Malware Analysis Report

2025-08-05 14:43

Sample ID 250701-hmg5nasqv4
Target https://gofile.io/d/6uD9rU
Tags
credential_access defense_evasion discovery execution pyinstaller spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://gofile.io/d/6uD9rU was found to be: Likely malicious.

Malicious Activity Summary

credential_access defense_evasion discovery execution pyinstaller spyware stealer

Downloads MZ/PE file

Disables Task Manager via registry modification

Drops file in Drivers directory

Loads dropped DLL

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in Program Files directory

Detects Pyinstaller

Browser Information Discovery

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-01 06:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-01 06:51

Reported

2025-07-01 07:06

Platform

win10v2004-20250610-en

Max time kernel

868s

Max time network

436s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/6uD9rU

Signatures

Disables Task Manager via registry modification

defense_evasion

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A api.gofile.io N/A N/A
N/A api.gofile.io N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\fa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\my\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\sw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\sr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\es_419\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\es\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\sl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\hi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\pt_PT\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\sk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\tr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\vi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\zu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\az\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\gu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\lv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ja\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\fr_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\zh_TW\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\nl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\am\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ka\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\offscreendocument.html C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\sv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ru\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\mr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ro\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\en_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\service_worker_bin_prod.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\kn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\mn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ko\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\hr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\da\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\offscreendocument_main.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\pt_BR\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\fil\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\th\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\eu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ta\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\ne\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\si\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\it\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\el\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5256_252424677\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133958262846247552" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2012121138-1878458325-808874697-1000\{E45FC91E-C885-4D34-A8DD-5158C569ADB5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
N/A N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5256 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 5488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 5488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5256 wrote to memory of 976 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/6uD9rU

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7fff62c8f208,0x7fff62c8f214,0x7fff62c8f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=2632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3400,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3408,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5036,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=3720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6300,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6412,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:8

C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe

"C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe"

C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe

"C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6880,i,18246337981788175510,12066112409376665108,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"

C:\Windows\system32\reg.exe

reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe

"C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe"

C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe

"C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 gofile.io udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
FR 45.112.123.126:443 gofile.io tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
FR 45.112.123.126:443 gofile.io tcp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 51.159.98.203:443 s.gofile.io tcp
FR 51.75.242.210:443 api.gofile.io tcp
FR 51.159.98.203:443 s.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io tcp
FR 51.75.242.210:443 api.gofile.io tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 150.171.27.11:443 edge.microsoft.com tcp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
N/A 224.0.0.251:5353 udp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 store3.gofile.io udp
US 8.8.8.8:53 store3.gofile.io udp
US 94.139.32.11:443 store3.gofile.io tcp
US 94.139.32.11:443 store3.gofile.io tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:443 api.ipify.org tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 redtiger.shop udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f0e2594592f22e7575433455caeab82b
SHA1 0e49fb4b0a2977929e941aecc0c0d10817ab59a8
SHA256 72a9b3e9f132cbafc1c898945350c9434bb84b970e213201594d5c59842b88c2
SHA512 c34c12c75f6fa6f84e2353aacbd1f6a3de8135a29e32cdea5554452e726e539df2b4b752361970901ac43a229d570cdefd369ad6cab1213ddc69ad0b0564f36c

\??\pipe\crashpad_5256_GJDQBLHVNVHWWZBW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37ce022f0541808e190165127ef74e24
SHA1 25c13f622316359dbfb4270b30463cccec6daf9c
SHA256 3e16b1e599311209f195e48392fed916c277781b017c55901a1b3a6162bcd6b1
SHA512 fca35a8857bb5ee5339b63248d28bd5d534a14187fd53be395e9284a8ba937e3000de870f64cf3f2c0c5fd93c44484971b800802be8b72dd54bcfcf28c7d32ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 e2018cbdfaae5448ebeadc47e05c4c54
SHA1 54b91d57cb180fe0bc5fd2cead12a22156224b1c
SHA256 22a5ffbc2c65584dc2485f1ff6f1b1727b3ee1fde0e5ad47d572eac853079f96
SHA512 7295ee9e9d6f20eb719c01cd4ae5e68b5b67bd1f411cbb2599c561db96b9bf60d64b8a0224fc6d35d363cbd0b9f19fc739ee6729051b8e5e6b997910ab937389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 f138470186b8f3ede3f6ff4a5523dfc7
SHA1 bee19b4ea8a60f74323a77bd4d959283704504c3
SHA256 6ab27147cc9d255d67cb83b1a29e8104c7eea74080ab0ec437d42cb7fbdcb6e5
SHA512 8e22d0a23988da0ea493689dbfc0661a06fbe210f98ed0700237fe5db9685840ed8106361f6fec94d3b7675ffa4894e78366656f6f2ef545a97e2f7560c1d284

