Analysis Overview
SHA256
48466ddc98b7195bec46bec825c5a35f3c2528e36273e7603432db4ef0d01a90
Threat Level: Likely malicious
The file asdasdasdas.rar was found to be: Likely malicious.
Malicious Activity Summary
Enumerates VirtualBox DLL files
Command and Scripting Interpreter: PowerShell
Sets file to hidden
Loads dropped DLL
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
UPX packed file
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:08
Reported
2024-11-13 21:13
Platform
win11-20241007-en
Max time kernel
260s
Max time network
263s
Command Line
Signatures
Enumerates VirtualBox DLL files
| Description | Indicator | Process | Target |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxhook.dll | C:\Users\Admin\olwo\ewe.exe | N/A |
| File opened (read-only) | C:\windows\system32\vboxmrxnp.dll | C:\Users\Admin\olwo\ewe.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uwu = "C:\\Users\\Admin\\olwo\\ewe.exe" | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\source_prepared.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\olwo\ewe.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\asdasdasdas.rar"
C:\Users\Admin\Desktop\source_prepared.exe
"C:\Users\Admin\Desktop\source_prepared.exe"
C:\Users\Admin\Desktop\source_prepared.exe
"C:\Users\Admin\Desktop\source_prepared.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004C4
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\olwo\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\olwo\activate.bat
C:\Windows\system32\attrib.exe
attrib +s +h .
C:\Users\Admin\olwo\ewe.exe
"ewe.exe"
C:\Windows\system32\taskkill.exe
taskkill /f /im "source_prepared.exe"
C:\Users\Admin\olwo\ewe.exe
"ewe.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\olwo\""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf7a6a5-a69e-48ce-9a13-18bb00701aed} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b09c87e-0e99-4e41-9af9-baae2d9bc4ab} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3264 -childID 1 -isForBrowser -prefsHandle 3284 -prefMapHandle 3104 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8253bfb-40e9-43c3-8512-21a7e0f75454} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2564 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 2716 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f1d514a-f113-49be-a44c-63db90556cab} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2f52969-8fc9-4efd-93ee-3ff8df5546cc} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 3 -isForBrowser -prefsHandle 5508 -prefMapHandle 5520 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d40861-713c-4093-90de-ac694ce6ec15} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 4 -isForBrowser -prefsHandle 5484 -prefMapHandle 5512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3188b833-b4b6-4934-9fc2-bcbb251ddd8a} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {851967a8-e65c-48c4-a905-0bf7c4ea6902} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6240 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6224 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f24dc1cd-4e14-4ce6-8a4d-3a6a6fcd27ae} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\olwo\ss.png"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1856 -prefsLen 24528 -prefMapSize 244938 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b3afbd3-9900-4577-899b-2777f365c13a} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 24564 -prefMapSize 244938 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b38d644-4d91-4fd9-b606-1d07e2f83e6f} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 3132 -prefsLen 24705 -prefMapSize 244938 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e0cdf63-f746-4c51-a08d-0269dd652927} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3432 -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 29938 -prefMapSize 244938 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbfa7223-497a-433f-99e5-4f4521b09299} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4584 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4568 -prefMapHandle 4624 -prefsLen 29992 -prefMapSize 244938 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df366f2-025a-4f9a-8b8c-1f6cb72ae4ff} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5284 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37bf651d-ee88-42b5-99ee-c2e314ce3539} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 4 -isForBrowser -prefsHandle 5348 -prefMapHandle 5344 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c6aed96-2879-473c-9484-c247e8fd7a31} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5280 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20df6da5-dd7c-45ce-80e1-fb2dbe655aa6} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" tab
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -version
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -encoders
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -hide_banner -f lavfi -i nullsrc=s=256x256:d=8 -vcodec libx264 -f null -
