Analysis Overview
SHA256
444ae0ba74155c9ae47b6dabfd9b5abb43ac9422d701ba5d028768664c7d9978
Threat Level: Likely malicious
The file RJ8mgE was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
UPX packed file
Loads dropped DLL
Executes dropped EXE
Looks up external IP address via web service
Detects Pyinstaller
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 18:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 18:22
Reported
2024-06-06 18:26
Platform
win10-20240404-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
| N/A | ipapi.co | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\GalacticaExecutorV1.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\RJ8mgE.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\RJ8mgE.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.0.1973511436\498219853" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90b1eeb5-35e7-48cb-a486-2f71d74507fa} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 1796 1c11b8d6e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.1.1682209876\1455191811" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {520f0740-85fb-4f8e-b7a4-6bb8ec52f927} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2168 1c11b7fbc58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.2.570494302\1326449509" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de20db8e-9b51-4a40-b0af-fd1c33363f36} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2988 1c11f8ed958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.3.2001752251\217158756" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0e571e0-1685-47ce-a0d9-10345396e1e7} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3508 1c1209ac958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.4.1463301037\349140639" -childID 3 -isForBrowser -prefsHandle 4752 -prefMapHandle 4792 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c780161-f373-457a-ac6e-6233be3fd415} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4740 1c109565a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.5.1770386276\1274729624" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4796 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {675434ed-507d-4d86-bd1d-88b8f5a6149d} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4936 1c12220d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.6.2022168118\250561388" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea538fc7-1988-4c40-8d1b-da15368342c1} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4916 1c122923b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.7.1809917054\422830573" -childID 6 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 29736 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0650fc04-2670-4a75-9fc1-3898f54f1463} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5940 1c1230c9458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.8.1818062659\1522985996" -parentBuildID 20221007134813 -prefsHandle 5636 -prefMapHandle 5620 -prefsLen 29736 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18991487-048c-45d1-8dd5-2a16dfd9220e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5616 1c12220f958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.9.1171948614\1368024174" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5592 -prefMapHandle 5584 -prefsLen 29736 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb73c63-2727-4d3f-9a5d-e8ea80377ecb} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5956 1c1261a7a58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.10.1371954648\968153307" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5568 -prefsLen 29736 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d4a58a-a11c-4391-b50e-bc8f46df983e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2944 