Malware Analysis Report

2025-06-15 20:18

Sample ID 241215-wkrg7s1qhz
Target source_prepared.exe
SHA256 e2373c15090105d358c3ef7fa4ed03c6cd5a6a55a2db6efb020643e03a87d26a
Tags
pyinstaller pysilon upx discovery evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e2373c15090105d358c3ef7fa4ed03c6cd5a6a55a2db6efb020643e03a87d26a

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx discovery evasion execution persistence

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Sets file to hidden

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

UPX packed file

Browser Information Discovery

Detects Pyinstaller

Unsigned PE

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Modifies data under HKEY_USERS

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-15 17:59

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-15 17:59

Reported

2024-12-15 18:02

Platform

win7-20240903-en

Max time kernel

119s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22282\ucrtbase.dll

MD5 b76f01ae50ce43187be1d701b51ca644
SHA1 cb59f1ff16f8f3996646930f02d3090422c64a02
SHA256 903806c8888e3c9ac0212ed50be6889c21cf4fd12f49931da8b548b5326a0bf8
SHA512 d0962bdc5439c7068d67e59d6434606581744daf41a628c083ae147936074f489b44dca8dd737a6766dcdc2b99a2cb7e5cbc79e13e0d9b661f77acd13a9c5300

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l1-2-0.dll

MD5 d54860bc805f73cd8e7e3fe05d544108
SHA1 b6184d9f4477e482801a0fa1f27b868533873d1d
SHA256 68e28b5944193ab45be2cc14e49424ba0c5d8713bb6b027e96ff1c16147f19a3
SHA512 22dffca161acdad3bcda6bc83ca63d4cedcbfd47b1b3549e98fc95d9b85ce2d49576f3ee3fc150da2e353731bf8d98e4eb3db80ba3913b32e783289905376a3a

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-localization-l1-2-0.dll

MD5 c8cfb99f387edd7ee3677d10faed635e
SHA1 f5d0776b3e58ba231dfd5ff5e3a63860652b7ee5
SHA256 361ebbef6e0d77624560b87d888464b331403e09845836a04f5800682aa4ed48
SHA512 1332ae54f4af98365b973fe82311a09cec2a92e07f0ef56512bf3e2a3eef9d45e9484a74eae20df6a7fe44b6758bd6aedd16bc96ae866f2536a7c906f7535af0

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-processthreads-l1-1-1.dll

MD5 ab08093ceb1da2c238f28dec5e2db51e
SHA1 f3c97f9aea448b503390794b56d0cc1e5795e4d5
SHA256 92bb2dd3172befd83dc039deb83577efc0f4e42390aa3d428d6f296bd3f462fa
SHA512 146ebbdee11ebe472c6f45836a5051cb6c53db04bd8d2745fe2097b73b6fb410c1525883271e192523533789318f7825aa678bcba8b0f1d5f354506b4d4ddd11

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-timezone-l1-1-0.dll

MD5 6d5cff14d7b266bc9cfdeefb0a05d2a8
SHA1 5d76f1a5e3ac3caf2c7cd19590e8e578f55c1ccc
SHA256 bc0a3295b1e552f47f7034d47dcaa9123caa9423d202df5737b9301d68cb6667
SHA512 5af85dde1bef032893b4e5fdf4584ddc51dd33cc73be1e37f230544f6df383927995027bd5097ad23d0248e3980b66767698177c8ee8d61d309ab5dbb6ce3662

C:\Users\Admin\AppData\Local\Temp\_MEI22282\api-ms-win-core-file-l2-1-0.dll

MD5 51cdd94858eadfa992e3a397aae6a4ee
SHA1 6fe3a27f11c13fdd680802eb8c6f87a7a92518d6
SHA256 57cb180884f33b064957d9c1dd509bb5e8fd541e9458b84d88e025790c1dc986
SHA512 42702b377322fcd6e7090a01c262ce3a04a95154ff327a40841add210f678287658ad097e32bd53f23d88878cbe7625d868b7adfac042cdbc0f48e8e59b7504e

C:\Users\Admin\AppData\Local\Temp\_MEI22282\python311.dll

MD5 476ab587f630eb4f9c21e88a065828b0
SHA1 d563e0d67658861a5c8d462fcfa675a6840b2758
SHA256 7cf19201904e4e7db4e5e44cd92d223fb94ddd43da04a03d11e388bf41686b8b
SHA512 3d67e49a09777e6fab36c37cf3a7c2768382eb1c850638b0064e2b00479f74251bb70290fe62971944344ee88b7803ee1697a374a62c7f7c45a556c820800676

memory/316-1322-0x000007FEF6190000-0x000007FEF6780000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-12-15 17:59

Reported

2024-12-15 18:01

Platform

win10v2004-20241007-en

Max time kernel

123s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A
N/A N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Temp Spoofer = "C:\\Users\\Admin\\Temp Spoofer\\kernelspoofer.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787592066659822" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4468 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4468 wrote to memory of 4648 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
PID 4648 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4648 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4648 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4648 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4648 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4648 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe C:\Windows\system32\cmd.exe
PID 4528 wrote to memory of 3572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4528 wrote to memory of 3572 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\attrib.exe
PID 4528 wrote to memory of 3580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Temp Spoofer\kernelspoofer.exe
PID 4528 wrote to memory of 3580 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Temp Spoofer\kernelspoofer.exe
PID 4528 wrote to memory of 3448 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4528 wrote to memory of 3448 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3580 wrote to memory of 5384 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Users\Admin\Temp Spoofer\kernelspoofer.exe
PID 3580 wrote to memory of 5384 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Users\Admin\Temp Spoofer\kernelspoofer.exe
PID 5384 wrote to memory of 5408 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Windows\system32\cmd.exe
PID 5384 wrote to memory of 5408 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Windows\system32\cmd.exe
PID 5384 wrote to memory of 5680 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 5384 wrote to memory of 5680 N/A C:\Users\Admin\Temp Spoofer\kernelspoofer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 6088 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 2140 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 6088 wrote to memory of 1772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c4 0x49c

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Temp Spoofer\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Temp Spoofer\activate.bat""

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Temp Spoofer\kernelspoofer.exe

"kernelspoofer.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\Temp Spoofer\kernelspoofer.exe

"kernelspoofer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Temp Spoofer\""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab5e6cc40,0x7ffab5e6cc4c,0x7ffab5e6cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1852,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell (Get-CimInstance Win32_ComputerSystemProduct).UUID

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4856 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4504,i,13235597430278718955,8824856451890793271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
N/A 127.0.0.1:55640 tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
FR 172.217.20.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 chrome.google.com udp
FR 142.250.179.78:443 chrome.google.com tcp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44682\ucrtbase.dll