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe
C:\Users\Admin\AppData\Local\Temp\_MEI49482\imageio_ffmpeg\binaries\ffmpeg-win64-v4.2.2.exe -y -f rawvideo -vcodec rawvideo -s 1280x720 -pix_fmt rgb24 -r 30.00 -i - -an -vcodec libx264 -pix_fmt yuv420p -crf 10 -v warning C:\Users\Admin\olwo\recording.mp4
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "del C:\Users\Admin\olwo\recording.mp4"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.133.234:443 | gateway.discord.gg | tcp |
| N/A | 127.0.0.1:52541 | tcp | |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:52691 | tcp | |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:52699 | tcp | |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| GB | 88.221.134.155:80 | a19.dscg10.akamai.net | tcp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | tcp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.128.235:443 | rotterdam11022.discord.media | tcp |
| NL | 35.214.208.163:50005 | udp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| N/A | 127.0.0.1:54140 | tcp | |
| N/A | 127.0.0.1:54147 | tcp | |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI48162\python311.dll
| MD5 | 4fcf14c7837f8b127156b8a558db0bb2 |
| SHA1 | 8de2711d00bef7b5f2dcf8a2c6871fa1db67cf1f |
| SHA256 | a67df621a383f4ce5a408e0debe3ebc49ffc766d6a1d6d9a7942120b8ec054dc |
| SHA512 | 7a6195495b48f66c35b273a2c9d7ff59e96a4180ea8503f31c8b131167c6cdddd8d6fe77388a34096964a73c85eab504281a14ae3d05350cfee5c51d2491cec8 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
memory/1388-1273-0x00007FF947110000-0x00007FF9476F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\base_library.zip
| MD5 | 2a138e2ee499d3ba2fc4afaef93b7caa |
| SHA1 | 508c733341845e94fce7c24b901fc683108df2a8 |
| SHA256 | 130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c |
| SHA512 | 1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_ctypes.pyd
| MD5 | 2346cf6a1ad336f3ee23c4ec3ff7871c |
| SHA1 | e36b759c0b78d2def431aa11bcbb7d7cf02f1eea |
| SHA256 | 490a11d03dd3aeb05a410eb0d285e3da788e73b643ea9914fffd5a2c102dc1df |
| SHA512 | 7a92de4937b23952e2a31bb09a58b2ad81c06da23704e4b4f964eb42948adad1a1e57920c021283da1b7154e7ac19e46031ffee6b69a73acbc85d95ef45bf8ff |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\python3.DLL
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libffi-8.dll
| MD5 | 24ea21ebcc3bef497d2bd208e7986f88 |
| SHA1 | d936f79431517b9687ee54d837e9e4be7afc082d |
| SHA256 | 18c097ef19f3e502a025c1d63cfec73a4fa30c5482286f4000d40d4784a0070a |
| SHA512 | 1bdbeddd812ecc2cdfbbf3498b0a8ef551cc18ce73fc30eb40b415fab0cdd20b80057a25a33ca2f9247b08978838df3587a3caf6e1a8e108c5a9a4f67dd75a94 |
memory/1388-1283-0x00007FF951290000-0x00007FF95129F000-memory.dmp
memory/1388-1282-0x00007FF94ABC0000-0x00007FF94ABE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_bz2.pyd
| MD5 | af3d45698d379c97a90cca9625bc5926 |
| SHA1 | 0783866af330c1029253859574c369901969208e |
| SHA256 | 47af0730824f96865b5e20f8bba34b0d5f3a330087411adba71269312bf7ccec |
| SHA512 | 117e95d2ba0432f5ece882ad67a3fbf2e2cd251b4327a0d66b3fffd444e2d1813ddb568321bde1636b4180d19607db6103df145153e4ff84e9be601fd2dd5691 |
memory/1388-1287-0x00007FF94CDA0000-0x00007FF94CDB9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_lzma.pyd
| MD5 | ab6a735ad62592c7c8ea0b06cb57317a |
| SHA1 | e27a0506800b5bbc2b350e39899d260164af2cd1 |
| SHA256 | 0ebdf15c1c6d59e49716dfb4601f0abe6383449c70db1a349c6ad486742144a8 |
| SHA512 | 9a285593cd8cc29844688723d8907e55a9f8a3109f9538cc4140912cc973f495de32779a4cd4a48dc62d680fdf81a5797e4e9c33f236a803082dfc3c00d02060 |
memory/1388-1289-0x00007FF947DA0000-0x00007FF947DCD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libcrypto-1_1.dll
| MD5 | 571796599d616a0d12aa34be09242c22 |
| SHA1 | 0e0004ab828966f0c8a67b2f10311bb89b6b74ac |
| SHA256 | 6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b |
| SHA512 | 7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\pyexpat.pyd
| MD5 | c498ed10d7245560412f9df527508b5c |
| SHA1 | b84b57a54a1a9c5631f4d0b8ac31694786cc822b |
| SHA256 | 297ec9e654500400ba5731101b65d29c14d0305ae9f6c05b9763f57ab150b07d |
| SHA512 | ab8bcf6e4a395944316e19aa7aa598e8bfeaa038f4ae086fcede6d01747b670896d640dbf4992630fcbd737d2be3ab627b7be8ad36437629671387f4aaf85957 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_uuid.pyd
| MD5 | cf378e1866edaa02db65a838f0e0ad8e |
| SHA1 | cc66b98b3289a126fa4cf960d89cbbecff0f5aa8 |
| SHA256 | caabfac7123e70906fafe3a34d11c0c87c62695b2716a5f95b032bb54982744e |
| SHA512 | cdb6fb5861fee4eeee49dd79ba164ef8538235b0b41e505dd59f1b5a79256390a4bb920ade9ff58abdc41c738ec6f316d387df4f588b673d8f324e5c1c32a9c5 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_hashlib.pyd
| MD5 | 7fd141630dfa2500f5bf4c61e2c2d034 |
| SHA1 | 0f8d1dfae2cbce1ad714c93216f01bf7001aabda |
| SHA256 | 689f0ac1d44481688cd4ae90b6f801176a52ff4bb4170c62575ea58f44452e15 |
