Malware Analysis Report

2025-03-15 04:38

Sample ID 241027-1sqcbs1lam
Target https://gofile.io/d/6sdWqO
Tags
discovery pyinstaller spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://gofile.io/d/6sdWqO was found to be: Likely malicious.

Malicious Activity Summary

discovery pyinstaller spyware stealer

Downloads MZ/PE file

Drops startup file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

Detects Pyinstaller

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Volume Shadow Copy WMI provider

Detects videocard installed

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-27 21:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 21:54

Reported

2024-10-27 22:32

Platform

win10ltsc2021-20241023-en

Max time kernel

2219s

Max time network

1883s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/6sdWqO

Signatures

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Macro.exe C:\Users\Admin\Downloads\Macro.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745397599949889" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\Wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A
N/A N/A C:\Windows\System32\wbem\WMIC.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Macro.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5072 wrote to memory of 5112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 5112 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 1096 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5072 wrote to memory of 3344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/6sdWqO

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff8cdfcc40,0x7fff8cdfcc4c,0x7fff8cdfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1808,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2508 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2580 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bae1e12c-a352-46c2-a781-d11dc5538824} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" gpu

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3928,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6df45355-b832-4bf1-966e-9e0d6c0a9d98} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2876 -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 3064 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61641489-9235-409b-a5f7-92ad0cf7acd2} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -childID 2 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb539535-1fa3-4de2-8436-088cff84ce2b} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4900 -prefMapHandle 4892 -prefsLen 29170 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bc38196-7506-41f2-9cb2-ad8e12b35475} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5440 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b9e7910-a13c-4ba3-92bd-3727e05dd033} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ba99670-a7bc-4159-af64-42de60834f34} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5732 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8580727b-7dd5-42e0-802b-3eafcf8ebe87} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6180 -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6172 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6240757-5847-4700-9e0c-603f202133b9} 3244 "\\.\pipe\gecko-crash-server-pipe.3244" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4840,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5044,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5280 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5060,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4868,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4472,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5024,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5776,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5904,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5596,i,14608284755152070208,10813577042777453242,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5980 /prefetch:8

C:\Users\Admin\Downloads\Macro.exe

"C:\Users\Admin\Downloads\Macro.exe"

C:\Users\Admin\Downloads\Macro.exe

"C:\Users\Admin\Downloads\Macro.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic os get Caption"

C:\Windows\System32\Wbem\WMIC.exe

wmic os get Caption

C:\Windows\System32\Wbem\wmic.exe

wmic cpu get Name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_VideoController get name

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"

C:\Windows\System32\Wbem\WMIC.exe

wmic computersystem get totalphysicalmemory

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"

C:\Windows\System32\wbem\WMIC.exe

C:\Windows\System32\wbem\WMIC.exe csproduct get uuid

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 44.129.237.44.in-addr.arpa udp
US 8.8.8.8:53 53.121.117.34.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
N/A 127.0.0.1:49758 tcp
N/A 127.0.0.1:49800 tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
DE 23.55.161.211:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com tcp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 r5.sn-aigzrn7l.gvt1.com udp
GB 173.194.5.234:443 r5.sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 211.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 234.5.194.173.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
FR 20.199.58.43:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.74:443 ogads-pa.googleapis.com udp
GB 172.217.169.74:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 controlc.com udp
US 172.67.219.69:443 controlc.com tcp
US 172.67.219.69:443 controlc.com tcp
US 172.67.219.69:443 controlc.com tcp
US 172.67.219.69:443 controlc.com tcp
US 172.67.219.69:443 controlc.com tcp
US 172.67.219.69:443 controlc.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 69.219.67.172.in-addr.arpa udp
US 172.67.219.69:443 controlc.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 142.250.200.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 172.67.219.69:443 controlc.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 store1.gofile.io udp
FR 45.112.123.227:443 store1.gofile.io tcp
FR 45.112.123.227:443 store1.gofile.io tcp
US 8.8.8.8:53 227.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 104.26.12.205:443 api.ipify.org tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

\??\pipe\crashpad_5072_XCJOBATBAJRIKAUO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\activity-stream.discovery_stream.json.tmp

MD5 66c72243ebc852d6ede9fc2ed91d8ee1
SHA1 0b80ade2f84cc2943fadc6808d23384a2a102466
SHA256 cc72e491c13bca437e5b4949d665baafd4b6af2450c1edc5c0394cd709ddba3c
SHA512 cb7628e0fb733afd8f179d89a5797bb36a9aab2e6a80154ad92164268581f8254d10e7114efb72861c2e459cd8df20ba45cc5cdda3d9037dc5a3c68684e0261e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\f65bc7f8-803b-4a87-a88e-d1bede364ba4

MD5 1bbb0f6f9f89679c413ded73c229ed90
SHA1 b68ab73c0aa5b54a86aaf147b1b4ba06534ca9a5
SHA256 9d432d7753bb5708f5b8b0a283adf33a80142dca73e54759d20f509a5ef657a4
SHA512 02a692f7f3bbb4884ab11d4a7968efaa6387d290f45af2fe752c62b771348cbb65323b98205a28da40921dee50f755768dded6e846c85961225f925cc420f545