1c1261a9858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.11.460175560\349035957" -childID 8 -isForBrowser -prefsHandle 6528 -prefMapHandle 6488 -prefsLen 29736 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a6e574a-0b23-44a3-89f9-2fcb9e8c11e5} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 6484 1c129e0fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.12.1037775982\1788261793" -childID 9 -isForBrowser -prefsHandle 5076 -prefMapHandle 4912 -prefsLen 29736 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc463bad-e2b9-4ce8-a924-42377e5e36f5} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5080 1c12b5a0158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.13.2011697301\979619428" -childID 10 -isForBrowser -prefsHandle 7428 -prefMapHandle 7432 -prefsLen 29736 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d790d56b-6ca0-4d54-b45b-53a3b5299d24} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 7412 1c122d21258 tab
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
"C:\Users\Admin\Downloads\GalacticaExecutorV1.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49759 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 44.237.98.207:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.98.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49765 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:80 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 151.80.29.83:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 144.76.28.254:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 254.28.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| FR | 45.112.123.227:443 | store1.gofile.io | tcp |
| US | 8.8.8.8:53 | store1.gofile.io | udp |
| US | 8.8.8.8:53 | 227.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipapi.co | udp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
| US | 8.8.8.8:53 | 44.9.26.104.in-addr.arpa | udp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
| US | 104.26.9.44:443 | ipapi.co | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\3d56ec95-7dbc-45cb-b1bc-564633ed8795
| MD5 | 569f5346e50216ac0b3f659d6435287a |
| SHA1 | d4ebe394816754426ef5d9ce67977899e6f890b4 |
| SHA256 | 71eae6456e1b614bc50b519cbdd4d555489ab190785f7460f3a0d9f027674b81 |
| SHA512 | cae024c5083faac88a9e663f189c713a6c4adf52dc66a1c6ed656576976e631ec4bb313e605291104b0ba94f6fad72ea4ba440177830244f169d07893d6b3aa3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\ebc20779-bf70-480b-85e8-6244dfdd3cc2
| MD5 | 308ddb832f1161a3859cba4e0d7214fe |
| SHA1 | 941670ca9365481bf410ed39cbc2c939217b448e |
| SHA256 | 35490a282a4a4e5a3f25eaad110c1a5d2760f1c502bd9ee89a74e340cea78e19 |
| SHA512 | 3239e262475d14386fecf569523feea461553373f812c089f110a662b8797ce13387596572c24b1c049431bb1feea1ce2c07c3740bdc07f9ff86af7faa81effa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ae3fce116b0305f1ac708bcc42c48351 |
| SHA1 | 8fa0d317c6cf2bb2318a1d9b44da04d611e0c9b5 |
| SHA256 | 74ce0999ff7c88b56bb3dbf254e8c5758bce9fad77f5900dd2120f0b8ab77dc9 |
| SHA512 | eed12b7716c5e862dd5155a44b0dec61181f4d5b5241de1cd0334159c8bda3294edc46a6d8bcd7ca466d7bb1163a5a98ec1cb5655090c339733bfbe28d2a53b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7330fed545ced3ba1d7260032f060df7 |
| SHA1 | b3a100fee6f83a53347896995f65d9b51b95a6dc |
| SHA256 | f20504f3d452106e967821dd5d713982912f5e30048f56c304b4def29ee022e3 |
| SHA512 | 0acf790be6334ffa3684df63906426e8cc4a5f265c14411cd5279c8d198472c2fe8627db20c8b5ea99b91814fd03678f9c5267c6a4a3fba4899ac7603777759f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 49c7cc575b8f364fbba80717de049ece |
| SHA1 | 390d1935b9029fe240b3f7e9505a58056b2f4e5d |
| SHA256 | dfd6878fbcc54e6bd33987a52a7f6953824ae0983d39576d18c1196660f2ab07 |
| SHA512 | a6db0682fc4e1fff8788ad860fc12bc5cf68b55dfd32d939f71e21bf21fba820021724b3814aa2ee4aea11c25ddaef1baf1470520f3637492edb85ec6ed7e65b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
