Malware Analysis Report

2025-06-15 20:18

Sample ID 241217-dmcsqazkem
Target source_prepared.exe
SHA256 67b4f7f2756131f35a18c000da64c1e43defa7dfbfe7caafad100dd88ae4c6fd
Tags
pyinstaller pysilon evasion execution persistence upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

67b4f7f2756131f35a18c000da64c1e43defa7dfbfe7caafad100dd88ae4c6fd

Threat Level: Known bad

The file source_prepared.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon evasion execution persistence upx

Pysilon family

Detect Pysilon

Sets file to hidden

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Detects Pyinstaller

Unsigned PE

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Views/modifies file attributes

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-17 03:07

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-17 03:07

Reported

2024-12-17 03:09

Platform

win10ltsc2021-20241211-en

Max time kernel

102s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\noify boostrapper = "C:\\Users\\Admin\\noify boostrapper\\noify boostrapper.exe" C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3226857575-536881564-1522996248-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\source_prepared.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\noify boostrapper\noify boostrapper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2884 wrote to memory of 2456 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 4368 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2456 wrote to memory of 1028 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf649f0d-1f58-445e-952c-1d4a1e5c7f14} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {682fa19f-d648-4426-82ba-a25b559fe55b} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3304 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d8f4d0-c873-4649-b424-622bd749b73d} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d890782-4ee2-4514-83ba-56169338900a} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4328 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4320 -prefMapHandle 4352 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16695fdd-703b-4b5c-ad8d-f969d054277b} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4288 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5116 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eb34417-c41a-463a-b0a8-a59a81fbd30f} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e71452f-a6b5-447c-8251-56817d46fe5f} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22390682-da64-426f-b06f-cfcc3f34e975} 2456 "\\.\pipe\gecko-crash-server-pipe.2456" tab

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe

"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x518 0x508

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\noify boostrapper\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\noify boostrapper\activate.bat""

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\noify boostrapper\noify boostrapper.exe

"noify boostrapper.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "source_prepared.exe"

C:\Users\Admin\noify boostrapper\noify boostrapper.exe

"noify boostrapper.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\noify boostrapper\""

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
N/A 127.0.0.1:49780 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 151.101.131.19:443 www.mozilla.org tcp
US 151.101.131.19:443 www.mozilla.org tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 19.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 141.120.40.52.in-addr.arpa udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 1.97.149.34.in-addr.arpa udp
N/A 127.0.0.1:49988 tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
N/A 127.0.0.1:52966 tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
FR 172.217.20.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 172.217.20.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r4---sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
GB 74.125.175.169:443 r4---sn-aigzrnsz.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigzrnsz.gvt1.com udp
GB 74.125.175.169:443 r4.sn-aigzrnsz.gvt1.com udp
US 8.8.8.8:53 169.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.35.26:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xne5uxr5.default-release\activity-stream.discovery_stream.json.tmp

MD5 96ba7f95154b47ec063034c4747541e0
SHA1 b42267d8643c291b05cdf1496a73aefd8f9eae3e
SHA256 84e8ad5b01a6236964df4ce205bbd0283058748517c90664a156a59b0c232505
SHA512 621f5fb6275bc974b09e3995b29e684e6ae396fd5430e8eb52fd13e395523a1ab4b518eb819b0720854884c8bc146663e560f9e29f0a8efdd46ecf38f45495f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\7af53ed5-4aaf-4e44-8db6-98028dfdfea1

MD5 e8eec2c5d3b6d00ae2e6daf917e01d53
SHA1 e0d9de0942b2cd3963127e14e8275d9e3f441a07
SHA256 6da63dd2821a2a33382147475c04e3205d41dbc2976b803806b6853dab65ec79
SHA512 c0720e7c4cd4d3d8959d8966ee00c6613ce37b5f51b7ca658d77b9ecd34a9c93f6725ed0c65560e6e972b18a3c9028a32c24b2f0a165a9cf03df42bc39fa41c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\pending_pings\e79dba4b-7d44-4fb2-86ea-213e99dd998b

MD5 b0fee94cc69275ec94bbd437c33aec4a
SHA1 3f6f1734cfd242371fc19da898386c1abb10ded0
SHA256 575279f1264dee9c5949fddd5e60b052f80a5dc07fddf74d937391bbfab16ecd
SHA512 d4d1e88e7951db5dde4ff614fc4bb2f87f2fe9c15a6629f8b3d622d9b9b446b13dec7a4244e9db7303ff78cb4059dc606afb180e41e3a79d753e7c4269490e77

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

MD5 ae52ea5b5750e95e1e0c0af34ce94055
SHA1 5ebecb5a57e27f175a8d0209e2188450fd14d6ef
SHA256 e3de031cf1565257eb04d1dbbf68487ffeccc3247d32f7eea4d223963869ea22
SHA512 7acd4610027d78a2f958933c109c0bb183ac9b305a881f09d848c52e647e4aae771566eb3c807b3012027cf1f39dcfb81fa2e7c9927db253c6e3dafeaf1b906f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