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2549147406af9be16f6c5441ccd805e3
SHA1 72379b1672db093f50228cbde9504b873a0c9605
SHA256 36767a9a14d65feb1acf75c6f3c21c51b80f5119d8d1ed0c542b1a981d7b9ade
SHA512 49b068910f2b7d10313a86c18b19b7209f3c9dda0a698eabe2d767b784857b52fe7089b6f58495a0dbc032139cbb4e94551ff60b2d5d10a845720656b3e36f01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d53b03dffb25c2709115f2dbd41b95af
SHA1 e4d4f1738fe6a9ecfe35730c9fee919b3b6fd432
SHA256 0fdf9dd3985966922ae5713ae048868d085a3509bdbcbd1fc5e2a7ce8b542fcd
SHA512 14241fdd9cc2e4932982b97e4582267875e96c4e2b586c02730ba9a8d8656483cb5432abc7c9322bfd24492edf14e09a561793fcdbaff088f1fe65029eb5261b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3ae4aac37e23ddc374ae151e873a7361
SHA1 07732b9be94cb2e218600b0b2dc74ff4fd60a908
SHA256 b7f0427178144dbaf0ab31e914916548908e8cc856ae2fe13647659e1ec50225
SHA512 2ec7d2ab80f9616ee29561561e88a19276239af85ea6def7e296d2f28ef01032ffa9b02b6a4f86ef9a30b4e5ffe343f4355e7558e082a1269b800ae2c8f60f1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b07f496fd4a461935a535c7070a5b44
SHA1 186ffb1dd85e3db9a1889aded61471488325ea3b
SHA256 9ba0f4068f1eb945fa789be77dbadad8321f9567cf00445042e9aa364241fea3
SHA512 6a9a067b0c5824eee3f1255b697466007eda256c6a07cf1da47ca7cbfd8762adce12d40c8d0f69898beeb58f426eba320118c6d6caf1a6c0f4f704f9532413db

C:\Users\Admin\Downloads\THIS IS THE MALWARE, RUN ON TRIAGE NOT ON UR ACTUAL MACHIN.exe

MD5 6100ac90d6c6e72cc3d72778eb846dba
SHA1 34344abb1bfde87e9b8ef9009f3e9d979f08ba4f
SHA256 4e83b21fb5ff729b41168dcaf9f354aab47fe16cf40df3ffe92a54cdc62bbb19
SHA512 236c004f99001d969d9dd37e4e76a2bd234e37e24c8036667f4f1a3a5abc505c0b59deada8fb837f8c8d9715f63e995fa868c5e69a6a6946025e0e288c312759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e66fa309bc77158f9781a97e5c47e2b5
SHA1 496b902698ccd8352c662a08b0157b1b4882ed6b
SHA256 b9b8fe957e269e04b83b5a88b1772ac728081eb70e4086b68050075174ca1dc8
SHA512 5400210187fc0405f3136aed83e5e40fb219ac055d6bb0a3a906e635e7c03f689848f0fc9ba32785efe82b3f8f34c189292c8f35db1b41d38d1d899a317ea0ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cfe3.TMP

MD5 54743e48ad9370cce7ad5abe349d8425
SHA1 ae6545ed5ae469e0fae2d94651a3eecaee6f563a
SHA256 c99f740e229ba3b076a82113f74da471f42dbc63b7ffb917eb0d92d89fe93f2d
SHA512 cb04156b65e7b7776d520566382c09855bd4da619759b2d5891f197e4d0353a6832639638831e5e8a5efad46af45fa28a548251b5ac3455f1b0d51b1a79c3c7e

C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI18202\python313.dll

MD5 5acd4d4f35e13ef79c883ace05c4eaf5
SHA1 03a2944b87b8a6fe0bff5336978ed6558deda5a2
SHA256 0565965617d94274d7f2c2958d0bef33392cd9d2f346f99d8e1bedbdf264ee85
SHA512 f1bb13fac80f28e2419479ee14e41dbcba8fbdc0ca3698d01a8ccddf2bc2fe3a4cf90acf2fd42e4a2f1ec49751d0c66cbc7b59fb8a43fc4dcb7b892cae76e525