MD5 b76f01ae50ce43187be1d701b51ca644
SHA1 cb59f1ff16f8f3996646930f02d3090422c64a02
SHA256 903806c8888e3c9ac0212ed50be6889c21cf4fd12f49931da8b548b5326a0bf8
SHA512 d0962bdc5439c7068d67e59d6434606581744daf41a628c083ae147936074f489b44dca8dd737a6766dcdc2b99a2cb7e5cbc79e13e0d9b661f77acd13a9c5300

C:\Users\Admin\AppData\Local\Temp\_MEI44682\python311.dll

MD5 476ab587f630eb4f9c21e88a065828b0
SHA1 d563e0d67658861a5c8d462fcfa675a6840b2758
SHA256 7cf19201904e4e7db4e5e44cd92d223fb94ddd43da04a03d11e388bf41686b8b
SHA512 3d67e49a09777e6fab36c37cf3a7c2768382eb1c850638b0064e2b00479f74251bb70290fe62971944344ee88b7803ee1697a374a62c7f7c45a556c820800676

C:\Users\Admin\AppData\Local\Temp\_MEI44682\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/4648-1314-0x00007FFABF610000-0x00007FFABFC00000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44682\base_library.zip

MD5 b8c83ea24ecac970730a1821796e4554
SHA1 e2d7fd9659a042ae7e8772798da4e486e4b5cbb6
SHA256 0ca9f36dd9ade9b208a1ac5a2f33cdd4d6abb99378bbfdfddf7be20d62b3f6f2
SHA512 9e03b9d6e05da7c530319e9b0689c6cef03c518efbb30cd9535f73b98bd0dbdbf8d7670201456c673fa95342bb657ded95c5f16b842bd1958360439f10dd6471

C:\Users\Admin\AppData\Local\Temp\_MEI44682\_ctypes.pyd

MD5 7c1116e1656d8ab1192d927e8dd9607e
SHA1 5df70de7ed358a5cf95d3ef16bdd53db74c1e2f0
SHA256 a0ab67ea3f27337ed0873d07901eff16f0e6eb58fa7436bb0bde15a35516acc3
SHA512 004bdff5a4d76ad0d7ca3b000615de904660abccc737b3aadfee5488155e3f55612aed2bc7c1e14db07e7e784f35b779abcfe5217ea972a1bc6dd0bafad04699

C:\Users\Admin\AppData\Local\Temp\_MEI44682\python3.DLL

MD5 35da4143951c5354262a28dee569b7b2
SHA1 b07cb6b28c08c012eecb9fd7d74040163cdf4e0e
SHA256 920350a7c24c46339754e38d0db34ab558e891da0b3a389d5230a0d379bee802
SHA512 2976667732f9ee797b7049d86fd9beeb05409adb7b89e3f5b1c875c72a4076cf65c762632b7230d7f581c052fce65bb91c1614c9e3a52a738051c3bc3d167a23

memory/4648-1322-0x00007FFAD0120000-0x00007FFAD0144000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44682\libffi-8.dll

MD5 0d1c6b92d091cef3142e32ac4e0cc12e
SHA1 440dad5af38035cb0984a973e1f266deff2bd7fc
SHA256 11ee9c7fb70c3756c0392843245935517171b95cc5ba0d696b2c1742c8d46fb6
SHA512 5d514ecab93941e83c008f0e9749f99e330949580884bf4850b11cac08fe1ac4ac50033e8888045fe4a9d8b4d2e3ea667b39be18f77266d00f8d7d6797260233

memory/4648-1324-0x00007FFAD2FF0000-0x00007FFAD2FFF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44682\_bz2.pyd

MD5 49d7eeb9edf72ecc9aa1f3f7751f594c
SHA1 46a3bf76d817533fb2c9dda88cbf75f2dc1cee81
SHA256 28a6b14c9d35e01d75abe386eb6a456b663e09c79ffa113e12d015ac75840b04
SHA512 bbefd1ffb5052dbcc7eec55d6be6aa7604c1b35b0c16aa7448f280cf4aa34ff33207f3586aa548e8823a9aaabb7c4854eb982a7408c238966c46b5e5c7aeba0b

C:\Users\Admin\AppData\Local\Temp\_MEI44682\_lzma.pyd

MD5 3a53da080c83b709581e5a117b6e308e
SHA1 efa5bf61d6b8384b8c4050fd6b579b3f13ff2ebf
SHA256 779762b87cdf4bcebaa3a571f25324ea7b9e2c8b85833172acc0b58c6af5508c
SHA512 2be3b2085032ed26b734a70a0a94b420ad4c9130cdda38b7dc4b9677d603b3631d1d013839940ae165be85f65400cb77b31804c8806b91b13d0fe1893a6c7254

memory/4648-1327-0x00007FFACF3E0000-0x00007FFACF3F9000-memory.dmp

memory/4648-1330-0x00007FFACF390000-0x00007FFACF3BD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-debug-l1-1-0.dll

MD5 6f5c5015c4e74602f582c21f54cecbec
SHA1 499e6c2b6614f02b6eb347980822967f5ecf8d71
SHA256 cf7dc6f5abe58e31b41912b4a84cabd106eecf7cad7f5a1942c4befaca703536
SHA512 9d064c3dbe12386fac41bde379d378a81f77ed44ebd441089b42329438953a08d41eaf9d11d4f7e1df81aab29b87f70deefcf5d2e70f4ba4d487dab49eb3b3f2

C:\Users\Admin\AppData\Local\Temp\_MEI44682\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI44682\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-datetime-l1-1-0.dll

MD5 9c145aa4eb0f18ad768988612cb56d03
SHA1 e4f41a8e6e731df9a14ee2217612095ed7f3449a
SHA256 2161c0add0ee0a312e12d0346a1b24b6e5e1356a5a7e264911650a8e1d017e1c
SHA512 4e8aa7cc1996d75d5a85b3b5a4f2101650f3654bdd31e374257faa314f630553d497ca8347745945887bf3bf173463c167d310129d1bc1d0f9df8c0d8fc5a544

memory/4648-1377-0x00007FFACF370000-0x00007FFACF384000-memory.dmp

memory/4648-1378-0x00007FFABF0E0000-0x00007FFABF609000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI44682\libcrypto-3.dll

MD5 443fd07a22ff1a688a3505d35f3c3dd1
SHA1 ab9f501aa1d3d523b45f8170e53981672cd69131
SHA256 f9c87ec6401039fd03b7c6732c74d1abfdb7c07c8e9803d00effe4c610baa9ee
SHA512 1de390d5d9872c9876662f89c57173391ecd300cabde69c655b2ade7eea56e67376839607cac52572111b88a025797060653dc8bb987c6a165f535b245309844

C:\Users\Admin\AppData\Local\Temp\_MEI44682\libcrypto-3-x64.dll

MD5 c785c080042afb690d944bf13ff9d10d
SHA1 7c3e3b75eab19d74cf7ee13130ce0c7f6006373e
SHA256 c7b006dca824898dfd2aab782c050ea9b3b5091aa1ff10f99900606d9a61464d
SHA512 6e09cbf1f9f6a902b30455fa5a0bd7633842e72e052ada0b7eeaf158e6cdaef2b6396fea1112702adeef6694159e0190ffe420f95c35081031aabf9b0f7d0dfe