| MD5 | f06ee668df7e989bf65daa08474e800e |
| SHA1 | 2618e39982108d5d8a1361f68c6f7c21190e3d9c |
| SHA256 | bdad306980b33b4f3fdf63f1461f3fe49163ffe839b62f1edc6203ac6cf325db |
| SHA512 | f956a6b6804b551a3e9e2dc0c9f0ce6534dd97024e10e0699c7766a1d401881ddc23dc4a63b8a576e7561dbcad3ac1912497e3cdddb105bff3e61ef35fa64334 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
| MD5 | dc8e20e08f51aca4131504db69790648 |
| SHA1 | 301d7a29ced71c23c394c6bf9cee5fa413038f4f |
| SHA256 | 497939dd4301755dec47cbeaef7261ad4d32c14ea63a0b6cdc3d643805c074b2 |
| SHA512 | eb5f2175b84176dba2f6d51d56c1227d8589cf54d0a30be2864d4dc4e3bfab73c016874c413172ff29227cd4a2e479a822998db209caaeec2898feab378ba49c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
| MD5 | 433f362bfa915f4b25515d50b56686a9 |
| SHA1 | 0db14eb67aa437cf0ff85e446bd10808ea5fb380 |
| SHA256 | eb1169c5df779765aaadffe314843b9d8d5a05f80272bb61b2b269b6227c7fc5 |
| SHA512 | 606a4ada2fd70a2c6184f72dc79fad3f604e7299f9ed9ad283c5361e77c25562b704e6f9d4e1ce06b83c4b1f13b81f4b040d2c6d53d0804f189b4ecdf6883b81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a1eeaa9ee49ac273d00340acc71bc852 |
| SHA1 | d13347a50ca55e9d34f43cd22c33aee0353de29c |
| SHA256 | 0eb2d0a78cb3ca2eb973542745ba535915c750da9654f218aff626eae17c6a27 |
| SHA512 | b731da2961944394c5aa011c6bf9ee53583eceef0526222c5b7032ca63a91791f40d635735315517686c1c3be6c93c0baf7f3762638fb1dca8e976962f097b84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d75ba9e966aed8ce2b7ef3c1b190f874 |
| SHA1 | ffd0d7ac192414ee035d3b2b46cef475d09f354a |
| SHA256 | 21c109690aefb26c8af9bb3d5a52eb2c988d259be1a41b20ed2340fa4249c730 |
| SHA512 | b077d777b94840fa93aa8179c3d72f4cef256ac1ed8620a70217532d159fb6eb0745e6ca00efb23c3614078b0cd6b0af881200ae479906537993cc224d02d0a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{44c8cce8-7b98-4cc4-87e2-e0c4665c38a6}.final
| MD5 | d4f3c429691148a6841523e8fe5e6246 |
| SHA1 | a8af9998c163f09337a056b55a65403035fd68ed |
| SHA256 | 2a1def9f85aeafb5b0a7402c31edf83eb8df1681b5c79f9e6d2d4f423193e670 |
| SHA512 | 76702b21088599b67a1682f4d96af2923f57791aad62de56a9c2ad4bf38992c7016867fdf4a9fd141d296ceda5656b15f210b75273739bbd106ef3ccdfdf3a1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\3168801901yCt7-%iCt7-%ree8sap6o.sqlite
| MD5 | de8b0f8a2774d2678640fc671b8ba249 |
| SHA1 | 4023ead94aad3a1a94564671141e77166a79d72e |
| SHA256 | 863222a4d080f7fd02853e638171b9a37719df0261eb41374dda71a72cb0ae35 |
| SHA512 | 6dbbfdb590893eb77732fb359ed7d4bd018235e689c7840512726b677387e38c07ccc02714aadc10d07e8b3359bc1b4c35591daeee2febdc0483a7ebd3a4eb53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
| MD5 | 0f6b80fabb7ba2192f661f8e9351186c |
| SHA1 | 01c5948ead87c0d432d205052d66601260625710 |
| SHA256 | a6dc78cbdddf98a1cf9102cefb8821f34f01214683dae6cbb636949c3119d675 |
| SHA512 | ed16416c7fe6e36ec2c3e2c4fc26b3af7c84ec2f4aba093146c76d1da936d9d38ad168236167ec5958f402149d022ee4f7803b8582c8585ebd841e6fb983e82d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c704587d18952cb35f6299814abce525 |
| SHA1 | 10d39a462b9548dc8e3a45a88d0e43ee9f842dc5 |
| SHA256 | b2501db91b1ebc9d85a226d40dbc208e0d54808a7eaa19dbdf1a07d03ad2db85 |
| SHA512 | fafc39dd5c54fa8b31707ac42e2556d97acbb5146fcfd5430d6019a8c90cf5932d96b83d3173e64ddf6b3a6cd415e0fa00bd51809f847ba8039e1e72766925bb |
C:\Users\Admin\Downloads\GalacticaExecutorV1.XjiW1-kS.exe.part
| MD5 | 0c1daa46b5b69944d7f98988de4e19a3 |
| SHA1 | 85ee9715a31a03cecc1505cbf49253124ecedb19 |
| SHA256 | 9c1ecda866e42fb3de687e34e30c18e9f4aab439329103234e9d038026c46c11 |
| SHA512 | 2c9bf340a2d5cd3a2c7fdb93c7bb8e6f15d6fe5978388222231c3ea06cef5c033cadbe0a88b2ef99233798e507cb3a8fafb68131eb6173f3bcc840267aa7fc1d |
C:\Users\Admin\Downloads\GalacticaExecutorV1.exe