MD5 395bd6a1bf1993c5ba4750730266d056
SHA1 4df93f62e16534e272eca188627a3549471c9027
SHA256 8ed9432c41c50a18e6f2d95ccab342249964194f1e084db485d9daebdca90d1f
SHA512 01976441797bae731c8cd7f0f29ef065e75a3d4ad98bb9fe279f66d2668025ceb91f573f0c7db0ac51305b360beeb5f1339a0711226fdc1c138340df10bb803c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\datareporting\glean\db\data.safe.tmp

MD5 8eb6137c681cc7f36e5bde07967ddb3f
SHA1 7b242de46e28c74b982b4684914f9b1b5622d1e4
SHA256 346dc04af7feda4a7c60c3cae16053928e734d3c8b26292a5e6c1b383c71291b
SHA512 5782b034e874a6fc145b22990bd09640e088d1fc81e3083ec59fdf9c7b6321a7eca755803a07f0e32b38ea586f93666aeaae53dd5a9abc8571f16569b0c76013

C:\Users\Admin\AppData\Local\Temp\_MEI16562\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/6076-1577-0x00007FFA86060000-0x00007FFA86725000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\python312.dll

MD5 73ecc8d4decf6f198d6505bde482e37a
SHA1 ed30f5bd628b4a5de079062ea9b909b99807021c
SHA256 b598545be6c99f7db852a510768ecf80ed353fad3989af342bc6faf66fd64648
SHA512 56923c477d35680aed73980e0404768f841da868ca11f39888caff0fc06f4ae906551b4bd47f98dda2cc2d81ea9eed17fa7c17aa59d4d7c37510ba24d7ac5976

C:\Users\Admin\AppData\Local\Temp\_MEI16562\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

memory/6076-1594-0x00007FFA98BB0000-0x00007FFA98BBF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_bz2.pyd

MD5 1916e124d881dddf17becd37517da0a8
SHA1 bd1a68de06c69c3c38b530bcbae12e1c1ebfb742
SHA256 aa9f1aec45672f34a2cceb550cd04a75f2d7d3929d65a3dbad71e11bb42e5162
SHA512 ad15e7c8dbb027579541edd8cf4f9cfcb6b70094e59cb7b92571dac1932c523c1e08b269600c15f4018cbfd2889959b639a2c4f85a188ec2b1244dbccc4918b2

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_hashlib.pyd

MD5 50807c50d7c392a0d5fbcdffdbcdb600
SHA1 1661517488af0c6be1ef9d856ff09fa6dbcd3dd5
SHA256 c300a7f5e2f51f7a507d7cbc92d024b6189c135aee7e6fb67c15229f7c992ffd
SHA512 0aaa81b30c11bb619d179417e58f28b357b04ceb9515ce22a0c9497866bb382e2a6a4b0b1d1f294858d56ea7027c136e3ea54091a83c94c84be3da4bfe475343

memory/6076-1642-0x00007FFA8EE40000-0x00007FFA8EE54000-memory.dmp

memory/6076-1641-0x00007FFA929D0000-0x00007FFA929FD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\select.pyd

MD5 ac35d9dfc2f9853cebb8248175630dfd
SHA1 3dabea23c9d687717fc7dfdb7b160f4b5cc0eb87
SHA256 b77fdbef26fd8ac0798e29adb37667cf7df523a96b8496328dc056ae568b0476
SHA512 fd5e13ad72b8c605b5c79b1b87c7b5d119517fad7e5b94901bb294d1f9d9ef75e71e079991f0710729cba34fdb7e3f13cd628134070dc509f52bc7caec5f4fd5

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_queue.pyd

MD5 c148cb6e535fd528ded253493ad9cd9e
SHA1 d58af9bcc5dcf9d656e6ae5416cbc2ea93504544
SHA256 e14270e46167dac520178eda76f32caceae783d0dd589f10423fb9b1f80fc4fc
SHA512 d561e8566f9f61f0572a2a5a7c093fc9d07d43ff9412e4d6f7cb7145fa0ab3f030488e24f2c3583b26ad3ea6df27c5db871fa6d9146dd3faab3c63bff8a6a317

memory/6076-1665-0x00007FFA9C940000-0x00007FFA9C94B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\charset_normalizer\md.cp312-win_amd64.pyd

MD5 8ff998858e30924db2d767c23b3348f9
SHA1 21fe8cec2c6d71dba898ac4d1bb09ce0f3eac158
SHA256 938f973f8b9ca94e8c418fa3d13decb139cf1a69a81666770b745f99e34486eb
SHA512 b017f9836d1158f397edc81438aa0de442f63e3371a996cb43d81d6ab0117b5cf2c8fbc9ac36340e6c78670b69fb23fdd60299fd23b0a1a1e769257dc01dca5f