C:\Users\Admin\AppData\Local\Temp\_MEI44682\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-utility-l1-1-0.dll

MD5 d2c6ad121f260b98e77c380a51032181
SHA1 af36326e6feee56ca1742914eaaac315952b7d01
SHA256 2c9404ea15c37fd0fb6fff964917512c2191c73241cbaa40e056244b265b1171
SHA512 0994e56b8909012a0c7f896f3fc4220c61622bfc1b653e61fb85ea00dfbd95fb4c16efab5781f574693bab75dae25d3931f84c184be0fcb24f58f597dfe03e5f

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-time-l1-1-0.dll

MD5 e5a12a2194e33c9a61cbc9f62173adcc
SHA1 55ffa6b44cf234874c9abe9a3413a371320d8ced
SHA256 e748d40325659477feda7e7b4d2d770fb69cbc94c3c28289fa45b60617c413d0
SHA512 c4de5eaeae0106be08a7f38276eea4b3dd74667f9241d7efcb1c8e054412d9683189dcbff14c537772611ecc746055c7a02ce04378d721a7ca5d545be8d09514

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-string-l1-1-0.dll

MD5 1594a324156e471193c1d8a2fe5628e7
SHA1 495564f4843af3b5804c0371c03f8decd88af5d5
SHA256 bc0d452a9638c86705d93ef6b8a4dd8912cc6cfda8403dc6c6e9061599d6875e
SHA512 d092e47d3a76a2dc1343034808a1ca5ce4be127a53fdbf063955fc63dca1b843afbb179160c298801ce0fd64f33cccd05d261020d23305d8b4595ca31fbe09b2

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-stdio-l1-1-0.dll

MD5 ad0daa821fb4c090b1c53307ec8cf235
SHA1 d7740cbe91f8a2625089407aeda9a019901106a7
SHA256 56f1507c3bcdb39d4db5af07908542486200488bc47927b9724a532e99134b8e
SHA512 0a636e5f21941ca78874884ff2844aa56d3375781c6e596af43dd7947f4eb3c448813ad33898d27e775586adadf3f3e50bf32f80bf14e80559ae86bf53c2e0ae

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-runtime-l1-1-0.dll

MD5 0fb5e3fd3e4947fd056c81b1ef7f02cd
SHA1 fe9dd5fb81915408c9168f47b6d7d13bcf1848c0
SHA256 707073941e2b24bd94e7ef11e1fa7aca92fd63fcc6babf42865615ea6bb1f388
SHA512 ced7a3ab029722db874176d26493e216bb779a9473b18f4804332b77b08b38de88bc787c071ffcb9dcc257acefc6e93a72cd6c087ad25998fe6e0a3dd51033ff

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-process-l1-1-0.dll

MD5 4c65a2278f53b68adb5da20cfb58bf6f
SHA1 df4a5bcd8cdca8f4783d4a5071fc71f6bb562e0a
SHA256 5e0543b480befd83f440f2a1a30c5b7a9a9f49abd305fe02ed8ca4f156076a09
SHA512 9b22eb8d390ed5dc450975c519e7bf6a1bf45a18bdf3b0dbf91f3dfb1309d0ff53fb9304b73ff12cf54e028e14aa6ef9f11d51be83c3eac329f86238b2587ce5

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-private-l1-1-0.dll

MD5 6fc93e7f56774d0d9729bd3db3fb83a4
SHA1 625912cd7c625679590df22325e9e6eb0fc0e727
SHA256 285281fcdc0ff9a51b7b503ebb8d6e464cbd6b0ce43553a31ba8d0a9a2ec2216
SHA512 82ff4afedf1c8a8d3245e402ff63b402c88d4c380d1478451a9c1c2781762223f3a582415a444ae568de3a96d177244afd2359c893fbec8955ac2cb03186925c

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 e6d565286d17a739802951e5ad4cf50c
SHA1 ea68060efba914cdcf0bfa759757f71412760bb7
SHA256 2a563f80714375bf636785848333a54c350d37136773d024722543f93412ae01
SHA512 faab8c422f8ed33b8a9ac48038f397ebceaf7937526b56156ce224fb3cda51798ba64b9aac1706c51bc2e0e3341a3c4cc141ed63a5649f3856bdbc06c2fd10aa

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-math-l1-1-0.dll

MD5 b554b5072a9a7be819ebaa7e1b092c21
SHA1 f27cff65f79a450fe284cb0c485c923489aee6d3
SHA256 d4247022622bcecfa9e25c212e8833de1602aab55756eb3d1a54515704984e41
SHA512 1d983ffb8cc7d22e80ef2bcffd83c8c73a32f3dd09f1e239e5f9e45a1f33dc4cf98a7c850d4193920197d3c37f9d07471bfc5c5c120a35def8041dd4af4d19f9

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-locale-l1-1-0.dll

MD5 36639d9689192b3ae17d567fa17b0574
SHA1 caa8a2ee88ee3779b491a737ad1b45e2fac84b84
SHA256 c0225ee09d6779288c86db3bfcbdfbab58e39eb9355844653b5761ca09faf0ed
SHA512 bd85044220346db080b610b2446c7d7a6a1067567d546c3e8048351cf2a0fa7b23c098766a21c7872a6a1be0d798500f27c35842cd9c2caa9c07fa386cc06813

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-heap-l1-1-0.dll

MD5 f6ac76d1f72d56e55f857131c04c9fd3
SHA1 4f445435d9f6de5cb7a737f5f7e35a4ef82bb8ac
SHA256 8c7d51aa0042969b8f1c99ee7d692a214e5b220b6c59a2016ddf60b030466b2f
SHA512 443fe22237842c418616f58fe69251fc69845eedb11f99ca70b9c9f700f3b63131b8eedc6eac6194d6715d3dfcb0243daf0516e7fc845a6a600fa966fc6ad6bb

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 42cb733761283599043fa29191322f6e
SHA1 2a3bec9f8a76473265e6a60aeb0146ff0f7474f4
SHA256 03f4bffe5e2c273be4ad87cbb84363e80f3d1a63f9e2965045a0922c76cadc69
SHA512 51f3c34b8a1d3f33daf9d0a41561890b5aefe239ec3190b60573e513a3176d2a6f6c85f5361fc3430a355c613a41197dc888a74e211cf6c1b4334f09ac230e2e

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-environment-l1-1-0.dll

MD5 d0eacdb21caf6eb32fdcddd0bff82599
SHA1 f7e618e182b13341eba5e9b631fe561c7d114420
SHA256 41d678da2ed4089e9abd91ce70309d6bfadeeded25b7a96cc9a1071f1efdac12
SHA512 199cb191369fa68849e0acec293609e4683f87c5846ce02d27ac1c5a56724b59d7950ce9b0d01d2552e195ce2e85e915dce8b01a058df5c5c8b65443de93fa40

