Malware Analysis Report

2024-11-30 12:45

Sample ID 240823-axm5nawdma
Target source_prepared.exe
SHA256 000bd548da4592196272f1849df1262378252e0bfacb03c0239f6febcb5cfb01
Tags
pyinstaller pysilon defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

000bd548da4592196272f1849df1262378252e0bfacb03c0239f6febcb5cfb01

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer trojan upx

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Command and Scripting Interpreter: PowerShell

Boot or Logon Autostart Execution: Active Setup

Sets file to hidden

Executes dropped EXE

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

System Network Configuration Discovery: Internet Connection Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

Checks processor information in registry

NTFS ADS

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious use of SendNotifyMessage

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-23 00:35

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-23 00:35

Reported

2024-08-23 00:55

Platform

win10-20240404-en

Max time kernel

1141s

Max time network

1133s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Downloads\source_prepared (1).exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Downloads\source_prepared (1).exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\WindowsUpdater\Updater.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\WindowsUpdater\Updater.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Downloads\source_prepared (1).exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Downloads\source_prepared (1).exe N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updater = "C:\\Users\\Admin\\WindowsUpdater\\Updater.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\prefs.json C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_pwa_launcher.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\optimization_guide_internal.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\vulkan-1.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\chrome.exe.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\manifest.fingerprint C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\chrome.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\metadata C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\VisualElements\SmallLogo.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\uninstall.cmd C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
File created C:\Program Files (x86)\Google1296_63212074\bin\updater.exe C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\MEIPreload\manifest.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\vk_swiftshader.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\chrome.7z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_100_percent.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\bn.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\kn.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\ml.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\sw.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\19743d48-3b99-4fea-823b-53a2f25f661d.tmp C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\3197d7eb-6416-4a77-ae58-704faf8ea252.tmp C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\vk_swiftshader.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\chrome.VisualElementsManifest.xml C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\sk.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\chrome_wer.dll C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\CHROME.PACKED.7Z C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\127.0.6533.120.manifest C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\ur.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe63ba1e.TMP C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\el.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\VisualElements\SmallLogo.png C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\notification_helper.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\metadata C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\updater.log.old C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\8f1f6d11-5219-427c-895f-75f86eb31f0f.tmp C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\vk_swiftshader_icd.json C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\53abbd34-6990-4cc2-83f0-bc94de9337a9.tmp C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\hr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\8f1f6d11-5219-427c-895f-75f86eb31f0f.tmp C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\sr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google7188_867646295\updater.7z C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\_metadata\verified_contents.json C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\pl.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\chrome.exe C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\hu.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\127.0.6533.120\Locales\he.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\GoogleUpdater\prefs.json~RFe60b53b.TMP C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\manifest.fingerprint C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files (x86)\Google7188_1817720367\UPDATER.PACKED.7Z C:\Users\Admin\Downloads\ChromeSetup.exe N/A
File opened for modification C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\prefs.json C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\en-US.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\Locales\mr.pak C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source5360_1612030796\Chrome-bin\127.0.6533.120\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ChromeSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\ChromeSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688475077430627" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey \??\c:\windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\TypeLib\ = "{DD42475D-6D46-496A-924E-BD5630B4CBBA}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppID C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0 C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{D4757239-55B2-5C3D-8B06-DDE147267C2D} C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\TypeLib\ = "{8476CE12-AE1F-4198-805C-BA0F9B783F57}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\ = "{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWeb" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{D4757239-55B2-5C3D-8B06-DDE147267C2D} C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4757239-55B2-5C3D-8B06-DDE147267C2D}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWebSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{119413E1-D553-5881-9669-43EB131F5143}\TypeLib\ = "{119413E1-D553-5881-9669-43EB131F5143}" C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\ = "GoogleUpdater TypeLib for ICompleteStatusSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\1.0\0\win64 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\4" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B} C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\ = "IPolicyStatusSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ = "IPolicyStatusValueSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{34527502-D3DB-4205-A69B-789B27EE0414}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\ = "IUpdaterObserverSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\1.0\0\win32 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\ = "{463ABECF-410D-407F-8AF5-0DF35A005CC8}" C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\ = "{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Interface C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0 C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\129.0.6651.0\\updater.exe\\6" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ = "ICurrentStateSystem" C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\ChromeSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google7188_867646295\bin\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files (x86)\Google1296_63212074\bin\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\WindowsUpdater\Updater.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\ChromeSetup.exe N/A
Token: 33 N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4816 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4816 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4216 wrote to memory of 532 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2184 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 2184 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 532 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 5092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 532 wrote to memory of 4176 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.0.631578483\971289522" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {232894d1-7982-498e-9cbb-ea2728280d96} 532 "\\.\pipe\gecko-crash-server-pipe.532" 1708 1a758ed7758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.1.949605006\1663464334" -parentBuildID 20221007134813 -prefsHandle 2052 -prefMapHandle 2044 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91d64640-3dbb-4756-bf5c-36d0268c44e1} 532 "\\.\pipe\gecko-crash-server-pipe.532" 2088 1a7589e5358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.2.688969364\368983670" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e6ba41-42a7-4a4f-8531-df2eb34abfb6} 532 "\\.\pipe\gecko-crash-server-pipe.532" 2748 1a75cd76a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.3.1185340759\2063013082" -childID 2 -isForBrowser -prefsHandle 3432 -prefMapHandle 3428 -prefsLen 26044 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a82c3b6-4ef6-4a83-8a3a-bdeb9d677244} 532 "\\.\pipe\gecko-crash-server-pipe.532" 3440 1a75dcdf458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.4.1985164750\1915936811" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {719ae32d-6a32-4575-9bc9-02fe8f8f35ab} 532 "\\.\pipe\gecko-crash-server-pipe.532" 3664 1a75de68c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.5.1987903975\1391101398" -childID 4 -isForBrowser -prefsHandle 4160 -prefMapHandle 4728 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {734c6071-a570-45dd-811d-cc9955a72038} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4760 1a74e25fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.6.739383315\2056537045" -childID 5 -isForBrowser -prefsHandle 4896 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6026e6f-b12c-4393-ac2f-bfaca1d998d6} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4980 1a75f1cc558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.7.376987746\1758729947" -childID 6 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac52ff4-5ff4-4c82-af2e-7f28ed26afcc} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4780 1a75f3fcf58 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x338

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsUpdater\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\WindowsUpdater\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\WindowsUpdater\Updater.exe

"Updater.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\WindowsUpdater\Updater.exe

"Updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\WindowsUpdater\""

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.8.132543519\1870066989" -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea57452-913b-402a-855a-b97be2f6a101} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4524 1a761353258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.9.412385652\957477921" -childID 8 -isForBrowser -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7262b05-8084-483f-bfa1-b4e147bc220e} 532 "\\.\pipe\gecko-crash-server-pipe.532" 4792 1a760e48558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.10.613643841\785191185" -childID 9 -isForBrowser -prefsHandle 4868 -prefMapHandle 4792 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47da142c-4758-4619-b4ed-52c3c8d6f8e4} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6104 1a763a0cb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.11.1400357633\1028254737" -childID 10 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 916 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19d8bf4d-7d64-440f-b03f-100c3148f272} 532 "\\.\pipe\gecko-crash-server-pipe.532" 5060 1a763d6b458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.12.1169420161\647524067" -parentBuildID 20221007134813 -prefsHandle 6264 -prefMapHandle 6164 -prefsLen 27486 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90841446-c1e2-44fa-8add-7598a4523d8a} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6268 1a764781358 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="532.13.921978612\1774444802" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6224 -prefMapHandle 4964 -prefsLen 27486 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e5236d6-c1e2-4ce3-a9f1-257e9349f8e2} 532 "\\.\pipe\gecko-crash-server-pipe.532" 6268 1a764780458 utility

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files (x86)\Google7188_867646295\bin\updater.exe

"C:\Program Files (x86)\Google7188_867646295\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={421CC723-AA40-0822-4F00-A7279A6AD2CA}&lang=en-GB&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google7188_867646295\bin\updater.exe

"C:\Program Files (x86)\Google7188_867646295\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7e06cc,0x7e06d8,0x7e06e4

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\127.0.6533.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\059cd941-7fbd-474f-84ef-06ee153dd974.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\059cd941-7fbd-474f-84ef-06ee153dd974.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6459e41f8,0x7ff6459e4204,0x7ff6459e4210

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1796_525090642\CR_0868E.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff6459e41f8,0x7ff6459e4204,0x7ff6459e4210

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xd4,0xd8,0xa8,0xd0,0xb0,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1620,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=1632 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1740,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2104,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3800,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4380,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4796,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4732,i,17751838542531604493,5173459644341333158,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:8

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files (x86)\Google1296_63212074\bin\updater.exe

"C:\Program Files (x86)\Google1296_63212074\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={421CC723-AA40-0822-4F00-A7279A6AD2CA}&lang=en-GB&browser=3&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2

C:\Program Files (x86)\Google1296_63212074\bin\updater.exe

"C:\Program Files (x86)\Google1296_63212074\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x12506cc,0x12506d8,0x12506e4

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x264,0x268,0x26c,0x240,0xc0,0x13006cc,0x13006d8,0x13006e4

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\127.0.6533.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\60b506ff-9d99-4330-86ce-cb7ab7cb696e.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\60b506ff-9d99-4330-86ce-cb7ab7cb696e.tmp"

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7f27341f8,0x7ff7f2734204,0x7ff7f2734210

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe

"C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7f27341f8,0x7ff7f2734204,0x7ff7f2734210

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,6725729469348459328,8253932052898616028,262144 --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1788,i,6725729469348459328,8253932052898616028,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:3

C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --rename-chrome-exe --system-level --verbose-logging --channel=stable

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff67c5c41f8,0x7ff67c5c4204,0x7ff67c5c4210

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --channel=stable --delete-old-versions --system-level --verbose-logging

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer --flag-switches-begin --flag-switches-end

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff67c5c41f8,0x7ff67c5c4204,0x7ff67c5c4210

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.120 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8d3ee790,0x7ffc8d3ee79c,0x7ffc8d3ee7a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1632,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2092,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2808,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2816,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2884 /prefetch:1

C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\127.0.6533.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4412,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4472,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4932,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=2892,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4560,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4192,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3244,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4256,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=2788,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4264,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4208,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --wake --system

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update-internal

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x13006cc,0x13006d8,0x13006e4

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --system --windows-service --service=update

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe

"C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=129.0.6651.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x13006cc,0x13006d8,0x13006e4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4772,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5144,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3036,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5184,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3756,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=2940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5320,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5632,i,5348171563814445911,2669756382029846235,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8

C:\Users\Admin\Downloads\source_prepared (1).exe

"C:\Users\Admin\Downloads\source_prepared (1).exe"

C:\Users\Admin\Downloads\source_prepared (1).exe

"C:\Users\Admin\Downloads\source_prepared (1).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\Downloads\source_prepared (1).exe

"C:\Users\Admin\Downloads\source_prepared (1).exe"

C:\Users\Admin\Downloads\source_prepared (1).exe

"C:\Users\Admin\Downloads\source_prepared (1).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

