ca70cd563921d9d21ecc |
| SHA1 | 095f1986f3529488dd6d582f54d6478f423016e0 |
| SHA256 | 6a4f794085202619c86223c285924972599337cd02e0134b3d06b4030394be46 |
| SHA512 | 8589aa318bc753e68674c9af7ca6bd07b4acbc36e8fd4bd9228346ee4987be0200ac9b3b3513480cb71907271352daa05dab35360cc4488200142af9977417a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\unicodedata.pyd
| MD5 | 1f4e7bb9654070b5313e5778f34d7bf5 |
| SHA1 | 0f50c3a698f08add7687cabdf2b3a6fb1f4e7b07 |
| SHA256 | 6f7f0abee5fbddea7e54108c1cd76f5a6e5bb5a9f865fbcbe536ea7d370442bc |
| SHA512 | ccf44cef8250521216e7017e22822a2ed0ea0a7f3c1067aa7795c4c4127c7199eb230f035147ff6d3d768983df34e6494f2993b2f2211bca17afef6bed85ac71 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\tk86t.dll
| MD5 | 7da2bd00604b49de68df52595e5b5d6a |
| SHA1 | 7af15391220242055a522dbe9e3b1f9d3a7bec6c |
| SHA256 | 731d0678255a34a9f86c6fc08b440fa94b762a0b347d63ecc951d35b11d8bfbd |
| SHA512 | 6431a09afcb8b24eaa60200db716ccdf36176b3f3c0494a5c8c957726e6769f2ea4963fce539ab0eb4c8655b3d6da11e17c30286a53b12658dcfee7ec057348a |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\tcl86t.dll
| MD5 | 8126ea234fe2251af90312917350831d |
| SHA1 | f9fd9b2441f35cb5a10ce52f6bd0e32a97a6eb8d |
| SHA256 | 4b92a1cb3d61298f0b9290d7c1e3ffd888de97d300363a342edb14bcac2c9bb2 |
| SHA512 | 30a96102f5d8f48e5364254ad80295795fb27b8913d47d08785d8a084557c4c73ed1e3ce9586d0ae918a87fbcad092db836b7a3e5ffa7f1a67af03c209446fc3 |
memory/3704-1404-0x00007FFA88D60000-0x00007FFA88D75000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\sqlite3.dll
| MD5 | 6dbd9a7221be6179db0b22e59dc2bc70 |
| SHA1 | f0ec0f0ad08fa65578c4d12f63746b396b41bb07 |
| SHA256 | 8037e2d0c48393f71b81b2f83370755bc2b3e8e8f96e96799333e4e666211ed0 |
| SHA512 | 7ed7a38728bbf4f6e662df9119373deb0d751578147573711c2b13914cee1ce5d1292a20a5ed92f8fd9820e288b195c1b3961a4f7a04eaa3cbedeedf024a8dd5 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\select.pyd
| MD5 | 08a8932c89ae1ba8f118858694f5758e |
| SHA1 | 4bb0978bf554afd22beb3d99b66dd02436c83e53 |
| SHA256 | 4b6e3792dc7830c15de3b1b37f06b800feeead96aa4cb63ffe47c7ede6ff5588 |
| SHA512 | 2545a45d50d744d79a22378c4a967ab311f877b00145279bddf5329b8f619f0831d841228421687c39fb2e71697bc08e78e4e99cf675e426204bf675bdc2f184 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\pyexpat.pyd
| MD5 | e25bd5aa1224449c253d6212cd0b6074 |
| SHA1 | d8274e921b9e1c27e969fcd4916a0ddff021aa65 |
| SHA256 | 1c9fb7277e701cc85ba7c574caf22c429684db62c3804a1bb2416cecd0c32919 |
| SHA512 | dbfb4db3ae3a7f9cec2efe1f148489dcddeb3c0a731370d0a998f120c348b7e93cf3eb80c0a2123138e884dba8b28229ee795d14d0659dc48ec4035153148757 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\libssl-3.dll
| MD5 | 8dd6662f04111dcbb721a91d815da88f |
| SHA1 | a9035b732514e22461b9cec5cc25b10d7156c776 |
| SHA256 | a550ca304b8d8a2faa6f9079762a07fb2f50db986000ae1de3f14555f975098c |
| SHA512 | b9b9cf8ca560e2cf9d408ff064b9cef8c44941e9f0ee40476f4e56d5e1e2a39ab9dcf518a0eae8849e3a098b695945ad45406d39c743e336e638de53739bfd52 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\libcrypto-3.dll
| MD5 | 08c227b90e920c88b1c933933daea3a7 |
| SHA1 | 250e3fe3c6a969e9168f80895a68a47badca3d6b |
| SHA256 | 477e2dc2c2147fc0286ea064883bfa3b22310c4a888a4d780000db88767dcc59 |
| SHA512 | f4f2343a4e232480c4a4a694d6a605fc40932d5b0802e882610c10a12c6a18c6254adcf5435cda5f1c6c6e74c588e77a08cd5c55858782d695fb3e1e010ae185 |
memory/3704-1378-0x00007FFA88FD0000-0x00007FFA88FFD000-memory.dmp
memory/3704-1376-0x00007FFA89000000-0x00007FFA89019000-memory.dmp
memory/3704-1373-0x00007FFA89440000-0x00007FFA8944F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\libffi-8.dll
| MD5 | fb18ee22749696cf9ede99f211544e75 |
| SHA1 | a4e1a9332c464c566c681af32e063d60130d9449 |
| SHA256 | 8edba78618e85b8fa8d7ce767b4bfd0ca17c3c57dd233b4ff516ff6bf2ba17cf |
| SHA512 | 2f33a1f5a756c670d496e9ac89183491f60d47fdf6c9cf1b40e60c7f55dc4619ed2004e91cddc1a0b0c683f78769876b8910148ddf53b6852ab61f39d0c6eb55 |
memory/3704-1406-0x00007FFA79240000-0x00007FFA79762000-memory.dmp
memory/3704-1410-0x00007FFA88D30000-0x00007FFA88D3D000-memory.dmp
memory/3704-1412-0x00007FFA88C60000-0x00007FFA88C6D000-memory.dmp
memory/3704-1422-0x00007FFA89020000-0x00007FFA89045000-memory.dmp
memory/3704-1421-0x00007FFA85FF0000-0x00007FFA85FFD000-memory.dmp
memory/3704-1420-0x00007FFA7A960000-0x00007FFA7AA2D000-memory.dmp
memory/3704-1419-0x00007FFA80A40000-0x00007FFA80A73000-memory.dmp
memory/3704-1418-0x00007FFA86690000-0x00007FFA866C4000-memory.dmp
memory/3704-1417-0x00007FFA79C60000-0x00007FFA7A330000-memory.dmp
memory/3704-1409-0x00007FFA88D40000-0x00007FFA88D59000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
memory/3704-1425-0x00007FFA78F20000-0x00007FFA7903B000-memory.dmp
memory/3704-1427-0x00007FFA80A10000-0x00007FFA80A34000-memory.dmp
memory/3704-1430-0x00007FFA79790000-0x00007FFA79907000-memory.dmp