memory/6076-1671-0x00007FFA97680000-0x00007FFA976A5000-memory.dmp

memory/6076-1670-0x00007FFA85940000-0x00007FFA85A5B000-memory.dmp

memory/6076-1669-0x00007FFA9C910000-0x00007FFA9C937000-memory.dmp

memory/6076-1668-0x00007FFA86060000-0x00007FFA86725000-memory.dmp

memory/6076-1677-0x00007FFA97BF0000-0x00007FFA97BFB000-memory.dmp

memory/6076-1676-0x00007FFA97C00000-0x00007FFA97C0B000-memory.dmp

memory/6076-1694-0x00007FFA85920000-0x00007FFA85936000-memory.dmp

memory/6076-1698-0x00007FFA858B0000-0x00007FFA858D2000-memory.dmp

memory/6076-1699-0x00007FFA85890000-0x00007FFA858AB000-memory.dmp

memory/6076-1697-0x00007FFA858E0000-0x00007FFA858F4000-memory.dmp

memory/6076-1704-0x00007FFA97C20000-0x00007FFA97C2D000-memory.dmp

memory/6076-1703-0x00007FFA85510000-0x00007FFA85542000-memory.dmp

memory/6076-1705-0x00007FFA85330000-0x00007FFA8534E000-memory.dmp

memory/6076-1702-0x00007FFA85550000-0x00007FFA85561000-memory.dmp

memory/6076-1701-0x00007FFA85570000-0x00007FFA855BD000-memory.dmp

memory/6076-1700-0x00007FFA855C0000-0x00007FFA855D9000-memory.dmp

memory/6076-1708-0x00007FFA85290000-0x00007FFA852C8000-memory.dmp

memory/6076-1709-0x00007FFA85260000-0x00007FFA8528A000-memory.dmp

memory/6076-1707-0x00007FFA852D0000-0x00007FFA8532D000-memory.dmp

memory/6076-1714-0x00007FFA84F50000-0x00007FFA850CE000-memory.dmp

memory/6076-1713-0x00007FFA85890000-0x00007FFA858AB000-memory.dmp

memory/6076-1712-0x00007FFA850D0000-0x00007FFA850F4000-memory.dmp

memory/6076-1717-0x00007FFA84D50000-0x00007FFA84D5B000-memory.dmp

memory/6076-1729-0x00007FFA84CC0000-0x00007FFA84CCC000-memory.dmp

memory/6076-1737-0x00007FFA84AD0000-0x00007FFA84ADC000-memory.dmp

memory/6076-1736-0x00007FFA84AE0000-0x00007FFA84AF2000-memory.dmp

memory/6076-1735-0x00007FFA84B00000-0x00007FFA84B0D000-memory.dmp

memory/6076-1734-0x00007FFA84B10000-0x00007FFA84B1B000-memory.dmp

memory/6076-1738-0x00007FFA84A90000-0x00007FFA84AC5000-memory.dmp

memory/6076-1733-0x00007FFA84B30000-0x00007FFA84B3B000-memory.dmp

memory/6076-1732-0x00007FFA84B20000-0x00007FFA84B2C000-memory.dmp

memory/6076-1741-0x00007FFA84840000-0x00007FFA84A8A000-memory.dmp

memory/6076-1731-0x00007FFA84B40000-0x00007FFA84B4B000-memory.dmp

memory/6076-1730-0x00007FFA84F50000-0x00007FFA850CE000-memory.dmp

memory/6076-1742-0x00007FFA84CE0000-0x00007FFA84CED000-memory.dmp

memory/6076-1743-0x00007FFA84040000-0x00007FFA8483B000-memory.dmp

memory/6076-1728-0x00007FFA84CD0000-0x00007FFA84CDE000-memory.dmp

memory/6076-1727-0x00007FFA850D0000-0x00007FFA850F4000-memory.dmp

memory/6076-1726-0x00007FFA84CE0000-0x00007FFA84CED000-memory.dmp

memory/6076-1725-0x00007FFA85260000-0x00007FFA8528A000-memory.dmp

memory/6076-1724-0x00007FFA84CF0000-0x00007FFA84CFC000-memory.dmp

memory/6076-1723-0x00007FFA84D00000-0x00007FFA84D0B000-memory.dmp

memory/6076-1722-0x00007FFA84D10000-0x00007FFA84D1C000-memory.dmp

memory/6076-1721-0x00007FFA84D20000-0x00007FFA84D2B000-memory.dmp

memory/6076-1720-0x00007FFA84D30000-0x00007FFA84D3C000-memory.dmp

memory/6076-1745-0x00007FFA83D60000-0x00007FFA84040000-memory.dmp

memory/6076-1744-0x00007FFA84C60000-0x00007FFA84CB5000-memory.dmp

memory/6076-1719-0x00007FFA84D40000-0x00007FFA84D4B000-memory.dmp

memory/6076-1718-0x00007FFA85510000-0x00007FFA85542000-memory.dmp

memory/6076-1716-0x00007FFA84D60000-0x00007FFA84D78000-memory.dmp

memory/6076-1715-0x00007FFA85570000-0x00007FFA855BD000-memory.dmp

memory/6076-1711-0x00007FFA85100000-0x00007FFA8512F000-memory.dmp

memory/6076-1710-0x00007FFA858B0000-0x00007FFA858D2000-memory.dmp