Network

Country Destination Domain Proto
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 139.54.240.44.in-addr.arpa udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
N/A 127.0.0.1:51164 tcp
N/A 127.0.0.1:51213 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com udp
FR 142.250.179.100:443 www.google.com udp
US 8.8.8.8:53 100.179.250.142.in-addr.arpa udp
N/A 127.0.0.1:53911 tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 216.58.214.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
FR 216.58.214.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-4g5ednds.gvt1.com udp
DE 74.125.162.198:443 r1---sn-4g5ednds.gvt1.com tcp
US 8.8.8.8:53 r1.sn-4g5ednds.gvt1.com udp
US 8.8.8.8:53 r1.sn-4g5ednds.gvt1.com udp
DE 74.125.162.198:443 r1.sn-4g5ednds.gvt1.com udp
US 8.8.8.8:53 198.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com udp
FR 142.250.179.100:443 www.google.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 142.250.178.145:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 142.250.178.145:443 csp.withgoogle.com udp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 145.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.201.174:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.201.174:443 consent.google.com udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
FR 142.250.178.145:443 csp.withgoogle.com udp
US 8.8.8.8:53 www.gofile.io udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com udp
FR 142.250.178.145:443 csp.withgoogle.com udp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 www.gofile.io udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 tools.google.com udp
US 8.8.8.8:53 tools.l.google.com udp
US 8.8.8.8:53 tools.l.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 162.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 142.250.178.130:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 ade.googlesyndication.com udp
FR 142.250.178.130:443 ade.googlesyndication.com udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 123.35.104.34.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 accounts.google.com udp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
FR 142.250.179.100:443 www.google.com udp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
N/A 224.0.0.251:5353 udp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com tcp
FR 142.250.179.100:443 www.google.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 142.250.178.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 172.217.18.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.18.217.172.in-addr.arpa udp
FR 142.250.179.67:443 update.googleapis.com udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.201.174:443 consent.google.com tcp
FR 172.217.18.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons5.gvt3.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 www.gofile.io udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.gofile.io udp
US 8.8.8.8:53 www.gofile.io udp
FR 172.217.18.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.100:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
FR 142.250.75.238:443 google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
HU 142.250.180.227:443 beacons2.gvt2.com tcp
HU 142.250.180.227:443 beacons2.gvt2.com udp
US 8.8.8.8:53 227.180.250.142.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 update.googleapis.com udp
FR 142.250.179.67:443 update.googleapis.com tcp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 142.250.178.138:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 store3.gofile.io udp
US 136.175.10.233:443 store3.gofile.io tcp
US 136.175.10.233:443 store3.gofile.io tcp
US 8.8.8.8:53 233.10.175.136.in-addr.arpa udp
US 136.175.10.233:443 store3.gofile.io udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 172.217.18.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
HU 142.250.180.227:443 beacons2.gvt2.com udp
FR 142.250.75.238:443 google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI48162\ucrtbase.dll

MD5 a6b4fba258d519da313f7be057435ee4
SHA1 0bf414057d0749e9db4da7683eb6d11be174cdd5
SHA256 aa092722797b9a74e9463516e6c63d4d3c904ac263f4a4ea421b0d4d4875f606
SHA512 34f3d006a9bb7835e9d82465874e059a328c8d69abd61c79d6a85a7702df582dabc93126918a0514356fda2810c77acc1d6070ad4418921bd9e8efe34697e4a1

C:\Users\Admin\AppData\Local\Temp\_MEI48162\python310.dll

MD5 fc7bd515b12e537a39dc93a09b3eaad6
SHA1 96f5d4b0967372553cb106539c5566bc184f6167
SHA256 461e008b7cdf034f99a566671b87849772873a175aefec6ed00732976f5c4164
SHA512 a8433d5b403f898e4eeebd72fce08ebad066ca60aeb0b70e2ae78377babc2acbbae2ac91ab20f813cce4b1dc58c2ad6b3868f18cc8ac0fe7be2bff020eb73122

C:\Users\Admin\AppData\Local\Temp\_MEI48162\VCRUNTIME140.dll

MD5 870fea4e961e2fbd00110d3783e529be
SHA1 a948e65c6f73d7da4ffde4e8533c098a00cc7311
SHA256 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644
SHA512 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

memory/2184-1308-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48162\base_library.zip

MD5 ec4cfaea9dd1cc036dd660fe1ec9f43d
SHA1 e7c9c330b8eb231e83c702467e2e9af18e8baa06
SHA256 cc116525aa92dd218606da9c4efc6bfed5725d805182fbbec22ead527720f1b7
SHA512 092200f1b8eb205ca857bcf5fb5d605c9b9266966846cb94e2732030a6b6819dcb77ba5033311bf8f0ff1242ea460965efe15f8a68a648bcc7f12af9105a0f9f

C:\Users\Admin\AppData\Local\Temp\_MEI48162\python3.DLL

MD5 c17b7a4b853827f538576f4c3521c653
SHA1 6115047d02fbbad4ff32afb4ebd439f5d529485a
SHA256 d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68
SHA512 8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

C:\Users\Admin\AppData\Local\Temp\_MEI48162\_ctypes.pyd

MD5 4b90108fabdd64577a84313c765a2946
SHA1 245f4628683a3e18bb6f0d1c88aa26fb959ed258
SHA256 e1b634628839a45ab08913463e07b6b6b7fd502396d768f43b21da2875b506a1
SHA512 91fa069d7cf61c57faad6355f6fd46d702576c4342460dadcedfdcbc07cd9d84486734f0561fa5e1e01668b384c3c07dd779b332f77d0bb6fbdbb8c0cb5091bc

memory/2184-1316-0x00007FFCA6480000-0x00007FFCA64A4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48162\libffi-7.dll

MD5 d50ebf567149ead9d88933561cb87d09
SHA1 171df40e4187ebbfdf9aa1d76a33f769fb8a35ed
SHA256 6aa8e12ce7c8ad52dd2e3fabeb38a726447849669c084ea63d8e322a193033af
SHA512 7bcc9d6d3a097333e1e4b2b23c81ea1b5db7dbdc5d9d62ebaffb0fdfb6cfe86161520ac14dc835d1939be22b9f342531f48da70f765a60b8e2c3d7b9983021de

memory/2184-1318-0x00007FFCA7090000-0x00007FFCA709F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48162\_bz2.pyd

MD5 6250a28b9d0bfefc1254bd78ece7ae9f
SHA1 4b07c8e18d23c8ae9d92d7b8d39ae20bc447aecd
SHA256 7d43f7105aa4f856239235c67f61044493ee6f95ddf04533189bf5ea98073f0b
SHA512 6d0aa5c3f8f5b268b94341dfdd5afbe48f91f9aac143bf59f7f5e8ba6f54205b85ec527c53498ed8860fdff6a8d08e48ec4e1652eeab2d3c89aaaf3a14fcaaa7

memory/2184-1324-0x00007FFCA6430000-0x00007FFCA645D000-memory.dmp

\Users\Admin\AppData\Local\Temp\_MEI48162\_lzma.pyd

MD5 8edbeeccb6f3dbb09389d99d45db5542
SHA1 f7e7af2851a5bf22de79a24fe594b5c0435fca8a
SHA256 90701973be6b23703e495f6a145bae251a7bb066d3c5f398ec42694fd06a069f
SHA512 2a8bf60f2280b9a947578bd7fd49c3ace8e010a3d4b38e370edb511ea0e125df688bbac369d6a3cec9d285a1fa2ad2dac18a0ef30fda46e49a9440418581e501

memory/2184-1321-0x00007FFCA6460000-0x00007FFCA6479000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48162\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI48162\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

memory/2184-1371-0x00007FFCA6410000-0x00007FFCA6424000-memory.dmp

memory/2184-1372-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI48162\libcrypto-1_1.dll

MD5 86cfc84f8407ab1be6cc64a9702882ef
SHA1 86f3c502ed64df2a5e10b085103c2ffc9e3a4130
SHA256 11b89cc5531b2a6b89fbbb406ebe8fb01f0bf789e672131b0354e10f9e091307
SHA512 b33f59497127cb1b4c1781693380576187c562563a9e367ce8abc14c97c51053a28af559cdd8bd66181012083e562c8a8771e3d46adeba269a848153a8e9173c

C:\Users\Admin\AppData\Local\Temp\_MEI48162\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI48162\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-utility-l1-1-0.dll

MD5 dd274d651970197e27feab08ce4b028d
SHA1 6664642754c808c3f90a07bdac130667640292ff
SHA256 9613e7e0e7abbb4fef8cfb509992382de6b42bf77c13d332f0c63cf607657645
SHA512 2e44a4cc4c270879f1fe2f0196273ce8b5ec501a3be367fccf0d2e314aa92ca5b61b38394970a82f3af1c7507d988b23a4888a572fa26fd5d1a41f6b864b3987

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-time-l1-1-0.dll

MD5 7c33d39026d00829b6471b6553d58585
SHA1 d4540ce9ed17ac5d00fc88bdbfd9db024fc2aa27
SHA256 51c921caa246c20435d4ad5b0785dcb71879aa075ce7c2edf26a13f834e49f35
SHA512 76429a39f3a8e6e47a34bfe3cc1ae2e73386a81c06b851342d09de573c039ca136a78cd5575ac7ffb12ea3454bc33075fb8679e33edd9507bf6ffcefc7aa13e0

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-string-l1-1-0.dll

MD5 3635ebce411c68d4a19345c2770392a2
SHA1 916f6a4991b8478be93036e6301700685bc91234
SHA256 eb137321cbaed6ac69d598d0f7292a742b341597abf8b450ef540856916f7233
SHA512 fec461681a4e827adc2797e09d86a80711fecc95bca64f11519a9af822bd972ff8cd63aea50aa68a3aa23eab4ef5d0c8591f0e8926f802e0cd665607d0659b1e

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f00c8e79700909c80a951b900cfae3b7
SHA1 9d41dadb0fba7ea16af40799991225c8f548aeea
SHA256 8a3d1982788c532604dbfa17171d71f8ad85880179e0a3e08c92dcf6536e5ed1
SHA512 033696e294e251cbbf6c8af6774141a1bf51f2056385610d310676e35f1849588f8280128ad090d94015adbc448136ab58486d554ac177e48598065cf64d6c59

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-runtime-l1-1-0.dll

MD5 5fc379b333e9d064513fd842ba6b01a4
SHA1 15196ba491dc9b0701b94323017a8ad9a466b6f4
SHA256 d16db9232ec6d06603e049ba8881cd15f1636c2a83c4e91a9f9abd8624b321e4
SHA512 70a2604cb3e9a4d9a167d0080b2ed7081cad6217fa8569223bca720624fea9cec68604712ac24ab301cddc6d71c01b5b1c581f67ac5e43a1826726471344302f

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-process-l1-1-0.dll

MD5 86b8122f87c75cc3dbb3845b16030c64
SHA1 ae65379a9a2312fc7eb58768860b75d0e83b0cc4
SHA256 c4d65f157ffd21f673ee6096952a0576b9d151b803199c3f930b82119c148f62
SHA512 e53a00b8788a865351898f316c307fe18ad2e2dca687b32d7a7f88b816918206e68fb90e4a87eb8cdab76183c975b70398eaba3bad049712eac519bcb2eb14fd

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-private-l1-1-0.dll

MD5 3e07d85a5ced75f3fc2ec2d48fd45563
SHA1 c2594cbbd44a3b3542cab3e94239411b0bb6c233
SHA256 42921284fcff8f84543c4da8d7883e968324364541e008b57a10ce8781a4ccec
SHA512 df20e6f1f1ae1d72741a084ff1860b5db8e2535d01e46f5f8436dd3ec20249573ae52ea5f8990e4fa3f7f6d0fcd93ccae7bfa202628bd65dec34338fdb02b601

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 638cdba65a9151ec58fb1a9ecfb8717d
SHA1 9d7337e84ca1748006603051e06b96796577826d
SHA256 e07229a0a25588694e8dc6c8827c37649701972695ae36322381c4f1e43dffcc
SHA512 f64cbda5387be7041ee05613a32818cbc5347e2c845d58e18ef39b12811ba015193b7c28481e7c86dd08e28dd6b01e8c87a16f66dabdacf30f7108381986a57e

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-math-l1-1-0.dll

MD5 9c6c9fe11c6b86bf31b1828331fbc90e
SHA1 fe18fe7e593e578fadb826df7b8e66aa80848963
SHA256 3308d7121df05de062333b772d91229ae13f626c5aad4255c025cbe5694bc1d8
SHA512 3d84434ce23038b713378a6e02d5f58b5e501bf2b4c3ffdb645a1600f386795b24931ad8dc1edc7dc0b00a69fd99f30567da32cb4c396c3800e29451fda1804c

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-locale-l1-1-0.dll

MD5 1ce8dc500f8d647e45c5277186022b7a
SHA1 ab146c73f9294c7193a2973f2ed3cc9fcf641630
SHA256 396473df7b8645421a1e78358f4e5eefd90c3c64d1472b3bf90765a70847d5eb
SHA512 32b049156e820d8020325123f2e11c123b70573332e494834a2d648f89bca228d94b4ca5acf91dfdfcdd8444be37877c25881c972122dafb19fc43e5c39d1d04