memory/3704-1429-0x00007FFA88D60000-0x00007FFA88D75000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\win32\win32crypt.pyd
| MD5 | e2c191bdbbcfd3c73fad9a0d1babcd0e |
| SHA1 | 829aa3d63d6a931456793b992b44cb54a99f45ed |
| SHA256 | d4e2cee3cf54aa1b3b5c9d19348a72374a76ac4cd9cc098cd538b3ff004e8bd5 |
| SHA512 | 051896eaf9fa9ec02085dcb539db9eab141606293019d549445555908cf7ee7f5cd16c6818ba3553ebf84f7a11eea3200bd8d02a0b8d482145449e459b58dc27 |
C:\Users\Admin\AppData\Local\Temp\_MEI23642\pywin32_system32\pywintypes312.dll
| MD5 | 29ab89ecbfbdbc2a4472803fdb018150 |
| SHA1 | 4ca4f269f31f4dd9f31a9e60848fd32c50d3f141 |
| SHA256 | 5d4eb1e781aaa81e336696bc0241b8d7576ccc7a79f92dedd078a3376b754573 |
| SHA512 | cce1ee1a5a166ba7fa7029b3c1cd157a691bb6702f8650f2394e53fd85c51e0b44e521785325b6fcb18329fbf4d76c34504d98f63185feb00ebedc14218b0024 |
memory/3704-1440-0x00007FFA80E80000-0x00007FFA80E96000-memory.dmp
memory/3704-1439-0x00007FFA78B70000-0x00007FFA78B9F000-memory.dmp
memory/3704-1438-0x00007FFA78BA0000-0x00007FFA78BCA000-memory.dmp
memory/3704-1443-0x00007FFA79770000-0x00007FFA79782000-memory.dmp
memory/3704-1447-0x00007FFA85FC0000-0x00007FFA85FCB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\Cryptodome\Cipher\_raw_aes.pyd
| MD5 | c27260c209c357fcc984b3bd259924e1 |
| SHA1 | 99ba7f93c8e5f968a30ca34b7f8d5ec039392d4c |
| SHA256 | 4c731a9fa619d73a2085d3768925a94c110a9a28fcdcdb3068569cd8293698be |
| SHA512 | f4729c3649d567bf71915ef9c0b98f56ea10d58c3e6e445ed62f173579c1efa01103fb25e54d62d015079bd9d19a76d1c8f6ff0d679543bec11e70bf4f93ae0c |
memory/3704-1451-0x00007FFA78B30000-0x00007FFA78B46000-memory.dmp
memory/3704-1450-0x00007FFA7A8F0000-0x00007FFA7A8FC000-memory.dmp
memory/3704-1449-0x00007FFA78B50000-0x00007FFA78B62000-memory.dmp
memory/3704-1446-0x00007FFA88C60000-0x00007FFA88C6D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI23642\Cryptodome\Util\_cpuid_c.pyd
| MD5 | d826b873c1de4f2aaa48dca0927af486 |
| SHA1 | dfe5dfe99eb5600aea484ad6f72a57faa613f4e8 |
| SHA256 | bca02c5ce4d11fce60cc75cef97abc1a3dd6c811bd8ec9fe30ee62816d8cde70 |
| SHA512 | fd26440c1194f4cc0acb65dcc696ab619b6025cb6c683276488e11a8b5fa293dd2d809bc8330f3dbf49d71cf7e1393dc8315275a927a59b9d5dd4dd63b759828 |
memory/3704-1437-0x00007FFA79240000-0x00007FFA79762000-memory.dmp
memory/3704-1455-0x00007FFA80A10000-0x00007FFA80A34000-memory.dmp
memory/3704-1454-0x00007FFA78790000-0x00007FFA787BE000-memory.dmp
memory/3704-1453-0x00007FFA787C0000-0x00007FFA78959000-memory.dmp
memory/3704-1452-0x00007FFA78960000-0x00007FFA78B2A000-memory.dmp
memory/3704-1457-0x00007FFA78520000-0x00007FFA7878D000-memory.dmp
memory/3704-1456-0x00007FFA79790000-0x00007FFA79907000-memory.dmp
memory/3704-1458-0x00007FFA78490000-0x00007FFA78517000-memory.dmp
memory/3704-1459-0x00007FFA78480000-0x00007FFA7848B000-memory.dmp
memory/3704-1460-0x00007FFA78450000-0x00007FFA78478000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed9ede2d7825c67ca21802f89806aa25 |
| SHA1 | 3d6c75b37811c27e2e93acb1b6572d9c547fa5d3 |
| SHA256 | 2aa2d3efb086d88b06b640e49aaa37eca46fd2ab53c636c393d0175e222677d4 |
| SHA512 | b49f1950efaf857f9e658511a2e41dae51c97880851700b0f6d212645863469bb56b3078ac7242cb9d6760b7682acb09624c1c87088d8260a046d704d7a0972d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ee4716cfeb5c6fc8c889380fd64ef491 |
| SHA1 | 20fe543b6f5d223ac3ed2aea0770ef2970b69fd8 |
| SHA256 | a31c31deb75a4035a90889eeaabbe9ffff368b2085b2d629f382c48240177a1e |
| SHA512 | cfc43209921da873017e10c382db4ab62a0fa4aa23bd3153a9a3ed716ea2cca009deb1516060be8a21c8d73d91bda21efef31fe65122ae2a289b23170fd5b760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28b5c6835f460d8984586649f8401c2f |
| SHA1 | 4eb7b04fac3510c65f19433638bcb488999f5c95 |
| SHA256 | 348a645eb160bbba37f2696fb2cc2d468cec17ff9a8b9b1d803e90ed5b982b26 |
| SHA512 | c2292ba0cff2ca166393948833beefb5dae331307c34884cea9ecd140098a3f07b3c4bfbd558eb4207c059b0e73228565ee46a1d60e9844a2f4eeee439edffe5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | de58f4ff5b0ede240ff01adac638fd4c |
| SHA1 | ee98f9a8f4212fe04c0f1bb06f74b424aa681824 |
| SHA256 | a726ce092740e177cd6c580684654e22ee5e735286ba9eaf24adb4b33d9cae1d |
| SHA512 | e7538c06d04f7f52e45a3f6169207434ab15ff9266275097524d85b92c6734fd4d7ea24611df61ce681064fd2c7c859476e9ce970b2039444fa6afe54b176eb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\05af9c51-9bd6-4534-8e94-0fec0768a04b\index-dir\the-real-index
| MD5 | 5dc7d44343884ef51ae1fca773b85cbd |
| SHA1 | ccf401684322b28d4d30f36614774956e3568ee6 |
| SHA256 | b0cf2b20ed5e40de993bf0e0d4ea1f5be9f16c7f24582022635ff372c644c2b3 |
| SHA512 | 1e03c93110ec692adfedc277f38bd791fc5a8301af0d673c1503144f5c6550a6c376ff253d61920b4fa6b8db2cfbe14d44d8a2c7d96cc783fcf33816e27df8df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\05af9c51-9bd6-4534-8e94-0fec0768a04b\index-dir\the-real-index~RFe57bc6a.TMP
| MD5 | 43a4a462a36f34e434fa2123d8314f2b |