memory/6076-1706-0x00007FFA85920000-0x00007FFA85936000-memory.dmp

memory/6076-1746-0x00007FFA81C60000-0x00007FFA83D53000-memory.dmp

memory/6076-1696-0x00007FFA85A60000-0x00007FFA85B2D000-memory.dmp

memory/6076-1695-0x00007FFA85900000-0x00007FFA85912000-memory.dmp

memory/6076-1693-0x00007FFA97BC0000-0x00007FFA97BCC000-memory.dmp

memory/6076-1692-0x00007FFA97BE0000-0x00007FFA97BEC000-memory.dmp

memory/6076-1691-0x00007FFA8EDE0000-0x00007FFA8EDEC000-memory.dmp

memory/6076-1690-0x00007FFA8E210000-0x00007FFA8E222000-memory.dmp

memory/6076-1689-0x00007FFA8EE10000-0x00007FFA8EE1D000-memory.dmp

memory/6076-1688-0x00007FFA90DC0000-0x00007FFA90DCB000-memory.dmp

memory/6076-1747-0x00007FFA85140000-0x00007FFA85157000-memory.dmp

memory/6076-1748-0x00007FFA84B00000-0x00007FFA84B0D000-memory.dmp

memory/6076-1749-0x00007FFA84F20000-0x00007FFA84F41000-memory.dmp

memory/6076-1750-0x00007FFA84AE0000-0x00007FFA84AF2000-memory.dmp

memory/6076-1751-0x00007FFA84EF0000-0x00007FFA84F12000-memory.dmp

memory/6076-1752-0x00007FFA84AD0000-0x00007FFA84ADC000-memory.dmp

memory/6076-1754-0x00007FFA84DE0000-0x00007FFA84E11000-memory.dmp

memory/6076-1753-0x00007FFA84E50000-0x00007FFA84EE9000-memory.dmp

memory/6076-1687-0x00007FFA929C0000-0x00007FFA929CC000-memory.dmp

memory/6076-1686-0x00007FFA96C30000-0x00007FFA96C3B000-memory.dmp

memory/6076-1685-0x00007FFA97B20000-0x00007FFA97B2B000-memory.dmp

memory/6076-1684-0x00007FFA97B70000-0x00007FFA97B7C000-memory.dmp

memory/6076-1683-0x00007FFA97B80000-0x00007FFA97B8E000-memory.dmp

memory/6076-1682-0x00007FFA97B90000-0x00007FFA97B9D000-memory.dmp

memory/6076-1681-0x00007FFA97BA0000-0x00007FFA97BAC000-memory.dmp

memory/6076-1680-0x00007FFA97BB0000-0x00007FFA97BBB000-memory.dmp

memory/6076-1679-0x00007FFA97BD0000-0x00007FFA97BDB000-memory.dmp

memory/6076-1678-0x00007FFA85B30000-0x00007FFA86059000-memory.dmp

memory/6076-1675-0x00007FFA8EE40000-0x00007FFA8EE54000-memory.dmp

memory/6076-1674-0x00007FFA97C20000-0x00007FFA97C2D000-memory.dmp

memory/6076-1662-0x00007FFA97C60000-0x00007FFA97C6D000-memory.dmp

memory/6076-1659-0x00007FFA85A60000-0x00007FFA85B2D000-memory.dmp

memory/6076-1658-0x00007FFA89360000-0x00007FFA89393000-memory.dmp

memory/6076-1657-0x00007FFA97F60000-0x00007FFA97F6D000-memory.dmp

memory/6076-1656-0x00007FFA8EE20000-0x00007FFA8EE39000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libssl-3.dll

MD5 37c7f14cd439a0c40d496421343f96d5
SHA1 1b6d68159e566f3011087befdcf64f6ee176085c
SHA256 b9c8276a3122cacba65cfa78217fef8a6d4f0204548fcacce66018cb91cb1b2a
SHA512 f446fd4bd351d391006d82198f7f679718a6e17f14ca5400ba23886275ed5363739bfd5bc01ca07cb2af19668dd8ab0b403bcae139d81a245db2b775770953ea

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_ssl.pyd

MD5 8c963aae2410879d9820a54e94c12ced
SHA1 9b0c410fd02ce91b161f0ebebf807daf694ab3d2
SHA256 071d0f87084ce2eced5b385fa0c22b72ff002045d7d238d6d6b64a12ac6e6fc8
SHA512 2dadec0ab79be4e0f823ea5d5f79d27dc49b5998cf1563f43d08d6483ab7712901af1f6bf96ff341a71b3a1a1786def2f0a784c066e302b23fb41f0b623dae93

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_socket.pyd

MD5 d58bb5978bb4ff8c26c6356fc67f4506
SHA1 99c3f245d21325d41e71c4ac626c2203109c8e85
SHA256 9f7fe7e142472f7e491285e0b0a4e00e29175b7d917836b36ecb3ac1265332c5
SHA512 bc85dcadcdcaac54f18ceb833e955cf836cdf037d3fae57c973dc72d76aefa0d08d6caed09894486401a44068dfcd94b83809569ba61a84e87241c931154d5a4

memory/6076-1648-0x00007FFA85B30000-0x00007FFA86059000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libcrypto-3.dll