| MD5 | d66c8542dc1d4af1980daef723654440 |
| SHA1 | 72bb308c65b07bdd5215b6300171d3b5fb77059d |
| SHA256 | 0b39417fb97277fc156c39c752bf6c415f3040462825e46df064bcbca1361ab1 |
| SHA512 | 69dee5f56e9571b928efcc8a715709070887ff1526c4399db9a143d6a6360b880fda2866dacd818c0d077541ab5021b371ad3ba500a2f9883ba6051c58be808c |
\Users\Admin\AppData\Local\Temp\_MEI59162\python310.dll
| MD5 | 69d4f13fbaeee9b551c2d9a4a94d4458 |
| SHA1 | 69540d8dfc0ee299a7ff6585018c7db0662aa629 |
| SHA256 | 801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046 |
| SHA512 | 8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378 |
memory/4592-2848-0x00007FFF04D70000-0x00007FFF051DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59162\base_library.zip
| MD5 | fbd6be906ac7cd45f1d98f5cb05f8275 |
| SHA1 | 5d563877a549f493da805b4d049641604a6a0408 |
| SHA256 | ae35709e6b8538827e3999e61a0345680c5167962296ac7bef62d6b813227fb0 |
| SHA512 | 1547b02875f3e547c4f5e15c964719c93d7088c7f4fd044f6561bebd29658a54ef044211f9d5cfb4570ca49ed0f17b08011d27fe85914e8c3ea12024c8071e8a |
\Users\Admin\AppData\Local\Temp\_MEI59162\_ctypes.pyd
| MD5 | 6ca9a99c75a0b7b6a22681aa8e5ad77b |
| SHA1 | dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8 |
| SHA256 | d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8 |
| SHA512 | b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe |
memory/4592-2858-0x00007FFF14C90000-0x00007FFF14C9F000-memory.dmp
memory/4592-2857-0x00007FFF04D40000-0x00007FFF04D64000-memory.dmp
memory/4592-2867-0x00007FFF04CD0000-0x00007FFF04D04000-memory.dmp
memory/4592-2873-0x00007FFF14600000-0x00007FFF1460D000-memory.dmp
memory/4592-2881-0x00007FFF04CA0000-0x00007FFF04CCE000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\win32api.pyd
| MD5 | 561f419a2b44158646ee13cd9af44c60 |
| SHA1 | 93212788de48e0a91e603d74f071a7c8f42fe39b |
| SHA256 | 631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7 |
| SHA512 | d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c |
memory/4592-2885-0x00007FFF04BB0000-0x00007FFF04BDB000-memory.dmp
memory/4592-2882-0x00007FFF04BE0000-0x00007FFF04C9C000-memory.dmp
memory/4592-2880-0x00007FFF128C0000-0x00007FFF128CD000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\pythoncom310.dll
| MD5 | 9051abae01a41ea13febdea7d93470c0 |
| SHA1 | b06bd4cd4fd453eb827a108e137320d5dc3a002f |
| SHA256 | f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399 |
| SHA512 | 58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da |
\Users\Admin\AppData\Local\Temp\_MEI59162\pywintypes310.dll
| MD5 | 6f2aa8fa02f59671f99083f9cef12cda |
| SHA1 | 9fd0716bcde6ac01cd916be28aa4297c5d4791cd |
| SHA256 | 1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6 |
| SHA512 | f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211 |
\Users\Admin\AppData\Local\Temp\_MEI59162\_queue.pyd
| MD5 | 0d267bb65918b55839a9400b0fb11aa2 |
| SHA1 | 54e66a14bea8ae551ab6f8f48d81560b2add1afc |
| SHA256 | 13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c |
| SHA512 | c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56 |
memory/4592-2872-0x00007FFF12D20000-0x00007FFF12D39000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\select.pyd
| MD5 | 72009cde5945de0673a11efb521c8ccd |
| SHA1 | bddb47ac13c6302a871a53ba303001837939f837 |
| SHA256 | 5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca |
| SHA512 | d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d |
\Users\Admin\AppData\Local\Temp\_MEI59162\_socket.pyd
| MD5 | afd296823375e106c4b1ac8b39927f8b |
| SHA1 | b05d811e5a5921d5b5cc90b9e4763fd63783587b |
| SHA256 | e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007 |
| SHA512 | 95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369 |
memory/4592-2866-0x00007FFF04D10000-0x00007FFF04D3D000-memory.dmp