| SHA512 | c6b7b1aefb7280f38d63f4ab84a349ebb696ca7300b7a451e7a994baff7e0a83fb4488c43ed3160b94dec74e0d27417d68913056b3006c8c6da11e39681f512e |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_tkinter.pyd
| MD5 | a7d7c6f515f5b49b1204d1376f7621cc |
| SHA1 | 42000eee9d23ac678103ad3067edfccd5043219f |
| SHA256 | 3b816042f0c47279b39a2d04347e115404fffbb01de35134fd7db279f55296bc |
| SHA512 | f54a3d79ac6a1f0bf88562c7cd004055d29f6bc05beb408e856fc5305f59f061b7a17556e008a549dd12aa9399c99e7fe2321cd5ec7324ab7ce3151b0454e9b8 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_ssl.pyd
| MD5 | df5a6f6c547300a7c87005eb0fafcfa0 |
| SHA1 | c792342e964a1c8a776e5203f3eee7908e6cad09 |
| SHA256 | dea09b9750c26813130ca32db0b4455796e12a3d61bb52066d5a53302bcce0ce |
| SHA512 | 018a79871faa2cf6a1644e96f10750ddccccd56436720faf760808b1997940f9bcd2866a4533b903058ab608629ff8ed46fadb788e4a6714b19775d557dd69b0 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_sqlite3.pyd
| MD5 | 1c5e0718dce15682d32185f1e1f8df7d |
| SHA1 | f59662db717663ed1589328c5749bb8b44a0d053 |
| SHA256 | 56f74ec6490b916c513b618635edaa22cb2374a92e5f79549c1e2b7c5c37f31d |
| SHA512 | 702f8348d2fe08ec10e0120129e64c12368c971ea52852cd0c7d26fd159f5b34bc808b9b318168aaa81366ed4944909e305d4e9727f0374d921eddb54ea22cf3 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_socket.pyd
| MD5 | 53dc1aa457a1e3b4f6c8baed19a6ca0a |
| SHA1 | 290a572e981cc5ce896dc52a53f112d9eaaefc39 |
| SHA256 | 26200892f616f859e82c167701ab866b8291eabbe808dd18c434cc80ebeedf19 |
| SHA512 | 460de92115288e0e95fd03837df775e5f34425784c18ab7e9ad0885511166371647a6f06d95ffa6c3437de69895d46cd4cddcda2841ccdb5ef268b1a857837e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_queue.pyd
| MD5 | 71955beaf83aca364ed64285021781ca |
| SHA1 | cac93d08f9085079fb32e6fc6d8e4fc8cd9115e6 |
| SHA256 | 3df280391d7275e73aef70af228bb21c03434147ae9fe31e8c620ea151e08b30 |
| SHA512 | 9b055a0273ace0f9b673e015a20c8867689090608fffaf85c54636f061cf595de1e6c9bfc2d8ea75fa4dd247b4af0493022f24d6a931b53e7f60009a85b45601 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_overlapped.pyd
| MD5 | ef52dc3e7d12795745e23487026a5b5e |
| SHA1 | 6c9f488a9eaabdc6db11ed2c32231d518a8b8f42 |
| SHA256 | b1b56328df4b19cf04586303f693979536253078fc7017b4ac4ae6d730296b1f |
| SHA512 | 8b3c311bf4a54eaa21fa1db058037b274bd3b9e838e844537269f8e0102ad47ca7181e73bbb4f5269100cfe82499bb0787bc04943b02e36ea0ab26bfa8e65326 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_multiprocessing.pyd
| MD5 | 241a977372d63b46b6ae4f7227579cc3 |
| SHA1 | 21c8fa02217ec69c5cc9a1cc9edaa5de6f8d9f91 |
| SHA256 | 04e56f1c6919f2987f205e9e3afa16d945eeaffa415c746104ccb7763c067f9c |
| SHA512 | 7aeaa94a5cd46d604370e430c72724b683e149af7e032c85708e33bfb94fb6a9ccc52c70bc701dfb94b4ae55d4e8acd8e394efb6cd81466fd9fa1a6addaa4ecc |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_elementtree.pyd
| MD5 | 777016029b5348ed129fce7fffd22811 |
| SHA1 | dd59c5191545b06a4d2ac857466d8c89549748ec |
| SHA256 | 013b79d359656fd9fe13838eb11124d48d7522c962f0df2725f80fc7b7d541bc |
| SHA512 | 3a88953481531e40b3cd918daa11dd0881dedf7d44dbc62ccd7ef08fd7a752e806edeb43d3f59d8dd6126724c7b4fbb6f7964e800e9478af6f242f8ad382b56a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_decimal.pyd
| MD5 | 9b801838394e97e30c99dcf5f9fcc8fa |
| SHA1 | 33fb049b2f98bcb2f2cb9508be2408a6698243be |
| SHA256 | 15668e03f9c55f07184ec9c048a8569f7d7ebd9ea6dbef145f1f3b581f8623f3 |
| SHA512 | 5f074c82f344ca43a07a59132fab59e3504e314a2f7673bfec906782b947daf8fe45a1b956f72502eae72f01369a3bb1fbb73b10dc605d43b889a6700bd98a28 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_cffi_backend.cp311-win_amd64.pyd
| MD5 | f5a0e3f73ad4002839a85ec9b5285cc0 |
| SHA1 | 2657e49964491d8b0784ab6ae157c767cf809673 |
| SHA256 | 34dff4546abf4cd9d1e605f215339e6816c3aa4ef3c6028afcf00cb6241dbccf |
| SHA512 | 81d683f45b6ea1b48d0e377779c9b87ddff5b8549f00ae375ebe617fbd00d0149639a2b5c1b42ea536bde786aea50025646311b3de243c48ed192014dcc9974b |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\_asyncio.pyd
| MD5 | 936e44a303a5957709434a0c6bf4532e |
| SHA1 | e35f0b78f61797d9277741a1ee577b5fe7af3d62 |
| SHA256 | 11f1062fafb4fbca92e3b2cef97ab66ec011142f5b0312e74815decd93be458b |
| SHA512 | cebe905b718825c1841e9c0e83dfdac95d0ff50b116ab3b91b05ca21f86f1482f5b1e13988c969244c644d17bd378792ac4967caa721f0b0e858cd92859af154 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\zlib1.dll
| MD5 | ee06185c239216ad4c70f74e7c011aa6 |
| SHA1 | 40e66b92ff38c9b1216511d5b1119fe9da6c2703 |
| SHA256 | 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466 |
| SHA512 | baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\unicodedata.pyd
| MD5 | 2b1809546e4bc9d67ea69d24f75edce0 |
| SHA1 | 9d076445dfa2f58964a6a1fd1844f6fe82645952 |
| SHA256 | 89cbb2814a75a5bd53acbfb1fe090ca8395c4a7f559acd4fe0187758c172623a |
| SHA512 | 5ae015add4697e8290eb881fa770bca2fa22ba8376b86b26f7880d4f92ad362e741042926a4c47cc3413c83f445e372ffda915bcf8567673d807bd2dac28fbbd |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\tk86t.dll