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-convert-l1-1-0.dll

MD5 05a39fd0723df4ccae65007440234ea2
SHA1 cfbc74fb5f4556b7ff92e33226cd0ddce31aa1de
SHA256 43f20e591ae0afece324a2a9636ba557690f0bca29935967a0f33098725c94fb
SHA512 88f5f2b42257eb8c287bc131fc5e93cdef5974ec72851ae253dd87a109e19d817ad7c9a2418128e70102e962249f3a52aa88f688a988868c700737688bbc47d5

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-crt-conio-l1-1-0.dll

MD5 80cbe9a4a3a6f094e3d2197a4a60c339
SHA1 0608549d8d3b720b1aecf29efef2b63cbaf26868
SHA256 b33d0e78ff6e9a9bf3bf369942412eb9c85f02b65230e77cb11a99730f6c4030
SHA512 391dbe0e2dc7cdf5d44721bc6b700bba396424d4f35033b9265630512c8c9908d230118dc7445b84c9e587a3a20e37e3f29dd4c62d91651be9fbe3a6756925b9

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-util-l1-1-0.dll

MD5 975ee548fee0044fac4c14e50d9b2784
SHA1 f062bb3ee1f408e1aebd06522e0b5b3901867c91
SHA256 222f7e8b5774968ffd899a9ee2139f9934eb5a50b9a9da2cf0592134d3ad54b5
SHA512 04901fafa8b0b1ec80c70de345bb4ec8ad584c46de5d03f5f25cc34b2c227e948cc49e7a2eda7e8238bc058561ab1ad39597583a341077f3b9a7430372f98c1e

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-timezone-l1-1-0.dll

MD5 6d5cff14d7b266bc9cfdeefb0a05d2a8
SHA1 5d76f1a5e3ac3caf2c7cd19590e8e578f55c1ccc
SHA256 bc0a3295b1e552f47f7034d47dcaa9123caa9423d202df5737b9301d68cb6667
SHA512 5af85dde1bef032893b4e5fdf4584ddc51dd33cc73be1e37f230544f6df383927995027bd5097ad23d0248e3980b66767698177c8ee8d61d309ab5dbb6ce3662

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 a973eb24c67a725ffde1207ddd3e8626
SHA1 de117fc7ce0b15ec0bcad05a109c37c6aed7f9d0
SHA256 eccae6c70ef79c70dd3eaa6d7ec4e14f8b341169aa772bb0100de550f0a44cb4
SHA512 de9344ba442cbb2e16f1c07d18057840cdde3d4383e30943d818e7f6b97353f92f126a129021e50505bc7c49108d5383759633c420202f06639cddbbf2c7daab

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-synch-l1-2-0.dll

MD5 84c24cee099952a22f68cef112b12cab
SHA1 2facdaeff612b62d66bdd8d8f95c1b82d7df08ff
SHA256 24dd4de212b4b43c2e3d565d0c253509f44edd06e59ed9600db3fcbbf04aedb8
SHA512 4776418cfd49881b75de11605f472bec70798211e139940aed03af2acf79adcafde9961a18a3541d6a7cc71dfd2bbcf0588bd0fc1133edc338682f8756140582

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-synch-l1-1-0.dll

MD5 0794290fe57457e690a5a6daf2a49660
SHA1 ab44b9f19d333602b49e189da08ed38e23987dbe
SHA256 347a1267a70015b30d6d5752b7d1b60dd51f2b89b7cdf97c7128444d6af1ffb2
SHA512 d95411fca31eb89003b6120f8c038fd712070e48f61972033fce8227758e6e3d52a23dc04753f5c1a6f4a37cf005693bf839acc6193ff6880328779ecbb3a14f

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-string-l1-1-0.dll

MD5 8a8d7f25dc63ed2b359936c68fd5be2d
SHA1 5f5fee657924ca1183e3c90ac70b7cc30ebc8c64
SHA256 4451084c3993c3a1bd3ec0613005c59ca23c722bbc73da47d64893ee46f22103
SHA512 b1e032cc1748c7dbe46b6d10e82045e904bcf72cb1a194e9c382c16a3cd2d8547d66b0feb675f2faf9b28593817758c81805d80a533204e88c51b5e746cdea2d

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 f528d86d1360f7de8b756201c8e7af92
SHA1 827ccf7343b8988dbc3b5cb2cd1cf43672893e10
SHA256 b3237f2efe5e22eb802caded8cc85aeb104192dfdea31cfe7381b58c1b37affe
SHA512 576433598fbc25c05bff52b26877977a01519e2d53cf86188bf1bec872949e93d767477d77de1e299a572401a231c47e5f1c4d299a99c9e5c95b0cf828d28f0f

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-profile-l1-1-0.dll

MD5 2086f1637ba8170bb92cc18a4e25cfed
SHA1 e814ab6edd87ca8f16d6a15ababd491e368c994e
SHA256 f30d1aba7bb55874ab6b91b0d81378face8570420aefcc89f18e420459ca9b7a
SHA512 fd06722664988aa56eaa9c2ffc2d523e7e4bbbdaf3008e9c56c242d4b1a2855bc7140d1c865bebfd6d9ca35e71b25e639e894b29b5d85bd2447a6bc359866f18

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-processthreads-l1-1-1.dll

MD5 ab08093ceb1da2c238f28dec5e2db51e
SHA1 f3c97f9aea448b503390794b56d0cc1e5795e4d5
SHA256 92bb2dd3172befd83dc039deb83577efc0f4e42390aa3d428d6f296bd3f462fa
SHA512 146ebbdee11ebe472c6f45836a5051cb6c53db04bd8d2745fe2097b73b6fb410c1525883271e192523533789318f7825aa678bcba8b0f1d5f354506b4d4ddd11

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-processthreads-l1-1-0.dll

MD5 c0cd80654c61c5df82ad0a52064ab584
SHA1 f7b7a807fa5b4bb4d02cefcda4cc2b42457b9b3e
SHA256 ae507dcdd0e6c6bded417a64918ef0cc76e41ffe475f67478b841ba05cc73bbb
SHA512 b8cb93e9a5b4a3451b062a5a3d81d6b5deb848eb238cb12bac79695045e7441a0c068b99c0ad768f2c30b9f529de57f15d24753bd45c65175733c9d850627205

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 f29002525b0562ca1aec53b0fb9b0e9a
SHA1 b1d38dcfc5e5371cdf4ef29844d5099bbdbe1235
SHA256 f4d5be821780a3db520258a451b50fa8cde1486b607477a958f6f529dcb74f43
SHA512 ed64cddef2096b081cffd92ad3030a01b2a05b5a06615e3822c4281a31de025df78d249aed80e34e9b56b43657bd1f1efe462c43638c564c288e9a50d38f3f0d