MD5 8fed6a2bbb718bb44240a84662c79b53
SHA1 2cd169a573922b3a0e35d0f9f252b55638a16bca
SHA256 f8de79a5dd7eeb4b2a053315ab4c719cd48fe90b0533949f94b6a291e6bc70fd
SHA512 87787593e6a7d0556a4d05f07a276ffdbef551802eb2e4b07104362cb5af0b32bffd911fd9237799e10e0c8685e9e7a7345c3bce2ad966843c269b4c9bd83e03

memory/6076-1640-0x00007FFA96CE0000-0x00007FFA96CFA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_wmi.pyd

MD5 a180bf3e0d3c50e9c16e9de691ab5281
SHA1 e8f17616aa2ec453cb129aa08c16f19661c7272f
SHA256 da33e471a1229419da5690b0b32b5d2137f732ac0b4a8dec82fe4e5952d19048
SHA512 d9799175cb45ff0079355f01a3a6d0a8eaeb50fcec5de7564abac2d1032e45f7d7cc449fac156ae9e5b9773e77fb5d817bb5fc748857c25084a2ca4b20d079de

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_uuid.pyd

MD5 353e11301ea38261e6b1cb261a81e0fe
SHA1 607c5ebe67e29eabc61978fb52e4ec23b9a3348e
SHA256 d132f754471bd8a6f6d7816453c2e542f250a4d8089b657392fe61a500ae7899
SHA512 fa990b3e9619d59ae3ad0aeffca7a3513ab143bfd0ac9277e711519010f7c453258a4b041be86a275f3c365e980fc857c23563f3b393d1e3a223973a673e88c5

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_tkinter.pyd

MD5 0ef70d836126b891ec7040913e7570d4
SHA1 3cb380cde55af28e36dc8448b18961c0512b38fb
SHA256 7372ca7272d5575ddf6e6abb04add5ae82d2f70e8973cd05e9296c270e42510e
SHA512 89a3bf9e38ae22ba058fe993d3d4f931984fb0f5f0c2f6aa481d38abd10903372aaa79308be9c5ed1f2f0191d2dd3f584952998917fa093744c3d33a9a22e74e

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_sqlite3.pyd

MD5 b1254d6e5c62435b583c3abf4d3f859b
SHA1 4ac394ecc8528c940bcd5c11f63dd8c30d3c0879
SHA256 b9892dd45f0b63c463aadaeb30befea59f7e21413a7f22afe725f27b4b7c5262
SHA512 07b2187fd59a5816943604a2bb7aa6404aa01a57ea937aff8cf49827fb9d3ff44058aaf709b3cfd78c8c07b7f44976395b5971a81ae67246c313287164b4d0db

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_overlapped.pyd

MD5 59ed3d257c210434d28b84063115545c
SHA1 a766cfa0dc70f3785819d4deaef4f2b9dbc9cd85
SHA256 70e656592c21023b650d8dad45e261ff0489c219eb2f4abb163cb5c5d7efc325
SHA512 0a41be3906c83cfbdb238632bc1af733c3333cf4118e1b64e1596cdadf65fa56aeeba82cd638fcb682f8c216d0b24940ca628b078167df99fa43340c39944db2

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_multiprocessing.pyd

MD5 537f125ccdf3f288170d098699f24a02
SHA1 316afe72232f83a8222fc2d0b48dc9e6d8718c9c
SHA256 f4a535732cd57d94f752ce99a8072e0875e180feb90f9248ba8ccab5353da867
SHA512 3e3d7eb501b570f5b84604cf0a101dcfaa55eea4801b83fb74bf9cbe9ddddae711a8284fcd2c79a241dc70abf032491e490791d2423fe5cb5d9a0050e914dfb4

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_elementtree.pyd

MD5 a4699636312058ad7ce50ae654c8e0cf
SHA1 7e4f25cf9d9eede3c99e7c66f885b578bd7224bd
SHA256 756231a20b9197e9c3782997388c71148863798b73e1d4680c532da5d8cb7030
SHA512 4441cb5ea2c04a87022c1426cf6d3648650fe4fadc4b813b005ee3e300ceaf07f79f4b9e68647500657f2f70aae7c9e2c579833b1f085dc4603df0770878102d

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_decimal.pyd

MD5 2dc37264f3cd7bdad52787f0f8eb4385
SHA1 9949b9004dcf66d922672dbc6343cb0e406f944c
SHA256 4ce6df62b7445aac3f7f6f6e00445a3968898003a547d185ae62bc462dfb555c
SHA512 4e73f2d9c245733a6edc6c0f401b91cfa4c88a075bc03c026c5441ccc4181eb9bf3753e5d8aa2c53e7064b39f67069209d8c7544c974b1e81284917cfc7e058a

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_cffi_backend.cp312-win_amd64.pyd

MD5 c7f92cfef4af07b6c38ab2cb186f4682
SHA1 b6d112dafbcc6693eda269de115236033ecb992d
SHA256 326547bdcfc759f83070de22433b8f5460b1563bfef2f375218cc31c814f7cae
SHA512 6e321e85778f48e96602e2e502367c5c44ac45c098eed217d19eddc3b3e203ded4012cab85bcad0b42562df1f64076a14598b94257069d53783b572f1f35ae5c