| SHA1 | 7f2da6e9277a2df5fde781bd6a265a5eea2533d2 |
| SHA256 | 21817c56f934d7ba994e65827c190998ebe8ec50f579b6213424a1808d48e7b7 |
| SHA512 | 8e6e13218d6ca85d26e39e09c3d405eb6ddfec803ea63c5655183a4bebe1d891d62fa1d76c05d008904c36b4344d20a4462b6636d2ed5461f3950e08fb9b9329 |
memory/3704-1558-0x00007FFA78B30000-0x00007FFA78B46000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 495db843db2d0042878ca4995f60a5d4 |
| SHA1 | 5aee267d3b08691da2511cff7958158dab778474 |
| SHA256 | ac985527d8070832f08eae506355e2b2298e15b75b80b3547cdf35e584f2465b |
| SHA512 | 72a882a56dbb7c75320719ad05b0f0f4936a12006852f781f36f648740cf9401205f921a0e68847912d5b1a172ab7d373c00e6c58ee4aae54e385b768a15f1a4 |
memory/3704-1596-0x00007FFA787C0000-0x00007FFA78959000-memory.dmp
memory/3704-1590-0x00007FFA78960000-0x00007FFA78B2A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | f7e62091298793e4987f9713f6baac46 |
| SHA1 | 92cb1e1139df9404c127e971876c7365e4194358 |
| SHA256 | 8a5c3e5abb551029d8d443f076bd9638cc69dad19b2d16719c50719d41dbf82a |
| SHA512 | 561d0ec8285c5add6e26ba6658aa68d67c59a65754c018da3d5a79b0f67d88da0497ff0d0ed10cd5d11584499521e36e3d0d374168b4c99ff9f229f08aed1115 |
memory/3704-1851-0x00007FFA79790000-0x00007FFA79907000-memory.dmp
memory/3704-1864-0x00007FFA78520000-0x00007FFA7878D000-memory.dmp
memory/3704-1854-0x00007FFA80E80000-0x00007FFA80E96000-memory.dmp
memory/3704-1848-0x00007FFA7A960000-0x00007FFA7AA2D000-memory.dmp
memory/3704-1837-0x00007FFA79240000-0x00007FFA79762000-memory.dmp
memory/3704-1831-0x00007FFA79C60000-0x00007FFA7A330000-memory.dmp
memory/3704-1832-0x00007FFA89020000-0x00007FFA89045000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
memory/3704-1940-0x00007FFA79950000-0x00007FFA7995B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir4572_633017412\4e58158d-bab2-4dae-8edd-aca9305d3226.tmp
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Temp\7f99a8fb-c11d-49f8-bec1-c7a1bf4049db.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\f7745c73-b15b-49e4-94b6-b0e3487af3cb.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 14b1aeea0884a4904aaf16b9d0619890 |
| SHA1 | edaeba81b1870ab4aa353eb25954f80cbb0015c3 |
| SHA256 | 92bd60abd1f537035e021f44f8f74f40c5e14975e2d809f7f07395c9a5a76bff |
| SHA512 | 7913587709f23215462c70df23bfc1beac877888bc91df28fa96fd22f66ccd63eb132931c488178970efe8cd8f73783f830735cfac826b2124d673adb50e843c |
memory/3704-2426-0x00007FFA8F4F0000-0x00007FFA8F4FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3gxrp59r\Collected_Data\ss\Screenshot.png
| MD5 | a1db29b977eff457fdc390c001c58d74 |
| SHA1 | 29e3e86a3233219cc970a0cac81ca912d3ce85da |
| SHA256 | 8efed83c2c295e06c43cecac289ad917897cfea3735cc1ae950ce315a5c8ee89 |
| SHA512 | 87d1d643f706e9fb8fdd3b978f6b3af9fff31504a3b7a9a88adab0778197c07409f6aa9dea0be2aac9dbcce11dae583021dba43f4a88b9646f1e6bb63d781f9a |
memory/3704-2459-0x00007FFA78F20000-0x00007FFA7903B000-memory.dmp
memory/3704-2498-0x00007FFA85FF0000-0x00007FFA85FFD000-memory.dmp
memory/3704-2503-0x00007FFA8F4F0000-0x00007FFA8F4FF000-memory.dmp
memory/3704-2502-0x00007FFA79950000-0x00007FFA7995B000-memory.dmp
memory/3704-2501-0x00007FFA78450000-0x00007FFA78478000-memory.dmp
memory/3704-2500-0x00007FFA78480000-0x00007FFA7848B000-memory.dmp
memory/3704-2499-0x00007FFA78490000-0x00007FFA78517000-memory.dmp
memory/3704-2497-0x00007FFA80A40000-0x00007FFA80A73000-memory.dmp
memory/3704-2496-0x00007FFA78B50000-0x00007FFA78B62000-memory.dmp
memory/3704-2495-0x00007FFA85FC0000-0x00007FFA85FCB000-memory.dmp
memory/3704-2494-0x00007FFA79770000-0x00007FFA79782000-memory.dmp
memory/3704-2493-0x00007FFA79240000-0x00007FFA79762000-memory.dmp
memory/3704-2492-0x00007FFA78B70000-0x00007FFA78B9F000-memory.dmp
memory/3704-2491-0x00007FFA78BA0000-0x00007FFA78BCA000-memory.dmp
memory/3704-2490-0x00007FFA79790000-0x00007FFA79907000-memory.dmp
memory/3704-2489-0x00007FFA80A10000-0x00007FFA80A34000-memory.dmp
memory/3704-2488-0x00007FFA78790000-0x00007FFA787BE000-memory.dmp
memory/3704-2487-0x00007FFA79C60000-0x00007FFA7A330000-memory.dmp
memory/3704-2486-0x00007FFA7A960000-0x00007FFA7AA2D000-memory.dmp
memory/3704-2485-0x00007FFA7A8F0000-0x00007FFA7A8FC000-memory.dmp
memory/3704-2484-0x00007FFA86690000-0x00007FFA866C4000-memory.dmp
memory/3704-2483-0x00007FFA88C60000-0x00007FFA88C6D000-memory.dmp
memory/3704-2482-0x00007FFA88D30000-0x00007FFA88D3D000-memory.dmp
memory/3704-2481-0x00007FFA88D40000-0x00007FFA88D59000-memory.dmp
memory/3704-2480-0x00007FFA80E80000-0x00007FFA80E96000-memory.dmp
memory/3704-2479-0x00007FFA88D60000-0x00007FFA88D75000-memory.dmp
memory/3704-2478-0x00007FFA88FD0000-0x00007FFA88FFD000-memory.dmp
memory/3704-2477-0x00007FFA89000000-0x00007FFA89019000-memory.dmp
memory/3704-2476-0x00007FFA89440000-0x00007FFA8944F000-memory.dmp
memory/3704-2475-0x00007FFA89020000-0x00007FFA89045000-memory.dmp
memory/3704-2474-0x00007FFA78B30000-0x00007FFA78B46000-memory.dmp