C:\Users\Admin\AppData\Local\Temp\_MEI18202\VCRUNTIME140.dll

MD5 32da96115c9d783a0769312c0482a62d
SHA1 2ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512 616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087

C:\Users\Admin\AppData\Local\Temp\_MEI18202\base_library.zip

MD5 4ca4877be45d75e759b9e9fd77a974f5
SHA1 974f220b1c3a5134cc76549638977f5316a7abb6
SHA256 973a659a1a292bbfd9afe26fe9c45c47dc25ed9b7048dd36e9d1ababee7c9ec6
SHA512 ffdc4f3567f68f8035c2dfbd07c05bd0c9cc7c4484493bfe1c7af912604820d2f149b3709e8ef6d19535350cadaedc5e0f3a0e8d088f8212022980dfb792044b

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_ctypes.pyd

MD5 ab19e3dd4731ed075589abadcde68991
SHA1 b51ed4059d7d0ec7cbd5b34767e310bdee9cb4d4
SHA256 697d05cac7c167c00ccf22ea4fdbc7a8db93ab9c6421061191558e42478068c5
SHA512 6aa9cb0e5cc9514d71bf7a2ab21d24a3fd5ef0eb0f0e7bf26a4a807914c7a3cadf73e1bd6cdd9f31d8594b72272eaccc79632f9dfd9534da5c8217d0eb0e9cda

C:\Users\Admin\AppData\Local\Temp\_MEI18202\python3.dll

MD5 c947a886e61ad18d052840e095aaa5fc
SHA1 4a2d0092e50757e0b951565c02dd541ab48da96e
SHA256 85d02d4c7e28c0f183415dc2be5fe8e06aa7fa0567673c75c65c0031f59e1e8b
SHA512 d4b3d769fa4c22e914e12ac8b63263bacda72b351bea5bd53ba1d0fd6a6c57c98fc392645170f26e7c84fdf855fbe587615f4f3b1f150285420f5b26bda2da0a

C:\Users\Admin\AppData\Local\Temp\_MEI18202\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_bz2.pyd

MD5 ed9f4c1cf33db08cac3c7ba7a973e61b
SHA1 b0db47ca7be3df00d1585fdabe13fb983cfed04d
SHA256 965f199679afa9b31d537d98c3ca8403afd6b9e58e1a463ae47697ae4bf12771
SHA512 dc5f79944f9acf910d4af892d8a7c2368d2de29bf8ade2feecb056b2b3416d55bd22aacd16a7dc4488c4a1a5682409430f6f210e7396af4f14fd5f307ba1926c

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_lzma.pyd

MD5 d165b7b9a127f66704ceaa196be319e5
SHA1 ee3de55b32d1357599cef86df35e307477038a15
SHA256 b78f5a8476139ff04731046459efd047bb8f52dc92c5b2082eabf2929c0ca02d
SHA512 b99214ce14899656f9c0fd23b219d06de383aff95b344def145a9304c47e41b1645bd3544f4fb83ac070d42951de228873a99feb98948910fdd0e7fcc54a3122

C:\Users\Admin\AppData\Local\Temp\_MEI18202\pyexpat.pyd

MD5 feb79984518146b9703d3913d54f2106
SHA1 6a4eb8d7e593f008308f05bf26f7caf7d76a1716
SHA256 567f19a92479e66b652ffaadbddba26b7c5dda43d5e97c67a4a76a076021b736
SHA512 4b5a67c38aa149cde71ccc1171cd55af8a12a66d514f63fb543005d9ee8f19226f839d28782187a0e46e0f205e3307e4e0739e1b2bd64c0e99e0af794c1836e8

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_wmi.pyd

MD5 609206d81f38626f1c022d1a0ff1466b
SHA1 cef724eceae7995d425c169912e292ac43572ed7
SHA256 a7cc096244a497219269a3ee1cf2526a2b613d73fa566749f8f2408f5f4117d4
SHA512 e973f30ee976b580913f3a5c2d762364897054f958fb26236eeccd17832cce0bfa1bc04c0981d221c0536f5c9b1d21551ec12a873cbae64fc6b50634dc9d0166

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_socket.pyd

MD5 c2938dbdcdaba1ccbefee37f6a06cd0c
SHA1 944cb024144f327ba517ccf72af9bb9a79b8b23e
SHA256 c63e8e6a369cbe86e57c9823fb48bc5d4e7bb18455b9b001986b4768c49007da
SHA512 79e9f40665b7049c9feb04742a91c8c88749c1998794f1a51ac7b47a5f5ac3c1a2b441dcb9cd126e395581d9553305c24356b54d81d0a9fbecb41a4341af776f