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

MD5 7785417f5b05f07e0b5cd5cd9fa92e67
SHA1 02344a0e118f9f0734cb6faf618f6fd15aa6e4c2
SHA256 6373423e16df90dc4a66f8bc58e7086dd4cdb88bd97aab1d0783fdf1a82ab7a5
SHA512 045f09bb3dc13c7c0b3e87fe7501466f06aa06f410b4bc95c7df507a89628f46f75bb7a0af88319258e82e971839b4a83eebbace102d280a6ac32a4105f0ffab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\8864e441-d8a6-4976-bb3e-f1d03934f650

MD5 848277c556fc0c630421c10f9da83364
SHA1 6e6ee6d97b06b876be60176a9ede6ba878e1476e
SHA256 3b3c11cabd40a88722e937bed622fbea0fad3ff5d6e048de24310429a701fc03
SHA512 4e3ecdd75cbe245c6aae4201b08c6de346fe1861fb8aafaa74c8f88a4c95a4563d3578ab71de9d1a623eee1c3b38ed322623f58ad34c953988c7c9a84db4840a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

MD5 6882694d4fdc398f356b4f98936e2bb3
SHA1 fec3993c2879731aec9dbc1115ea166fd4744a09
SHA256 773910fa02465f4ee53259e1be439edd5c17ba7ff4a59a230bc8c225852f9337
SHA512 4cbfa74743afc898d299e694b643901f7594386b20c3ea629409b7dd747f55e1e9a83270cc48187bff9306b75440c6453ea935b19e911cfd281f91a46df36656

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\5c9e75d0-9a52-4e75-a790-148b3f8c5b8e

MD5 50d08201d4b7d444929ee28925e1e52a
SHA1 29d5de408f58af0497a8f2bc2a5c293a0f0ac340
SHA256 af1126ebb7e3b77846c4c1e7f30e0db7000d7da1ad896f80473d5ed56f64d153
SHA512 668e04a7fc5fd2874fa3d4ed689ea0497309f06159a6086eb57a498d372fe91ffd2773305fb0fda0356660008ec1b450fc5dd4c9176ad13dc365a96c93204930

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\activity-stream.discovery_stream.json

MD5 c0c96f10f6f2f7c320485ccffca394d4
SHA1 22f7491b29b736903d44acd0e1ea2289cd2decee
SHA256 3c0026d76f3503f5c06df46a30905cb5abbecb2cb1ac938d44af1e778dfbfbcf
SHA512 bd7a60531a3b0c6a8c340a36930d2994e0a768d67f5af9356e4e229b060da834bffb964c3be456cb3db084ac25b6869ffa76e7b4d2187b034b3505708b7ddada

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js

MD5 6acd13b2f0fde6e30db1a517879b0f66
SHA1 88ce2dcaf2bc758cbccb1a182e22c0f95b00988b
SHA256 10e75850aa43ae61d5ae1beeb8866197289b5ebc0ed61c39f190e61f5f614ad4
SHA512 ef06c26de480816e20cebe3dea6e84c28d05cd4de23bd571f0b6190590c7958ebe45f18a92b3e042f9e1d7385a0df713086d7b78d3e64af53fd9284c80ffeb41

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hohja4eo.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

MD5 c460716b62456449360b23cf5663f275
SHA1 06573a83d88286153066bae7062cc9300e567d92
SHA256 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js

MD5 b6cf1413a6cd684c646c44bbddcafae1
SHA1 f6b9c62ef1de81d0f31d6f3dc6a29e147b0a6271
SHA256 d49a0ebdc45512cc9aa384e9393e840a468ce4a38bc9eec09c84112b795f76e7
SHA512 1dfe158f074567502c318edd6fb8f39bb919df4d2d54cd661540bac1f6aa89ae506045bcf4207f6ac4263bd2082d5ef5ca23a68409e5aea760c83acede9b758f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

MD5 e9a96ee128f15c369359e90de703fac2
SHA1 03f52bf2aa9a70271c66686c9e5fd5afd4297a55
SHA256 baf6c3aed4bbd916c5547d25c6eeada1ff51076f9edbdb1b5c4b130e5ce3810d
SHA512 c59998ffb3929665261b73f6f9b51fac538244315129dd54b939ecf4130e3221997e133d12c503ba0d1cf055c0343bbbf27528360952ffaf07e5e879af4d43f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9423eeef400b67411d4727b107a8a132
SHA1 94d6dcedf3b68a3c349d80bd8f87d00dd6bcc0bc
SHA256 99bcdc1c5fe012acc662e03220a586a588cee5fccafaf4d9ee9e32077bbfe66b
SHA512 eeb71694e74e4ba1bbb4f5cac828855dcb1a277401baa646f759ddb2bf1c204433364c9e405103dc25466fe02b866208e6e793f9df4c50e5e7926dc601c0b126