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-heap-l1-1-0.dll

MD5 fc617cea3a386409177b559099f22557
SHA1 d5291dbcb7a2458b34c8af9d539df4276a1d99ae
SHA256 9f6f171a5c1b0b7947fec31937d8b30789ae4fede08e78f6db2227f0fc22eb73
SHA512 bc3318c0382007895194397c1680cc308916d9ad1450d9e09e8e71f48772dcc890f4189da8c1ac498a75a9e6ac6a0a557f9812394aa4442e195e8039249543c8

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 712c104617ef0b2adcf6aa3a0117d7df
SHA1 14a158be1051a01637a5320b561bec004f672fe5
SHA256 8289c5306b1dd857e97275611864089986600439cac79babb2466fbc08254cb4
SHA512 62a7a0c5460859880f20ca8a80c5f0cc3f7fcbc00b51d1138e6e44dd988c4fdb5eab59eecc9bf74d1ecaccddb5dc0b35e0be709d8e2599a835aff157ef631ace

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-environment-l1-1-0.dll

MD5 eaf1266b1b58d3228d9c8c6c51e61970
SHA1 28742ae8c761883ae391b72e6f78d65ce9fda5af
SHA256 b1e76699a66f81013ca416fb4d52499b060a00c0d30ff108243a42af2c528ac1
SHA512 5c73dc91be717164f2d519286c8cc46148204b5554bbf7f61e017f95eb1281bd2e906cf00564d1ae2bf68257ef28c069a4434d65c45e0ba5dc649068bdd31cfb

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-convert-l1-1-0.dll

MD5 d8ad7429849045db1da31d30b545c6a0
SHA1 2d13798b365d06c085ea966d84cd3f127d1c7bc8
SHA256 a864aad44892a4735aef3ff76f594715291b74e8ab15fa3857f1d6168d4b7e3a
SHA512 522f7cef3b9bb32814fe35bdef8bf0a816a1db8f427d30039429ce3ba666ddfb8459a777f5dd796bfb816d8f454c5f9aff8cb015b66c87808aa5cd301fc995b0

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-crt-conio-l1-1-0.dll

MD5 018f9ce13d833d7830ee2d02239c1161
SHA1 4a544dc22706b999ceeb9477f027068630281075
SHA256 451e761abe2b6031574d02bd7b70a609c62d12757b9c2eebbcd815e66e5f2a4f
SHA512 7574f777508761e64a68cb19a56703987891d94c30622e9599fa132c72e687d55ce7f2822d2d6722132b80dc34dbed995d085573eddca8705cbd989605caa811

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-util-l1-1-0.dll

MD5 5c938aa1d32aada7336717a3bfe2cbad
SHA1 50ab7b54cfeefa470ea8d31d14cb18673c1e97a7
SHA256 edc5f6bb8cd3e74c0b065ebef81f6ea22050c585ffabfac93fa5594b22282b26
SHA512 ec01969aa1b4d62198765b670f1bb59aa42142f9a8ace1302e0fe49a43651ce96953babe44772d49040863f96fdfcc578fff1320f797351077209b9badc100ec

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-timezone-l1-1-0.dll

MD5 dd86613bbc3da5e41d8bd30803d87c1f
SHA1 35690b9b0fe48f045568e25221694be041f56d4f
SHA256 2312923d7e07c1f58f457ac434b89c01ce675ff42d74bb279326d6c573f675ed
SHA512 6d4a29c99e819368389a9347a719e78125dfbc3166af85425db81f38833b57ba28251472dd42db974876bcf8bc73465d638678b06e3482ceb36c19b943f41ca4

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 72ddeb5483ebf2b74bdf226fd907dfa4
SHA1 dcfabbeab02e3b2a6658afb422c5526b0588dd4e
SHA256 3c86ac8dd9c84d94e205f3a3751521ec88a4653b3f42a9fd8c724adabaacb316
SHA512 507d63174a38d70aecefb8117f21823040fe363949d0f1bf1253934debe7e0e775615efc8ac149022a074bb6e01314dfb62df550e04ea7b6e6241b7891f5717a

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-synch-l1-2-0.dll

MD5 a5c5e0015b39d058dd3ba707ddb2797d
SHA1 075d66ab5660b22b48129f7bcde7eaf24e6c3e65
SHA256 7eb43d2339d07858f4c95ea648234d44722e86262f1971ef5fa4995a1ca2e642
SHA512 86c0541e82c622a7d8ab74499d1ad56e76f270dc6bcf7d94cae3a7451b94c030bab172ad04b4f7b489d7f0649def9eea2512f8361d94ac4afa0fde3527656020

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-synch-l1-1-0.dll

MD5 dccb8e4632e84e12fdced9489e8db62f
SHA1 17d50eecc039c225965bcea198f83cca408ba5e0
SHA256 7e7fe561d2733b373cf74cb017a30c753c95ed312d3881bfee33e70ebec3abc1
SHA512 3661593b912d7b9c9b7b65d8465c492091ca036d634882e4db7dd7ea5e3500edde5997c13ba9d1a6d2695b9ae89eec505f304ad9759c0f73bd717fa9969e4a11

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-string-l1-1-0.dll

MD5 5f6e50a3235783de647ccbd5d20f1ce7
SHA1 c5af12af034df61e293f3262fbc31ee24c9df02e
SHA256 e54b9dfdda851d3e1afecdf9f88fc30bffc658a533f5dff362ea915dfa193c58
SHA512 ec9dafbf04606eaf641fb376a12e9e2415c83b7a6a2d348d1f54f8968204cac4b41620da96a6161a651ba782a4204eb7ab9e9540456b45f9445f7e104efbb84c

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 1645c51ed436440b51ec2ab21596a953
SHA1 001bef9899617f0b961cc645ed85c30a0606f6bf
SHA256 eb6ead70e58b3d7bd40528a3944ce6389f3140622b1e264e216ee22aefc26689
SHA512 b50a134f1cc52e6395d702ac25e87de490ac4aa07300a785afbc066dfdd1b28acb112003b1725033075fc97d9ed9878bcdb0f3348795821dca2492f625390d8d

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-profile-l1-1-0.dll

MD5 bc5385bc13db467fa89b1ac8ba7fb486
SHA1 b44bd2eaa8fb086399125c0349a3e2102fc16154
SHA256 ffd90534607f02b049244fc4acdb8537c4d8a5c87a7d4e3fa0f3b82dad10bb66
SHA512 6653c716e1abd56136bce0252ab928b29c0f316973009c357fb458b414a6e652e4c9e74b0b3ca3c4b534c0186a20f2e4f97a8b1e1bba4883b91b21127c6f1e30

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processthreads-l1-1-1.dll

MD5 0f99a725b93375f0ba8795e67e5a4fdf
SHA1 9825f0ec9cc4ba99471f4587d4bf97f7083d5f93
SHA256 be77a15dcaf73a7c1be6c62f57e79ef7bbc305e1b7753a4345ba1d88851dba08
SHA512 f95b6472b78f2bea732c6cc4933c83da7cbbf3eec67544b9faf86c6d6183c23e47afadb23e78420ed2dcec7ddde819e0fcb14345614c5acb3d959fca7c5a7468

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processthreads-l1-1-0.dll

MD5 9d0f94055e51b559e47bc7124e8a9b54
SHA1 47d1fa7c3de9ca19e7dad7adee04ab5fb2dcb33c
SHA256 248e4c840c00327ed84edb13a75f826d0cbd412a288dab6bfa386476589053b3
SHA512 5e53c1ff3c2dde843507e00be0b66521c3d225d3fb405e8d52928706b2711ae189cf7488eb8b9e0fcd5419f93c0710c488e78ba0680ef47268817204a824827d

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 2a183a87968681d137d86be383c3f68c
SHA1 6d70085fc5f07d7f13ccd6591ac3c1179d4a2617
SHA256 5f6905a9b252c955c217a9d3ccfdd390ace9a2b5d0977447efb3a1ec643684db
SHA512 b2691eb6819785c535eab0798ff1442cbd5f485a9a2182c9a97fd6675a076783fb208979b463cb106ba15cdfb60d68dc0a7889aa6eb8bf5bd746015583e68362

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 301c2db0287d25844f0ed8119748f055
SHA1 5eaeff224c0f1dd5e801ea4fe5698233010d38b9
SHA256 44aeff16fcc3fa571e490b277c98dfa6352bc633de1ced8ab454a629655a8295
SHA512 3abb2fdddde2d08f38a0e22d3d61dfbf0990d7834ce80a55fb5c6fa68ae523bafab8ee7067c087a802f52fe8f506fe04d6b5b77d3b584cd519741524453c6f81

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-memory-l1-1-0.dll

MD5 c3fbc0bd499263dbc6761e7e34ca6e3d
SHA1 c6f6fc8f3d34b73d978090973fac912f5171a8cd
SHA256 ea438ac5926d5eb96999440dc890b24974926230c2a4b788c71ac765bdabd72d
SHA512 656da6d4a9717401ca8e31f5b62352c50a03f9e149cda2268295133c631600f6418758645f0f81fa596ddb3a9927b0759291ae64c9d330026a00b4cc3f6d1ab6

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-localization-l1-2-0.dll

MD5 09fed91680050e3149c29cf068bc10e5
SHA1 e9933b81c1d7b717f230ea98bb6bafbc1761ec4a
SHA256 3c5900c9e7fbada56e86d8973a582771dde6bff79ca80ae05920a33a2cc435df
SHA512 e514590385561731f2ad18afd6bcefac012ea8061a40b6ccfda4e45ff5768617b2e1b06e849e8a640a10ca59039e89ba88cac5d3b7ff088968eb4bc78e212d3a

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 cc56472bc6e4f1326a5128879ffe13cc
SHA1 636a4b3a13f1afff9e4eda1d2e6458e2b99221a7
SHA256 b4cf594dabb6c5255755a0b26a2ff5a2ac471818580f340f0432dbb758b34185
SHA512 baa0a6d83245f438548e2c546f89d2fb367d3492bec526324a9efb96accfa67602bc401211fc4574cb71377aaebee2ee9b13b562fcd3cf56fc983ae7faa12613

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-interlocked-l1-1-0.dll

MD5 2a3d1be9d329d76a89679f8cb461429f
SHA1 37716d8bdb2cfa84bedaad804979874ef50b6330
SHA256 21c91b58166c8066d5c85c97da82b496b45fa9ed3a1d6b76db85aa695a7cd772
SHA512 46230a42e282534fa4898bfc4271e5098856e446c505475e5226a4e5d95685ddc5fc029c20ba7129cb76ac5fb05ea0a449a092a4b546a00c060db0efb737958f

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-heap-l1-1-0.dll

MD5 51de1d1929921f8465fb92e884d675e0
SHA1 977e991fcf396f606ec06260d52e2d6ab39287cc
SHA256 ad09fbff3441c744c6a3c0acec7b0269f764ea7da6aa467911e812f042c6af15
SHA512 6c2efb80d1863e6a991fcd385f3276ec4f20215a99c1ce73947adc15c073d58405faebc229f29c4befba544438b8a9f38e5e2816ab708e3cfeee0d08327237d1

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-handle-l1-1-0.dll

MD5 d0f562394866e238d2df761bc4cce7be
SHA1 613c83d4efbc8306d2f776535fd60660e7f3b457
SHA256 6af859139a2873c8c7b681174ef620b13f71f3e879b39edaee66b20ae018ae4f
SHA512 7a2be6fe33b1fee83ec4072fe9e8ab36545d64fe2211a957d47516d8e71f9ddc6dc13b1aa3db0a3d9cb34c0eab023149a427172999c069b91cad4753eca42085

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l2-1-0.dll

MD5 e1d37d21f7875483ae0d187032d5714c
SHA1 51a945a9e6ccf994781a028cd07ab8ee820f542c
SHA256 1076a19f2a42a35c8639fb1ce1666d046e0fd259142f7e645e350211d9d6390f
SHA512 77973d6e5e6ad68b304f50184a95be9d4993338f4f69e07c11275951b2fcfdc02c061182d1a7a394dc18fe77d6d021dd9e8e17cdfbbb8d0c77752c6df1979011

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l1-2-0.dll

MD5 b38d5b15f77e6cd93763c76ff1bc79ee
SHA1 cadffe8a06835a7c1aa136a5515302d80d8e7419
SHA256 aa9e41933f1cf1c3bcc3b65771297b0ef088fac153c7997c0d48e7882714d05f
SHA512 46eaeb419654efd999146b9cd55ece42939e071f089ccb4698a09f4bb6b881106a3e342901439f867f609c1147ef151832b2919d2a33726643a6e5c4086a5f3a