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 ec8c3095fe58d2a2f82eb3255ac0bf2a
SHA1 47d711d926d41977d0c8d128b9653674129ffba1
SHA256 8019b8c033e5e556c006fefd540a754d85fb4bc68ab851ae78bb4c6fa42f3413
SHA512 7696f6e27462c7564d82d1728872043b499e26ba53cf8f79b9cc022a95b5d08b6d739212245cc6e1eb9eb249170ad8d4f4539dbdd8d42d0269bdbe553c270b64

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-memory-l1-1-0.dll

MD5 6c43a7fadd205d330c9d1aa360ce8baf
SHA1 9d0c430246e955d8826f725f3319039752692b16
SHA256 52785bb917c6e38fb69ed5bc1d2bcf01a1c84ec6fb0b94319dde3835cf64fb7c
SHA512 92e72d651d2049df332b9e429874a8c0bf1d5d7c9a3708c07b7797a23c1bd64da12854fce0712130e1c43c930f651929593483794c1994aa2706c635ff5230f3

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-localization-l1-2-0.dll

MD5 c8cfb99f387edd7ee3677d10faed635e
SHA1 f5d0776b3e58ba231dfd5ff5e3a63860652b7ee5
SHA256 361ebbef6e0d77624560b87d888464b331403e09845836a04f5800682aa4ed48
SHA512 1332ae54f4af98365b973fe82311a09cec2a92e07f0ef56512bf3e2a3eef9d45e9484a74eae20df6a7fe44b6758bd6aedd16bc96ae866f2536a7c906f7535af0

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 2137c99cb93c37c13252bb76b06a40ee
SHA1 c9449df9cb002872247f4b3c1dbff286dc05f205
SHA256 b942e2a62d69ce41534ca7c9822f672edeb8ff37b8e650001c9432c28b765cd7
SHA512 7fc645f280cda527129f607eebde6f8c5ac646b2fef044434f1a63f3c75cbaabe73af3cdcb6319e02e6aa9490cd6c60cb6044e906ee528c136c9cf1711a64ded

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-interlocked-l1-1-0.dll

MD5 c53b1d75109b9f6b2fee53a8794cb883
SHA1 40569042506fb1b6d7547d983e5710715fd99899
SHA256 39883213a6434f6f3a3f6d174630a1286c28ef7f47b7e3e1de4623cd9f3ce270
SHA512 5ec513cccc552e729056b464d7066d60230263d94562bff20fa6882dd6621a69aa63639814b09852e8a2c70ba01205a42cc63920b0285e03491719ce214fa665

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-heap-l1-1-0.dll

MD5 bf44c8df95c1849dac7be1ebfe29cfbc
SHA1 c3724048e190f3a8a917314151509ddb6662f1c6
SHA256 9669ee54d953bba692fc6b5e806f7f7645258c5f0618d253f8043e832fe75e2d
SHA512 6a6860061b0fb44632fac3062431773804c5331433cd34ec8ee4f5a224541be88011f90fe051fff0473d7f27d291962f8fe4dd96c072b228aba553ad582b8141

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-handle-l1-1-0.dll

MD5 3433ede93cc27167471b57f495f634af
SHA1 fd01ae7f885bc25beeba46b6dd0ec66e66c345cc
SHA256 39dbe64591ef5d0aa48bd61ab9262bb6ca37a896dd71169aafbf90bba82dea53
SHA512 33773954e80c9bb11fb2ceb2bea06f4630bfa341aa7ec5e54235f4e697f84e8ac34671877ebb22250f3ada7e0795892e88bac6a165a8a610427ce577ed99f1fb

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-file-l2-1-0.dll

MD5 51cdd94858eadfa992e3a397aae6a4ee
SHA1 6fe3a27f11c13fdd680802eb8c6f87a7a92518d6
SHA256 57cb180884f33b064957d9c1dd509bb5e8fd541e9458b84d88e025790c1dc986
SHA512 42702b377322fcd6e7090a01c262ce3a04a95154ff327a40841add210f678287658ad097e32bd53f23d88878cbe7625d868b7adfac042cdbc0f48e8e59b7504e

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-file-l1-2-0.dll

MD5 d54860bc805f73cd8e7e3fe05d544108
SHA1 b6184d9f4477e482801a0fa1f27b868533873d1d
SHA256 68e28b5944193ab45be2cc14e49424ba0c5d8713bb6b027e96ff1c16147f19a3
SHA512 22dffca161acdad3bcda6bc83ca63d4cedcbfd47b1b3549e98fc95d9b85ce2d49576f3ee3fc150da2e353731bf8d98e4eb3db80ba3913b32e783289905376a3a

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-file-l1-1-0.dll

MD5 de7b537e3ad4bbd23bc1aa1461da7893
SHA1 36b23a5889358108e9c5723aa2394da62975ca4c
SHA256 a198091842029a252e0112120b93bf7323b04ed647a3d2bd27fde72637385a7b
SHA512 cef2c7a73a9948538d27fd4724f66760bda2788f8f2e23d9437d9460452e9f898603d7a8d705f7b67ba96a5bedb4d11c8e9870f548bb169be8975453fdc10d5a

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-fibers-l1-1-0.dll

MD5 12096f3b3b8af96335897ff8226ff6a2
SHA1 361fcb192865ccaf0080053f21926143d3b51b8b
SHA256 70ea8113b1825f3529b307ce2edb1048ebc60c83c016892b6177f3c8cb56b9bc
SHA512 efc810b354e36e89c5af6244bb1415b13a4a02ee56a324f7e5de6bfa6516c6a85c319483ffc52a4042680da4295fbe6f77b9a6751b4fe29c68bdcbb780e1b9dc

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 a3d85e6ac7c84d25e288bead48197b9e
SHA1 9118b030e65e185d9310d4304f97baa01fd963eb
SHA256 41dd8451c6b25a7a924a7a42a3d466350bcd2820fca4177ef5f6305e6eadb97a
SHA512 e8df636bcdf42adabee1dc33dfdb9e17b9e9f126c0769fba0b4e6e11579908fa905144c3782f96259589ecdde5e929dd3d13f47fc3e3952fa713fb73285e6053