memory/3704-2473-0x00007FFA78520000-0x00007FFA7878D000-memory.dmp
memory/3704-2471-0x00007FFA787C0000-0x00007FFA78959000-memory.dmp
memory/3704-2470-0x00007FFA78960000-0x00007FFA78B2A000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-06-30 17:11
Reported
2025-06-30 17:13
Platform
win11-20250619-en
Max time kernel
102s
Max time network
128s
Command Line
Signatures
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdater.exe | C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957770993333840" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1418876453-2228697459-2788511057-1000\{5ECD9EB9-271E-41DD-B82C-9A1017D6613B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"
C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_e6243f15c851977a055450fabfcad957_black-basta_cobalt-strike_luca-stealer_satacom_vidar.exe"
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im opera.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im opera_gx.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /f /im msedge.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --headless
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7fff4306f208,0x7fff4306f214,0x7fff4306f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2200,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2524,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2520 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5216,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5208,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5888,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6096,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6096,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=6220,i,3955211046505890006,15711350094227264488,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1136
C:\Windows\SYSTEM32\taskkill.exe
taskkill /F /IM msedge.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.16.153.209:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.18.190.114:443 | assets.msn.com | tcp |
| GB | 2.18.190.114:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.18.190.114:443 | assets.msn.com | tcp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| US | 13.226.155.104:443 | sb.scorecardresearch.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.190.114:443 | assets.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 20.42.73.31:443 | browser.events.data.msn.com | tcp |
| GB | 2.18.190.114:443 | assets.msn.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | tcp |
| GB | 2.16.153.206:443 | www.bing.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 8.8.8.8:53 | r.msftstatic.com | udp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| GB | 2.16.153.222:443 | r.bing.com | tcp |
| GB | 2.16.153.222:443 | r.bing.com | tcp |
| US | 204.79.197.219:443 | r.msftstatic.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | udp |
| GB | 2.16.153.222:443 | www.bing.com | tcp |
| N/A | 127.0.0.1:51609 | tcp | |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| TR | 185.169.180.199:5000 | 185.169.180.199 | tcp |
| N/A | 127.0.0.1:9222 | tcp | |
| TR | 185.169.180.199:5000 | 185.169.180.199 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI27802\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\python312.dll
| MD5 | 71fe51a2c45e725214784e1cfec8584e |
| SHA1 | bc2e6d46077e1298a1b483bc9ed2d5695be43066 |
| SHA256 | 679dba446f0db100cb02b116f402a9c19c3519756135f9b034e2580ea028f392 |
| SHA512 | 6427025c6775c0b9dbe2f18e0c59ae9d7c876ce1c0516060bfab6bed6e02ded9241c0145040ff8af6d0df84eb164d79aa221fbc0a00f31a1c613521f0522e8e5 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
memory/2272-1362-0x00007FFF549A0000-0x00007FFF55070000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\base_library.zip
| MD5 | 1d8a38a5042bec4cb843de04303fe981 |
| SHA1 | 91e045fcdb5029662161c5af0041028b3a528b7a |
| SHA256 | 84c76c910e25de0345e3658eff19bce4532bf3e29eeb706b6acd861610a2837a |
| SHA512 | 9892a3707e575fcc8c36f50a6406c8b7b2cd5ec051cb84e07f819c43380c015ab96809cf427f24324cf04f09834e10e58b8a5d8b5cc8409c68a70d63703430a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_ctypes.pyd
| MD5 | a6d6d8f2a102364d1a3be27d394bedba |
| SHA1 | a3ccf649df22393686da3cd1157d69bd40e6ed48 |
| SHA256 | 08e75a6878a045e20597490b65bfe3608ae9551d4d008718c3e8b6a4647575ef |
| SHA512 | c6a4bb8a65cd7c7782551d24a29298ddfcde448ebe4b134ca801a6cd7c96d1c793ba34a1e33386c269c8ff4ba9a965961e28ac44ed9ed6f7a067c5b446511c55 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\python3.DLL
| MD5 | 77896345d4e1c406eeff011f7a920873 |
| SHA1 | ee8cdd531418cfd05c1a6792382d895ac347216f |
| SHA256 | 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb |
| SHA512 | 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\libffi-8.dll
| MD5 | fb18ee22749696cf9ede99f211544e75 |
| SHA1 | a4e1a9332c464c566c681af32e063d60130d9449 |