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-file-l1-1-0.dll

MD5 1f22501f6bd7ebed5f96cfd0a5390d7f
SHA1 092eca4840f9de5e99f01290cc167cc2c07b0fc7
SHA256 198dd97c0edc412500e890400ea8d2890a6155766b85278e6e7602366d70a479
SHA512 a7a998dc379a0505827e1362eb409f1421dae65987387a78901255f1683f69f56a2d28c077f90eded1c9ed19e4c84564ddabeca284a8cc08275619250a9d5da4

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-fibers-l1-1-0.dll

MD5 49ca161ffc4094bd643adb65a03f6108
SHA1 0bc09cde835fbcf1e1056ad2ddc284f65a3c8b57
SHA256 d04306791507e0284b46b64b69c34ca9c238e270c039caeb0e96cf13b3b2cae2
SHA512 0a94f7c308b02feb72e3323e876702587b7dc56d7f786c3bffef2a6325144c59581a2b48fabc064e73e1d058d6b1f64061bddbd55970a330c7c658a24a81863d

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 95305ac137745d11c5805d162f3da695
SHA1 b80f1683a450834d14455dceffd10048ef0606f4
SHA256 35c5aaf1092e406db5cae36cb5a571b82936bfd333d84ccf672f7d8e72a86387
SHA512 fdbaef161e7d4cf4b905bda7a11a4b9033952d5a94c6bce8322732b16d9dca11634a54f28e1591da88a643fae635fa9c41c4e94bcca83f9ba7cf23730c119c2f

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-debug-l1-1-0.dll

MD5 451e40fad4a529da75abccdc9723a9a8
SHA1 e3ef32218a63c91b27ca2a24bc6ea8410677562c
SHA256 c55da85bc6a3c1fca3eab4c0fdb918d35b466b3aa86d2c28233d117bde3d36c5
SHA512 50135031cf10ce011a9595688bbb7b193611d253cc6586e9337321b61de8fef5f9cabb3a217113c6e71013ba40b6f7854640dff8749f4f8a0068be4e85a1908e

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-datetime-l1-1-0.dll

MD5 51a1bef712620a98219f7a1308523665
SHA1 30f6834d7a30af8c13c993f7ca9eda2f9c92a535
SHA256 12ab9012176def0e9ed6c19847a0dbb446b6a2575f534b0f1d9c3e1e2a6fcf72
SHA512 bcb36b2435536a92a4e7c3bd8c929796ddb317c728ca87ae1e641b093fe2f69fd7671b33d8526c165b598c8b79f78367ed93e3f08fcd6b9f9285caf867049dcd

C:\Users\Admin\AppData\Local\Temp\_MEI48162\api-ms-win-core-console-l1-1-0.dll

MD5 4db53fe4fa460e376722d1ef935c3420
SHA1 b17f050e749ca5b896a1bdafd54c6cd88d02ec5b
SHA256 041d2a89986d9ea14ce9b47083fd641e75bc34ee83b1f9b9e0070d0fa02fb4c6
SHA512 091d49696cfad5aa9e60eda148a09e4c1bfd84713eb56a06bb2c052b28e2e8cafa8d0a61a01d39a49e93444afaa85439f29360c52af7c3a0e3b53db1613c0b8d

memory/2184-1374-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp

memory/2184-1373-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp

memory/2184-1377-0x00007FFCA34B0000-0x00007FFCA3568000-memory.dmp

memory/2184-1376-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp

memory/2184-1375-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp

memory/2184-1380-0x00007FFCA3AF0000-0x00007FFCA3AFB000-memory.dmp

memory/2184-1379-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp

memory/2184-1378-0x00007FFCA6480000-0x00007FFCA64A4000-memory.dmp

memory/2184-1382-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp

memory/2184-1384-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp

memory/2184-1383-0x00007FFCA6430000-0x00007FFCA645D000-memory.dmp

memory/2184-1381-0x00007FFCA6460000-0x00007FFCA6479000-memory.dmp

memory/2184-1385-0x00007FFCA6410000-0x00007FFCA6424000-memory.dmp

memory/2184-1405-0x00007FFCA1690000-0x00007FFCA169C000-memory.dmp

memory/2184-1411-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp

memory/2184-1410-0x00007FFCA34B0000-0x00007FFCA3568000-memory.dmp

memory/2184-1409-0x00007FFCA15A0000-0x00007FFCA15B4000-memory.dmp

memory/2184-1412-0x00007FFCA1090000-0x00007FFCA10A7000-memory.dmp

memory/2184-1414-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp

memory/2184-1413-0x00007FFCA1070000-0x00007FFCA1089000-memory.dmp

memory/2184-1420-0x00007FFCA0D40000-0x00007FFCA0D5E000-memory.dmp

memory/2184-1419-0x00007FFCA1590000-0x00007FFCA159A000-memory.dmp

memory/2184-1421-0x00007FFC92460000-0x00007FFC924BD000-memory.dmp

memory/2184-1418-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp

memory/2184-1417-0x00007FFCA0FD0000-0x00007FFCA0FE1000-memory.dmp

memory/2184-1416-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp

memory/2184-1415-0x00007FFCA0FF0000-0x00007FFCA103D000-memory.dmp

memory/2184-1408-0x00007FFCA15C0000-0x00007FFCA15D0000-memory.dmp

memory/2184-1407-0x00007FFCA15D0000-0x00007FFCA15E5000-memory.dmp

memory/2184-1406-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp

memory/2184-1404-0x00007FFCA1610000-0x00007FFCA161C000-memory.dmp

memory/2184-1403-0x00007FFCA1620000-0x00007FFCA1632000-memory.dmp

memory/2184-1402-0x00007FFCA1640000-0x00007FFCA164D000-memory.dmp

memory/2184-1401-0x00007FFCA1650000-0x00007FFCA165C000-memory.dmp

memory/2184-1400-0x00007FFCA1660000-0x00007FFCA166C000-memory.dmp

memory/2184-1399-0x00007FFCA1670000-0x00007FFCA167B000-memory.dmp

memory/2184-1398-0x00007FFCA1680000-0x00007FFCA168B000-memory.dmp

memory/2184-1397-0x00007FFCA16A0000-0x00007FFCA16AE000-memory.dmp

memory/2184-1396-0x00007FFCA16C0000-0x00007FFCA16CC000-memory.dmp

memory/2184-1395-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp

memory/2184-1394-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp

memory/2184-1393-0x00007FFCA16B0000-0x00007FFCA16BC000-memory.dmp

memory/2184-1392-0x00007FFCA1700000-0x00007FFCA170B000-memory.dmp

memory/2184-1391-0x00007FFCA1710000-0x00007FFCA171C000-memory.dmp

memory/2184-1390-0x00007FFCA1720000-0x00007FFCA172B000-memory.dmp

memory/2184-1389-0x00007FFCA1730000-0x00007FFCA173C000-memory.dmp

memory/2184-1388-0x00007FFCA3370000-0x00007FFCA337B000-memory.dmp

memory/2184-1387-0x00007FFCA3380000-0x00007FFCA338B000-memory.dmp

memory/2184-1426-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp

memory/2184-1427-0x00007FFCA3610000-0x00007FFCA3628000-memory.dmp

memory/2184-1425-0x00007FFC922E0000-0x00007FFC92451000-memory.dmp

memory/2184-1424-0x00007FFCA3630000-0x00007FFCA364F000-memory.dmp

memory/2184-1423-0x00007FFCA3650000-0x00007FFCA367E000-memory.dmp

memory/2184-1422-0x00007FFCA3680000-0x00007FFCA36A9000-memory.dmp

memory/2184-1433-0x00007FFCA3AA0000-0x00007FFCA3AAB000-memory.dmp

memory/2184-1438-0x00007FFCA04D0000-0x00007FFCA04DC000-memory.dmp

memory/2184-1439-0x00007FFCA04C0000-0x00007FFCA04CB000-memory.dmp

memory/2184-1437-0x00007FFCA0FF0000-0x00007FFCA103D000-memory.dmp

memory/2184-1436-0x00007FFCA0D20000-0x00007FFCA0D2B000-memory.dmp

memory/2184-1435-0x00007FFCA0D30000-0x00007FFCA0D3C000-memory.dmp

memory/2184-1447-0x00007FFC92260000-0x00007FFC9226C000-memory.dmp

memory/2184-1452-0x00007FFC92220000-0x00007FFC9222C000-memory.dmp

memory/2184-1451-0x00007FFC922E0000-0x00007FFC92451000-memory.dmp

memory/2184-1450-0x00007FFCA3630000-0x00007FFCA364F000-memory.dmp

memory/2184-1453-0x00007FFC92080000-0x00007FFC920B4000-memory.dmp

memory/2184-1455-0x00007FFC91FC0000-0x00007FFC9207C000-memory.dmp

memory/2184-1454-0x00007FFCA3610000-0x00007FFCA3628000-memory.dmp

memory/2184-1449-0x00007FFC92230000-0x00007FFC92242000-memory.dmp

memory/2184-1448-0x00007FFC92250000-0x00007FFC9225D000-memory.dmp

memory/2184-1446-0x00007FFC92270000-0x00007FFC9227C000-memory.dmp

memory/2184-1445-0x00007FFC92280000-0x00007FFC9228B000-memory.dmp

memory/2184-1444-0x00007FFC92290000-0x00007FFC9229B000-memory.dmp

memory/2184-1443-0x00007FFC922A0000-0x00007FFC922AC000-memory.dmp

memory/2184-1442-0x00007FFC922B0000-0x00007FFC922BE000-memory.dmp

memory/2184-1441-0x00007FFC922C0000-0x00007FFC922CC000-memory.dmp

memory/2184-1440-0x00007FFC922D0000-0x00007FFC922DC000-memory.dmp

memory/2184-1434-0x00007FFCA0FC0000-0x00007FFCA0FCB000-memory.dmp

memory/2184-1456-0x00007FFC91A00000-0x00007FFC91A2B000-memory.dmp

memory/2184-1432-0x00007FFCA1090000-0x00007FFCA10A7000-memory.dmp

memory/2184-1386-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp

memory/2184-1459-0x00007FFC91720000-0x00007FFC919FF000-memory.dmp

memory/2184-1464-0x00007FFC8F620000-0x00007FFC91713000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

MD5 ce298636a1ed9482478e2dd1977048eb
SHA1 e8d8236758dee75f25804a51eb9e9f230fc57e9a
SHA256 59aba11b7bc3a3e076407c18631ec3f00999718d15ced4a04d1e50d2522da71c
SHA512 181652002668b66f21ee22cbe88e0592717852f155059a7fcfc09ebed1592eeb45f7beae7ca77a0653769407c1a5604979678d6c516b3b108838d87481d0a5a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\43a92ffb-e5a1-4dd2-b7fc-b60beace04ba

MD5 819625ecaab8da2ae0ac442e3a524d33
SHA1 cafb0bc028bb26ae58dd7bf4300c8b17f0c2db28
SHA256 16b30ce288576af8f331591a8a7195bed76fde003171439a29d990c9d68b2b94
SHA512 93f5bb4fd6cd0a4209db0079b6ed2e9da582fad9439051c8ad1b990c1b68b98345661b6c134a74a6d55111343a2b661d71ec885c790ba1b82f686e9de17f5517

memory/2184-1514-0x00007FFC8F500000-0x00007FFC8F521000-memory.dmp

memory/2184-1513-0x00007FFC8F530000-0x00007FFC8F547000-memory.dmp

memory/2184-1515-0x00007FFC8F4D0000-0x00007FFC8F4F2000-memory.dmp

memory/2184-1521-0x00007FFC8F400000-0x00007FFC8F430000-memory.dmp

memory/2184-1520-0x00007FFC8F3C0000-0x00007FFC8F3F3000-memory.dmp

memory/2184-1519-0x00007FFC8F430000-0x00007FFC8F4CC000-memory.dmp

memory/2184-1524-0x00007FFC8F370000-0x00007FFC8F3B8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 3018d1aad8385b734068dbad441e344e
SHA1 2a3925bc92ec843db64b6db2cd6fe18ccf084a86
SHA256 f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88
SHA512 7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