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_asyncio.pyd

MD5 65ffe17a5a5839db64cc63c1c31b87a7
SHA1 b0c5d26cdd50309b830c598f3b17b9fd30628b2c
SHA256 a2c140b0a6d6d83eaf09b66e3cb891df99b8ba3a661259d8161992bff70c66e4
SHA512 2d71aa40835c8126f0a2137e25ccd693cd581fdbda77949cf7d9b4343f85c9025e7532af7ff4175eebbaef4ec69eb015cdf7547c0005e5359bbf98c828a0cad2

C:\Users\Admin\AppData\Local\Temp\_MEI16562\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI16562\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI16562\unicodedata.pyd

MD5 520a7a2e9ea3e52906b5c3860010a80e
SHA1 456ffc8f5d045ce9b120f429fdbc8e03938bebee
SHA256 ba320a95d7b53ce2c6a5bca87069cdcad3f4ea7c68bd4a95ff972e269f28bce3
SHA512 e144a65a1a1835392d8b12faada9088dfe3981376a9b9688fc43892a156b85307f291c475452163c38ae21bd1a79548905549587dd2660503e11be29c931ce3b

C:\Users\Admin\AppData\Local\Temp\_MEI16562\tk86t.dll

MD5 6223a850b687827314f72f645c86beb5
SHA1 4c03d817cfa3544115cd5aac1cf6edd4646d811b
SHA256 ff4c451c3a230106539caaf0ba63383889541019f1b72e0e1613f2217a515dda
SHA512 8a1bc29b736d5d66bd66a0f11aa952b257041314d27e96fef91a60e472b26a6f7b61374457b04097a9e851ddc4aed4030c1ecd9d9d12266a3c4efa1454bc174e

C:\Users\Admin\AppData\Local\Temp\_MEI16562\tcl86t.dll

MD5 1af892b6d5d1b85ae83ead8dd68c7951
SHA1 1b4577acd488972fbe6660f810ee5ec208378f26
SHA256 902b2523edae3994c00d52612df0d2244891e3a2c805c6a3714a38a7e03a36af
SHA512 bfbede74e6cf46666ed6b7ea4d5ac9ccce69efb5646122ad77862ebf9c539f51161379158c2ad7fa66f6ae8c0f0311267cff05b3d16544103adc76c85fb33a7b

C:\Users\Admin\AppData\Local\Temp\_MEI16562\sqlite3.dll

MD5 1af99cff748d6cc7a2e70c6c4540b077
SHA1 c2b598ff6e35cd9ba454205f4a936933acd496fb
SHA256 70d6219a6b36eaebdf36f54d661772d0864eb4bc14c9dbf0175143841ec61e6c
SHA512 9e876283535cee2912b6ea676dd63eaf57b3c4fa9c9e2c0a9592b908e91359ac0bc2b1c5ee9016bf76fe5f61a90f61afcc623c330a85673e281968fde300c12f

C:\Users\Admin\AppData\Local\Temp\_MEI16562\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI16562\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI16562\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI16562\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI16562\pyexpat.pyd

MD5 98f5a84c3643ba404db59660c8ba2c37
SHA1 44c926b810398c3021c50993c10e44313c455fdf
SHA256 62392a5f10ffc061bcd2ffa6b619baa3dbb23eaf744f329aaef1967d7be60842
SHA512 28984b3af727f53cef17c7d508035b54affe22c9340af8ccd5d744f32aaafde1157ad644844d2b8e78d094718b2a77d5b9826c6699fe068c06e4361b001f5e31

C:\Users\Admin\AppData\Local\Temp\_MEI16562\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI16562\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_lzma.pyd

MD5 16cc6150bc7d1769580d3250b7b41c7f
SHA1 6f2b6e6a6c071ab5ee0f2592451115a872ac2531
SHA256 c07e1c5415c651a08d9c1a90c367136874eced47a35d3f988190218d2f43118e
SHA512 ccfe0dc086d49b755505919894c4eda55a8c0242b3ab9471a3bbc205362409f845635618bd6165af8a2ef36e55583d55982eb389c27218676379dba43eaef3b4

memory/6076-1593-0x00007FFA97680000-0x00007FFA976A5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI16562\libffi-8.dll

MD5 013a0b2653aa0eb6075419217a1ed6bd
SHA1 1b58ff8e160b29a43397499801cf8ab0344371e7
SHA256 e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523
SHA512 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

C:\Users\Admin\AppData\Local\Temp\_MEI16562\_ctypes.pyd

MD5 a31cba32537e0bcbcfe7f8ccc747797d
SHA1 681b6148a6383d501361321c0760ca0e3c2e2340
SHA256 5290520258fbc100decc59432b20ee2c178923919e1c46995b925cf7081c72a4
SHA512 215267232c87a60be914eaf084eae018624230afbf176640a6164ad6eb417f7ed4abcf53415d904b982a0fec8de8dcea94463a023d27fc0d28a1bcdbbaf4b668