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0f4156be6fb013ce29801389853a15f5
SHA1 a7dac49f4341153c9947bab935ccd9f152379fc2
SHA256 31b29c91c7b1dd14a84a047c88db3e136a220824ed343ebbde398f82a1b3d321
SHA512 e376db89db40c6a6bc4e7837956c962c0af05fc7884761a82082e35cdb279318e9a0ab3bcb6f29d956ad72eb5a9ba2b0ca44e6a4e86bde51bbcfd1be4ddb687c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e08e6c5f-6774-4625-8dda-1311c4302865.tmp

MD5 76ed82eb1b565a0be193fa71c1ca399c
SHA1 0574ad4fe7155d670970f4856d65459aab302f0c
SHA256 0f9e41879bf9e41472016d7c3b118842992c15e07079ea32035f086cece6b845
SHA512 fb2700823ee8932d337a5a9ac2214ed8aeb14cbf9ba46191c5cf15a2cadc2a4cfee22b402acd6a452a5fc9e50de4b4f26e34edd5ff5845b53e517a133e088c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9380f1df2e2eb9fc8d0a7b634af55ffa
SHA1 40765e204b1c0f3b2841d5476002b955a0affac0
SHA256 24fc65b2be4f9ff8545d53839869f83ffa183ae08abe1ff3cc0e35ea72e44121
SHA512 5c5ceb291822b36a584a109ead16ce5a9737203d738355e84a8a21cd3bceeaf500d44915dbd45e741ade8dcae8f57fa2e0535e5cbced8e3d7da421243c27e518

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 228f7469a81af274092a2e7cc700b6bc
SHA1 2bd0fa78af727f29612adbb64b27b6040402d38c
SHA256 2499194e6a7105b463d960d850842f0f3a75f4219e25a5738625045e690807b9
SHA512 0dd0b5a56df60b287bb0e02610050e57b501ff2544522c62ebe14f6b21de8883f091507707bb0b5cf6c825d8d213560740266bf438101c649875cd319159fbe4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

MD5 f5b26f85c24c7c12786296c55c616edb
SHA1 c5e07f02f22cef14b0a9faefa50813415d184978
SHA256 cc272614b1f8ae06624a8afaac511bcdde955e6abd46d4e6e98493760c375233
SHA512 5342e8f327f54b9bf0dc76bb9056a9ad91044ca6ecac8e4eae3cba2f0b59c84289d0b3a25aed5458b41ae9ba7ba98964427d8c582dc68c2467ecec091752a31d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js

MD5 c634e1deb60e190cfd590b38b62349ac
SHA1 01a41dfbf87500f5632f9718ddd58932b641dce0
SHA256 cd34c1d4c9cfcbb8215d996e8a23935fe3fa2a3fbfb802bae384d62f4cf9557c
SHA512 11cc20b596672e2e07e58b1f859d36915a7658055e38d040490dc4a09aa06e2c34b3260ae91b15fee0294178769697f787b1abcf84ff0487211a482d9882a481

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4

MD5 ffde03ef7c988152b35499a38e4a22fd
SHA1 ca015ae1949ed97a53e3798a07c9f6629541c33c
SHA256 b9d3b2630e37d43d6d7cc5071ccef67749d2f45f2aae50eafa704d8881175eaa
SHA512 19b7f1b8651d808238586206172af43855dc83e045e839be03136674d4e421c79aa95edb34a421ad87cb7f929421eed9a3b844ee2b5f5f14590b68837720fc14

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js

MD5 3cf2bd691b84b15cc5236618c481ab27
SHA1 93b407bfc16a487cf2a350ec31494da987a440f6
SHA256 9b65ba5ad7ead33608399357982927b26145a4ccfe6f5141991581bd29ff3259
SHA512 42e69adc56d5551a64f5d9df7d75d23adebde3bfd79ce98117e09b72bc826ecded8c61f27cbd227dad25c8c5879bf16cbbd7b77aca77c2c0705a9ca0a84e37b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

MD5 55137f585bceb3861ecd6553ddc98501
SHA1 bf64a2caea0bdb3e065fdcf4114bbbf47b1d89a7
SHA256 7d0878a8739c56e7cb4f1dcdd3d6dc1b6ce7355a3bc91d6d4b4dc99b49c2d370
SHA512 2e7f3f787ecabd74aebefa619cc8574e8f1f25882d84096a75c8e0ea351caedd27d20691df538d1c119e7ef223ab569f949f978ada15c9eaa8d022d55aa03481