MD5 8d2e23c82427bf89b17d23f422c41c7a
SHA1 10a90fd488fb55f2ad01d6b7ba35a2e14c20da4e
SHA256 45e79abb6939f306d9af74ef2d3306280d28ea9dfb5534a8980f03b37e4dcdda
SHA512 edb821a67afcbc3307957fd502c760cc88f44024bbb1605d056b9ef6a4102814bea462272ce05bc8933453ded197c912e80cc320bc7bf833b58a611436c84442

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1erokq1u.iwl.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/2184-1664-0x00007FFCA1480000-0x00007FFCA14A2000-memory.dmp

memory/2184-1659-0x00007FFCA3390000-0x00007FFCA34A8000-memory.dmp

memory/2184-1663-0x00007FFCA15A0000-0x00007FFCA15B4000-memory.dmp

memory/2184-1662-0x00007FFCA15C0000-0x00007FFCA15D0000-memory.dmp

memory/2184-1661-0x00007FFCA15D0000-0x00007FFCA15E5000-memory.dmp

memory/2184-1660-0x00007FFCA2D20000-0x00007FFCA2D56000-memory.dmp

memory/2184-1651-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp

memory/2184-1658-0x00007FFCA3AC0000-0x00007FFCA3AE6000-memory.dmp

memory/2184-1657-0x00007FFCA3AF0000-0x00007FFCA3AFB000-memory.dmp

memory/2184-1656-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp

memory/2184-1654-0x00007FFCA6330000-0x00007FFCA635E000-memory.dmp

memory/2184-1653-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp

memory/2184-1652-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp

memory/2184-1645-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI47322\cryptography-43.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/6976-4189-0x00007FFCA1080000-0x00007FFCA1094000-memory.dmp

memory/6976-4158-0x00007FFCA6330000-0x00007FFCA635D000-memory.dmp

memory/6976-4190-0x00007FFCA1010000-0x00007FFCA1032000-memory.dmp

memory/6976-4188-0x00007FFCA10A0000-0x00007FFCA10B0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e4aa8cf7d48027f7d6bd280707c8a4dc
SHA1 0c357eff0042d1879b5fd9196f8f1b338f78c6aa
SHA256 e5b493556f1efb3d66e39f9a5c7b896d2f5285bfa7eb70fe41714a7728813540
SHA512 0e1ff0566427ff19c5eebacdbbc29f2ff9d1be3b95469672c89bdeef4f0b01ba9561824b952b9a81f84c85a42db5b80769ddfb716222ff9a58b23736729bf227

memory/6976-4187-0x00007FFCA1480000-0x00007FFCA1495000-memory.dmp

memory/6976-4186-0x00007FFCA14A0000-0x00007FFCA14AC000-memory.dmp

memory/6976-4185-0x00007FFCA1590000-0x00007FFCA15A2000-memory.dmp

memory/6976-4184-0x00007FFCA15B0000-0x00007FFCA15BD000-memory.dmp

memory/6976-4183-0x00007FFCA15C0000-0x00007FFCA15CC000-memory.dmp

memory/6976-4182-0x00007FFCA15D0000-0x00007FFCA15DC000-memory.dmp

memory/6976-4181-0x00007FFCA15E0000-0x00007FFCA15EB000-memory.dmp

memory/6976-4180-0x00007FFCA1700000-0x00007FFCA170B000-memory.dmp

memory/6976-4178-0x00007FFCA1720000-0x00007FFCA172E000-memory.dmp

memory/6976-4179-0x00007FFCA1710000-0x00007FFCA171C000-memory.dmp

memory/6976-4177-0x00007FFCA1730000-0x00007FFCA173C000-memory.dmp

memory/6976-4168-0x00007FFC923A0000-0x00007FFC924B8000-memory.dmp

memory/6976-4176-0x00007FFCA2D20000-0x00007FFCA2D2C000-memory.dmp

memory/6976-4175-0x00007FFCA2D30000-0x00007FFCA2D3B000-memory.dmp

memory/6976-4174-0x00007FFCA2D40000-0x00007FFCA2D4C000-memory.dmp

memory/6976-4173-0x00007FFCA2D50000-0x00007FFCA2D5B000-memory.dmp

memory/6976-4172-0x00007FFCA3370000-0x00007FFCA337C000-memory.dmp

memory/6976-4171-0x00007FFCA3380000-0x00007FFCA338B000-memory.dmp

memory/6976-4170-0x00007FFCA3AA0000-0x00007FFCA3AAB000-memory.dmp

memory/6976-4169-0x00007FFCA3610000-0x00007FFCA3646000-memory.dmp

memory/6976-4167-0x00007FFCA3650000-0x00007FFCA3676000-memory.dmp

memory/6976-4164-0x00007FFCA1610000-0x00007FFCA16C8000-memory.dmp

memory/6976-4166-0x00007FFCA3AB0000-0x00007FFCA3ABB000-memory.dmp

memory/6976-4165-0x00007FFCA3C10000-0x00007FFCA3C1D000-memory.dmp

memory/6976-4160-0x00007FFC928A0000-0x00007FFC92C15000-memory.dmp

memory/6976-4163-0x00007FFCA3680000-0x00007FFCA36AE000-memory.dmp

memory/6976-4162-0x00007FFCA63C0000-0x00007FFCA63CD000-memory.dmp

memory/6976-4161-0x00007FFCA3AC0000-0x00007FFCA3AD9000-memory.dmp

memory/6976-4154-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp

memory/6976-4159-0x00007FFCA3AE0000-0x00007FFCA3AF4000-memory.dmp

memory/6976-4157-0x00007FFCA63E0000-0x00007FFCA63F9000-memory.dmp

memory/6976-4156-0x00007FFCA7090000-0x00007FFCA709F000-memory.dmp

memory/6976-4155-0x00007FFCA6410000-0x00007FFCA6434000-memory.dmp

memory/6976-4196-0x00007FFCA2EB0000-0x00007FFCA331E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

MD5 db06fa28c421775efdfdb96a0858a7ce
SHA1 4f1a2b16d6b8be07d27b223dd4e85c24763c6a4d
SHA256 0cd25074adbb9c236edc63dc47a7d91cc623cef67b686311e73b7f3f580c573f
SHA512 9d45752e471832c22be1683a0c0f98c5806a849d29127785161e6d87ecd3a1d84b5479b15dc52896dbdd44c677f0f61f0b93ac1bbd80dabb4a52d9a16c19c133

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 edc8d7c88f030f5f644f114c5f8923df
SHA1 f48c40355fe148dbb91366939a2a566fc9da8d0b
SHA256 824a926386a6f0c5fc1485f00b54335f08016c50f1d1299e7a4b980898c16eef
SHA512 21f6c8ec4af3ddbb3e4fa6e3c170d21c3755298109cce8087a3527f54fcc4a1d7962da1f73e69144dcbf63b28e35268917e3a39d3d5bb89474a23d0b9850a24c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80f315645ab8c14ebbe57b93027965eb
SHA1 198a14a655ec21e7fca1a5a6719461156fb67942
SHA256 1b5359803559db16fd662c8a0fb50c96ac0901f44d0cc0f47e604fd118a0f36d
SHA512 669069792b0d60cc73b859685be9305efb98d2341b850ecc77a541bdaaf5c4a0bff7583c63269cd3a59aa63380f5e2b154594fac821b8a2fcc696e82b54dd2bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 13d8c47f304233e0c9b90cc5b38541e2
SHA1 99ac3358f05075e95ace296bd07513a2400eecb0
SHA256 d580b184e2b27290796f61022cbf6ef67f03ea2c763588d1ee08ebec794c5abb
SHA512 65b365d4a32e07db1cfc0c81fa348b3b34fa3a028ea1b291534cb1b8dd324ab74b924b7f3db4ca37786e976067c2074711621a876cb3d297f502f985489b035c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 51c9519899922c6f43d6f67c67d9c207
SHA1 689bd45e88f99b03308b04673bd17cbe9b973f0e
SHA256 2f251c917fec282eb78855e5957977beb8f5b570da2b870526ab1ac31edeae7d
SHA512 64b5882e0ab4f0513e65a3cddd530f96400220111463b9f9ad8e5fc250282c6e9aa60ea6e77d59e048097970856ac63d1401a4e734a47c733ac1910d4a6f25d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C62CC1FBB17E5E86C9B57BD10A7F416AF0EC5E89

MD5 ac7ecee6df40ff5bf962217bcd7b28b7
SHA1 741204495f31dcd1c96121d5dad4eafab1715e64
SHA256 c1ab711b186ff88456c70015df664632c484429870a678a1f0089663405cf1c1
SHA512 4e8c6648e29a8c33c8033a7f6597da80d202cc6fc38bc85085a30a44478df19de6f389bc11779c7c4db41cb1fe4b92125e216c18ecd1c828bd756e24f2779510

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 09a894394a95eb4deadf26ccdecb1f3f
SHA1 54990f4c3bf074b7679e68c1762df7aaa6ed4e33
SHA256 1a5bb791fa447e7c0aa28112a0dd8d54136a2ee3acabcd1da21ece3a6b5bb825
SHA512 837a1316b2ab47c3b0520c60ce10b1e1984b1dbc59dc7f8878877e9f488018efb9ec7caa268a9e96e1260f24a7523eb5cebe945b13a6176b38719c76e9a478f4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e868157bb4a9cc281a1a6f0a3a74a0d1
SHA1 200698e03776712788ebf2e3250117b81f9d48fd
SHA256 fcd1ad875bb9d6d126189afe3c868cb02026f73d10d6d5961e5a3dea825dcfeb
SHA512 b3dc0cea505644717d8e46a62d859eee2823b53a0f99595b5404dfe043221ddff6807e37d35e77023c3eb758978624cee869afdbb936c3efdf5a1ff50077dbe6

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

MD5 0ede226c38d033e7dde89bc538116716
SHA1 9b812c1741eb3180a4c7a3d0e156d858c69bd887
SHA256 c6022907cbe9bdc96287d336ec5ae46930ae2567fdfd7070bdf8e700bd1a979b
SHA512 707ea3718e8c23d1d6c6f4dee9e90e8522c1b96220efca3ab8532cea528c6f754801e3c8376ccc68f6a3b335ffeed77c72473459f9b682b969d64410e6b1e80f

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 7074757aa9be8d1f272eb6821cd045f6
SHA1 99d163e346397a6a4f548a07217d205af502fcdd
SHA256 6741e7ef511c6e641657a75b862d84713262763abbc082e3d50cd561fbcd92ae
SHA512 a1db09714ec97d9aadba56a34d7f9ba58c507e9c15a941585384c9c25e53ebec70c140171f18913a49e473a8628cd2c81dc79e220be8211818f819a5ce6ae781

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 86bab10dc9cf3e584e4ca6d59277ec16
SHA1 ad8592563e634b41fff2ee7a251c15d2645aa82e
SHA256 b102ad22ea2331c61399039dc0fc653061a7136349a400ac7ab592843636a533
SHA512 424565eadc09765acfeeb8fa7d7f7e5e890472d3cf282a7f956e5cdb7fa99dbe42c14781cec38d8dc73ce3e2d3fe497798473eb55d3017a2fb7c135f4bc95286

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\12043

MD5 c6c741d3aa957af01f55abb3858604c7
SHA1 67470672b77e244e59c05238e670861c04948d11
SHA256 aa7cafdfab29c29d81d626e2af1fabd2f98bc416979e11da65e4ea329e27d818
SHA512 b47e242a1a56bc7a8cbdb07ed54f5e15cba836008b3f8db27dacfd381649dbd5fcecc7add371795b49697e2a0aa046e3dc7b6fa8e33dc185da54ca73bedd504d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 131f9935f494bad7f01834ea4c5df557
SHA1 141cbc02b4776a170dc9e4bb2437148c69c59ed2
SHA256 8a944f4a5127bd8e0236357652b975cfc8589f0fcce6da447f023a89c6b0fac9
SHA512 fbfc08e083875a436aa710477be83b533f08422a5263409ef7af82d9c2638ab86f6f02b827d1011432ae3cefd6d50929584007869f7e963adc7888edd5e3a77d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 776284d71b729ab0f2d96416c17298f5
SHA1 fc30e3554c9cb27a2069d1ebb4c0d5c025664521
SHA256 10cf34bdc30f9e6307670dcce048c4fee7721f7b3e9a14bcc86379c838d5b28b
SHA512 26a01f889d9de0b0fa43d8717051ff9ecc6edc63c61a16a4846275fed9c45f1885ca5accf52a50cf3d4c96294147cf2a7eff98e07f6149fee31fd4c6fbb22b5a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\32352