C:\Users\Admin\AppData\Local\Temp\_MEI16562\base_library.zip

MD5 0361d8aca6e5625ac88a0fe9e8651762
SHA1 0a4502864421e98a7fbb8a7beb85ea1bd4e9687a
SHA256 c53613d4cd1f5bf5c532ea5154e5da20748c7bbce4af9fce0284075ef0261b0e
SHA512 0cf82fe095ed2eb38d463659c3198903f9b7c53dc368e5e68a6bf1a5a28335406af69b5214fba2307412bc7dba880de302431e7048d69c904ae63db93ee12cfe

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wb1dumxu.muk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6076-1832-0x00007FFA855C0000-0x00007FFA855D9000-memory.dmp

memory/6076-1831-0x00007FFA85890000-0x00007FFA858AB000-memory.dmp

memory/6076-1835-0x00007FFA85510000-0x00007FFA85542000-memory.dmp

memory/6076-1834-0x00007FFA85550000-0x00007FFA85561000-memory.dmp

memory/6076-1833-0x00007FFA85570000-0x00007FFA855BD000-memory.dmp

memory/6076-1830-0x00007FFA858B0000-0x00007FFA858D2000-memory.dmp

memory/6076-1829-0x00007FFA858E0000-0x00007FFA858F4000-memory.dmp

memory/6076-1828-0x00007FFA85900000-0x00007FFA85912000-memory.dmp

memory/6076-1827-0x00007FFA85920000-0x00007FFA85936000-memory.dmp

memory/6076-1826-0x00007FFA8EDE0000-0x00007FFA8EDEC000-memory.dmp

memory/6076-1825-0x00007FFA8E210000-0x00007FFA8E222000-memory.dmp

memory/6076-1824-0x00007FFA8EE10000-0x00007FFA8EE1D000-memory.dmp

memory/6076-1800-0x00007FFA85B30000-0x00007FFA86059000-memory.dmp

memory/6076-1823-0x00007FFA90DC0000-0x00007FFA90DCB000-memory.dmp

memory/6076-1822-0x00007FFA929C0000-0x00007FFA929CC000-memory.dmp

memory/6076-1821-0x00007FFA96C30000-0x00007FFA96C3B000-memory.dmp

memory/6076-1820-0x00007FFA97B20000-0x00007FFA97B2B000-memory.dmp

memory/6076-1819-0x00007FFA97B70000-0x00007FFA97B7C000-memory.dmp

memory/6076-1818-0x00007FFA97B80000-0x00007FFA97B8E000-memory.dmp

memory/6076-1817-0x00007FFA97B90000-0x00007FFA97B9D000-memory.dmp

memory/6076-1816-0x00007FFA97BA0000-0x00007FFA97BAC000-memory.dmp

memory/6076-1815-0x00007FFA97BB0000-0x00007FFA97BBB000-memory.dmp

memory/6076-1814-0x00007FFA97BC0000-0x00007FFA97BCC000-memory.dmp

memory/6076-1813-0x00007FFA97BD0000-0x00007FFA97BDB000-memory.dmp

memory/6076-1812-0x00007FFA97BE0000-0x00007FFA97BEC000-memory.dmp

memory/6076-1811-0x00007FFA97BF0000-0x00007FFA97BFB000-memory.dmp

memory/6076-1810-0x00007FFA97C00000-0x00007FFA97C0B000-memory.dmp

memory/6076-1809-0x00007FFA97C20000-0x00007FFA97C2D000-memory.dmp

memory/6076-1808-0x00007FFA85940000-0x00007FFA85A5B000-memory.dmp

memory/6076-1807-0x00007FFA9C910000-0x00007FFA9C937000-memory.dmp

memory/6076-1806-0x00007FFA9C940000-0x00007FFA9C94B000-memory.dmp

memory/6076-1805-0x00007FFA97C60000-0x00007FFA97C6D000-memory.dmp

memory/6076-1804-0x00007FFA85A60000-0x00007FFA85B2D000-memory.dmp

memory/6076-1803-0x00007FFA89360000-0x00007FFA89393000-memory.dmp

memory/6076-1802-0x00007FFA97F60000-0x00007FFA97F6D000-memory.dmp

memory/6076-1801-0x00007FFA8EE20000-0x00007FFA8EE39000-memory.dmp

memory/6076-1799-0x00007FFA8EE40000-0x00007FFA8EE54000-memory.dmp

memory/6076-1798-0x00007FFA929D0000-0x00007FFA929FD000-memory.dmp

memory/6076-1797-0x00007FFA96CE0000-0x00007FFA96CFA000-memory.dmp

memory/6076-1796-0x00007FFA98BB0000-0x00007FFA98BBF000-memory.dmp

memory/6076-1794-0x00007FFA86060000-0x00007FFA86725000-memory.dmp

memory/6076-1795-0x00007FFA97680000-0x00007FFA976A5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI56922\attrs-24.3.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