C:\Users\Admin\AppData\Local\Temp\_MEI44682\api-ms-win-core-console-l1-1-0.dll

MD5 93b762fed6eabf7be765a190e2cec0ad
SHA1 05a80f2df21b73c859e133d78a93a0ae54a3aa95
SHA256 cb3f7b194d220004ffa6eef1305849bcef38033c49cb1b16c5ab3c3d60bd9d20
SHA512 99b493ffef75d55437a3b547c3f489c59ae8d3c3b96b171d932d06fe223b479422cea9cd6de54928bdbcc87f03434ea146337668e8fd68b1f292e77dfbcb8b93

memory/4648-1379-0x00007FFACECB0000-0x00007FFACECC9000-memory.dmp

memory/4648-1380-0x00007FFAD11E0000-0x00007FFAD11ED000-memory.dmp

memory/4648-1381-0x00007FFACEC70000-0x00007FFACECA3000-memory.dmp

memory/4648-1382-0x00007FFABF610000-0x00007FFABFC00000-memory.dmp

memory/4648-1385-0x00007FFAD8CF0000-0x00007FFAD8CFD000-memory.dmp

memory/4648-1384-0x00007FFAD0120000-0x00007FFAD0144000-memory.dmp

memory/4648-1383-0x00007FFACEBA0000-0x00007FFACEC6D000-memory.dmp

memory/4648-1387-0x00007FFACF3E0000-0x00007FFACF3F9000-memory.dmp

memory/4648-1389-0x00007FFAC0790000-0x00007FFAC08AC000-memory.dmp

memory/4648-1388-0x00007FFACEB70000-0x00007FFACEB97000-memory.dmp

memory/4648-1386-0x00007FFAD0330000-0x00007FFAD033B000-memory.dmp

memory/4648-1391-0x00007FFACEB30000-0x00007FFACEB67000-memory.dmp

memory/4648-1390-0x00007FFACF370000-0x00007FFACF384000-memory.dmp

memory/4648-1400-0x00007FFACEAE0000-0x00007FFACEAEC000-memory.dmp

memory/4648-1399-0x00007FFACECB0000-0x00007FFACECC9000-memory.dmp

memory/4648-1398-0x00007FFACF320000-0x00007FFACF32B000-memory.dmp

memory/4648-1397-0x00007FFACEAF0000-0x00007FFACEAFB000-memory.dmp

memory/4648-1396-0x00007FFACEB00000-0x00007FFACEB0C000-memory.dmp

memory/4648-1395-0x00007FFACEB10000-0x00007FFACEB1B000-memory.dmp

memory/4648-1394-0x00007FFACEB20000-0x00007FFACEB2C000-memory.dmp

memory/4648-1393-0x00007FFACF610000-0x00007FFACF61B000-memory.dmp

memory/4648-1392-0x00007FFABF0E0000-0x00007FFABF609000-memory.dmp

memory/4648-1403-0x00007FFACE040000-0x00007FFACE04B000-memory.dmp

memory/4648-1410-0x00007FFACDE60000-0x00007FFACDE6D000-memory.dmp

memory/4648-1416-0x00007FFAC0790000-0x00007FFAC08AC000-memory.dmp

memory/4648-1415-0x00007FFACCD80000-0x00007FFACCD92000-memory.dmp

memory/4648-1419-0x00007FFACC070000-0x00007FFACC092000-memory.dmp

memory/4648-1420-0x00007FFACC050000-0x00007FFACC06B000-memory.dmp

memory/4648-1418-0x00007FFACCD60000-0x00007FFACCD74000-memory.dmp

memory/4648-1417-0x00007FFACEB30000-0x00007FFACEB67000-memory.dmp

memory/4648-1414-0x00007FFACCDA0000-0x00007FFACCDB5000-memory.dmp

memory/4648-1413-0x00007FFACCDC0000-0x00007FFACCDCC000-memory.dmp

memory/4648-1412-0x00007FFACCDD0000-0x00007FFACCDE2000-memory.dmp

memory/4648-1411-0x00007FFACEB70000-0x00007FFACEB97000-memory.dmp

memory/4648-1409-0x00007FFACDE70000-0x00007FFACDE7B000-memory.dmp

memory/4648-1408-0x00007FFACDF00000-0x00007FFACDF0C000-memory.dmp

memory/4648-1407-0x00007FFACE030000-0x00007FFACE03B000-memory.dmp

memory/4648-1406-0x00007FFACEBA0000-0x00007FFACEC6D000-memory.dmp

memory/4648-1405-0x00007FFACEC70000-0x00007FFACECA3000-memory.dmp

memory/4648-1404-0x00007FFACE5A0000-0x00007FFACE5AC000-memory.dmp

memory/4648-1421-0x00007FFACBDA0000-0x00007FFACBDB9000-memory.dmp

memory/4648-1423-0x00007FFACBD30000-0x00007FFACBD41000-memory.dmp

memory/4648-1422-0x00007FFACBD50000-0x00007FFACBD9D000-memory.dmp

memory/4648-1402-0x00007FFACE5B0000-0x00007FFACE5BE000-memory.dmp

memory/4648-1401-0x00007FFACEAD0000-0x00007FFACEADD000-memory.dmp

memory/4648-1424-0x00007FFACB530000-0x00007FFACB562000-memory.dmp

memory/4648-1425-0x00007FFACB500000-0x00007FFACB51E000-memory.dmp

memory/4648-1426-0x00007FFACB4A0000-0x00007FFACB4FD000-memory.dmp

memory/4648-1427-0x00007FFACB470000-0x00007FFACB499000-memory.dmp

memory/4648-1428-0x00007FFACB260000-0x00007FFACB28E000-memory.dmp

memory/4648-1430-0x00007FFAC9FE0000-0x00007FFACA003000-memory.dmp

memory/4648-1429-0x00007FFACC070000-0x00007FFACC092000-memory.dmp

memory/4648-1431-0x00007FFACC050000-0x00007FFACC06B000-memory.dmp

memory/4648-1433-0x00007FFAC6720000-0x00007FFAC6738000-memory.dmp

memory/4648-1432-0x00007FFAC0610000-0x00007FFAC0786000-memory.dmp

memory/4648-1435-0x00007FFACB250000-0x00007FFACB25B000-memory.dmp