C:\Users\Admin\AppData\Local\Temp\_MEI18202\libssl-3.dll

MD5 8d4805f0651186046c48d3e2356623db
SHA1 18c27c000384418abcf9c88a72f3d55d83beda91
SHA256 007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA512 1c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_uuid.pyd

MD5 8cdd2cc12be9491bf150e366e81217be
SHA1 6567dba49c9bac718a1badb504fe83b1d3755c66
SHA256 6a3e6d89e71a803609e6e765a592011427a5b6e7a4766bbca7790b601bb66dbe
SHA512 c573f46295699a7314dde633b04e331f292aeafb36f813055144c95f24bc386ce23704980e3cb6a491d4a05e207cf2517526fd0c602b53cf514a7c2b8d27a338

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_ssl.pyd

MD5 893ee1e905ec5a1f74b10d73a8b94e6a
SHA1 23d6eb756eb48c1632b02a24f53aacf71bdfa409
SHA256 11572f6eb63e43cdc2908812506ffcdab21be2be5931f1e38d856c15f5a79e6c
SHA512 237c9b37f4b44ae37726f3fef750f6eda65b9d8a540f386c5a43e1bcef400dfed0f9f37f2dc4042fe0c4fec0ed9aeb700797396bae2e5f052525851760288b61

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_sqlite3.pyd

MD5 540980b7e2a93b434819c736aca01c68
SHA1 f2d19b38b466a5c03fdc329ad064b23d8fc4cb18
SHA256 443b801d2a372b67155044a928be68af0a677d1302655e5599131180ddd87659
SHA512 3a3adc84efaeaecfd77aa78adbb9d8067c69b318d4aa219beebb0c502aa477dcb721f11d6090b314e75e8cb6941edadbaf644a5bb8a41d400b9294eb95477144

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_queue.pyd

MD5 8fc4810cff733e6f17a7530d3fb67d58
SHA1 20163031892c87a67169f4ae25115e4e33845626
SHA256 08050f94efe7bdd9d7cbe85b1196de391cac1b30f4a4918610cb174ae529a5db
SHA512 c45ebdb450f30d034ba113729ada2a006baa2ad8c7a83cc59ee55e6fd10511d6f663b1d7f24fbcd493884a84cbedd1368e3a2136ff7da58fb47394147b021f45

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_overlapped.pyd

MD5 4a721637bc0c8b53d13485f5030da7b5
SHA1 7424dde1d136649e68b1f13cd0e738a1d428393a
SHA256 fae5e0e822434da7b1707b9ae4c77b8fa7d1d7b810e7e2f5cacf04449c714086
SHA512 fff4270fd6d759d31ae6784510208ab4d2eb0b454799d393f4d2155a6dad9c8b836233eb3d233002491019bbeba87e9e862c8eee608a51a0f83194a9a5110e13

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_multiprocessing.pyd

MD5 25fc0102fdb08c54e6bd72c0b11b1a4c
SHA1 2dc0d9a3bbcfef184699c147ac2cfa2fcb40a7b8
SHA256 7b21c5b0ebee82b0d85724f245857d65e23f82c6aaf392efcd4f800462025d92
SHA512 89640ff838030ca75309184bcf1ad58a8ad3a917564a4185675bc7494630bbfc5b821dfab53081b5a786553aae89958b057c369b4d56af12ccb0fcea983e3d03

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_hashlib.pyd

MD5 9ec1021fa8a3c252e1f805ac7f172753
SHA1 773a3069dfb3711cb6f07c1c4dbfbab8b7c779d1
SHA256 1430e4a2ed19eda840668a292c39ff44488b598f53e903a61739a86b779ecbfe
SHA512 0940c59f5c1c4afe5457d16aa5053aa7e27de1ac2748de5a0614ec01d630f76d75a86159260a6c53209d098da16d50fa0c4ee3427c04a38180fe9eccc4e6b034

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_elementtree.pyd

MD5 a52f49f8fc408a15e0717c1d7bd1c803
SHA1 45b8ffa6f2e04494c274cb2fb176af60091b1092
SHA256 6fcc5528ce81f4514fb11cc7248080fd335a3c60d898e845d3341ee589887da1
SHA512 fb2a5d88f43b2370681de2e46042e7568ccb503568473ceec1c993e9e936b275ee3b4ab968a12740e567604d2490b252104c8a9aa079644ff935693ec8afc745