| MD5 | 7d85f7480f2d8389f562723090be1370 |
| SHA1 | edfa05dc669a8486977e983173ec61cc5097bbb0 |
| SHA256 | aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5 |
| SHA512 | a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\tcl86t.dll
| MD5 | 755bec8838059147b46f8e297d05fba2 |
| SHA1 | 9ff0665cddcf1eb7ff8de015b10cc9fcceb49753 |
| SHA256 | 744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130 |
| SHA512 | e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\sqlite3.dll
| MD5 | 605b722497acc50ffb33ebdb6afaf1f0 |
| SHA1 | e24c55472c827d4b519e5b6f0a3cfc49e10d1fa9 |
| SHA256 | a61016520a3f228285e32e40d878fe449450136c55aa9d4d7b54006a8dc7f339 |
| SHA512 | 9611afc66cd1236cea1fce94e8ecf8e4d2168db3b51d8d9a799b574e8523ca0aea48da6b6c15fc863dd737b9c394ac6e56d2f3fa45e29792b630da389cb21dc1 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\select.pyd
| MD5 | 0dc8f694b3e6a3682b3ff098bd2468f6 |
| SHA1 | 737252620116c6ac5c527f99d3914e608a0e5a74 |
| SHA256 | 818120c08358b6b4d1234b7456c7b5c777af8473e26314a6a6c0f37237d53208 |
| SHA512 | d0e704d52b0c5e24c07447a60d71ccec490ec15ecb6b4532b2e93ac07036bda7f27051f80dac1ef3705b0186f35f9d6dfc05415412e483b68fd79f1098411123 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\SDL2_ttf.dll
| MD5 | eb0ce62f775f8bd6209bde245a8d0b93 |
| SHA1 | 5a5d039e0c2a9d763bb65082e09f64c8f3696a71 |
| SHA256 | 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a |
| SHA512 | 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\SDL2_mixer.dll
| MD5 | b7b45f61e3bb00ccd4ca92b2a003e3a3 |
| SHA1 | 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc |
| SHA256 | 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095 |
| SHA512 | d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\SDL2_image.dll
| MD5 | 25e2a737dcda9b99666da75e945227ea |
| SHA1 | d38e086a6a0bacbce095db79411c50739f3acea4 |
| SHA256 | 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c |
| SHA512 | 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\SDL2.dll
| MD5 | ec3c1d17b379968a4890be9eaab73548 |
| SHA1 | 7dbc6acee3b9860b46c0290a9b94a344d1927578 |
| SHA256 | aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f |
| SHA512 | 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\portmidi.dll
| MD5 | 0df0699727e9d2179f7fd85a61c58bdf |
| SHA1 | 82397ee85472c355725955257c0da207fa19bf59 |
| SHA256 | 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61 |
| SHA512 | 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libwebp-7.dll
| MD5 | b0dd211ec05b441767ea7f65a6f87235 |
| SHA1 | 280f45a676c40bd85ed5541ceb4bafc94d7895f3 |
| SHA256 | fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e |
| SHA512 | eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libtiff-5.dll
| MD5 | ebad1fa14342d14a6b30e01ebc6d23c1 |
| SHA1 | 9c4718e98e90f176c57648fa4ed5476f438b80a7 |
| SHA256 | 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca |
| SHA512 | 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libjpeg-9.dll
| MD5 | c22b781bb21bffbea478b76ad6ed1a28 |
| SHA1 | 66cc6495ba5e531b0fe22731875250c720262db1 |
| SHA256 | 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd |
| SHA512 | 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libssl-1_1.dll
| MD5 | aabafc5d0e409123ae5e4523d9b3dee2 |
| SHA1 | 4d0a1834ed4e4ceecb04206e203d916eb22e981b |
| SHA256 | 84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831 |
| SHA512 | 163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libpng16-16.dll
| MD5 | 55009dd953f500022c102cfb3f6a8a6c |
| SHA1 | 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb |
| SHA256 | 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2 |
| SHA512 | 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libopusfile-0.dll
| MD5 | 2d5274bea7ef82f6158716d392b1be52 |
| SHA1 | ce2ff6e211450352eec7417a195b74fbd736eb24 |
| SHA256 | 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5 |
| SHA512 | 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libopus-0.x64.dll
| MD5 | e56f1b8c782d39fd19b5c9ade735b51b |
| SHA1 | 3d1dc7e70a655ba9058958a17efabe76953a00b4 |
| SHA256 | fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732 |
| SHA512 | b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libopus-0.dll
| MD5 | 3fb9d9e8daa2326aad43a5fc5ddab689 |
| SHA1 | 55523c665414233863356d14452146a760747165 |
| SHA256 | fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491 |
| SHA512 | f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libogg-0.dll
| MD5 | 0d65168162287df89af79bb9be79f65b |
| SHA1 | 3e5af700b8c3e1a558105284ecd21b73b765a6dc |
| SHA256 | 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24 |
| SHA512 | 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\crypto_clipper.json
| MD5 | 6f7984b7fffe835d59f387ec567b62ad |
| SHA1 | 8eb4ed9ea86bf696ef77cbe0ffeeee76f0b39ee0 |
| SHA256 | 519fc78e5abcdba889647540ca681f4bcb75ab57624675fc60d60ab0e8e6b1c5 |