| SHA256 | 8edba78618e85b8fa8d7ce767b4bfd0ca17c3c57dd233b4ff516ff6bf2ba17cf |
| SHA512 | 2f33a1f5a756c670d496e9ac89183491f60d47fdf6c9cf1b40e60c7f55dc4619ed2004e91cddc1a0b0c683f78769876b8910148ddf53b6852ab61f39d0c6eb55 |
memory/2272-1372-0x00007FFF5DCD0000-0x00007FFF5DCF5000-memory.dmp
memory/2272-1402-0x00007FFF59490000-0x00007FFF594BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_wmi.pyd
| MD5 | bf56a25a3757c3e80bca545e1b0edb10 |
| SHA1 | cce5e3e104e9c9a7a3e2f6acef3736c1670fc00e |
| SHA256 | 76ac15dc3a7018d523475d6079bca6e8b8b1ed4b1a96808c850a71c7aa81472c |
| SHA512 | b6d0750a9c234eab7e5e6adf374296ce0638b0e6cb0b896ef52015fdcee99e78fc9d4e5da6a427cbb2bdd0fe3ef3e4142626fab9e0fe0f7b9e3ffdb877c7b619 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_uuid.pyd
| MD5 | 3c8737723a903b08d5d718336900fd8c |
| SHA1 | 2ad2d0d50f6b52291e59503222b665b1823b0838 |
| SHA256 | bb418e91e543c998d11f9e65fd2a4899b09407ff386e059a88fe2a16aed2556b |
| SHA512 | 1d974ec1c96e884f30f4925cc9a03fb5af78687a267dec0d1582b5d7561d251fb733cf733e0cc00faee86f0fef6f73d36a348f3461c6d34b0238a75f69320d10 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_tkinter.pyd
| MD5 | bc1ca587d49cf50ade69bb6c0bc3b590 |
| SHA1 | 7916a82233098310ba622008dc110e702175d741 |
| SHA256 | 9e6287c316d465149b8255018a805f0253067640c350a3c9d020768dc7c1ecbc |
| SHA512 | b2a9c582213e219ef2644d39122501538a269c7765d9a8c00a6f23e64507300872106b477b53fa3f3ab38e54c5ad0a4508d4e5699b17952ace80e205a7db7e24 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_ssl.pyd
| MD5 | d3fd48d121a9bcac935057e5e57b33ee |
| SHA1 | 157dd5978b30dd7a5bd844d5ea08dde265d1ea0f |
| SHA256 | 296141c7cff0483ab1cd8ba9bcd623b73c897323752f6d3e00cac860f2f2ea20 |
| SHA512 | d3b30458616623dff1c2c0d40413dd63be8b5918fbb67833836900e1e8be7f4d372133e55710cd0b34f6f624eed4e91831ad4d456f4c04c70459dedb79b9ef52 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_sqlite3.pyd
| MD5 | 7c71aac32d1b4bd05bfb6cae2607667e |
| SHA1 | ce52307ed6a813e36434864846c4c0b36df99ffc |
| SHA256 | 1c073f2b602cc97eefc042207e1a573373686f33b37347ce611a877b10660606 |
| SHA512 | b4561961ba0276ef02e547f3a2bed21b44c7cc1a06a6b5a3193053021aec7233559040219d0ca155f5e0a76294c2991e8abc67df9900cc6819ddb4495c9b05f8 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_socket.pyd
| MD5 | d1e6edc3870e122e85006aa8ab84312f |
| SHA1 | b373dbc1c887256951da05ba756c874c10a97db5 |
| SHA256 | 03ae38714bef826c4aeb043844966e5cc41fa9fe085010cc5d1b4f77831d8c3c |
| SHA512 | 6383f3592917a5b48f93d54037a703d59e5cf89d515d14574c883cc86e82a39718b5b50b8fefa39d5b5250089b02d90704df5c27d850072d7f4061fb647ce9aa |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_queue.pyd
| MD5 | 1c7efdc2c88314a7bb52f7a3e9c591f2 |
| SHA1 | 8f8bf4ae5c320b10a272c377bb787cee49e8bc03 |
| SHA256 | fbc2677a615f220a9bf98d9e0a5f5b9fc80ce4ec60ce5dc5b2af0ccb99058279 |
| SHA512 | 3af89b47deb1481d0631eb2c6e828a07573131f4f1a4900de7b7dbbb271c9f6502715a5608a51bad0e8f89e3c995b586e9e36c4a42bcf7dedc7f1a243179a1f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_overlapped.pyd
| MD5 | 9089cdfddf30d48a36c3cef8f7e7122c |
| SHA1 | ee4cb3b69fe457cee93a8d240cb0e6bc74ea8057 |
| SHA256 | 51ef644948b031805ba862fb11c5506e844f5159f77175a849e500390ad9b369 |
| SHA512 | f9c77347ca226365071480ecc2aee05a7dce4834de2b79f2f31cc8fc138fafd821a56a16f45e2b0c1e31d45208a4ae9e558fec94f90e0379f430f2fe8bd605a3 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_multiprocessing.pyd
| MD5 | 7ae6edb97538f95a8fc8d763602b80c2 |
| SHA1 | b3b9544fb57b9310820565820c504edc09b5ab17 |
| SHA256 | 5948c0603e4d966b649029f0908950b8216c6c7ee2c923b0cc4d01c78aebad4e |
| SHA512 | 7b02343038fc5589ef07b649014cca260f16c55f7e89aecda18c73252805982ce601051dcb16e51417e42e3cea0ebd287466815527d8849a19dd398e6bc81fae |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_hashlib.pyd
| MD5 | 22efd8aa6a80c1a6688325dd949f350b |
| SHA1 | d642acaca968b265e63953af419c4dc15f9e016f |
| SHA256 | 567122aedde94177892eb3d8a5ee8dc2b2639ce119ae79d7346fbdece87c1741 |
| SHA512 | d24eb5281700cecf59feb01310cfce170259054c481c63b2a0620685a467d91754b5b6f119be0575741628acf52db84cdb5b12af8d9e18549e69989f6ef3c8cd |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_elementtree.pyd
| MD5 | 038cc7b4decd8df0ccbcc8720fef8221 |
| SHA1 | ef5ffa037e4274726a4f8a34690188bcd78c0448 |
| SHA256 | e9d6f41e10899cb9c3eed3cd282d3eab1e657ac308fadc917bae5701a26b6ffa |
| SHA512 | ccc911a57ec7635651b6c75e0b41b1bbfbc288ce1906ad9633f9054f0b83ea3bf4b51cabce785d54fe25d733ecfab2c460cf04d2a631891c63f34d7530616265 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_decimal.pyd
| MD5 | 6d91f1ca9c0a2fd069d271ceaad5ee27 |
| SHA1 | 194e9d731e253aea2a580238ba2146538fa1c74c |
| SHA256 | 6bd36ff0bc14d359945318786ce549708655ad6ed4109e661f45b14e884313c4 |
| SHA512 | e7475904edbea968b0eddacd1d5c83dc703b7f893020ac3826ae1a828118e1bac5978c31e187d50e7f88277ce31e0114d15fd9b43cc170dd067a589d6f086de1 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 94a963793144f26e8905e1e8ce3c28d9 |