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

MD5 851264103935087dbbeff6818abad1f9
SHA1 235b21569d9c161245476de198e37cf46d0a307c
SHA256 c39d93f9181f948e9cae103901b5f110d739b6d7ea49e2a4f26ee22774acaec1
SHA512 2eedc92cad0a1be9701cf85b920c3bf82903bbe877f29ea3b78a4e1940df59e945fa919debede47ded44b1d036f2a4e4694c8305f7caa70cd4556815e0bf485e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d0c92e531063a481b2b79b32eebcb57
SHA1 43960f49554a195a8a7fd1fa31c9c9a6ae9037d8
SHA256 57604745ff66ce73476f25bb2dc9769c85dc7f3039fbb9c4574d4cdfe467abc9
SHA512 6382461ad344c8cc493cdc713bd6a62444951daeaa887eac4353632cf9e4904ed8ddbf89456164369dac79c0f6aaa44c3aa955e66f34c5c3e1204bc14150147e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 732bfea9066be817d9fe3ad5619182fb
SHA1 d5ea7af0457744eb71c4dc6e0ebbbaa8db6f1301
SHA256 471996001812e1eaa49676a29caf2ad2c893013db601cf2c433fdbad478f6d53
SHA512 960b180eae5c4c601c263ac1d4f9422e4907e4e1437b70310cf168f8047ff30259fda64e8679839041d7349d1943e3fbfce6ed3ffd168fcb90d48f12935a98ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e102d653291cd85fa571fe071e773fc5
SHA1 3544886ecedbe3a22ba2b66382f010f347f3cc5a
SHA256 a15618867618a26de4d5ba666f17b133123f4ff6ea79f58becddb28ba9f5f81b
SHA512 9271680e452347e91646699d0fd6428f9c88a4eca3fbfbf8633da89837ce5f2f7082b02b57773fa7307cd797672388c5608ff2c6ef2167dae5d7e4799d6945c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7a79129dec98fd0f5716c974c076b82e
SHA1 21d167bff7408252065816cadce366c6dbf1c17b
SHA256 bc31c4c8e4c238c73ca43c31dce291a2a7638a3d588179d68bcb5c7999511297
SHA512 01c7b4b8a1e2de4203b3baebb079d644ea6eef65f4698a04034d7da884b92e1266ff49c33518e5083352f497c96d9b863c6afba28793dfddac6abd8b8a1faa93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 216d9dc13a0a6d01a527e47d6bea2a5d
SHA1 e656e68c674e83c3b0f7e9fee7d8eeb372028df5
SHA256 fcce5f7f0a710a3bb63847a7cede5e462e50515a119be99955ea50cf52ba2689
SHA512 5b5e92d618095a33ba15af2a892cfd8e8c0a4edaffbac7fe164a4d6749214c55ce8b0ff994fa560a63730b4df5de51dd80b1c44e00dc97d211dc3d692e6a48ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b0a70484-c69b-4a14-b299-2ab2b62c201e.tmp

MD5 1cea572d947788e405ea2fb60282838c
SHA1 48340d44f7538e4f887e63b6fc7f930e7f9a33a1
SHA256 b0e3e352030ec393043ba6d88781ab052cca9c8c18badbf0128896c2a23568a8
SHA512 c98fb2513a92563a4e7d60f6c808f374f8e29538af3e95ad295b16d3d292880c5f8900c468d576324fd9c64f46a67c71e465fd8a0167e3918f1ed10e2708c52a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 695c7ca1f88ed35b9413101bb191b54e
SHA1 f4f92506cbf94636cbcc20b2aa957516b87b30d3
SHA256 51b6372cf12bb56f3e766ef31102f2757d3b007cfc7b224b5363d7cd89af00f3
SHA512 1880c503c646999321d7e15b7915b835243c9176b788ad56141d5c18d8a14fe87fada2435a66bad09a1b994ffc3fced98e3cf051bfe5e84f66c544aabcd61050

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 11097781bf6a41803cdb2ff35055b681
SHA1 dda6c6d26ef4195376149c608c33922e0b20ad80
SHA256 0c3686fb2ddbcb34cde10dbd007d1877e2d62264b1e3538435eea5f33f66d088
SHA512 c75131a10d7c20a831fb265aaf9aff6348c827e335d09799e885effec1dac5e752a115ee5a2c887326ce6769f29e7fafa0bda01420cda75074dbf52bbddd9c54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 0e3d96124ecfd1e2818dfd4d5f21352a
SHA1 098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7
SHA256 eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc
SHA512 c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c4b4a211c194b13202c6b28d28d4304
SHA1 9c26802d9260aa05d8ed9a0c81f09a6601958a35
SHA256 81f97b1389118cc94a30bc2e4e0bcafbc8e7fc7745a42603d4a33808b9854c99
SHA512 ca2e02178132dc923c262799ae515de53251b46f1328e975d750ad00e1667c0f7f9428844cc7598c554d5931910557b52530833e2ada80c36c959475da49279c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 802c5d617763024f28b275c032c72b99
SHA1 a674736bc094bb208ce9e3642ba20392112c3a2f
SHA256 c8042ceb44adea4e85f5d3cf2a858d1ecdf324783301aa1188f70daabdd35843
SHA512 dead800a5af5cd31a2d8fa519396b6bd7fa91364ae01a250989ec607c8479894c91424c66dc25984b1fdd351bf7f1ed3bf45f44a6c65bd15acfa4375ab846491

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3759dd88-dead-4b7e-a0cb-a8a72fedc9a7.tmp

MD5 7cca53b5390244337fb534061ade6b46
SHA1 616c27acb4f0c90b0c19d0ecb289b5bb46f6a596
SHA256 612968814cc07a45e60272584a6cac7328ed1923017d79c14a9d4302c6970f7f
SHA512 ccc8a53b0f53cdfd36623b7dbf1bd2369524ff70d1b7e6325ea658916f4126cbf72741f8dc24de0368565f625bf3babf5ff0ad6dec569dabee8cefeb29e6b883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e7f9f594e465d2c0452158b62881043b
SHA1 e8d26c44526a815bf76b9e5ac469dc21b41bf9d1
SHA256 907f11e6d1fbe07d08f3945772a0cb728e1e66575d8bbe8d69eb6f8f5ef258d9
SHA512 b81f3cc0f43ba706411ac1c81ca68cc1c9fbf863eea72cccec280610780906df25424c52c0f1e6858bd9c9bb48851297caa939cfab9657254b491631c694d571