| SHA512 | 51d11368f704920fa5d993a73e3528037b5416213eed5cf1fbbea2817c7c0694518f08a272ad812166e15fcc5223be1bf766e38d3ee23e2528b58500f4c4932a |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\libmodplug-1.dll
| MD5 | 2bb2e7fa60884113f23dcb4fd266c4a6 |
| SHA1 | 36bbd1e8f7ee1747c7007a3c297d429500183d73 |
| SHA256 | 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b |
| SHA512 | 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2 |
C:\Users\Admin\AppData\Local\Temp\_MEI48162\freetype.dll
| MD5 | 04a9825dc286549ee3fa29e2b06ca944 |
| SHA1 | 5bed779bf591752bb7aa9428189ec7f3c1137461 |
| SHA256 | 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde |
| SHA512 | 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec |
memory/1388-1339-0x00007FF9470C0000-0x00007FF9470EE000-memory.dmp
memory/1388-1342-0x00007FF94ABC0000-0x00007FF94ABE4000-memory.dmp
memory/1388-1341-0x00007FF946F10000-0x00007FF946FC8000-memory.dmp
memory/1388-1340-0x00007FF947110000-0x00007FF9476F8000-memory.dmp
memory/1388-1336-0x00007FF9505D0000-0x00007FF9505DD000-memory.dmp
memory/1388-1335-0x00007FF9470F0000-0x00007FF947109000-memory.dmp
memory/1388-1332-0x00007FF944DF0000-0x00007FF945165000-memory.dmp
memory/1388-1330-0x00007FF94BC80000-0x00007FF94BC94000-memory.dmp
memory/1388-1343-0x00007FF94ABB0000-0x00007FF94ABBD000-memory.dmp
memory/1388-1344-0x00007FF947A70000-0x00007FF947A7B000-memory.dmp
memory/1388-1345-0x00007FF947090000-0x00007FF9470B7000-memory.dmp
memory/1388-1346-0x00007FF944CD0000-0x00007FF944DEC000-memory.dmp
memory/1388-1360-0x00007FF946E70000-0x00007FF946E7B000-memory.dmp
memory/1388-1367-0x00007FF9470F0000-0x00007FF947109000-memory.dmp
memory/1388-1366-0x00007FF946E80000-0x00007FF946E8B000-memory.dmp
memory/1388-1368-0x00007FF9470C0000-0x00007FF9470EE000-memory.dmp
memory/1388-1369-0x00007FF944CB0000-0x00007FF944CC5000-memory.dmp
memory/1388-1365-0x00007FF9460B0000-0x00007FF9460BC000-memory.dmp
memory/1388-1364-0x00007FF946E20000-0x00007FF946E32000-memory.dmp
memory/1388-1363-0x00007FF946E40000-0x00007FF946E4D000-memory.dmp
memory/1388-1362-0x00007FF946E50000-0x00007FF946E5B000-memory.dmp
memory/1388-1361-0x00007FF946E60000-0x00007FF946E6C000-memory.dmp
memory/1388-1359-0x00007FF946E90000-0x00007FF946E9C000-memory.dmp
memory/1388-1358-0x00007FF944DF0000-0x00007FF945165000-memory.dmp
memory/1388-1371-0x00007FF944C90000-0x00007FF944CA2000-memory.dmp
memory/1388-1370-0x00007FF946F10000-0x00007FF946FC8000-memory.dmp
memory/1388-1357-0x00007FF947040000-0x00007FF94704B000-memory.dmp
memory/1388-1356-0x00007FF946EA0000-0x00007FF946EAE000-memory.dmp
memory/1388-1355-0x00007FF946EB0000-0x00007FF946EBD000-memory.dmp
memory/1388-1354-0x00007FF946EC0000-0x00007FF946ECC000-memory.dmp
memory/1388-1353-0x00007FF946ED0000-0x00007FF946EDB000-memory.dmp
memory/1388-1352-0x00007FF946EE0000-0x00007FF946EEC000-memory.dmp
memory/1388-1351-0x00007FF946EF0000-0x00007FF946EFB000-memory.dmp
memory/1388-1350-0x00007FF946F00000-0x00007FF946F0C000-memory.dmp
memory/1388-1348-0x00007FF947050000-0x00007FF947087000-memory.dmp
memory/1388-1347-0x00007FF94BC80000-0x00007FF94BC94000-memory.dmp
memory/1388-1349-0x00007FF947030000-0x00007FF94703B000-memory.dmp
memory/1388-1372-0x00007FF944C70000-0x00007FF944C84000-memory.dmp
memory/1388-1373-0x00007FF944C40000-0x00007FF944C62000-memory.dmp
memory/1388-1374-0x00007FF944C20000-0x00007FF944C3B000-memory.dmp
memory/1388-1376-0x00007FF944C00000-0x00007FF944C19000-memory.dmp
memory/1388-1375-0x00007FF947090000-0x00007FF9470B7000-memory.dmp
memory/1388-1377-0x00007FF944CD0000-0x00007FF944DEC000-memory.dmp
memory/1388-1378-0x00007FF944BB0000-0x00007FF944BFD000-memory.dmp
memory/1388-1382-0x00007FF9460A0000-0x00007FF9460AA000-memory.dmp
memory/1388-1381-0x00007FF944B50000-0x00007FF944B82000-memory.dmp
memory/1388-1380-0x00007FF944B90000-0x00007FF944BA1000-memory.dmp
memory/1388-1379-0x00007FF947050000-0x00007FF947087000-memory.dmp
memory/1388-1383-0x00007FF944B30000-0x00007FF944B4E000-memory.dmp
memory/1388-1385-0x00007FF93FFB0000-0x00007FF94000D000-memory.dmp
memory/1388-1384-0x00007FF944CB0000-0x00007FF944CC5000-memory.dmp
memory/1388-1386-0x00007FF944C90000-0x00007FF944CA2000-memory.dmp
memory/1388-1387-0x00007FF93FF80000-0x00007FF93FFA9000-memory.dmp
memory/1388-1388-0x00007FF93FF50000-0x00007FF93FF7E000-memory.dmp
memory/1388-1390-0x00007FF93FF20000-0x00007FF93FF43000-memory.dmp
memory/1388-1392-0x00007FF936280000-0x00007FF9363F3000-memory.dmp
memory/1388-1391-0x00007FF944C20000-0x00007FF944C3B000-memory.dmp
memory/1388-1389-0x00007FF944C40000-0x00007FF944C62000-memory.dmp
memory/1388-1394-0x00007FF93D220000-0x00007FF93D238000-memory.dmp
memory/1388-1393-0x00007FF944C00000-0x00007FF944C19000-memory.dmp
memory/1388-1396-0x00007FF93C070000-0x00007FF93C07B000-memory.dmp
memory/1388-1395-0x00007FF944BB0000-0x00007FF944BFD000-memory.dmp
memory/1388-1397-0x00007FF944B50000-0x00007FF944B82000-memory.dmp
memory/1388-1398-0x00007FF93C060000-0x00007FF93C06B000-memory.dmp
memory/1388-1405-0x00007FF93BF90000-0x00007FF93BF9E000-memory.dmp