MD5 172e340a259174d83a64d095a35fef03
SHA1 e17d7114f03c29861a260aa26db9db5392289f99
SHA256 0c55b5407676666cdc3d4bcdebbd82c21b68f9e5524ee241e62f58e5fbe22a5a
SHA512 4f7eb462c61333ad03d609a60b49a2e295f0d99b2500420a269fbb09d8878494c327707efb2164393e908d620e2cbd65cbadf4ebe6055590221ad835d9300e30

memory/2488-3194-0x00007FFA90DC0000-0x00007FFA90DCB000-memory.dmp

memory/2488-3193-0x00007FFA96C30000-0x00007FFA96C3C000-memory.dmp

memory/2488-3192-0x00007FFA96CE0000-0x00007FFA96CEB000-memory.dmp

memory/2488-3187-0x00007FFA85940000-0x00007FFA85A5B000-memory.dmp

memory/2488-3191-0x00007FFA96CF0000-0x00007FFA96CFC000-memory.dmp

memory/2488-3190-0x00007FFA97B20000-0x00007FFA97B2B000-memory.dmp

memory/2488-3189-0x00007FFA97B70000-0x00007FFA97B7B000-memory.dmp

memory/2488-3188-0x00007FFA97C60000-0x00007FFA97C6D000-memory.dmp

memory/2488-3183-0x00007FFA85A60000-0x00007FFA85B2D000-memory.dmp

memory/2488-3186-0x00007FFA97680000-0x00007FFA976A7000-memory.dmp

memory/2488-3185-0x00007FFA97F60000-0x00007FFA97F6B000-memory.dmp

memory/2488-3184-0x00007FFA98BB0000-0x00007FFA98BBD000-memory.dmp

memory/2488-3179-0x00007FFA85B30000-0x00007FFA86059000-memory.dmp

memory/2488-3182-0x00007FFA929C0000-0x00007FFA929F3000-memory.dmp

memory/2488-3181-0x00007FFA9C910000-0x00007FFA9C91D000-memory.dmp

memory/2488-3180-0x00007FFA97B90000-0x00007FFA97BA9000-memory.dmp

memory/2488-3173-0x00007FFA86060000-0x00007FFA86725000-memory.dmp

memory/2488-3178-0x00007FFA97BB0000-0x00007FFA97BC4000-memory.dmp

memory/2488-3177-0x00007FFA97BD0000-0x00007FFA97BFD000-memory.dmp

memory/2488-3176-0x00007FFA982A0000-0x00007FFA982BA000-memory.dmp

memory/2488-3175-0x00007FFA9C920000-0x00007FFA9C92F000-memory.dmp

memory/2488-3174-0x00007FFA97C00000-0x00007FFA97C25000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

MD5 c76ae29b1641f2cd5e25b386444f8f60
SHA1 ff9d96c1a5fb325e3c38c9d4f590971f5bfa238f
SHA256 61525240920d87c99df609116b1fedf6cecb8e02bd44afe23211be48db5dc1ed
SHA512 5b97c51039a20195672789083ae06012690c46022ff73273c3f97b1516c14dd1355934cc3418d484bf257ead9aee9d12b6e689a6fca98fdbf3b0027d8d04faa1

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs.js

MD5 9f7ef5898f5fa4b5a2b58063468ae82c
SHA1 d7425464d218ccee84bc407dee32c2a34c3338a9
SHA256 134e656e03981da854b9c29126df2fca11b34bdaed4ea694c487786826bdb4a7
SHA512 55fc3b6034374590d001af40bc9bd8267c65300936a53189f33b8bda69044a4d2a7c47a6d6adff3b51d8da83d130e8dee68e4aacf0b851c87af0883415e1e5ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\AlternateServices.bin

MD5 34f4bd752557c7f7056520d7d45e1b3f
SHA1 253552a207c9d1093466ef9fa7fea984e122c990
SHA256 684e438672fcf2a8d604d7468fa601c0df43f6077e566cda2cb7ba48b654a424
SHA512 298f0a65b356d0386787d301673ff7dcfbc1528555d863b465f87ba69aa67eddd8007cd286feb6cd020840cbb6cda84e06c7375fb6d5c101f00ce0df6e19f9ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\prefs-1.js

MD5 782792b6d9c3ee7ae99d066c897f9db8
SHA1 7dc6be81330a7e92a3f69adac5ded8a6caf8860e
SHA256 165302868a9ec336bb382eda174f4c4c9d204e501c075d8039bdfcbb2023e423
SHA512 8f47208beba184e5f0bf141de5d58c3158fcc2d799f5fbc1ef72fe29a75c6d691837b37b859d8de9e071955a2f6e7ccd17e44e8ba5ba9ae694f96053e07bc235

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xne5uxr5.default-release\sessionstore-backups\recovery.baklz4

MD5 e32c9f2fcd6970e53e3f0f048f6dded7
SHA1 9003837ae977d1af9c9b4a1c97fba0e965512fb8
SHA256 68bfdc6d74e626948c661741c741f9b9f82a3701f9a958211b1fea6361f20a4e
SHA512 6825a460008c89fac9020165fef964e610a07353db3a97a424bc54e0f6234e981394d48410e4533e0d634a56c2073ee499f2864a425286ca78c8d7e1eed677b4