memory/4648-1438-0x00007FFAC6710000-0x00007FFAC671B000-memory.dmp

memory/4648-1437-0x00007FFAC8F00000-0x00007FFAC8F0C000-memory.dmp

memory/4648-1436-0x00007FFAC9FD0000-0x00007FFAC9FDB000-memory.dmp

memory/4648-1434-0x00007FFACBD50000-0x00007FFACBD9D000-memory.dmp

memory/4648-1450-0x00007FFAC5110000-0x00007FFAC511D000-memory.dmp

memory/4648-1443-0x00007FFAC66D0000-0x00007FFAC66DD000-memory.dmp

memory/4648-1453-0x00007FFACB470000-0x00007FFACB499000-memory.dmp

memory/4648-1452-0x00007FFAC50E0000-0x00007FFAC50EC000-memory.dmp

memory/4648-1451-0x00007FFAC50F0000-0x00007FFAC5102000-memory.dmp

memory/4648-1449-0x00007FFAC5140000-0x00007FFAC514B000-memory.dmp

memory/4648-1448-0x00007FFAC5120000-0x00007FFAC512B000-memory.dmp

memory/4648-1447-0x00007FFAC5130000-0x00007FFAC513C000-memory.dmp

memory/4648-1446-0x00007FFAC5150000-0x00007FFAC515B000-memory.dmp

memory/4648-1445-0x00007FFAC6010000-0x00007FFAC601C000-memory.dmp

memory/4648-1444-0x00007FFAC66C0000-0x00007FFAC66CE000-memory.dmp

memory/4648-1442-0x00007FFAC66E0000-0x00007FFAC66EC000-memory.dmp

memory/4648-1441-0x00007FFAC66F0000-0x00007FFAC66FB000-memory.dmp

memory/4648-1440-0x00007FFAC6700000-0x00007FFAC670C000-memory.dmp

memory/4648-1439-0x00007FFACB530000-0x00007FFACB562000-memory.dmp

memory/4648-1456-0x00007FFAC9FE0000-0x00007FFACA003000-memory.dmp

memory/4648-1458-0x00007FFAC0550000-0x00007FFAC060C000-memory.dmp

memory/4648-1459-0x00007FFAC0260000-0x00007FFAC028B000-memory.dmp

memory/4648-1457-0x00007FFAC0610000-0x00007FFAC0786000-memory.dmp

memory/4648-1455-0x00007FFAC0BC0000-0x00007FFAC0BF6000-memory.dmp

memory/4648-1454-0x00007FFACB260000-0x00007FFACB28E000-memory.dmp

memory/4648-1460-0x00007FFABEE90000-0x00007FFABF0D9000-memory.dmp

memory/4648-1461-0x00007FFABE690000-0x00007FFABEE8B000-memory.dmp

memory/4648-1462-0x00007FFAC0200000-0x00007FFAC0255000-memory.dmp

memory/4648-1463-0x00007FFABE3B0000-0x00007FFABE68F000-memory.dmp

memory/4648-1464-0x00007FFABC2B0000-0x00007FFABE3A3000-memory.dmp

memory/4648-1466-0x00007FFABC280000-0x00007FFABC2A1000-memory.dmp

memory/4648-1465-0x00007FFAC0530000-0x00007FFAC0547000-memory.dmp

memory/4648-1467-0x00007FFABC250000-0x00007FFABC272000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_knhjmqdq.2z3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4648-1504-0x00007FFABF610000-0x00007FFABFC00000-memory.dmp

memory/4648-1517-0x00007FFACEB70000-0x00007FFACEB97000-memory.dmp

memory/4648-1520-0x00007FFACCDA0000-0x00007FFACCDB5000-memory.dmp

memory/4648-1527-0x00007FFACBD30000-0x00007FFACBD41000-memory.dmp

memory/4648-1526-0x00007FFACBD50000-0x00007FFACBD9D000-memory.dmp

memory/4648-1525-0x00007FFACBDA0000-0x00007FFACBDB9000-memory.dmp

memory/4648-1524-0x00007FFACC050000-0x00007FFACC06B000-memory.dmp

memory/4648-1523-0x00007FFACC070000-0x00007FFACC092000-memory.dmp

memory/4648-1522-0x00007FFACCD60000-0x00007FFACCD74000-memory.dmp

memory/4648-1521-0x00007FFACCD80000-0x00007FFACCD92000-memory.dmp

memory/4648-1519-0x00007FFACEB30000-0x00007FFACEB67000-memory.dmp

memory/4648-1518-0x00007FFAC0790000-0x00007FFAC08AC000-memory.dmp

memory/4648-1516-0x00007FFAD0330000-0x00007FFAD033B000-memory.dmp

memory/4648-1515-0x00007FFAD8CF0000-0x00007FFAD8CFD000-memory.dmp

memory/4648-1514-0x00007FFACEBA0000-0x00007FFACEC6D000-memory.dmp

memory/4648-1513-0x00007FFACEC70000-0x00007FFACECA3000-memory.dmp

memory/4648-1512-0x00007FFAD11E0000-0x00007FFAD11ED000-memory.dmp

memory/4648-1511-0x00007FFACECB0000-0x00007FFACECC9000-memory.dmp

memory/4648-1510-0x00007FFABF0E0000-0x00007FFABF609000-memory.dmp

memory/4648-1509-0x00007FFACF370000-0x00007FFACF384000-memory.dmp

memory/4648-1508-0x00007FFACF390000-0x00007FFACF3BD000-memory.dmp

memory/4648-1507-0x00007FFACF3E0000-0x00007FFACF3F9000-memory.dmp

memory/4648-1506-0x00007FFAD2FF0000-0x00007FFAD2FFF000-memory.dmp

memory/4648-1505-0x00007FFAD0120000-0x00007FFAD0144000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI35802\cryptography-44.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/5384-3701-0x00007FFACEB30000-0x00007FFACEB44000-memory.dmp