memory/1388-1404-0x00007FF93BFA0000-0x00007FF93BFAD000-memory.dmp
memory/1388-1403-0x00007FF93BFB0000-0x00007FF93BFBC000-memory.dmp
memory/1388-1402-0x00007FF93BFC0000-0x00007FF93BFCB000-memory.dmp
memory/1388-1401-0x00007FF93C030000-0x00007FF93C03C000-memory.dmp
memory/1388-1400-0x00007FF93C040000-0x00007FF93C04B000-memory.dmp
memory/1388-1399-0x00007FF93C050000-0x00007FF93C05C000-memory.dmp
memory/1388-1406-0x00007FF93FF80000-0x00007FF93FFA9000-memory.dmp
memory/1388-1407-0x00007FF93BF80000-0x00007FF93BF8C000-memory.dmp
memory/1388-1410-0x00007FF93BF70000-0x00007FF93BF7B000-memory.dmp
memory/1388-1417-0x00007FF93BEE0000-0x00007FF93BEEC000-memory.dmp
memory/1388-1416-0x00007FF936540000-0x00007FF936552000-memory.dmp
memory/1388-1415-0x00007FF93BEF0000-0x00007FF93BEFD000-memory.dmp
memory/1388-1419-0x00007FF936500000-0x00007FF936535000-memory.dmp
memory/1388-1418-0x00007FF93D220000-0x00007FF93D238000-memory.dmp
memory/1388-1420-0x00007FF9361C0000-0x00007FF93627C000-memory.dmp
memory/1388-1414-0x00007FF93BF00000-0x00007FF93BF0B000-memory.dmp
memory/1388-1413-0x00007FF93BF10000-0x00007FF93BF1C000-memory.dmp
memory/1388-1412-0x00007FF936280000-0x00007FF9363F3000-memory.dmp
memory/1388-1411-0x00007FF93FF20000-0x00007FF93FF43000-memory.dmp
memory/1388-1409-0x00007FF93FF50000-0x00007FF93FF7E000-memory.dmp
memory/1388-1408-0x00007FF93BF60000-0x00007FF93BF6B000-memory.dmp
memory/1388-1421-0x00007FF9364D0000-0x00007FF9364FB000-memory.dmp
memory/1388-1422-0x00007FF935F70000-0x00007FF9361B9000-memory.dmp
memory/1388-1423-0x00007FF9357E0000-0x00007FF935F6A000-memory.dmp
memory/1388-1424-0x00007FF935780000-0x00007FF9357D5000-memory.dmp
memory/1388-1425-0x00007FF93BF60000-0x00007FF93BF6B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kowxwovj.siw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1388-1468-0x00007FF947110000-0x00007FF9476F8000-memory.dmp
memory/1388-1494-0x00007FF92E4E0000-0x00007FF92E555000-memory.dmp
memory/1388-1493-0x00007FF9460A0000-0x00007FF9460AA000-memory.dmp
memory/1388-1492-0x00007FF944B50000-0x00007FF944B82000-memory.dmp
memory/1388-1491-0x00007FF944B90000-0x00007FF944BA1000-memory.dmp
memory/1388-1490-0x00007FF944BB0000-0x00007FF944BFD000-memory.dmp
memory/1388-1489-0x00007FF944C00000-0x00007FF944C19000-memory.dmp
memory/1388-1488-0x00007FF944C20000-0x00007FF944C3B000-memory.dmp
memory/1388-1487-0x00007FF944C40000-0x00007FF944C62000-memory.dmp
memory/1388-1486-0x00007FF944C70000-0x00007FF944C84000-memory.dmp
memory/1388-1485-0x00007FF944C90000-0x00007FF944CA2000-memory.dmp
memory/1388-1484-0x00007FF944CB0000-0x00007FF944CC5000-memory.dmp
memory/1388-1483-0x00007FF947050000-0x00007FF947087000-memory.dmp
memory/1388-1482-0x00007FF944CD0000-0x00007FF944DEC000-memory.dmp
memory/1388-1481-0x00007FF947090000-0x00007FF9470B7000-memory.dmp
memory/1388-1480-0x00007FF947A70000-0x00007FF947A7B000-memory.dmp
memory/1388-1479-0x00007FF94ABB0000-0x00007FF94ABBD000-memory.dmp
memory/1388-1478-0x00007FF946F10000-0x00007FF946FC8000-memory.dmp
memory/1388-1477-0x00007FF9470C0000-0x00007FF9470EE000-memory.dmp
memory/1388-1474-0x00007FF944DF0000-0x00007FF945165000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI49482\cryptography-43.0.3.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/3748-2833-0x00007FF947530000-0x00007FF947567000-memory.dmp
memory/3748-2854-0x00007FF947090000-0x00007FF9470B2000-memory.dmp
memory/3748-2853-0x00007FF9470C0000-0x00007FF9470D4000-memory.dmp
memory/3748-2852-0x00007FF9470E0000-0x00007FF9470F2000-memory.dmp
memory/3748-2851-0x00007FF947100000-0x00007FF947115000-memory.dmp
memory/3748-2850-0x00007FF947120000-0x00007FF94712C000-memory.dmp
memory/3748-2849-0x00007FF947130000-0x00007FF947142000-memory.dmp
memory/3748-2848-0x00007FF947150000-0x00007FF94715D000-memory.dmp
memory/3748-2847-0x00007FF947160000-0x00007FF94716B000-memory.dmp
memory/3748-2846-0x00007FF947170000-0x00007FF94717C000-memory.dmp
memory/3748-2845-0x00007FF947180000-0x00007FF94718B000-memory.dmp
memory/3748-2844-0x00007FF947480000-0x00007FF94748B000-memory.dmp
memory/3748-2843-0x00007FF947490000-0x00007FF94749C000-memory.dmp
memory/3748-2842-0x00007FF9474A0000-0x00007FF9474AE000-memory.dmp
memory/3748-2841-0x00007FF9474B0000-0x00007FF9474BD000-memory.dmp
memory/3748-2840-0x00007FF9474C0000-0x00007FF9474CC000-memory.dmp
memory/3748-2839-0x00007FF9474D0000-0x00007FF9474DB000-memory.dmp
memory/3748-2838-0x00007FF9474E0000-0x00007FF9474EC000-memory.dmp
memory/3748-2837-0x00007FF9474F0000-0x00007FF9474FB000-memory.dmp
memory/3748-2836-0x00007FF947500000-0x00007FF94750C000-memory.dmp
memory/3748-2835-0x00007FF947510000-0x00007FF94751B000-memory.dmp
memory/3748-2834-0x00007FF947520000-0x00007FF94752B000-memory.dmp
memory/3748-2832-0x00007FF947190000-0x00007FF9472AC000-memory.dmp
memory/3748-2831-0x00007FF947570000-0x00007FF947597000-memory.dmp
memory/3748-2830-0x00007FF947A70000-0x00007FF947A7B000-memory.dmp
memory/3748-2828-0x00007FF9475A0000-0x00007FF947658000-memory.dmp