memory/4592-2865-0x00007FFF131E0000-0x00007FFF131F9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59162\_decimal.pyd
| MD5 | eb45ea265a48348ce0ac4124cb72df22 |
| SHA1 | ecdc1d76a205f482d1ed9c25445fa6d8f73a1422 |
| SHA256 | 3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279 |
| SHA512 | f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013 |
memory/4592-2890-0x00007FFF04B60000-0x00007FFF04BA2000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\pyexpat.pyd
| MD5 | 5a328b011fa748939264318a433297e2 |
| SHA1 | d46dd2be7c452e5b6525e88a2d29179f4c07de65 |
| SHA256 | e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14 |
| SHA512 | 06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87 |
\Users\Admin\AppData\Local\Temp\_MEI59162\_lzma.pyd
| MD5 | abceeceaeff3798b5b0de412af610f58 |
| SHA1 | c3c94c120b5bed8bccf8104d933e96ac6e42ca90 |
| SHA256 | 216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e |
| SHA512 | 3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955 |
C:\Users\Admin\AppData\Local\Temp\_MEI59162\_uuid.pyd
| MD5 | 81dfa68ca3cb20ced73316dbc78423f6 |
| SHA1 | 8841cf22938aa6ee373ff770716bb9c6d9bc3e26 |
| SHA256 | d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190 |
| SHA512 | e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb |
\Users\Admin\AppData\Local\Temp\_MEI59162\psutil\_psutil_windows.pyd
| MD5 | fb17b2f2f09725c3ffca6345acd7f0a8 |
| SHA1 | b8d747cc0cb9f7646181536d9451d91d83b9fc61 |
| SHA256 | 9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4 |
| SHA512 | b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63 |
memory/4592-2896-0x00007FFF11D00000-0x00007FFF11D1C000-memory.dmp
memory/4592-2895-0x00007FFF12430000-0x00007FFF1243A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59162\_ssl.pyd
| MD5 | 1e643c629f993a63045b0ff70d6cf7c6 |
| SHA1 | 9af2d22226e57dc16c199cad002e3beb6a0a0058 |
| SHA256 | 4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a |
| SHA512 | 9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af |
C:\Users\Admin\AppData\Local\Temp\_MEI59162\libcrypto-1_1.dll
| MD5 | da5fe6e5cfc41381025994f261df7148 |
| SHA1 | 13998e241464952d2d34eb6e8ecfcd2eb1f19a64 |
| SHA256 | de045c36ae437a5b40fc90a8a7cc037facd5b7e307cfcf9a9087c5f1a6a2cf18 |
| SHA512 | a0d7ebf83204065236439d495eb3c97be093c41daac2e6cfbbb1aa8ffeac049402a3dea7139b1770d2e1a45e08623a56a94d64c8f0c5be74c5bae039a2bc6ca9 |
C:\Users\Admin\AppData\Local\Temp\_MEI59162\libssl-1_1.dll
| MD5 | 48d792202922fffe8ea12798f03d94de |
| SHA1 | f8818be47becb8ccf2907399f62019c3be0efeb5 |
| SHA256 | 8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc |
| SHA512 | 69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833 |
memory/4592-2906-0x00007FFF04AE0000-0x00007FFF04B0E000-memory.dmp
memory/4592-2905-0x00007FFF04D40000-0x00007FFF04D64000-memory.dmp
memory/4592-2909-0x00007FFF04A20000-0x00007FFF04AD8000-memory.dmp
memory/4592-2912-0x00007FFF045D0000-0x00007FFF0469F000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\_hashlib.pyd
| MD5 | 0d723bc34592d5bb2b32cf259858d80e |
| SHA1 | eacfabd037ba5890885656f2485c2d7226a19d17 |
| SHA256 | f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f |
| SHA512 | 3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33 |
\Users\Admin\AppData\Local\Temp\_MEI59162\unicodedata.pyd
| MD5 | ca3baebf8725c7d785710f1dfbb2736d |
| SHA1 | 8f9aec2732a252888f3873967d8cc0139ff7f4e5 |
| SHA256 | f2d03a39556491d1ace63447b067b38055f32f5f1523c01249ba18052c599b4c |
| SHA512 | 5c2397e4dcb361a154cd3887c229bcf7ef980acbb4b851a16294d5df6245b2615cc4b42f6a95cf1d3c49b735c2f7025447247d887ccf4cd964f19f14e4533470 |
\Users\Admin\AppData\Local\Temp\_MEI59162\sqlite3.dll
| MD5 | b70d218798c0fec39de1199c796ebce8 |
| SHA1 | 73b9f8389706790a0fec3c7662c997d0a238a4a0 |
| SHA256 | 4830e8d4ae005a73834371fe7bb5b91ca8a4c4c3a4b9a838939f18920f10faff |