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6630d824110c7f899e1a774906908f34
SHA1 27dda2300592323e6391a0984d722a414c767052
SHA256 fce13e6f8914fac383f33580481e1fbe1f57ea3500e1f1d83ebd79c69c52da38
SHA512 38e5406b81fa5e75dfde093b9bbbc43dc7765c7e46d7ab59d11c3b14e9b0a023b43983826972bad27a0b88ec0f45eeb9ebb3d897be04cb569f0c85e7cf947d60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dbf4b3841f0f80c76cc28dc23ca6f3e9
SHA1 4fd52eb2ffd6c0cf823c0ba936e45f6553239b3f
SHA256 38e05feca034368e78bf28e97fbe7dc4af10c87af58cb01d6a6cc11dec0e5656
SHA512 1a981198b9ef3dca47e6fd27fba44f5c6caaf1b39519ce77547dfc35b575d839d2624b5c76c5f8bcbe0312d79477d054b0ffa79f635bc0eec31b065d4e688177

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d640228e31fbf8176409b7c0cc6702a
SHA1 869e404572413b9d36b2f5003f9ee4a551798065
SHA256 7f31fe4bc2856b83be74cf9410d806b06a24c77bed7c524d3dce9d1975ef012a
SHA512 5901e1b2038b468a2ff09671d3e8cfd3989313f6784d2f67512f5d0ac310b01c564a31f32ee4656a5f2b2cd3bb36c97fa346a89b9be52e904a92cbee00a15100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b1084a669473d1d07daf43afe61a15a
SHA1 65df866b4a503d773abe7a16a574f4a8189448a5
SHA256 99148343f7a4b7b0a41d63977aab625a503e5702e0c5327a4761662515bb6ad3
SHA512 07a04e82f142ba33fdd1d241249be9a2213da51d26acb33fcda3e0e278181625ab09cf28f863d1c596f9a06c2f4abbe6920ed2409e99130769512ef5f0d06481

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b73bca0b8b68f1b7bd9a5d81b226695f
SHA1 24e6d1c8258431ea1c6208f84a87e7a0295686af
SHA256 5b3db79378576ae912811cdbf91649eba80bbc21d2c5a11dfc9b3d8b3ed762d7
SHA512 81af3ed72c9e8b89f26e4572d44b2aa7f5be2834a32de100d5c7526849bb9aa8ea72e8359fff619b6c7a95b31dffdc8cc6a912f5642428e457aa145b58d343c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a783816cbd758948136828502696c50b
SHA1 b227ccc6da29dec38124af8df0bad431c54c61de
SHA256 6b50aac4dc52c666f2c217fc157845a9fd784f5e595916d91c681170929bae4e
SHA512 bd9e3e326d6bd0b1c78debb343392f936cfbd4590f2782a63466bfdbd6099370f8ab58c10ae8a765aa88f8b6e53f63b2b44ebb45caa0b737092aed4cad8ab4b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a379042fe6e659f40dc31e65de372612
SHA1 25d8ac93f5ab52e9d85adffb6a6d9b2a55e89ed6
SHA256 42c28beacf7ded8deaa0c1592c3d9bb3a5411a4531a15f39a2467a5a11f316ef
SHA512 c559d99bd9647ca9ad75f8443f0e17a5d5f12ce83ce4a3a1b9c3dcc2defc3e61e42105995ba2066082ac0479ea8ccaf92117cd5551a5f1892954548170a6460c

C:\Users\Admin\Downloads\Unconfirmed 872183.crdownload

MD5 39d41f43feb8ec53b12f96d23129fb9f
SHA1 bbbc68579e97d203f305a250ddd8bae37e9501e3
SHA256 7ec901f8f83e943cb0fafcf53621e05342fd4b5a9d4d54bb6c09f115682f35fb
SHA512 7e92cfb778809f985eb9dc2c946b99f07f76d313d3d64862385f0cdae99241ed87ee38fdafbe8c1785eedd36fe25f80b1fed4421abf61a34d559d541115a61dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab7f1b7694932e8efceeeefcd49042b7
SHA1 db84bcfaa2850e72d2688ba0d452729c6a294531
SHA256 5c0e6afc01f040f3175b2922383676764ecdf96240cb8fa79c8e770fa8c12ebd
SHA512 28d0cc2794d34dd9357fbe7826ae2b66c6b7e467191e09541704e86c831a85721cefa7c4ac901d395ece0d41d8f1ab9edfc08913e5721b09a31a2cfabf0aa6ab