memory/3748-2827-0x00007FF947660000-0x00007FF94768E000-memory.dmp
memory/3748-2824-0x00007FF936080000-0x00007FF9363F5000-memory.dmp
memory/3748-2823-0x00007FF94BC80000-0x00007FF94BC94000-memory.dmp
memory/3748-2822-0x00007FF947DA0000-0x00007FF947DCD000-memory.dmp
memory/3748-2818-0x00007FF944B80000-0x00007FF945168000-memory.dmp
memory/3748-2829-0x00007FF94ABB0000-0x00007FF94ABBD000-memory.dmp
memory/3748-2826-0x00007FF9505D0000-0x00007FF9505DD000-memory.dmp
memory/3748-2825-0x00007FF947690000-0x00007FF9476A9000-memory.dmp
memory/3748-2821-0x00007FF94CDA0000-0x00007FF94CDB9000-memory.dmp
memory/3748-2820-0x00007FF951290000-0x00007FF95129F000-memory.dmp
memory/3748-2819-0x00007FF94ABC0000-0x00007FF94ABE4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\d7a812d7-a723-44b3-b15b-7bc644df53ef
| MD5 | 0747598a37caf69dbe5cd4fa3bd4c5b4 |
| SHA1 | 54e7fd501b459f714fed01924d8b6fb378fc1edb |
| SHA256 | c3f3951d390fef9f25669e3b303afb948ea424b0a2cfddebe112bb3f635a8eef |
| SHA512 | ac624aae8b611694cf2417c88f8838d4aeae8934b14950188368f6085aa7b0b1d90080465591d6c9e30f22d966fd5b809d34d48af9f21e65f9a586efde78b6bd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\31a378ad-6255-4499-a761-f6d3fca22f83
| MD5 | b898ae352476653195875a7d81a6a5c8 |
| SHA1 | 19e46b7e86b0a39edd957a92530c444f10e73b53 |
| SHA256 | d49833d8f0e115c03ebae39fba3e16de5a1824ca86edecec30f571c7f32c4441 |
| SHA512 | 7ae743bcebd1b95496f1c72cfee4056cffd363b57f12a1f3f3e691bf7169f9c2ecdb22907279669da3a259ba414d84c9a8a90735cfceb48e83bab78d1a4ee145 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\030c34dd-07ec-4215-a0e8-547c1754a43c
| MD5 | 15fdc44b7ae74bfcf6e6fdfec5abaed5 |
| SHA1 | d755be67932a19a9ddec9921b26f9f3017595dca |
| SHA256 | 741bee8edb4bac5e5f64f9375a36d5914f12db5d44c4a162a4b5b665801fbef2 |
| SHA512 | 0f399a624e79f66fd161fd40af7f4083739044ad42f04fb21432ccef544c5cc9af8eeeec58191fb41780514719fb6bb964d84a62b05e3a0c5c6551afba24d31c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1b094f15fe5525e2ad9dfa2b8aa4e605 |
| SHA1 | a016479e8d05fef3a3059ac79eb9394f7576caa5 |
| SHA256 | a39eb43f3d350377260b8bd3c8e74b942277ef2eae23c186d856b3c37ef6c2d6 |
| SHA512 | daa4aaebc67aa6da141d2f98374e5a493544d2fc10c78c216a4174d85badb2ba3be6bb864e6e81772410a9bc191b1be98d12c1f388aca186a93595e244b96e35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9fb5e83f83e4be1b47a104683b78d544 |
| SHA1 | 41cd5f88f3e5554694a1d90395ab5da402473563 |
| SHA256 | c4a0d63b61d2de03a332500ea0dd972bd9d41fba7138c2ff82ff62cee3cc42fa |
| SHA512 | ef0af4ad393252e2891ff924f7286dcbf3a2b53e225b011c5d9266d54be4f132c46a122f087b7fe6b217ea61d5cf7af051bdb329fac721624f951ae686c37c9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 62b4f944e4f4d24143a47512db76e21b |
| SHA1 | 7f59c7d7c3a119debbc4f6eeae23ba1a5fc994c5 |
| SHA256 | 37828fbe5bbd5c7153a5f757d99ae4344f4e400095d464394113ff26cb2405e4 |
| SHA512 | f18b2e6d4d3bb2d14a7d4f8d413015b76daec96f65ddbab40bb4e429626d175e45c1af361a7b354a769261b8fdc3d95d48870134fd3b1ee374a84ec62b33422b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
| MD5 | 3190c26f16fc8ca2829a7effc62d028b |
| SHA1 | 4adce4dbe9e168ca5eea2801b9fcee31391aa4dd |
| SHA256 | f4e7a322ac45d6e174d1007d14ffe461af53f5f940177f8205dfef81b938b030 |
| SHA512 | 5e49c18673d9de1c79ba354be674e17fdb82e3c0c570f007cf696ac220661eb4e27681cf4796df720270575002f1ec37457efc3bf8220058b4763fbb54a333c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs.js
| MD5 | b493d47b3125936f47d68fc8bb19ab1e |
| SHA1 | be0dd1ecca723644597a79ac27bf1a644ac87883 |
| SHA256 | 5f664a5b37ab9c89ddbaee34d95fa4ca50e0268fefc1a36763e939d82368a7d4 |
| SHA512 | 1aa501e6457093014eb5c9dece730c90f645935510190cb65b12834ead0fc449c78dd728929748a4a803f717fe4d1fbc491556baa616ecb1ee3473376c36ef3f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | 5d83bf87d4435ec1c82063b05784b013 |
| SHA1 | 30564adc4119dfe507e4168cd8dd8657f7916ca0 |
| SHA256 | 3f0d610adb5a9acfbad616814cce5caafa80fe8616dc87a89b100f82288057da |
| SHA512 | 7821b3b1133722eacd6c810cc51a3c9c6aca02ac570b80c6d1b193dd7fbfe378f59d5218e17b3f23fbf4831d200d17671de70e28f8e5b3a2459752cf0986de4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
| MD5 | c0e87c9f75f4cae935ba78c07b4672b5 |
| SHA1 | a7d8323322080fd7eff7b27000572e9eb916a030 |
| SHA256 | 4d008da317df6d94544c1948a7257c99dbba501c44bc89d4347f1252be44e57f |
| SHA512 | 641f222451ffbfab0415d48c308d81733be381abfd52d97bcf522583dbe734ee35f4e8ccfd8efa331fbb7724c96e8e157694f83d27db802e4876f6381b601f81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6577e1a55e9127a1a6b1a80ba172def4 |
| SHA1 | 9d962aa58f1be11952da472c2f8b3d7f59ffb5c6 |
| SHA256 | b947ff4735786bbd7c4c429abeec9fe8a77598a6f3b22c4301a1e0c50f521783 |
| SHA512 | ec9d218397701b1ca98289721f86c4f3919b592ced922700bb57cfaac74029f1adf208cfa7684c65ea9c7e7ace27593e2f1723412f1c86b382361b3075876d47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | a4b108086e722a3239d9bfc7c23ae71e |
| SHA1 | 18a11daa9b9c9ebff3c89b637634791c4a9c4eca |