| SHA512 | 2ede15cc8a229bfc599980ce7180a7a3c37c0264415470801cf098ef4dac7bcf857821f647614490c1b0865882619a24e3ac0848b5aea1796fad054c0dd6f718 |
memory/4592-2933-0x00007FFF042C0000-0x00007FFF04431000-memory.dmp
memory/4592-2932-0x00007FFF04440000-0x00007FFF0445F000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\_cffi_backend.cp310-win_amd64.pyd
| MD5 | 325d2792f8a8ad60e4e55ea56072e2dc |
| SHA1 | f00beddfe3ace11d6e36ce2bd0fa1272bab5dcc8 |
| SHA256 | 418ca6ca4628ebf57fe257697331df1e9e14c7c581308cde929540ee602c05a8 |
| SHA512 | 1b15d265e16d22be51cdeb2c1bc4f0bd21ae3fa98cb83a9602739daf51d2844a581fd66c55b6aa6d3497f3fed412368eadb0b7e2c7c7e45dcbcb04cbac40de97 |
memory/4592-2937-0x00007FFF04280000-0x00007FFF042B8000-memory.dmp
memory/4592-2967-0x00007FFF04A20000-0x00007FFF04AD8000-memory.dmp
memory/4592-2969-0x00007FFF045D0000-0x00007FFF0469F000-memory.dmp
memory/4592-2976-0x00007FFF04020000-0x00007FFF0403E000-memory.dmp
memory/4592-2975-0x00007FFF04580000-0x00007FFF045A6000-memory.dmp
memory/4592-2978-0x00007FFF03FC0000-0x00007FFF0401D000-memory.dmp
memory/4592-2977-0x00007FFF04460000-0x00007FFF04578000-memory.dmp
memory/4592-2974-0x00007FFF04040000-0x00007FFF04051000-memory.dmp
memory/4592-2984-0x00007FFF03CE0000-0x00007FFF03F32000-memory.dmp
memory/4592-2983-0x00007FFF03F90000-0x00007FFF03FB9000-memory.dmp
memory/4592-2982-0x00007FFF042C0000-0x00007FFF04431000-memory.dmp
memory/4592-2981-0x00007FFF04440000-0x00007FFF0445F000-memory.dmp
memory/4592-2973-0x00007FFF04060000-0x00007FFF040AC000-memory.dmp
memory/4592-2972-0x00007FFF040B0000-0x00007FFF040C9000-memory.dmp
memory/4592-2971-0x00007FFF040D0000-0x00007FFF040E7000-memory.dmp
memory/4592-2970-0x00007FFF040F0000-0x00007FFF04112000-memory.dmp
memory/4592-2968-0x00007FFF04140000-0x00007FFF04150000-memory.dmp
memory/4592-2966-0x00007FFF04120000-0x00007FFF04134000-memory.dmp
memory/4592-2965-0x00007FFF04170000-0x00007FFF0417C000-memory.dmp
memory/4592-2964-0x000001D5F4860000-0x000001D5F4BD5000-memory.dmp
memory/4592-2963-0x00007FFF04AE0000-0x00007FFF04B0E000-memory.dmp
memory/4592-2962-0x00007FFF04150000-0x00007FFF04165000-memory.dmp
memory/4592-2961-0x00007FFF041B0000-0x00007FFF041BC000-memory.dmp
memory/4592-2960-0x00007FFF041C0000-0x00007FFF041CC000-memory.dmp
memory/4592-2959-0x00007FFF11D00000-0x00007FFF11D1C000-memory.dmp
memory/4592-2958-0x00007FFF041D0000-0x00007FFF041DB000-memory.dmp
memory/4592-2957-0x00007FFF04180000-0x00007FFF04192000-memory.dmp
memory/4592-2956-0x00007FFF041A0000-0x00007FFF041AD000-memory.dmp
memory/4592-2955-0x00007FFF046A0000-0x00007FFF04A15000-memory.dmp
memory/4592-2953-0x00007FFF041E0000-0x00007FFF041EB000-memory.dmp
memory/4592-2952-0x00007FFF04B60000-0x00007FFF04BA2000-memory.dmp
memory/4592-2951-0x00007FFF041F0000-0x00007FFF041FC000-memory.dmp
memory/4592-2950-0x00007FFF04200000-0x00007FFF0420C000-memory.dmp
memory/4592-2949-0x00007FFF04210000-0x00007FFF0421E000-memory.dmp
memory/4592-2948-0x00007FFF04220000-0x00007FFF0422D000-memory.dmp
memory/4592-2947-0x00007FFF04230000-0x00007FFF0423C000-memory.dmp
memory/4592-2946-0x00007FFF04240000-0x00007FFF0424B000-memory.dmp
memory/4592-2945-0x00007FFF04250000-0x00007FFF0425C000-memory.dmp
memory/4592-2944-0x00007FFF04260000-0x00007FFF0426B000-memory.dmp
memory/4592-2943-0x00007FFF04270000-0x00007FFF0427C000-memory.dmp
memory/4592-2942-0x00007FFF05B30000-0x00007FFF05B3B000-memory.dmp
memory/4592-2941-0x00007FFF0D9A0000-0x00007FFF0D9AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI59162\Crypto\Cipher\_raw_cbc.pyd
| MD5 | fe44f698198190de574dc193a0e1b967 |
| SHA1 | 5bad88c7cc50e61487ec47734877b31f201c5668 |
| SHA256 | 32fa416a29802eb0017a2c7360bf942edb132d4671168de26bd4c3e94d8de919 |
| SHA512 | c841885dd7696f337635ef759e3f61ee7f4286b622a9fb8b695988d93219089e997b944321ca49ca3bd19d41440ee7c8e1d735bd3558052f67f762bf4d1f5fc3 |