MD5 0c10aeb7460c0b34f3f1ca97c11486eb
SHA1 09efd0163d28a4248af98c676374cea75c9ff6ba
SHA256 f8f5a31455bb40b79af3be2756547c863cdda1ed66a68dc12e3d11ac3480baa3
SHA512 13f0df4e777587b6838eaf199ad0bf2efa501a60de8a787c54a3631541f5a8f416178f3478839c0435ce42b5f53b95d21764a44eec9c53fed48106ab615d9fef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1202

MD5 a4a2fdee6f17497f6dcd196fe5b27979
SHA1 ae248b4e82d266d4a2de5fa0380e0020afcc76a2
SHA256 818c7e5b6175fe3a7e2bb82fd544e1dda5270b9b5c34e15436eedbe5d7d21b6c
SHA512 fe0941579bc613e2993c9721774bfdf0b4b726a1a41a8ff7ac1c09f1f20b60e843ce941f5cac8c2d40de67156385a4c13946e24f13cc20100c62cedcc6d7848f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 a2fd670bcb603e32202dd91b728fc4ce
SHA1 f7da6f0d9f88eedcc3f328129223c9a831487c1f
SHA256 265f3019a6b3075c58833abbd81d786e5771525ad36a1e1947f8d5b6a6bd5a68
SHA512 40f48aab5950cb7424539d627180f1d7d7eda0d96235fb7202b3208a516a2ecdac44fabe58b0ac3bfc11e1eb55251c9cce0e114d87ba6f94853a54a0199c8063

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9770436d695b992f2b9b54bda60e10d4
SHA1 ff3652ec50b52f68be0988f09722993e1ef41718
SHA256 1c803a51917678730123d0ee46e9805d2b792770dbe00f605540f5678f3cbbe8
SHA512 1880bf6d707cd5158da4d96caa794859f210dda293eee00332be1b130d6063974d7ae9bfce4557ff6295f20077a225b947b4f3b29bb3916f40dedf349ca6a4b0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0d2b7c80c0a319315e5d75fe0cb2a6ed
SHA1 433b18fcfc09a57eb0483d12249d58c99fc7f0ec
SHA256 47c23355d71d786ec6286faa3aedd64aed40a1024cb75c6bc3a2b528f2577e98
SHA512 1f56c8d861ac7aae11d4bac2040595beb9f9e3c38e29af5f95741fd9ce0fd01432aea98c71b58dfc4abcb42135c0aa3c1abbb90ae1b8981c136c462aa72ab82a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a30116d898352432b5a4ca9aa85b0daa
SHA1 8a21b99f16efcb04730b1dd53872dd776816896b
SHA256 9d9491f71cda30420ccaa1051c175fcf07b24a3bcd78dc4f827c6112910abe94
SHA512 9260f6f60caa1210dfc9466549dd73b5203d9e47f8a92e6768fda30129c44bd1bac89a962c2533f22012b5ab395fdaaec3802f850d000e4479a7eda16b8e703a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\2773

MD5 301e9edd19cce283abdbea19a08d9fc4
SHA1 9673213b0e11a13adf4d83f48da03d5d46de044d
SHA256 a79e5ad7c6a9f08bd5de8d13ac5788025845b0f9da4f3175917b54f7fa4798f6
SHA512 f188b5d8db4a6283b5c0dbb8c06e6c67c0fd92de68368b6ecd970259c8067c05bd7f46a73e62511c4fb83833699ed392cb546216dfaede8dde2aa057bd9ea840

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9b08e546a3e82dc3e6682576631c6141
SHA1 b15d3efb1984e77a02238f0fc4550d86f834782a
SHA256 30e2bb6fbe30d21ab944c3688b10656b7c34f8a0323b29b98a8a012f6654e0d5
SHA512 84565b0c5a4d47c58c573315678ccbd12b5e8c534f8c308a27f906b14e4fdabceaf98b1b91e11bb349ce4591cdc977b2a57c109076b57159b60473fd46fb39d1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 e80483de9ed19fe16dcdba6802e6db34
SHA1 741d9d4c30dd8b20874cc33b73576de55b8ee723
SHA256 fd1cd9add89b288c6e9ba197c2038c44d5430b74a2092197ff2ea0086c5df03c
SHA512 dd8a6ead2483a24f43bca8f2807f59270977445879bb339cd01a9bfd57c38007a715db763b42465c11479808e46fb3abb480a47fbf20b8f612466c9a12977c38

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9820A04C9F7400106751A4218255253EC1E427B5

MD5 d331062da0e03f0ccdd7a9236a2772c5
SHA1 68be193e9c90bb2ada2a58dfaee075eb9ecaee1a
SHA256 6f3284a9f6e2842f40d0736c8969d37a1b3af864a789b7c18dfc279b01ddfd4d
SHA512 f7e4c61580a367a3ae13edac720cd6dfa3dca8da208a718538981df1aa1cdf23e40e46d0f3df8baabfc793fb8c2c07b5664456dfb138e5b5fce5f010cb74d3ce

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0535CBB72AA412E5E545B805A22C9F04D42E7EA2

MD5 1edf7f2772612a6c5c7c9a550c86d653
SHA1 c650a53d0dcf8cdd9acc13ede829298b8a66a365
SHA256 7a2331b34e794441002c24cc8d413ab799a71a4dd46713f054f309f49167e65c
SHA512 ac3c10713e3f1ebf574dea58aab51b81fef8ae8ebedcf9a99864550fbeab2bf1072012a4e206fd662649ea93c426cf17251d147fae3aab1fd90c1c21ee075ba8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\DE589E092797E960D49C246AC23629B8A53A2F1C

MD5 c6eed2da656c0f4b769a489a2292bbb4
SHA1 d70ccac9d3d85b7020c5d756aba87f9b2f650c40
SHA256 d5c29a955a75ddf762101e09212b747cdc12d3702f14119fa67825e055adc612
SHA512 fe801e6329b431a324a227248ab74296453f543c23b97f5912c81c3b2d6ac186759eab53d4e64afb49356faf1b67aae76f779694b9d4956d864f93602990b226

C:\Users\Admin\Downloads\ChromeSetup.D7zo1LHs.exe.part

MD5 ab9d202008f32247d31d272ea93471c1
SHA1 ac1935ca1e4c09f7f20642d1be44ab65c1585d72
SHA256 0887d438f6095fcba68cc6299230bf87de1a8e14a163b1c4c91e60f218fc23c7
SHA512 9bc4d513a15e7bd2a20bc27a304051fdbd94c7c04685196cbcc815d1094def6222f8e6c9055e06a54173c2a01c8b6fcb3a08aa6505dcff8a28048b4441e850da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3b3f35c27943a5219e5c6f6dc8714a6a
SHA1 c3121d443b27bbd83164f901774a97fb1270db8c
SHA256 0a5dab9afde5c2fa70d47d78407cacba508a1adf037a6126e6e1f68c58017717
SHA512 39227f0e1f3e04ff4a98078f3b9cfe63d69c2ef49057cf9a35023dfacdd6302cce3b23d3a9838ead03a18b0ff9dedc314d2b520ef9f456df89e57e6ad297a928

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 7e1015bd1b7c60c1b1fb4bf1c6195592
SHA1 9d26769830527f83c852b39f38a944438f8a222b
SHA256 2d98d5302e4d55f173afb53cf343f60def02d803f45db863f1e7466306d76fca
SHA512 5677595fbdd2e918fcb8914ba5a4d1ea49d329a4293f3a2d8b2cfbc8e28050f37e73dfd8403a68c7c0a7dcf99481b4d0529eb72ce4caabb3b979ef5a18dc013b

C:\Program Files (x86)\Google\GoogleUpdater\129.0.6651.0\Crashpad\settings.dat

MD5 45c30ce59a7276a68be3c493ce37df71
SHA1 5c943faac062fef354a2f4977b69428f102c0c1e
SHA256 36935c5788cd295c5724f567fae3e3fbe295222b95ab546b349e7984489e2a55
SHA512 e74a6baafdc05e405498e30d12139f3187b7d74271c0f2ba0780ff2da0be950c192c7e8775aef647e012a7a11e8ad3f4c4e6fceaa6952ab114bac14cc2cf117f

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 c1923e4e37f77527879217984b072499
SHA1 fb1289b593178eb780c183bb54e1b52a1af3dfb5
SHA256 f2e37e22a0dc93302afdc10d5d76d8f511822b33a897fc035573462135002d9c
SHA512 e876538a289e30f6ae14697d65d781d3725ac90d3a67d527f6a5e7ac94c915a6d04d109c0571d4aae51e7852d747d7150699016be84b3e261312fbe603f45750

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ef35cc7e9f171cf71ec6fef36b068a86
SHA1 70bd44f25a6bfedc2ed81340827c51c2f8824f35
SHA256 b8f2043656ca83617076fce1907b5dbc94058b3368d16de7688b1beedab50a5b
SHA512 16df016daeb98466128751d5a62d8e48cb2f7af226d75a787b6fb76ceb1f90242080ad035d656a707819d740dc147fa7d549ba106b66c498107b17a022483747

C:\Program Files\Google\Chrome\Application\127.0.6533.120\Installer\setup.exe

MD5 5aa8ebc484fabcfaba8d10170d0b4b59
SHA1 522c14c36b2a515426b0a97c97d9a11b20605fcb
SHA256 fcdf6ee87d81342d7949eb27d5716de504b0b0c7feb9ade2e24a4f83f2fc4165
SHA512 fd6f029b11908bf19532b4991cdd02a398d1be1bdbcc4b59adba2ae72a3cf3430b52a94be0b6487844b8b74b094aa91d1f514116ea14ae585ca65382f95c702d

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 1f7b3718d6d2850737a1db1f61a26f39
SHA1 f396f79bf1693eb4aa1aa59da7820cdbfcc91f6c
SHA256 38d27379d70a80ab5b8f1eefd21ce53fb959dd7de25db6a5ac5580a64c7a16e7
SHA512 af7fbd1ae460812f32fcb2cf180d9f4a7df71156fc54b95ee4e71fee6d3d203e3308dbfd2184dbedfc1403dcde8e91626337c0075b28e0533d972aea1a3f2fe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7623468a9cc2d803048c8a496902db8
SHA1 0ffd9edcb3d5b9255e83e2891aa788a600e370ce
SHA256 0ea69abd79b4600af402796314f6801068e9507a2959e710dce4f7b7f9945f6a
SHA512 b1a42197fed48333d71904a34bd285b95128aca41f69addd8088c65705a66b183c3616ea29422cc5b95d65ac68f7e17e75309b9e7394d927282be4d429e701ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 283604bd21336d9ba3c26a935c13f7a4
SHA1 c10e062ba71df430e410338d3649fdaa79abcc35
SHA256 a4427559cc865b7fc112fa2dd0936f323a763768c37321cd9fa72e6a526e3940
SHA512 e40852a485acb10c8dd23716cb756b0993b32565aa3652a8bbcbcecc852a26247d44282974f2355b26acf6a7d4895ea35b0f3bf31d02b54d453f61bb69d00b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Program Files (x86)\Google1296_1078768204\UPDATER.PACKED.7Z

MD5 966d844579bca7fb789de9d3289774b5
SHA1 e250f99c09726efa928302ea75aba6b3c825b9a8
SHA256 90d55dfa83d4a7fdcb0b53149ceb0c2361e5a41bea5074649e3d5a109b6a6031
SHA512 05cd96b18a9711917e4d8e2a1938ce68ad3ef1bab7a5e5ef3ded1090f7809b58c6b829120e0ee7498e378a9be05c1ac9f6c67713e9aa6f58edd6be8264140cdd