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_decimal.pyd

MD5 90071379b9e53b2d1834d49f4fd804ec
SHA1 c4cde25cff9cbf90c55bf908bdaa8a14a82311ad
SHA256 90045140e45edcfe4f4859b3190184faff1249220011330a9d01319745766607
SHA512 a67feade76fda58faa8a9842f6a07d8b12eb477c5baaf51f323de90fdcc8c5f62f2a756f30e1ea494b95eaaededbbe95f2aaf6659175e6e141057af0aac6f514

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI18202\_asyncio.pyd

MD5 0693819137d5c98bfae7f06b0d76a8f9
SHA1 d9d92845f0f41a600e3967a1fd05ca69f2147a34
SHA256 adaaf0c703641f6dbed30d101a5e23c17cc9454c36303394b9e28a52ea457471
SHA512 ab08c8fc551d96c5f5cfa81b72f2ef8256c852c676cfb2c60a93f06dbfd07577679ddd0cc3356092ac91412e6442572f8af92cc467c4cde0475c4cbb918ae4d2

C:\Users\Admin\AppData\Local\Temp\_MEI18202\VCRUNTIME140_1.dll

MD5 c0c0b4c611561f94798b62eb43097722
SHA1 523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA256 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA512 35db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0

C:\Users\Admin\AppData\Local\Temp\_MEI18202\unicodedata.pyd

MD5 0a3be15d03e1c55c4df0c7e4fa4005bd
SHA1 a8b30adb77dccd9b7bdc1ec3b1800127e586e3f6
SHA256 e7d0375a7064b1c8916cca7cabf7e3df559fc8463dfdf831f403e95c79499121
SHA512 2a408d178dd0261dfeccfb791fe05a40caedc64b7ad6cd543fafd31d1e676721240020ad43f26cd8adf94a8c3e68522fc96ebb0f987fe0ba15b9287aac1242b2

C:\Users\Admin\AppData\Local\Temp\_MEI18202\sqlite3.dll

MD5 a8d8674272bb8befb1deab7745530f73
SHA1 0d03cdc4c108fc3dcedaaad9362deb1329a4c620
SHA256 17f4c92427f5c8fd968ffee09b93d7d07c44affe910209342b846be9410d3895
SHA512 796ea60ee54cbb260b84552904293e404a65f759623d274b9348622f2aabe163b373b269d77188112d6d1416dfe916a172eea1826cd00f402de699a7436311f2

C:\Users\Admin\AppData\Local\Temp\_MEI18202\select.pyd

MD5 e5728d041bfb1841fc460db4027a2952
SHA1 71e6aaa90e905a72ac83450796af4fb2bb3503d7
SHA256 d1e486de9653640be7c3a9bed04aa716b29ea76a69e1de758dd9fa708f2c9d38
SHA512 a53efe3872b035445b7d66a71dffb690cfd00ff6296af25d0dbdfe92c904a8d06442c91e9638b2d5e54420f6998220d65f39b35ef3c1a87e812e9deea1967ab9

C:\Users\Admin\AppData\Local\Temp\_MEI18202\libcrypto-3.dll

MD5 ae5b2e9a3410839b31938f24b6fc5cd8
SHA1 9f9a14efc15c904f408a0d364d55a144427e4949
SHA256 ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA512 36ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc

C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4fa42a760cbec988a380840745350ab1
SHA1 265955b66a1bb04d01b0916d3e3470dc51b29248
SHA256 2b3594b35f10f9be3c9fbe806938615a21e01268a894095bead9122420fdcd32
SHA512 618c003232a9b8ad62450cbefc1f752f9dd1b420313ad5a08a2e1345fe52b4d488684c61c58ed034f820ccd0b2d63745ea8c2fd3c7e9e4b62161e0a1a4ed9dc4

memory/1420-738-0x0000016A45D80000-0x0000016A45DA2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_23ioawet.rwd.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

C:\Windows\System32\drivers\etc\hosts

MD5 73d602a775b810ed33923eae2406af6e
SHA1 e4d999ce942b502c9e52007d8b41e68a26c61c5e
SHA256 38050e2e35c0add722e0a88f898ba6b316af1ba6a2f8e0fbd5ebd57bee1b97ea
SHA512 4a26cd356d3a285d71525d96f73aa82fe25f0262546c8a40454b1547e6a2943d1b7f29f2e99a8cdca60f737dc0507055113f5043b872d199481c80c2a5f93b51