\Users\Admin\AppData\Local\Temp\_MEI59162\Crypto\Cipher\_raw_ecb.pyd
| MD5 | f94726f6b584647142ea6d5818b0349d |
| SHA1 | 4aa9931c0ff214bf520c5e82d8e73ceeb08af27c |
| SHA256 | b98297fd093e8af7fca2628c23a9916e767540c3c6fa8894394b5b97ffec3174 |
| SHA512 | 2b40a9b39f5d09eb8d7ddad849c8a08ab2e73574ee0d5db132fe8c8c3772e60298e0545516c9c26ee0b257ebda59cfe1f56ef6c4357ef5be9017c4db4770d238 |
memory/4592-2936-0x00007FFF04BE0000-0x00007FFF04C9C000-memory.dmp
memory/4592-2931-0x00007FFF12D20000-0x00007FFF12D39000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\_sqlite3.pyd
| MD5 | 7b45afc909647c373749ef946c67d7cf |
| SHA1 | 81f813c1d8c4b6497c01615dcb6aa40b92a7bd20 |
| SHA256 | a5f39bfd2b43799922e303a3490164c882f6e630777a3a0998e89235dc513b5e |
| SHA512 | fe67e58f30a2c95d7d42a102ed818f4d57baa524c5c2d781c933de201028c75084c3e836ff4237e066f3c7dd6a5492933c3da3fee76eb2c50a6915996ef6d7fb |
memory/4592-2926-0x00007FFF04460000-0x00007FFF04578000-memory.dmp
memory/4592-2925-0x00007FFF04CD0000-0x00007FFF04D04000-memory.dmp
memory/4592-2922-0x00007FFF04580000-0x00007FFF045A6000-memory.dmp
memory/4592-2921-0x00007FFF12420000-0x00007FFF1242B000-memory.dmp
memory/4592-2920-0x00007FFF045B0000-0x00007FFF045C4000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\charset_normalizer\md__mypyc.cp310-win_amd64.pyd
| MD5 | 9bb72ad673c91050ecb9f4a3f98b91ef |
| SHA1 | 67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4 |
| SHA256 | 17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f |
| SHA512 | 4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40 |
\Users\Admin\AppData\Local\Temp\_MEI59162\charset_normalizer\md.cp310-win_amd64.pyd
| MD5 | 79f58590559566a010140b0b94a9ff3f |
| SHA1 | e3b6b62886bba487e524cbba4530ca703b24cbda |
| SHA256 | f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73 |
| SHA512 | ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131 |
\Users\Admin\AppData\Local\Temp\_MEI59162\_brotli.cp310-win_amd64.pyd
| MD5 | bbd19c5aba74f555c5aa7b9907209c3b |
| SHA1 | f050800bc315bdc42139eb674b2fa3a5d78fc475 |
| SHA256 | 4be885d129a6945980d3efa571314830c2fc859d21533b03fdf626bb72c169be |
| SHA512 | 319acc0dbd75a9fdd6e456754f829f999b69aff9e79eaa5f44ddaf30e718368a1551b310ecad198a4b7ec2d467ae45b4e75e865921ca0c98db3af1ecb8965693 |
memory/4592-2908-0x00007FFF046A0000-0x00007FFF04A15000-memory.dmp
memory/4592-2907-0x000001D5F4860000-0x000001D5F4BD5000-memory.dmp
memory/4592-2904-0x00007FFF04D70000-0x00007FFF051DE000-memory.dmp
\Users\Admin\AppData\Local\Temp\_MEI59162\_bz2.pyd
| MD5 | 758fff1d194a7ac7a1e3d98bcf143a44 |
| SHA1 | de1c61a8e1fb90666340f8b0a34e4d8bfc56da07 |
| SHA256 | f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708 |
| SHA512 | 468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc |
\Users\Admin\AppData\Local\Temp\_MEI59162\libffi-7.dll
| MD5 | b5150b41ca910f212a1dd236832eb472 |
| SHA1 | a17809732c562524b185953ffe60dfa91ba3ce7d |
| SHA256 | 1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a |
| SHA512 | 9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6 |
\Users\Admin\AppData\Local\Temp\_MEI59162\python3.dll
| MD5 | c17b7a4b853827f538576f4c3521c653 |
| SHA1 | 6115047d02fbbad4ff32afb4ebd439f5d529485a |
| SHA256 | d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68 |
| SHA512 | 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7 |
memory/4592-3004-0x00007FFF046A0000-0x00007FFF04A15000-memory.dmp
memory/4592-3024-0x00007FFF04140000-0x00007FFF04150000-memory.dmp
memory/4592-3027-0x00007FFF04440000-0x00007FFF0445F000-memory.dmp
memory/4592-3030-0x00007FFF04150000-0x00007FFF04165000-memory.dmp
memory/4592-3032-0x00007FFF040F0000-0x00007FFF04112000-memory.dmp
memory/4592-3031-0x00007FFF04120000-0x00007FFF04134000-memory.dmp
memory/4592-3029-0x00007FFF04280000-0x00007FFF042B8000-memory.dmp
memory/4592-3028-0x00007FFF042C0000-0x00007FFF04431000-memory.dmp