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 8cc185bb65ede15b1462e84e327efeaa
SHA1 73d1eeb6e16ff02e2283b8df627136d4c9d98c61
SHA256 96a0f1df55e3ce143377c9915cf529d6ab8b9b6ef7d3cbad179895b30f947faa
SHA512 d2027917264b45352db99676f3fccd83efec8d593a8fc1df2dce076a60fdddc8ed834a37cf5c11afe6bef3867138813ef5c627714c956092f1c60fc8500b19c1

C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping3508_526934514\CR_39B47.tmp\SETUP.EX_

MD5 427a22fb95863124359729460e226105
SHA1 e6fd00c0b2baddd938be8693a2eb57c5f9f13340
SHA256 95bb349fa4e1049bd61d820a30118f7e914a934ea54c152538bdaa2446f49019
SHA512 777e57a7598d53a5dffb2e620ace2678964684b63291375d31864d07f2490e01af1db0fdfda28835ae4b5b40e1577dc766aea04557c52ffa45299b342471e55e

C:\Program Files\Google\Chrome\Temp\source6984_1808138634\Chrome-bin\chrome.VisualElementsManifest.xml

MD5 9ed9104ca957d79d5defba46daa09340
SHA1 60b4e7de9f60fd1f1de45693c5972cd938755993
SHA256 4a4be0d75e252dd5c71e775817623623dac79dd8bf72c50de978a045bca17680
SHA512 8664e939bde0b9759b5fc57f7487ad5418c7334516d65de164a6ec67b9b6c4539b53d028fb8718f73743d5db455fe110dd0fdc436ef8e3e153af4401a83bb96b

C:\Program Files\Crashpad\settings.dat

MD5 2092acda14eb142eb6e4ca599ede8f70
SHA1 d3a24c268f37f8edec0a19b2a884bb012926e653
SHA256 f6bf3bcb3a571fb334bdf485427938eb02843b9755680551a8517f9631b4611d
SHA512 91141f067708f2441fa8803338022028aa545735dab313180962f8623c8e2ce0e0e13301761f245bdfd023b7f4c61b36312f45b9a7b68f97b28d25f197101298

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 34ccc6ec1e905d52a67c5c21253291e6
SHA1 215e7be4f18896e1833ad4ae117f28c30a3ccfd7
SHA256 3224c82bad539c4c1ca5f0f5adabfcfb81cd7908820e3fec8e603b0c1a3f4c70
SHA512 ebf834c287f4a7ff3011590d9229da2a6a3ae394bf1379e44bf44ff8cbb987dbb48c330a2deca8ef12287171278a064764c3495b84601fca2cf6a7298d5be683

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 a3bd8f0ef58940a10852afcda300b554
SHA1 7e45aad1fcd5e7cc44d030c31b8804315d6e7e5a
SHA256 18e87c0c68f6c558515fb9b25c20897b32ca3bcdf76fc1c9e6dd752699e65363
SHA512 5582266d6ae47f1fe0e5be383463f1d1f3f40515468f0708b42dacdc86e9ff6d2ad52977e316354a425dc3fbba549e1b39d6c97d3e521e673454e55b5e9552b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 c86640aaa33658aa24db5a9e946108b5
SHA1 42a8819c961a6db7e165a84bab0781ef72e71d81
SHA256 bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717
SHA512 5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3acecc029dc30b480eab21d7158befb8
SHA1 5d545e6ffd38eea9b82938ec63bc71caac2d5f67
SHA256 7d0d45fe468b177ede00201839a5a8bf235efcc985024ccab34b6e79e525b60d
SHA512 615fbb35546ee62b52926a181ae98629943a319f077b2c77954f9e5517f10127b3f29a6c9db1071efcccbe0b41c0574d634bfd2dc4fde4b4cc5db083e066540f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 adc7815c29435cda60dbd0635272bca3
SHA1 f4fc15570c66aa144da327d547e9ab03307cfbc3
SHA256 df39568e62b91abb1464cc592bef570dfaa296bfb80125df9d5b08c4e6efadbc
SHA512 77dfa795ba0e0b4ed420376121883221209e3d1b89ffe1476c3982c10a8bc37450428af0a1e1f23a0c253620bed935274da84fdf7a83bcfc8f0dbe0f76cbd688

C:\Program Files\Google\Chrome\Application\SetupMetrics\e37df3a2-558a-4bcf-ae2b-8c49c8da33ae.tmp

MD5 d7bdecbddac6262e516e22a4d6f24f0b
SHA1 1a633ee43641fa78fbe959d13fa18654fd4a90be
SHA256 db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9
SHA512 1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2507dd1a4109bb2d8cb2e12ac2ee3207
SHA1 22f594c35f88ea0b840c90d84f8bb3994804aa9c
SHA256 ac57eedcd3374818759648d74107a5bc39104302bff928695d9c6684e2f9727d
SHA512 1e049c8d460045b63ed2efef1eaed6297aeb221c60bb03f60199ac354f3c589ac5ae095059d46ee5ad289b8a46f0c96edf298fe5f41bbf5fa022eb8598ce7996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\20d8723f-0ea6-4794-a67e-a7a442590d38.tmp

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5a5c2e03336b593595aec93c5eee90cc
SHA1 10e47a8b7fe15f7dbf165cbc62e624fd4257884c
SHA256 8f7779cfd673aa153e3e9ba245a85689550cf4913cd6974f1b34a448eacf3ab6
SHA512 18637a3b293651e2b43cf75d2e20b64c290b13abb1ef4cc6a041332517fbb0d5af4a5f0a6edc4f101602505477ffd6c40fd5180b6dc05663491bef0b87bf43ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c9227b72be73a7e3d81fd19be6e240b
SHA1 1e84606af7d12b51706108fc492b0beeb270834e
SHA256 aa06a5d8cb7da12658e482daa228b49652c9afb8ed649db27e6a17209c27df5a
SHA512 5b28ec15c3787e6541c4235c71152855c930dc7c7915a30c644ab86afc2e3f064fd9214b90c554b7db45a95d4962f80e2235d8629465663dc2aff4da7853bc07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 81884f9522f40bb65a60dc0e1c0f0f8a
SHA1 d84d13538e693517cd9fd3c0a537be2847032468
SHA256 94de3e9fc5ec6abefdd30f4ea718c79a20c2aefac1f0e7b777dbd99c783f0e3c
SHA512 390a601bb2f4827f763eb772a9bce7f4e6fb2a05546caef57017adf064bd83e30dee6a368070eeb46234bbf49ced4478b95be3a79d1007828c8f7e56587d929b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 df898e9ba107d0aa4adcd35f75332717
SHA1 2bb23752602bc661e5b512c15c7bb6f19f93c800
SHA256 63977bce3f73dbad859bfa25cb9f5835eff170a5253c391214f1ee25de474c17
SHA512 bc427dad883d95a636a0e8b146951e82f128bdaabb8dcf8fe9bf24d365b99b2dd09bb9dffe0314ba050da14b3b7008ccf152076437b53ad42fa5f7d5381c2116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3997b95f7c75b323017d5c891c1e615
SHA1 a023a58402bf75f0dcb4171690607592df5145d1
SHA256 1fcc6d3bae396947b4f5d324b6dc93d9a646f9ebbe8656e0891906759afaf7ec
SHA512 7f4ddef5d749573f9d4871f5c3a70376c832dc7f830e857ff5723033451fa72e7aead521e22386df7572fd20532c7dc1cd520480e728aa15c1b0a84cc72f7aa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d383375c92212fd8ddeda4a3710f2fd5
SHA1 c47aee73b2c8ea5aba07d23a511525356f30167d
SHA256 0e3867176f6c328baf4b2ea7a33efdd7cd56a3e03fecd990ef542c224d0283f6
SHA512 dde41aec462a06d83a8f4f167e4338a4e6e843f31de919a5d8d979ebae0bd491514d0d7d7b92b4f0f3af64bff25d5795be4151fbbf6734382f205d1dc5cc9212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 57e34259ff88102472ecb60f7e5f566d
SHA1 fc295ae9de359a0c59b685319918a6633f65d12f
SHA256 60386de37404047ba3fd533ea5feb079de5805a0c00cc44bcb93eb5c75705f4f
SHA512 209f7a384127391c45b51ff3185f4440c3d99f2675f46341686dd46e9ba1e0c5ea8a43307b8b2f7607584e74d6400d9883bb6db0f6f2c6235059384210fe14dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4772e2caf33b5b48f9bc72064c2cd69
SHA1 8aa5b817f061a711aa4f372db3ad613060f34337
SHA256 b213d13c9dccfc9e8cb3f48f838802750cc962117a4b177c582d7006e431d688
SHA512 30dea2fea2067ff4ea242a47988e6b96c3d460f00118a46fe2c32a5a9f4f51597bd83cb9f1f55655da54cc541aac204e50f2de8224a7733a5db6e77d0633f23c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe614eac.TMP

MD5 7dbfff9b5c30cf50d267c2803f4e8ce5
SHA1 904876986e3878b05c0420a64f0cf571242db3e4
SHA256 6ad685f109b69506313eb71294a5e41952545d6e89419935d8989db530c97c97
SHA512 27e0065414c0b6d5b01f247eeaa9dc80df2131f349d10ea27a1a575b9dd807c407773629209395c34fa294831f3bffd5ec1b345b2a8ae0d1fca3f836358169ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa36e0383c76bd6f17b8875449e221e1
SHA1 f99c9290eb34c4d0b4c4a82f4da3a1c047a0e69a
SHA256 2dbb56d0528501e9f6daf0a3756e5b7f2a986c17cf1828aa0df6e76f1d81ac72
SHA512 72c69a3439aee198595c1d7c109ccf8fb9b3ffbb54fbda0ee2be6b86b5e4074a3227fc6534f5ce245f0bf0f2872aa9d310b9a5fc2ae8aaa772b78f00fd5ed1ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 756dfb5087aa5864a54ad41fde14d545
SHA1 27a9552948a246a0699e657d22a959f843223a18
SHA256 0023f4267519494bb2df0934f5f606f9f145531a6b9ebab97d443e3edaedfc46
SHA512 9b902a2b5f562937100a3870eea70d801ddb1f3cf5e2297559c6163e60eea75f15f7d4470f125969bef4256a209fd9c06036eef34ab4a97d4ce1707c703b7d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bc84c5ee8c64521fea3e34be5afcdcd
SHA1 b29ca3877b3f8b51d14d96b174cd4376d84b033e
SHA256 c57e0ec6ef0a4206aeb9768a68c7bea82859fe0931a67cfdd7c46c3911b6c295
SHA512 72baa16d946b72c6050827550694d4a7b29d1b78fb8d67098570b6268f900dba4cebc514cbda9345f21274eb84dd079428186de11187c687af9a4ebc2260348e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b70ac81661b1973953f7886bb92b4ed0
SHA1 cfb9464ebaa9876e834583afec7494531c0f3986
SHA256 d3c1c6c6f45aacaa4b4430dfa4246fbafae06aae3e49ef4d339ba733f2cf3e84
SHA512 c45598a0eaada12f318b36fa4e4123a878b1862b2bc6ffa69773b9ebe7f2ce95c2c0c534250bfa4080193c1e7786023ece64246eaa200c4be46f162cadb9965b

C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\crl-set

MD5 5c89b20564ffc49b9b2e275b99ed084d
SHA1 7f3c1d1f3d84eb7347846316d81601a582f4b803
SHA256 bde55ce9ee32cd827e08415ffdfdfe8c87b1e68c914ad5aa242d2360ade11c66
SHA512 c985b3737f4a35a9a26b946bc8309be90b08a0e7b979d3d5ca7a322defeda3ad202be5f44169299be99c3c34733fe82c38df4d3673bcae1ba4460cf586961734

C:\Program Files\chrome_Unpacker_BeginUnzipping5760_1428894502\manifest.json

MD5 76b7226ff4e1205df14e60bd388f9c1d
SHA1 0f053d9e479a8af0c77b0d9437747d122244dbc3
SHA256 417a5dd6b49bb065530921626ee70545c6fa1671b2c0dafe14b8d1be6cda771b
SHA512 1fb56a033fcc21967555c0ef10f7a0dc1fa8d6ef48516832ca22db569e6488a5174e46c3fb3940823668bced411d560e6b41c9b094cd7655ccbaacdea0468927