memory/5384-3736-0x00007FFAC9FD0000-0x00007FFAC9FE1000-memory.dmp

memory/5384-3735-0x00007FFAC5110000-0x00007FFAC515D000-memory.dmp

memory/5384-3696-0x00007FFABF610000-0x00007FFABFC00000-memory.dmp

memory/5384-3734-0x00007FFAC9FF0000-0x00007FFACA009000-memory.dmp

memory/5384-3733-0x00007FFACB250000-0x00007FFACB26B000-memory.dmp

memory/5384-3732-0x00007FFACB270000-0x00007FFACB292000-memory.dmp

memory/5384-3731-0x00007FFACB480000-0x00007FFACB494000-memory.dmp

memory/5384-3730-0x00007FFACBD30000-0x00007FFACBD42000-memory.dmp

memory/5384-3729-0x00007FFACBD50000-0x00007FFACBD65000-memory.dmp

memory/5384-3728-0x00007FFACBD70000-0x00007FFACBD7C000-memory.dmp

memory/5384-3727-0x00007FFACBD80000-0x00007FFACBD92000-memory.dmp

memory/5384-3726-0x00007FFACBDA0000-0x00007FFACBDAD000-memory.dmp

memory/5384-3725-0x00007FFACBDB0000-0x00007FFACBDBB000-memory.dmp

memory/5384-3724-0x00007FFACC050000-0x00007FFACC05C000-memory.dmp

memory/5384-3723-0x00007FFACCD60000-0x00007FFACCD6B000-memory.dmp

memory/5384-3722-0x00007FFACCD70000-0x00007FFACCD7B000-memory.dmp

memory/5384-3721-0x00007FFACDE60000-0x00007FFACDE6C000-memory.dmp

memory/5384-3720-0x00007FFACDE70000-0x00007FFACDE7E000-memory.dmp

memory/5384-3719-0x00007FFACDF00000-0x00007FFACDF0D000-memory.dmp

memory/5384-3718-0x00007FFACE030000-0x00007FFACE03C000-memory.dmp

memory/5384-3717-0x00007FFACE040000-0x00007FFACE04B000-memory.dmp

memory/5384-3716-0x00007FFACE5A0000-0x00007FFACE5AC000-memory.dmp

memory/5384-3715-0x00007FFACE5B0000-0x00007FFACE5BB000-memory.dmp

memory/5384-3714-0x00007FFACEAD0000-0x00007FFACEADC000-memory.dmp

memory/5384-3713-0x00007FFACF320000-0x00007FFACF32B000-memory.dmp

memory/5384-3712-0x00007FFACF610000-0x00007FFACF61B000-memory.dmp

memory/5384-3711-0x00007FFACC060000-0x00007FFACC097000-memory.dmp

memory/5384-3710-0x00007FFAC05A0000-0x00007FFAC06BC000-memory.dmp

memory/5384-3709-0x00007FFACCD80000-0x00007FFACCDA7000-memory.dmp

memory/5384-3708-0x00007FFAD0330000-0x00007FFAD033B000-memory.dmp

memory/5384-3707-0x00007FFAD11E0000-0x00007FFAD11ED000-memory.dmp

memory/5384-3706-0x00007FFACB4A0000-0x00007FFACB56D000-memory.dmp

memory/5384-3705-0x00007FFACCDB0000-0x00007FFACCDE3000-memory.dmp

memory/5384-3704-0x00007FFAD2FF0000-0x00007FFAD2FFD000-memory.dmp

memory/5384-3703-0x00007FFACEAE0000-0x00007FFACEAF9000-memory.dmp

memory/5384-3700-0x00007FFACEB50000-0x00007FFACEB7D000-memory.dmp

memory/5384-3699-0x00007FFACF3E0000-0x00007FFACF3F9000-memory.dmp

memory/5384-3698-0x00007FFAD8CF0000-0x00007FFAD8CFF000-memory.dmp

memory/5384-3697-0x00007FFACEB80000-0x00007FFACEBA4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1e8e2e9540c8b8e64eb52a5dcd3ef47d
SHA1 8f112fd420f0b211113b4e59a3bbdec907ad2d68
SHA256 dbfae495a98851f76b622a838b69e4403bfef8cf6dff602640fb3c1a6d738e14
SHA512 ea4a83846d3d6bd87c30522768e6f719a0d6e3a5ddffff9da36cff0475bfef8cee3775160718434264e6887ea6971af944346e50d888b4e88a1e6527428de800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3055836dc0df98a2409fd9dfa27d62ce
SHA1 0c906fb16df89bea8ecdda4f519b714d00884a4f
SHA256 342f4572c8da4b4cf650eb2226b35eeb4e6fbe61c8b0bfa2cd50e05370463ad3
SHA512 c87fc3b311b9db2bcea82827ec79cccc29fe0f46a34e7ddf1ac8a7f1e97f2ba7451696737bd43c7ce172d788c4ad57cb0cd41589035d0a5b9d1d33273305935e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a364952cc2f36b4889a32243c09aa06e
SHA1 27686af0d99483461e5ddd8d7d35a67a495b2a71
SHA256 fef8d6723af8d7dda13074ec75605a37368cb8795d1ba53f3a195bb8e4921cbb
SHA512 71174c3da06d2a6859e27d87b04f5da0d55bae58a4bf77223e242e4481bce30c3b07c26e6c52454714783d8aa24dfe4169ebc8fc97aa4e0ee1e53ab3eb458dcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 2be38925751dc3580e84c3af3a87f98d
SHA1 8a390d24e6588bef5da1d3db713784c11ca58921
SHA256 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA512 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 90a2a280cb629babe6416314856d9e10
SHA1 14957f339c0072d639349a17095ce5ad93f7a84a
SHA256 3ee3dcb9da3579f93b9b99f3b759aed5bc02d0530edfd0166b3bbbe85244992e
SHA512 3e9d6c49c5fcb9f239faef22ec18953551e8cce638ed76d6ceeb325e7ea17be48eaa233243d22c347a5409fa5a572197401eb2d21b341509329dabb7717cb6f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 b5fdf81bdf262bd41b98c719e4f0071a
SHA1 2318ad6689e680c2a508dcb7394362d3a12498d6
SHA256 41f82e77d9e99dc9a4638c2676d4a5b51be0cc91881258a370cb3c58d1e37a0b
SHA512 082ddcc257cd06f2f77de3ad45fa2e585b23a5f8e5bd4c17b7b07d088ee589cf3e0ad444a9816f56ddd72588c9d330bee1a876975ce3fe604844d7684fd3af6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74beb87af937871f40f73bbba7b1819a
SHA1 9edabeb4ac65d6e7b7e94d3c9bba58f91942efbe
SHA256 bedfe7735f6666c0ddd63311e9680f26b092aef84b0f3b85b2b45b9b019bbd42
SHA512 555f0a2dcda8ec55a46c9460f5d47554924dda82546f8a24f6b959ae333775041554bcd3203a7fdc88ba7c30706ccb35fb5568c8696da6cbcb44e8d21bb11099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 babf8dc32a5e2c709dd059323645f8e6
SHA1 65135454be67aae520f240b45f77da8f8b198247
SHA256 f0ee761ca0887e8b9f8f7f69ccf452b1b6036f50166f49720cfbbeddcb0d15a2
SHA512 65ee5ce9af91e095070c690e6f0d5edb0993cfaa9345a7bf6f069cfb8968b29b6a90af45a3b67603c88d49a07ff17ee7000c5264b5e8942440905c79f2a521ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f9b86e50e82d6dc257edbc3e8139db39
SHA1 a94dcf2bfac5f6ede6aae87cab13221ef6c46020
SHA256 eb0107ff94c85b1f01ad1eed8820a1725c4b0ef30d8fa868f706ee0bd9f1faa8
SHA512 1f73af1efef48a3701da498487bbaf8ba40a885e11b72c02f36bde20ac2b6a60055c9160e9745702da00c7de4b96d289bcdf2fdb5a287213151a473b077c87c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4c3d48f11d64099c2603299d00a7b25
SHA1 ff132a73b028c06e0489b032db0f4c3f3fb41d96
SHA256 40f906a6ad9d48f5b917aeb6612b43aa6b29ea6eda4fa5ef57405e22aff37e91
SHA512 855030e3d3f3f2639fffcc740c12c4f3af216c9fc8d8668440e6f43519c9042893dd29811e3ec556b71d5c8ca99223e929ec948e8b02917a8e78aba1259fde92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 53d7cf97db2a4cd4878d29606d1f45e7
SHA1 7e91cb9b720a47b8d5908c884f497247b9dd7ace
SHA256 2e3c2d602998de6fa3b7d4edfd281863f8b12a88e211ee5ada946722e4702ebb
SHA512 0affc3a7309131bf1ff6d6013f114f8f570b84ee7b953b23462fb198daabd9ae75e286f8b0374d0425dd6f49149de668fa03232ebce75059fe66de7079d0ded7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 a173841f8b36b48cabd2a4b1273719db
SHA1 89a4e97c4c6bd0a9404a233d83337627f5042036
SHA256 e42f4fe93ad3f5acf9ce0494a3d41f46a92fdac3d847934a11cfbc76373c440f
SHA512 c4c2a88ef1b83366c93c13eddcbc21be73b846ecf28715d0b52cb34822bc9ca9d1590b98b38af43d5f161ea399cec7f4d0751e9fffdb647919d65d0414f30cd2