memory/4592-3026-0x00007FFF04460000-0x00007FFF04578000-memory.dmp
memory/4592-3023-0x00007FFF04AE0000-0x00007FFF04B0E000-memory.dmp
memory/4592-3022-0x00007FFF11D00000-0x00007FFF11D1C000-memory.dmp
memory/4592-3021-0x00007FFF12430000-0x00007FFF1243A000-memory.dmp
memory/4592-3020-0x00007FFF04BB0000-0x00007FFF04BDB000-memory.dmp
memory/4592-3019-0x00007FFF04BE0000-0x00007FFF04C9C000-memory.dmp
memory/4592-3013-0x00007FFF04D10000-0x00007FFF04D3D000-memory.dmp
memory/4592-3018-0x00007FFF04CA0000-0x00007FFF04CCE000-memory.dmp
memory/4592-3017-0x00007FFF128C0000-0x00007FFF128CD000-memory.dmp
memory/4592-3016-0x00007FFF14600000-0x00007FFF1460D000-memory.dmp
memory/4592-3015-0x00007FFF12D20000-0x00007FFF12D39000-memory.dmp
memory/4592-3014-0x00007FFF131E0000-0x00007FFF131F9000-memory.dmp
memory/4592-3012-0x00007FFF04CD0000-0x00007FFF04D04000-memory.dmp
memory/4592-3011-0x00007FFF04D40000-0x00007FFF04D64000-memory.dmp
memory/4592-3008-0x00007FFF04580000-0x00007FFF045A6000-memory.dmp
memory/4592-3010-0x00007FFF14C90000-0x00007FFF14C9F000-memory.dmp
memory/4592-3009-0x00007FFF04A20000-0x00007FFF04AD8000-memory.dmp
memory/4592-3007-0x00007FFF12420000-0x00007FFF1242B000-memory.dmp
memory/4592-3006-0x00007FFF045B0000-0x00007FFF045C4000-memory.dmp
memory/4592-3005-0x00007FFF045D0000-0x00007FFF0469F000-memory.dmp
memory/4592-2999-0x00007FFF04B60000-0x00007FFF04BA2000-memory.dmp
memory/4592-2987-0x00007FFF04D70000-0x00007FFF051DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 794db5f1cf32cfcf06e5b3ceed7af720 |
| SHA1 | 02b736eae939e2c573609ba59572ff82e828080b |
| SHA256 | 46386ee1c29ec6842238191d7ca5e565e6f7c80d19e792912f42e5256782f172 |
| SHA512 | 2913411f2be7aaa966229c3d812f55092e68d6a409480f9c449a8d8dbb0a87f1640fb6934108de6c2879367e38e0eef8e57ed4109efd7a5c02b4c39c3e5a45da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 95e255dc7a7b451e159b86e1d5ba685c |
| SHA1 | fa2a89fb8019509837cf21a03996b53838b9e5fe |
| SHA256 | 02ed6d4c6b925c213524a031cc41282589d2fc6f35864805ae908b10b05095ef |
| SHA512 | d2b9bb9fc65ca79498cfe23ec3742b59ccf1f10d86d6e7209766695ecff4d47bd55b658610c58781a6b2d892ca993affe7c27bb0e952d6efbb68049b827b1ec8 |
C:\Users\Admin\AppData\Local\Temp\_MEI43082\altgraph-0.17.4.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/5168-3376-0x00007FFF02E40000-0x00007FFF032AE000-memory.dmp
memory/5168-3397-0x00007FFF03CB0000-0x00007FFF03CD6000-memory.dmp
memory/5168-3396-0x00007FFF03CE0000-0x00007FFF03CEB000-memory.dmp
memory/5168-3392-0x00007FFF02AC0000-0x00007FFF02E35000-memory.dmp
memory/5168-3393-0x00007FFF03B70000-0x00007FFF03C28000-memory.dmp
memory/5168-3391-0x00007FFF03D10000-0x00007FFF03D3E000-memory.dmp
memory/5168-3390-0x00007FFF03D90000-0x00007FFF03DAC000-memory.dmp
memory/5168-3389-0x00007FFF05B30000-0x00007FFF05B3A000-memory.dmp
memory/5168-3388-0x00007FFF03DB0000-0x00007FFF03DF2000-memory.dmp
memory/5168-3387-0x00007FFF03E00000-0x00007FFF03E2B000-memory.dmp
memory/6032-3744-0x00007FFF03CE0000-0x00007FFF03CEB000-memory.dmp
memory/6032-3743-0x00007FFF03CF0000-0x00007FFF03D04000-memory.dmp
memory/6032-3742-0x00007FFF03AA0000-0x00007FFF03B6F000-memory.dmp
memory/6032-3740-0x00007FFF03B70000-0x00007FFF03C28000-memory.dmp
memory/6032-3739-0x00007FFF03D10000-0x00007FFF03D3E000-memory.dmp
memory/6032-3738-0x00007FFF03D90000-0x00007FFF03DAC000-memory.dmp
memory/6032-3736-0x00007FFF03DB0000-0x00007FFF03DF2000-memory.dmp
memory/6032-3737-0x00007FFF05B30000-0x00007FFF05B3A000-memory.dmp
memory/6032-3734-0x00007FFF03E30000-0x00007FFF03EEC000-memory.dmp
memory/6032-3735-0x00007FFF03E00000-0x00007FFF03E2B000-memory.dmp
memory/6032-3724-0x00007FFF02E40000-0x00007FFF032AE000-memory.dmp
memory/6032-3733-0x00007FFF03EF0000-0x00007FFF03F1E000-memory.dmp
memory/6032-3732-0x00007FFF128C0000-0x00007FFF128CD000-memory.dmp