C:\Users\Admin\AppData\Local\Temp\_MEI56682\python313.dll

MD5 b9de917b925dd246b709bb4233777efd
SHA1 775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2
SHA256 0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99
SHA512 f4bf3398f50fdd3ab7e3f02c1f940b4c8b5650ed7af16c626ccd1b934053ba73a35f96da03b349c1eb614bb23e0bc6b5cc58b07b7553a5c93c6d23124f324a33

C:\Users\Admin\AppData\Local\Temp\_MEI56682\VCRUNTIME140.dll

MD5 862f820c3251e4ca6fc0ac00e4092239
SHA1 ef96d84b253041b090c243594f90938e9a487a9a
SHA256 36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153
SHA512 2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

C:\Users\Admin\AppData\Local\Temp\_MEI56682\base_library.zip

MD5 a9cbd0455b46c7d14194d1f18ca8719e
SHA1 e1b0c30bccd9583949c247854f617ac8a14cbac7
SHA256 df6c19637d239bfedc8cd13d20e0938c65e8fdf340622ff334db533f2d30fa19
SHA512 b92468e71490a8800e51410df7068dd8099e78c79a95666ecf274a9e9206359f049490b8f60b96081fafd872ec717e67020364bcfa972f26f0d77a959637e528

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_ctypes.pyd

MD5 a55e57d7594303c89b5f7a1d1d6f2b67
SHA1 904a9304a07716497cf3e4eaafd82715874c94f1
SHA256 f63c6c7e71c342084d8f1a108786ca6975a52cefef8be32cc2589e6e2fe060c8
SHA512 ffa61ad2a408a831b5d86b201814256c172e764c9c1dbe0bd81a2e204e9e8117c66f5dfa56bb7d74275d23154c0ed8e10d4ae8a0d0564434e9761d754f1997fc

C:\Users\Admin\AppData\Local\Temp\_MEI56682\python3.DLL

MD5 16855ebef31c5b1ebe767f1c617645b3
SHA1 315521f3a748abfa35cd4d48e8dd09d0556d989b
SHA256 a5c6a329698490a035133433928d04368ce6285bb91a9d074fc285de4c9a32a4
SHA512 c3957b3bd36b10c7ad6ea1ff3bc7bd65cdceb3e6b4195a25d0649aa0da179276ce170da903d77b50a38fc3d5147a45be32dbcfdbfbf76cc46301199c529adea4

C:\Users\Admin\AppData\Local\Temp\_MEI56682\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_bz2.pyd

MD5 cb8c06c8fa9e61e4ac5f22eebf7f1d00
SHA1 d8e0dfc8127749947b09f17c8848166bac659f0d
SHA256 fc3b481684b926350057e263622a2a5335b149a0498a8d65c4f37e39dd90b640
SHA512 e6da642b7200bfb78f939f7d8148581259baa9a5edda282c621d14ba88083a9b9bd3d17b701e9cde77ad1133c39bd93fc9d955bb620546bb4fcf45c68f1ec7d6

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_lzma.pyd

MD5 1ba022d42024a655cf289544ae461fb8
SHA1 9772a31083223ecf66751ff3851d2e3303a0764c
SHA256 d080eabd015a3569813a220fd4ea74dff34ed2a8519a10473eb37e22b1118a06
SHA512 2b888a2d7467e29968c6bb65af40d4b5e80722ffdda760ad74c912f3a2f315d402f3c099fde82f00f41de6c9faaedb23a643337eb8821e594c567506e3464c62

C:\Users\Admin\AppData\Local\Temp\_MEI56682\libssl-3.dll

MD5 4ff168aaa6a1d68e7957175c8513f3a2
SHA1 782f886709febc8c7cebcec4d92c66c4d5dbcf57
SHA256 2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950
SHA512 c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

C:\Users\Admin\AppData\Local\Temp\_MEI56682\libcrypto-3.dll

MD5 123ad0908c76ccba4789c084f7a6b8d0
SHA1 86de58289c8200ed8c1fc51d5f00e38e32c1aad5
SHA256 4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43
SHA512 80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

C:\Users\Admin\AppData\Local\Temp\_MEI56682\pyexpat.pyd

MD5 cf2c3d127f11cb2c026e151956745564
SHA1 b1c8c432fc737d6f455d8f642a4f79ad95a97bd3
SHA256 d3e81017b4a82ae1b85e8cd6b9b7eb04d8817e29e5bc9ece549ac24c8bb2ff23
SHA512 fe3a9c8122ffff4af7a51df39d40df18e9db3bc4aed6b161a4be40a586ac93c1901acdf64cc5bfff6975d22073558fc7a37399d016296432057b8150848f636e

C:\Users\Admin\AppData\Local\Temp\_MEI56682\select.pyd

MD5 20831703486869b470006941b4d996f2
SHA1 28851dfd43706542cd3ef1b88b5e2749562dfee0
SHA256 78e5994c29d8851f28b5b12d59d742d876683aea58eceea1fb895b2036cdcdeb
SHA512 4aaf5d66d2b73f939b9a91e7eddfeb2ce2476c625586ef227b312230414c064aa850b02a4028363aa4664408c9510594754530a6d026a0a84be0168d677c1bc4