| SHA1 | 4606d58f98ea2755c30696a4253105da8dbc206f |
| SHA256 | 53ddba12f45666326a9c0c217d1cbc6c68f26829b3890dbc71b55f7eda8b30f2 |
| SHA512 | c946d32756a881ad23e5acb7b88b72047936ac35311579db9fb4c49dfc2bd526047d52df4eb4f34f4b1db0cbe2bef3ab040a9287262322a6692d45e634e90228 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_asyncio.pyd
| MD5 | 80c155e092888174656c9c98b320bc05 |
| SHA1 | 7bd55d6e0541d6749d82df3bbf4c3030fb2622c3 |
| SHA256 | 2a7c9831564bab073130e588c38a4c9410ac91b14d1489d535527f648242629e |
| SHA512 | f3a74fd1f86d02ad94b93738c76994de561df316afaec8a42e626819c3d5197e5602eee7dfec6af2ceeb37cad1b5f73854a5e87b3b9019512793f39c79fe91a8 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\zlib1.dll
| MD5 | a8de51d75e64ca70cd563921d9d21ecc |
| SHA1 | 095f1986f3529488dd6d582f54d6478f423016e0 |
| SHA256 | 6a4f794085202619c86223c285924972599337cd02e0134b3d06b4030394be46 |
| SHA512 | 8589aa318bc753e68674c9af7ca6bd07b4acbc36e8fd4bd9228346ee4987be0200ac9b3b3513480cb71907271352daa05dab35360cc4488200142af9977417a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\VCRUNTIME140_1.dll
| MD5 | 7e668ab8a78bd0118b94978d154c85bc |
| SHA1 | dbac42a02a8d50639805174afd21d45f3c56e3a0 |
| SHA256 | e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f |
| SHA512 | 72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\unicodedata.pyd
| MD5 | 1f4e7bb9654070b5313e5778f34d7bf5 |
| SHA1 | 0f50c3a698f08add7687cabdf2b3a6fb1f4e7b07 |
| SHA256 | 6f7f0abee5fbddea7e54108c1cd76f5a6e5bb5a9f865fbcbe536ea7d370442bc |
| SHA512 | ccf44cef8250521216e7017e22822a2ed0ea0a7f3c1067aa7795c4c4127c7199eb230f035147ff6d3d768983df34e6494f2993b2f2211bca17afef6bed85ac71 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\tk86t.dll
| MD5 | 7da2bd00604b49de68df52595e5b5d6a |
| SHA1 | 7af15391220242055a522dbe9e3b1f9d3a7bec6c |
| SHA256 | 731d0678255a34a9f86c6fc08b440fa94b762a0b347d63ecc951d35b11d8bfbd |
| SHA512 | 6431a09afcb8b24eaa60200db716ccdf36176b3f3c0494a5c8c957726e6769f2ea4963fce539ab0eb4c8655b3d6da11e17c30286a53b12658dcfee7ec057348a |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\tcl86t.dll
| MD5 | 8126ea234fe2251af90312917350831d |
| SHA1 | f9fd9b2441f35cb5a10ce52f6bd0e32a97a6eb8d |
| SHA256 | 4b92a1cb3d61298f0b9290d7c1e3ffd888de97d300363a342edb14bcac2c9bb2 |
| SHA512 | 30a96102f5d8f48e5364254ad80295795fb27b8913d47d08785d8a084557c4c73ed1e3ce9586d0ae918a87fbcad092db836b7a3e5ffa7f1a67af03c209446fc3 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\sqlite3.dll
| MD5 | 6dbd9a7221be6179db0b22e59dc2bc70 |
| SHA1 | f0ec0f0ad08fa65578c4d12f63746b396b41bb07 |
| SHA256 | 8037e2d0c48393f71b81b2f83370755bc2b3e8e8f96e96799333e4e666211ed0 |
| SHA512 | 7ed7a38728bbf4f6e662df9119373deb0d751578147573711c2b13914cee1ce5d1292a20a5ed92f8fd9820e288b195c1b3961a4f7a04eaa3cbedeedf024a8dd5 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\select.pyd
| MD5 | 08a8932c89ae1ba8f118858694f5758e |
| SHA1 | 4bb0978bf554afd22beb3d99b66dd02436c83e53 |
| SHA256 | 4b6e3792dc7830c15de3b1b37f06b800feeead96aa4cb63ffe47c7ede6ff5588 |
| SHA512 | 2545a45d50d744d79a22378c4a967ab311f877b00145279bddf5329b8f619f0831d841228421687c39fb2e71697bc08e78e4e99cf675e426204bf675bdc2f184 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\pyexpat.pyd
| MD5 | e25bd5aa1224449c253d6212cd0b6074 |
| SHA1 | d8274e921b9e1c27e969fcd4916a0ddff021aa65 |
| SHA256 | 1c9fb7277e701cc85ba7c574caf22c429684db62c3804a1bb2416cecd0c32919 |
| SHA512 | dbfb4db3ae3a7f9cec2efe1f148489dcddeb3c0a731370d0a998f120c348b7e93cf3eb80c0a2123138e884dba8b28229ee795d14d0659dc48ec4035153148757 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\libssl-3.dll
| MD5 | 8dd6662f04111dcbb721a91d815da88f |
| SHA1 | a9035b732514e22461b9cec5cc25b10d7156c776 |
| SHA256 | a550ca304b8d8a2faa6f9079762a07fb2f50db986000ae1de3f14555f975098c |
| SHA512 | b9b9cf8ca560e2cf9d408ff064b9cef8c44941e9f0ee40476f4e56d5e1e2a39ab9dcf518a0eae8849e3a098b695945ad45406d39c743e336e638de53739bfd52 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\libcrypto-3.dll
| MD5 | 08c227b90e920c88b1c933933daea3a7 |
| SHA1 | 250e3fe3c6a969e9168f80895a68a47badca3d6b |
| SHA256 | 477e2dc2c2147fc0286ea064883bfa3b22310c4a888a4d780000db88767dcc59 |
| SHA512 | f4f2343a4e232480c4a4a694d6a605fc40932d5b0802e882610c10a12c6a18c6254adcf5435cda5f1c6c6e74c588e77a08cd5c55858782d695fb3e1e010ae185 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_bz2.pyd
| MD5 | 952c6711be1b2ab7680be10a576e3e4f |
| SHA1 | 499a120c8d48529868c87686b3675a9f5492f858 |
| SHA256 | 851eb2739e6ea60cdc1052579f61e7896dc8fc81fca37d8c4c5a21b3f7ae441a |
| SHA512 | f103085229c3535d739d32fc84b5b5cc27b603013401ae4e8922ef346cdaff7d542e92311ee8972b965d7b2c69fa8ece5fb700bf0d4bebb51b000e0daee3e9c8 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\_lzma.pyd
| MD5 | 5220b72fcbc170a74aae0f869ed984d6 |