| SHA256 | 00adc37c4f79d4205d01f76d0d841e981c46b1d68e94c9e6facd5ae8d28b5478 |
| SHA512 | 69e345b4665f812e116f8e51dd99ca08f31ef4a422ad4f1e8c87fa93fcbcce7e27c36d11d88daa99ba64c9f997757669d6ccfc85dae725ebe16fec5f4aaf3b1f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 32ff185a366f35b045b802ef00200df9 |
| SHA1 | f8b3093961f8d61346dc13d72f8caa3f30a2bc14 |
| SHA256 | 25e3361f817da4fe63510b25bcf1a2ede7550951428be3c7bae966ab97ed1b4f |
| SHA512 | ef56cd30be61f04ce800e3be04cf2e0e5abb1762a238435cba9a8a67feaeb2b1f0739001ca6d5c7ecb172079c262e216a0792808e6b5e76da2a1623ceb0bb106 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
| MD5 | bdd76f55dbdea4a98ab397f3ccd5bd3d |
| SHA1 | 8d076be55cd2f35ae904b54c834f9e3f699c14a9 |
| SHA256 | e645f110aa0857a7e1da073aca3376b54a90395edcbc147b0401385ddb99c354 |
| SHA512 | ce6df7904749ed601fb931e33dd3bc9c9592c754141ca2b5edf1c73dc9eb36ca62318c85d199994fe498789ad87af33e39dbb957876d1484a6e8eb52f28c905c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 711f1a880c08e1f7867f1bdd117320b7 |
| SHA1 | 50c2d0859f6fd41024d486e2ab537507b975991d |
| SHA256 | f868e98aa21c341e365d73e301d87c006b557033d8d7b2808fed207734fe5143 |
| SHA512 | 885c2abd9047727b33ea760836cbbe4eaf5fddc08375a8b37840c99332131f0f7164f87c0abeb4523f42262349ab12a1c22c12813a9d81d6955c7d20b41a9a0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5e10a93e9072851a3f33b0cc9e069ea2 |
| SHA1 | 7ae0b11086af3c77bc9e9f5ed6a4e16ccbb475e2 |
| SHA256 | eb42905b6d958916efd553b17cfca09fdaab14bef437df410a55cb8b3a547cbb |
| SHA512 | ad0ba7958ca2ea0bac50036b67ad56c84e7d8388b5a317013d4c700b428bf9285d34241da0b980c219d027efcecd5a2c7644e66ea9e74268bf67b7c09494332b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionCheckpoints.json
| MD5 | a0821bc1a142e3b5bca852e1090c9f2c |
| SHA1 | e51beb8731e990129d965ddb60530d198c73825f |
| SHA256 | db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2 |
| SHA512 | 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2190f39f87eab0aeeae23169208e4cd5 |
| SHA1 | 08699d5efcff9eee8de981293699e1de2e513116 |
| SHA256 | de6e72b5af94ab2d6a9f0937483600e4f5aa5ddd55c59ecb80b800702f8ae79c |
| SHA512 | 9d6bef071cfcc08fce2e70a23af74a67b7a2e30d1d7fc7ac5309fe20b17e5b3df6859ce2235d90114763391623515f420b463c83896ad55803d2cdf141c6f1e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6145b1a21d5281558423208031430d2c |
| SHA1 | 07f2f6b9fc8ee1729f24312ac570aa98bb80ddd1 |
| SHA256 | c8f7e1f6b6bc83b568adecb82017ba83f947888fbb8362932e676c7be861e4bb |
| SHA512 | 635e378734fb911ecc23e848c579fa53137eedb4dcaaf99be36412aa37420530a3c0bce0ada8c7128e53e72755197ffdebeae9d341dad8275d5fc368b9c0c61d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\244e31d0-3053-4ca9-b58a-a84ea9d8ed58
| MD5 | 08bf754aa63054d1f1eeaad5a0ea582a |
| SHA1 | 1fd88bd065fff46500999574dc9fdecfe0633663 |
| SHA256 | fb1f9e0b9eaedeff79b2ae9cff84c674bd20147686212d15a37d1344bf6d8b1f |
| SHA512 | 893ae0f154c7f51970b11b389378bd65553bef8f4a36b6b3b12a03ea3d9256ec7a19302a7251980e3a9a21c3d3f88148bebd59e6a5ef21b6ac1924c9b43b9166 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ff42f4b81d8dff92471d4a6624ac050e |
| SHA1 | a5991613fb277f7e46d52d79c57d885becfd673f |
| SHA256 | fc25fac0ae1208ac939a0ee973466357a92cf4eca1441cee0fa46d0a51559959 |
| SHA512 | 504349ef796bd98335708d3bbf7a9d2d0e2371548ce10844d56c1c397265856e10a3e6460901bfeddadcfd64132ffd0432c1d9755e882d92ca2a226b72e1adee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\191652ff-b147-43e2-97e5-d83bcd63bfa8
| MD5 | 081890e5dc7e5e1a506106b66fd84eea |
| SHA1 | 667e9371572a7ece82497e31b8df9f3511ec4f34 |
| SHA256 | 6bb4fca92e37e8533a47f67c8119be83540b713713e8d44a640e10572c91061a |
| SHA512 | 172b0945f6d4e4344552d0b054a62595c5b6f90623ccf5897010b0c8e11b81cbd8678dd0cb1abc7b05dd40401df229594842e7786410b982a01c2e2b086fbe7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\c64e6839-cbfb-4cb6-8781-cfa75d63f1b4
| MD5 | f340f43138ac4ef5102d77986727f460 |
| SHA1 | c74b2dde281d395bb76c28e9181e198154f1f051 |
| SHA256 | d6a012af6dcdaa96d78ac2c8c26a090fa31abb8b975bbc0ed5b23eb13311fba3 |
| SHA512 | 3214461b56e8a2a74d73cdf8ef43621509dfffe8d3d351f42bf2e116ed67e30fd44fee751510cade02b4411514e9dbdc663494d19b6bb772e7ad98713afc2e6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | eee410693ce56b88e4ed506ea1662b6a |
| SHA1 | c345cc4d636ec52d59584063a218f579d7e37204 |
| SHA256 | 8d9f34cf63bf27656abc003f0bcc20dcfc70b9da428682b4e159cb7845d16c53 |
| SHA512 | 83cb2936c390032e33a37941fe2310951b3600bc46945e83223e3b0b71990adda73049aeb19836df5f61375e6bb2e979553f60dfa251f6dd848da4e0b9a3e30b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\startupCache\webext.sc.lz4
| MD5 | 7e8543eb06d81601898b606b369af98c |
| SHA1 | dbb0015597783bed30275c4d1f2a6d0f020c6580 |
| SHA256 | 91bad66513366de1cabe24e95c8c328c79c244a094bc4507dcd214e0e1a103a1 |
| SHA512 | 0cb8bc3e8a1e6dabe68b1ab605bf2c94d2a05f379141dd7a0babdf4878fb4e365617ad9d5b7e031b0c69cffcb6d51a9bf6dcf83856a8fedc3256609a14721893 |