C:\Users\Admin\AppData\Local\Temp\_MEI56682\unicodedata.pyd

MD5 0902d299a2a487a7b0c2d75862b13640
SHA1 04bcbd5a11861a03a0d323a8050a677c3a88be13
SHA256 2693c7ee4fba55dc548f641c0cb94485d0e18596ffef16541bd43a5104c28b20
SHA512 8cbef5a9f2d24da1014f8f1ccbddd997a084a0b04dd56bcb6ac38ddb636d05ef7e4ea7f67a085363aad3f43d45413914e55bdef14a662e80be955e6dfc2feca3

C:\Users\Admin\AppData\Local\Temp\_MEI56682\tk86t.dll

MD5 6f06390d3ac095827df2f1a8ed5dae0c
SHA1 879f24522821f597c0341ca091e474163764b343
SHA256 6425bf57abcc1dfbbe8662b1956883ae0c5ab8c2d9314e19692b3d86babc242c
SHA512 27b975e15f6e1b9bc8e3e41152baee25f4b400de3aa6e334c61b2165fecd27560fa5c4296a9b3ff0eb1103173cfb61c348ba11e01a44cbadbecf308b5d7c5095

C:\Users\Admin\AppData\Local\Temp\_MEI56682\tcl86t.dll

MD5 8587238932b4f7f394ce587ad169846b
SHA1 6cdc9c1751e812be3a11bb411a145e7ab6885def
SHA256 c861f39ad0f4fc7f3875850925f61442bff2bc1839bbbb3584a63bc4d6e5cea6
SHA512 c88506e5b78ab1459c25de4c7ef65b3c9e24e0f79ab2132e8fdc7a02195af2e137874512a0f423c80d558969e42e2a4bc7d2cddee696624dbd230b32c44f88f2

C:\Users\Admin\AppData\Local\Temp\_MEI56682\sqlite3.dll

MD5 7e632f3263d5049b14f5edc9e7b8d356
SHA1 92c5b5f96f1cba82d73a8f013cbaf125cd0898b8
SHA256 66771fbd64e2d3b8514dd0cd319a04ca86ce2926a70f7482ddec64049e21be38
SHA512 ca1cc67d3eb63bca3ce59ef34becce48042d7f93b807ffcd4155e4c4997dc8b39919ae52ab4e5897ae4dbcb47592c4086fac690092caa7aa8d3061fba7fe04a2

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_ssl.pyd

MD5 1c0e3e447f719fbe2601d0683ea566fc
SHA1 5321ab73b36675b238ab3f798c278195223cd7b1
SHA256 63ae2fefbfbbbc6ea39cde0a622579d46ff55134bc8c1380289a2976b61f603e
SHA512 e1a430da2a2f6e0a1aed7a76cc4cd2760b3164abc20be304c1db3541119942508e53ea3023a52b8bada17a6052a7a51a4453efad1a888acb3b196881226c2e5c

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_wmi.pyd

MD5 1c30cc7df3bd168d883e93c593890b43
SHA1 31465425f349dae4edac9d0feabc23ce83400807
SHA256 6435c679a3a3ff4f16708ebc43f7ca62456c110ac1ea94f617d8052c90c143c7
SHA512 267a1807298797b190888f769d998357b183526dfcb25a6f1413e64c5dccf87f51424b7e5d6f2349d7a19381909ab23b138748d8d9f5858f7dc0552f5c5846ac

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_uuid.pyd

MD5 3acf3138d5550ca6de7e2580e076e0f7
SHA1 3e878a18df2362aa6f0bdbfa058dca115e70d0b8
SHA256 f9d5008f0772aa0720bc056a6ecd5a2a3f24965e4b470b022d88627a436c1ffe
SHA512 f05e90a0feaa2994b425884af32149fbbe2e11cb7499fc88ca92d8a74410edcd62b2b2c0f1ecd1a46985133f7e89575f2c114bd01f619c22ce52f3cf2a7e37c4

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_tkinter.pyd

MD5 edffcea2091a5661f451ccd83ad4527d
SHA1 f81847c0adc0f58134b195a13486d851911fc516
SHA256 a6851d7c25a1216d2c8fa5c1d2e9eca3d0392d60e3b7441ad9f66c23ffdd2f08
SHA512 abc9fbf7bfbd705016a9d0430243358a1e8f7c4e398b6ba0fc5b1a147f0a1f635e27b859d742e4184ae9d396a68572b169476703312babc3e7530d698ff9ab48

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_sqlite3.pyd

MD5 d4e5be27410897ac5771966e33b418c7
SHA1 5d18ff3cc196557ed40f2f46540b2bfe02901d98
SHA256 3e625978d7c55f4b609086a872177c4207fb483c7715e2204937299531394f4c
SHA512 4d40b4c6684d3549c35ed96bedd6707ce32dfaa8071aeadfbc682cf4b7520cff08472f441c50e0d391a196510f8f073f26ae8b2d1e9b1af5cf487259cc6ccc09