| SHA1 | c97dcc30507c416bdb974dfbbe39dbc7c895c723 |
| SHA256 | 244c5c409005884509d77c1026cc68a2db929181ef21673ca3738785a42ea49f |
| SHA512 | cbbebb7e2bef3246484b1e5abe26eee20fbcabd22452a9f1044de767177f60a3947b38606fe3eae202a0e4dd4af935eceb9b39a52a9ae115063c25287b7ade83 |
memory/2272-1376-0x00007FFF5A5D0000-0x00007FFF5A5E9000-memory.dmp
memory/2272-1373-0x00007FFF5DEB0000-0x00007FFF5DEBF000-memory.dmp
memory/2272-1404-0x00007FFF5A3A0000-0x00007FFF5A3B5000-memory.dmp
memory/2272-1406-0x00007FFF43810000-0x00007FFF43D32000-memory.dmp
memory/2272-1419-0x00007FFF58310000-0x00007FFF58343000-memory.dmp
memory/2272-1421-0x00007FFF59110000-0x00007FFF5911D000-memory.dmp
memory/2272-1420-0x00007FFF581E0000-0x00007FFF582AD000-memory.dmp
memory/2272-1418-0x00007FFF59100000-0x00007FFF5910D000-memory.dmp
memory/2272-1417-0x00007FFF58350000-0x00007FFF58384000-memory.dmp
memory/2272-1416-0x00007FFF549A0000-0x00007FFF55070000-memory.dmp
memory/2272-1410-0x00007FFF591D0000-0x00007FFF591DD000-memory.dmp
memory/2272-1409-0x00007FFF59120000-0x00007FFF59139000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
memory/2272-1424-0x00007FFF546B0000-0x00007FFF547CB000-memory.dmp
memory/2272-1426-0x00007FFF553F0000-0x00007FFF55414000-memory.dmp
memory/2272-1428-0x00007FFF43690000-0x00007FFF43807000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\win32\win32crypt.pyd
| MD5 | e2c191bdbbcfd3c73fad9a0d1babcd0e |
| SHA1 | 829aa3d63d6a931456793b992b44cb54a99f45ed |
| SHA256 | d4e2cee3cf54aa1b3b5c9d19348a72374a76ac4cd9cc098cd538b3ff004e8bd5 |
| SHA512 | 051896eaf9fa9ec02085dcb539db9eab141606293019d549445555908cf7ee7f5cd16c6818ba3553ebf84f7a11eea3200bd8d02a0b8d482145449e459b58dc27 |
C:\Users\Admin\AppData\Local\Temp\_MEI27802\Cryptodome\Cipher\_raw_aes.pyd
| MD5 | c27260c209c357fcc984b3bd259924e1 |
| SHA1 | 99ba7f93c8e5f968a30ca34b7f8d5ec039392d4c |
| SHA256 | 4c731a9fa619d73a2085d3768925a94c110a9a28fcdcdb3068569cd8293698be |
| SHA512 | f4729c3649d567bf71915ef9c0b98f56ea10d58c3e6e445ed62f173579c1efa01103fb25e54d62d015079bd9d19a76d1c8f6ff0d679543bec11e70bf4f93ae0c |
memory/2272-1452-0x00007FFF55100000-0x00007FFF55112000-memory.dmp
memory/2272-1451-0x00007FFF55130000-0x00007FFF55142000-memory.dmp
memory/2272-1450-0x00007FFF551D0000-0x00007FFF551E6000-memory.dmp
memory/2272-1449-0x00007FFF5A3A0000-0x00007FFF5A3B5000-memory.dmp
memory/2272-1448-0x00007FFF54680000-0x00007FFF546AE000-memory.dmp
memory/2272-1447-0x00007FFF43320000-0x00007FFF434B9000-memory.dmp
memory/2272-1446-0x00007FFF434C0000-0x00007FFF4368A000-memory.dmp
memory/2272-1445-0x00007FFF550D0000-0x00007FFF550E6000-memory.dmp
memory/2272-1444-0x00007FFF550F0000-0x00007FFF550FC000-memory.dmp
memory/2272-1443-0x00007FFF43810000-0x00007FFF43D32000-memory.dmp
memory/2272-1441-0x00007FFF55120000-0x00007FFF5512B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\Cryptodome\Util\_cpuid_c.pyd
| MD5 | d826b873c1de4f2aaa48dca0927af486 |
| SHA1 | dfe5dfe99eb5600aea484ad6f72a57faa613f4e8 |
| SHA256 | bca02c5ce4d11fce60cc75cef97abc1a3dd6c811bd8ec9fe30ee62816d8cde70 |
| SHA512 | fd26440c1194f4cc0acb65dcc696ab619b6025cb6c683276488e11a8b5fa293dd2d809bc8330f3dbf49d71cf7e1393dc8315275a927a59b9d5dd4dd63b759828 |
memory/2272-1436-0x00007FFF55200000-0x00007FFF5522F000-memory.dmp
memory/2272-1433-0x00007FFF55230000-0x00007FFF5525A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI27802\pywin32_system32\pywintypes312.dll
| MD5 | 29ab89ecbfbdbc2a4472803fdb018150 |
| SHA1 | 4ca4f269f31f4dd9f31a9e60848fd32c50d3f141 |
| SHA256 | 5d4eb1e781aaa81e336696bc0241b8d7576ccc7a79f92dedd078a3376b754573 |
| SHA512 | cce1ee1a5a166ba7fa7029b3c1cd157a691bb6702f8650f2394e53fd85c51e0b44e521785325b6fcb18329fbf4d76c34504d98f63185feb00ebedc14218b0024 |
memory/2272-1453-0x00007FFF430B0000-0x00007FFF4331D000-memory.dmp
memory/2272-1454-0x00007FFF43E10000-0x00007FFF43E97000-memory.dmp
memory/2272-1458-0x00007FFF546B0000-0x00007FFF547CB000-memory.dmp
memory/2272-1457-0x00007FFF544C0000-0x00007FFF544E8000-memory.dmp
memory/2272-1456-0x00007FFF59110000-0x00007FFF5911D000-memory.dmp
memory/2272-1455-0x00007FFF54670000-0x00007FFF5467B000-memory.dmp
memory/2272-1468-0x00007FFF553F0000-0x00007FFF55414000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 03b6ceee6d3294b477cb96be0a4821a2 |
| SHA1 | 17508a8b887dac0d5b2fdf62cce6ee7989564165 |
| SHA256 | e373291cec4f23986133c23daa353551f05eda26aac4a4e3686c40f8bfda576e |
| SHA512 | 581fbd959baff647df5ac757c03b071653bca94c529807775b30e0f4b88ade1f0dd99850daaea1fa0861ce83d3e9d505a004e6c78d45e923ee39728a2d9efda9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c58009b537e753df20c63afb6ed3f2ec |
| SHA1 | a2acdb18392db5c422c6af13359bc259138edfe9 |
| SHA256 | ef89045dca03e36ba261c8ec755b8a8d6a1f6df12d9abe7e3370078bc630072a |