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6a8b0bd2a39de434df63c637b9e323d6
SHA1 76297e6aca3b34ae66a52037ee945868eec8b6ef
SHA256 e97bf5370709003ce74637a8d54922c9a0cbf4fb1206a986bee9d058b1016b86
SHA512 1a7e47547b5f301562bcc6e38db515cddbca71fc15c1f2e83ea2392bb9b377ea92cec3c876c4fb169716c1d720be1608133e73aa5c23d15578fada92f2d8c392

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9e29abdec388180b0f11af9f9745463
SHA1 9bf770d335d37e302c18db7cdd6e743f296458a4
SHA256 5c6ccd00b388b4eddbde1d9fdab5094efe1faf0fb45b018875c0f320af84abd6
SHA512 d338a4e81fe5bebfc03185f30f9b9c2d98cfc1614c85774521cf93493b301029f28ad910ffc9c49e48cd7649d64bbcbe37bdbf1a00d8e8fb0e32715d52cf4a71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ced08be5f81101b319456c621f217c00
SHA1 fd428ba2b1e9711abc0f995fbb34d0b7c14e08ae
SHA256 e0345ec1dff95c30a4590850d7864eec58c9f15377d311f01427b02d40fc57e7
SHA512 f2af05a78f35fe35c2d1a7aa80dec8832a7a131aa9f5746cb9fc489c56e60ee166967389e293f11f3b1f3b8de64f6f834ff2d8ae1e7f6fa276f8df64eaaf1c84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4c0ae33f64eeebfbd63e8a17e4003ece
SHA1 444ccaaef62f3a56e7ab52792143cb5f5ed5b487
SHA256 8c78d871ab4b710e37f7a5a59c81560d7a3d4d0fec352a42c544dc6e762a7543
SHA512 d590db260e174678dca60db1106630138ef7f8589231be0cafd6bdffea22ef11005da3ea221f36595f8f11badb19501274d73cc0c94a28364956ea687cf710ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5dae04810f872f4d74a61da95d3e160
SHA1 ca2478809c4f702dfa22e63dd0aed123c3e76aa6
SHA256 73bfc157a0e16c862acbce927cef020295300e486431e40394d6fddc3d5e8f61
SHA512 be04c5088577ee616e71fa8188a62106ee4bbe753df58dcf429b006d1b68ca359921393e0f23d759dab52771dae421407d27922e0927788a89fdca5f43e5a2b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89b067f17e78f62431dc45372e321b95
SHA1 1ed505f81ede86a277d7836e7b94da5f1e28b9c0
SHA256 e123576820f6eb76da194700cac8fcc31984a2fb8afaa32093e681255e1476cf
SHA512 5b1c4ef4c34cc44d6c7f40da41c718cc412c797bcf26c9997832ef7ccd5777b91e7d261411948473a1b1bf036768bfbcaea1f06784975e5e48379540ccfbb70c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0152cf7e1c8a98e155841d621d4ff95d
SHA1 8bfb7f5610f9e3e94d7366908948db303221ead5
SHA256 3383f5ca3787e3d7c0a60de92f6841eb9747a636139212ea7534b9f62fe13f2d
SHA512 8d30171195395fe1d4aaf9a2c2df7a5703f4f192e6dcf6541f2b13f98d468b7a2b64c1df92fbaf3e5e1c88df40f3a65abea27c0f1fa6946b25fd7e7ceb8b1269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 964ecfeb4c78d4a3c897c472641e9e2c
SHA1 c26f13eb5e3b9775eaba2f30fc0ba8c85e75b195
SHA256 cb4a39ecda4c57bb1f9f8880dfec08f1d8ab2f28bb0deaa6df5f4e9c389be6c3
SHA512 1e4939a90cd69317b840da9bba3ef047efc5c9aa8985f142a47ee6b5f2ec22b1cdfff8f6c388b5d6ad8cb096ed161cb4045aa94cd69b4671c21259ab19804620

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75d88a69ad89e2873ecd599f5e2daa31
SHA1 173566bde2309557e31efccbdb12a49cf89baf51
SHA256 2d9307e90c1acef52d9a556ccc483c92ec78739286cacded24451e5ccad568a7
SHA512 0bc8a44b69ed716da8b2e809fe55bbf0764e232f13a362c94a858d5f7d10acdd6a20d2d49ace44cb2409b499f5163253449efb40500b20564d42f12a1beb8082

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 a2e8d9fc4e68453c022e45b673ab278b
SHA1 f16041e604caad6a90ee7adf75dd314a763caf44
SHA256 d7e0ae5c23ef6c4ce34159796fbb64f9079dc72e2eee801259a32933be2ff58b
SHA512 4da1b3ee6b65d985a7f0807f8376e6d9cf963cb15f1e1fb096620db247db0f71b7f81adf0617547e72232387c4ea40f487c04ac6d979e37f1e880cd54ffc755e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31f664d9cb3c9bd0d888103d03798989
SHA1 30e97babbc19658208b0be1507b5b484baa1287c
SHA256 0569aeb55ddb614861c5b9a1242d0bc6f630da312b959ffa94cb55f8ab8f7128
SHA512 60a1c36f75d27a34b74c097cb67627b4325836022d589b18ee6974bb5d9cf8be122d5395e63d9ff9ec8c667637b0dbd05af6abc433615247b5ac90fcb50c009b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb56362eb9097b527c3c5dacc470e470
SHA1 7a3add11e8e1e9d3fec3c48f1f78a451e9a8d91e
SHA256 d2c20d10130ec6a7dbda525e4e61cc420e87f47943d0d8bdeb0d8ca3d21460cd
SHA512 1c147d510c67f533d35be1275e30bc6f9617d23525b9175dafccccb5b7309552d41f927ae0c5975f6da372fd8facbcc48a243c717ff5b9de48f00e6080df2e4a

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 f22a975893716f0bdcde2a974f647029
SHA1 6592834bba27d29448c9c138c144ead944fd0d36
SHA256 ddb4d5d544e97e7361fce31bb8b6b11477e00bed2d105bebd97f30e5826fd244
SHA512 6156c0a956ba8d00ca01e1663a902c3520325473a94371df0e429e9ae4628e266767cd65c8d14ce9f91d7ebd264a1134cd0288374df375c2e2fe938a93ebce17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5394535f0bfd85132bd1684f5798d3ec
SHA1 b7da1059fcaf98f1864d50fd86286e0e61b05dff
SHA256 47a178e74e08a9be89f0c6a2f1c06484175b3e4123fc948422d9c82ded1b6300
SHA512 e52992c2bad1b498d78a985af12967896f82156c5c0eeda80f4c94a4c0a7453949bc4c12c61d34cff58850b1bf7e2a260708fe1276c7cdf478e9199cb2e56c3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 16e30a1f34c4c82e3c40786dc2c84449
SHA1 7544252abc5b358679b18d6755f3b802d5d23574
SHA256 2f429755d404da5f3dc7e69058d96453917ab11d91ad808651794bfb356ee294
SHA512 5bdcc99f804e1f1137ad3286092440e4924b9ef9927050492965e41035b501a4cc0c59fc031ea8c76cd92d0d84a6b3a6b96efdc1e3d1c05bd66e4b2e9acf624c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cdfac2dcb777ea5de23dd9149962d58a
SHA1 80e7354d77b3a40471b129d449522303846749f5
SHA256 20cfaee00162fa0516c959451c3bb554705c04be274f7f03a05d2d4f2b09cac3
SHA512 dfdc3ff43bc1dbe8dceb08e23955138dfc5cd31857e5a36b7d35afde7695668ebb8a19836acf654107a19f985a76ff5343933d5deff5654d506259dcb25c3721

C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

MD5 d33c4fca79f7eb05abd63704be43dea4
SHA1 bf01aab260f23c754be003faab30a4698d8c65fb
SHA256 c941ef334ededc3c14815fe942bab2706aaa2172f6254cc39fc41a790208b5c4
SHA512 433b59d8751a76cbc72f25bdba8394dac0a575a9484aed2a4181c4eb55cc30455473be75f424cfd33cb7d5c03d93d99722c50ecbf3be1f9eef6d99c963e0663c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49288a332862038d724fc679fbcaa4f4
SHA1 a02e421c44b7f2313c41496826ad32bbe4d3bc58
SHA256 05c4f8d899ab532941d269371d6cd195ed0f8095bb87d7f281f40fbd99dfda7a
SHA512 2cf68ea93d149e52424c385f52bb8c8f8b11918d68c3f366ba8cc146b45cb9520f5ac8adeaa221b2c83253dcb31f87e7445a60ef455c17ed3a8966e36e8c16e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a20d74ce-a2a3-4cc9-9a7b-4cbdbf71d590.tmp

MD5 c819456b786dd60a4da4e71f36d72ad2
SHA1 5c67fc43d354fda7b8b6d29858e6fdca05303b2b
SHA256 9904e4d0bc40097f7f34f8fdbb1ef5faa88c7ab34d87112b8c43f3416f2e647c
SHA512 8ea926c2c6a994e9cfdc26640ed0d3494975058885f7d4515854b1b5cdaf60fffaa49cfe293c866f6a0de7265007339363a096c071c38efd479226c82a4a3aa5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 9643879d34f3b736c39c65b8d651030c
SHA1 57fc51ca9a0f802be77387e3b01c8ac4867362b4
SHA256 176d968ce9b0ee68f06ac4a82a76dc1e5871b70ed7a37982da211d2165a051ed
SHA512 a224980b11fee5f2f47903ae98dc947fc6741236718b463882354c50c77084310c774ee5b95aed44cbe1f82fa06b59b03125c843f32b854a401defb86105aed8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec8e7eefcbae1a72b9b54f14c4835f56
SHA1 6716cc1d9eecbda4a5508bb533deb5a080c3514a
SHA256 30df361721a6f6b16e26a0a382c7c1165083f073eaf886638d56148827c40512
SHA512 1ae32da83dab311474b2bfa0d41f62be50888ab029ae2b32c1376d9c36b25f5999cf9024f4de4d8ac02f0b7c04b89939f2877c9cb674fd44beba289c5d45c783

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cfef54ca42e6aafcda4e6a31a505d78d
SHA1 8591cbcd4f0af9064a9d4ced7c4ff6970965b31f
SHA256 39cbee3301be073928f30de7fdefeeaca81adc942078dbdd4ddcc9968a680d7c
SHA512 e657f4be4d4d261df7ab4cea77237c2425cd802ce82454038f8ea016ad5d9296f261d39f1ce9b8c4ddb9b2d01574e6e290081ac88ffb503ece4acf7900ccc022

C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI54602\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI54602\_tcl_data\encoding\euc-cn.enc

MD5 c5aa0d11439e0f7682dae39445f5dab4
SHA1 73a6d55b894e89a7d4cb1cd3ccff82665c303d5c
SHA256 1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00
SHA512 eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

C:\Users\Admin\AppData\Local\Temp\_MEI54602\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI54602\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI54602\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI54602\pygame\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7bb39b89ffee9b607985b002c4b6b393
SHA1 68352f6fcc28edc20581e3cb5c4617891d2be5bb
SHA256 0972351fcc3624daf654a52ba8aea7c13cb305a57320f86e96fc3a99dfc1375f
SHA512 2411c33c6b6e3f1876423a3fe0c0efd378293aee9d843ffaeac975cb777e6d557bfc1cb707f5c613f10761027594f8031bd96d4b1d91c51fab96d13e844dab6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 422d3b60235816156e0b48d3cc8136e1
SHA1 79108cd456fc6fcc38a67d8570d46544d0ce4973
SHA256 351c563b0edc0cb9332d48baaa9223d196aea5e41be0d7952a7f91d127417bc3
SHA512 1b5a356d79a14d732c43c4bfd004a445d51d8a9015702476a1b3a95d3042b1bf46e3e818f44e50aa8315496084a5bad087670482f6ceb977a9ea75740171ac4b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

MD5 3899cd46c939abe03226209960bbfbcb
SHA1 4f7ea0626d22b87057d6aea6ff9045289b31da58
SHA256 3e7e06440c99ed527fcb7f6df05b2c6e0ddb8d02e6305f851c0984693d792ada
SHA512 f12ff2bbd624edbca50167873f3dcc90139eb6fb6f7dd48f4a732e3542a4ad650a157d462841747f72eaae15cdbb49752ec65c46d27901dc0bb75cc21b3a3d7c