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_socket.pyd

MD5 fe896371430bd9551717ef12a3e7e818
SHA1 e2a7716e9ce840e53e8fc79d50a77f40b353c954
SHA256 35246b04c6c7001ca448554246445a845ce116814a29b18b617ea38752e4659b
SHA512 67ecd9a07df0a07edd010f7e3732f3d829f482d67869d6bce0c9a61c24c0fdc5ff4f4e4780b9211062a6371945121d8883ba2e9e2cf8eb07b628547312dfe4c9

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_queue.pyd

MD5 1c03caa59b5e4a7fb9b998d8c1da165a
SHA1 8a318f80a705c64076e22913c2206d9247d30cd7
SHA256 b9cf502dadcb124f693bf69ecd7077971e37174104dbda563022d74961a67e1e
SHA512 783ecda7a155dfc96a718d5a130fb901bbecbed05537434e779135cba88233dd990d86eca2f55a852c9bfb975074f7c44d8a3e4558d7c2060f411ce30b6a915f

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_overlapped.pyd

MD5 a72527454dd6da346ddb221fc729e3d4
SHA1 0276387e3e0492a0822db4eabe23db8c25ef6e6f
SHA256 404353d7b867749fa2893033bd1ebf2e3f75322d4015725d697cfa5e80ec9d0f
SHA512 fefb543d20520f86b63e599a56e2166599dfa117edb2beb5e73fc8b43790543702c280a05ccfd9597c0b483f637038283dd48ef8c88b4ea6bac411ec0043b10a

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_multiprocessing.pyd

MD5 705ac24f30dc9487dc709307d15108ed
SHA1 e9e6ba24af9947d8995392145adf62cac86ba5d8
SHA256 59134b754c6aca9449e2801e9e7ed55279c4f1ed58fe7a7a9f971c84e8a32a6c
SHA512 f5318ebb91f059f0721d75d576b39c7033d566e39513bad8e7e42ccc922124a5205010415001ee386495f645238e2ff981a8b859f0890dc3da4363eb978fdba7

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_hashlib.pyd

MD5 32d76c9abd65a5d2671aeede189bc290
SHA1 0d4440c9652b92b40bb92c20f3474f14e34f8d62
SHA256 838d5c8b7c3212c8429baf612623abbbc20a9023eec41e34e5461b76a285b86c
SHA512 49dc391f4e63f4ff7d65d6fd837332745cc114a334fd61a7b6aa6f710b235339964b855422233fac4510ccb9a6959896efe880ab24a56261f78b2a0fd5860cd9

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_elementtree.pyd

MD5 833b532bbe7b4657fae5598b16ac69ea
SHA1 e9503c19081bf8f3917809568f7d6d22c9125338
SHA256 b43e0a90e4a4aa4fb93a8a6a88cb79e1e670eb24fe5655171e743a32db07a471
SHA512 aca3e14a7d76ac101b8ddca801feca59614df41511b81047fa08e2a0036a4a4a64dba6f8f927161971fa5e3518c57c3d5b046d89711ef41e9ef61a6283460f2d

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_decimal.pyd

MD5 f3377f3de29579140e2bbaeefd334d4f
SHA1 b3076c564dbdfd4ca1b7cc76f36448b0088e2341
SHA256 b715d1c18e9a9c1531f21c02003b4c6726742d1a2441a1893bc3d79d7bb50e91
SHA512 34d9591590bba20613691a5287ef329e5927a58127ce399088b4d68a178e3af67159a8fc55b4fcdcb08ae094753b20dec2ac3f0b3011481e4ed6f37445cecdd5

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_cffi_backend.cp313-win_amd64.pyd

MD5 5cba92e7c00d09a55f5cbadc8d16cd26
SHA1 0300c6b62cd9db98562fdd3de32096ab194da4c8
SHA256 0e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA512 7ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded

C:\Users\Admin\AppData\Local\Temp\_MEI56682\_asyncio.pyd

MD5 80083b99812171fea682b1cf38026816
SHA1 365fb5b0c652923875e1c7720f0d76a495b0e221
SHA256 dbeae7cb6f256998f9d8de79d08c74d716d819eb4473b2725dbe2d53ba88000a
SHA512 33419b9e18e0099df37d22e33debf15d57f4248346b17423f2b55c8da7cbe62c19aa0bb5740cfaac9bc6625b81c54367c0c476eaece71727439686567f0b1234

C:\Users\Admin\AppData\Local\Temp\_MEI56682\zlib1.dll

MD5 3a46a119c9860c477f13fe98c878452c
SHA1 e0bcbe5b30ef2a2f58e1206c650672ee3f85abc9
SHA256 8c2ed3e1a90c9b0e3ef844be20e1af791ae8a1b665d4731162404f0eee1697dc
SHA512 0d3d4e8a2c8886fd6e480aecc5051644f39c1e06b1113def7273369f771c4429c757aed13bd8082f4768f617ca3499cd81b79a0893b5a2955fb4b68c8b571c71

C:\Users\Admin\AppData\Local\Temp\_MEI56682\VCRUNTIME140_1.dll

MD5 68156f41ae9a04d89bb6625a5cd222d4
SHA1 3be29d5c53808186eba3a024be377ee6f267c983
SHA256 82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd
SHA512 f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57

memory/1548-2054-0x00007FFF9BF10000-0x00007FFF9BF39000-memory.dmp