| SHA512 | cae4cbf3536b267a54793e7357557298672bf51301104f1866ab0a6f83899c813ed23d18ca71dc75a69692e5f8bab33eee30f0f3b1ba3c20b45c1b88c2b48324 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/2272-1511-0x00007FFF43690000-0x00007FFF43807000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b14deb1b-ecc1-4145-904f-20920019ae54\index-dir\the-real-index~RFe579eef.TMP
| MD5 | 0576c64c8d26b33774e5608f427b41a4 |
| SHA1 | 294ad8541ff22f7ec265d58f0f4e1a9f8b4989b4 |
| SHA256 | e3a063d4232ebd6ddbcb930be68d0e349287404311ff14b58de4238889c8ebd6 |
| SHA512 | ad069ed5da81a115b9a7f7c4db2224e7b65fc4b3af73e6e11351002d99123e6b037dc3eb75c733b37de80470d7015eb8e15faed464520b4ae33802e1aeed4eeb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b14deb1b-ecc1-4145-904f-20920019ae54\index-dir\the-real-index
| MD5 | 27d09de5cbb4ce495c61688b447f6fda |
| SHA1 | 3337da729277ab731f6781fc566505db7a694749 |
| SHA256 | 7631970a4afe4c42ac9da42ee28edffd96c7a360a5f3c5e84358facfc50b6b7f |
| SHA512 | d2aae0553a3ad8454006443a87c32569fb748069a72534ed0871fd42af6675be00f5d74e7930213a6a7f139fbbf966a6abeefce1e1a5ee933371f7d0045dd675 |
memory/2272-1541-0x00007FFF55230000-0x00007FFF5525A000-memory.dmp
memory/2272-1598-0x00007FFF550D0000-0x00007FFF550E6000-memory.dmp
memory/2272-1608-0x00007FFF43320000-0x00007FFF434B9000-memory.dmp
memory/2272-1601-0x00007FFF434C0000-0x00007FFF4368A000-memory.dmp
memory/2272-1806-0x00007FFF430B0000-0x00007FFF4331D000-memory.dmp
memory/2272-1905-0x00007FFF581E0000-0x00007FFF582AD000-memory.dmp
memory/2272-1911-0x00007FFF551D0000-0x00007FFF551E6000-memory.dmp
memory/2272-1898-0x00007FFF43810000-0x00007FFF43D32000-memory.dmp
memory/2272-1893-0x00007FFF5DCD0000-0x00007FFF5DCF5000-memory.dmp
memory/2272-1892-0x00007FFF549A0000-0x00007FFF55070000-memory.dmp
memory/2272-1943-0x00007FFF54430000-0x00007FFF5443B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 329f5d68e3b2edc2ce88127050ce019d |
| SHA1 | 9c48eec083c66d3e351a60d4ff4ec3891b080ae6 |
| SHA256 | ee96b17fce8853ccad047832402124a0b3b7b2bf380cacaf90e8ab40aee024e3 |
| SHA512 | 8a05dd231d4f10e7e9819c23b9708521073785308756f68e95be8564638930760b4b0029d55be0cb90c33a63a76e15ac4af201daf2aade8e30d0b2682b8ed6ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74afc6fb-0f2b-4aa8-bb79-acfc91299cba.tmp
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/2272-2063-0x00007FFF54660000-0x00007FFF5466F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp0tmmnabz\Collected_Data\ss\Screenshot.png
| MD5 | c67cc941939a84265ce6c659c29d24e1 |
| SHA1 | 0d76950364cc96d4559c97aa86d2324e3472e8cd |
| SHA256 | d901360c2a661e8242cbf7608f8e8d7cc0696770275d2126cd929cf2405883d6 |
| SHA512 | 164c56c9b3a3ba13b749fc2cd971c9b69284df968bd60ad9103221b0e22bef757ac6b670cc3a944fdaeb9e621e4bd9e34e3c7e5f360ae0fdbdd7ee4be323f9fb |
memory/2272-2112-0x00007FFF5DCD0000-0x00007FFF5DCF5000-memory.dmp
memory/2272-2123-0x00007FFF544C0000-0x00007FFF544E8000-memory.dmp
memory/2272-2127-0x00007FFF55230000-0x00007FFF5525A000-memory.dmp
memory/2272-2126-0x00007FFF43690000-0x00007FFF43807000-memory.dmp
memory/2272-2125-0x00007FFF553F0000-0x00007FFF55414000-memory.dmp
memory/2272-2124-0x00007FFF55200000-0x00007FFF5522F000-memory.dmp
memory/2272-2122-0x00007FFF58310000-0x00007FFF58343000-memory.dmp
memory/2272-2121-0x00007FFF59100000-0x00007FFF5910D000-memory.dmp
memory/2272-2120-0x00007FFF58350000-0x00007FFF58384000-memory.dmp
memory/2272-2119-0x00007FFF591D0000-0x00007FFF591DD000-memory.dmp
memory/2272-2118-0x00007FFF59120000-0x00007FFF59139000-memory.dmp
memory/2272-2117-0x00007FFF551D0000-0x00007FFF551E6000-memory.dmp
memory/2272-2116-0x00007FFF5A3A0000-0x00007FFF5A3B5000-memory.dmp
memory/2272-2115-0x00007FFF59490000-0x00007FFF594BD000-memory.dmp
memory/2272-2114-0x00007FFF59110000-0x00007FFF5911D000-memory.dmp
memory/2272-2113-0x00007FFF5A5D0000-0x00007FFF5A5E9000-memory.dmp
memory/2272-2110-0x00007FFF430B0000-0x00007FFF4331D000-memory.dmp
memory/2272-2109-0x00007FFF54680000-0x00007FFF546AE000-memory.dmp
memory/2272-2107-0x00007FFF434C0000-0x00007FFF4368A000-memory.dmp
memory/2272-2106-0x00007FFF550D0000-0x00007FFF550E6000-memory.dmp
memory/2272-2105-0x00007FFF550F0000-0x00007FFF550FC000-memory.dmp
memory/2272-2104-0x00007FFF55100000-0x00007FFF55112000-memory.dmp
memory/2272-2103-0x00007FFF55120000-0x00007FFF5512B000-memory.dmp
memory/2272-2096-0x00007FFF546B0000-0x00007FFF547CB000-memory.dmp
memory/2272-2095-0x00007FFF581E0000-0x00007FFF582AD000-memory.dmp
memory/2272-2088-0x00007FFF43810000-0x00007FFF43D32000-memory.dmp
memory/2272-2111-0x00007FFF5DEB0000-0x00007FFF5DEBF000-memory.dmp
memory/2272-2108-0x00007FFF43320000-0x00007FFF434B9000-memory.dmp
memory/2272-2102-0x00007FFF55130000-0x00007FFF55142000-memory.dmp
memory/2272-2131-0x00007FFF54660000-0x00007FFF5466F000-memory.dmp
memory/2272-2130-0x00007FFF54430000-0x00007FFF5443B000-memory.dmp
memory/2272-2129-0x00007FFF54670000-0x00007FFF5467B000-memory.dmp
memory/2272-2128-0x00007FFF43E10000-0x00007FFF43E97000-memory.dmp
memory/2272-2082-0x00007FFF549A0000-0x00007FFF55070000-memory.dmp