Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-07-2024 18:42

General

  • Target

    1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe

  • Size

    2.4MB

  • MD5

    b6bf96c3900b28a9970323938a1752bd

  • SHA1

    fff9ac5ee2a9849759bf02538f8a431738a894c5

  • SHA256

    1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506

  • SHA512

    475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

  • SSDEEP

    49152:vNXu+em7jvl9vusinK4BwNH+T7m4/OKp0Pu46RKebeb9kbXb8ddhhtQhCvOaY5dY:vNe+VZ9vusiK4BwNHi7m4mK7Webeb9k0

Malware Config

Extracted

Family

stealc

Botnet

hate

C2

http://85.28.47.30

Attributes
  • url_path

    /920475a59bac849d.php

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 8 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 4 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe
    "C:\Users\Admin\AppData\Local\Temp\1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3424
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:232
      • C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe
        "C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4924
        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
          "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4116
          • C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe
            "C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious use of SetWindowsHookEx
            PID:2604
          • C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe
            "C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:688
            • C:\Windows\system32\cmd.exe
              "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D8BC.tmp\D8BD.tmp\D8BE.bat C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe"
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2012
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
                7⤵
                • Drops file in Windows directory
                • Enumerates system info in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of WriteProcessMemory
                PID:2404
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe0c09cc40,0x7ffe0c09cc4c,0x7ffe0c09cc58
                  8⤵
                    PID:1920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1824 /prefetch:2
                    8⤵
                      PID:3780
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2320 /prefetch:3
                      8⤵
                        PID:3644
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2088,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2336 /prefetch:8
                        8⤵
                          PID:2580
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3084 /prefetch:1
                          8⤵
                            PID:5124
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1
                            8⤵
                              PID:5132
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4624,i,14874252067728634401,10397080491061318796,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4632 /prefetch:8
                              8⤵
                              • Drops file in System32 directory
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6384
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
                            7⤵
                            • Enumerates system info in registry
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of WriteProcessMemory
                            PID:400
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe0be53cb8,0x7ffe0be53cc8,0x7ffe0be53cd8
                              8⤵
                                PID:5056
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2
                                8⤵
                                  PID:2376
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
                                  8⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1988
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
                                  8⤵
                                    PID:1480
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                                    8⤵
                                      PID:2096
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                                      8⤵
                                        PID:3620
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
                                        8⤵
                                          PID:6064
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                                          8⤵
                                            PID:5644
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                                            8⤵
                                              PID:3620
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
                                              8⤵
                                                PID:1108
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                                                8⤵
                                                  PID:5280
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
                                                  8⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2196
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
                                                  8⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5492
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10185510791694510756,2007729766919631957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2
                                                  8⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:6524
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                                                7⤵
                                                • Suspicious use of WriteProcessMemory
                                                PID:2612
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                  8⤵
                                                  • Checks processor information in registry
                                                  • Modifies registry class
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SetWindowsHookEx
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:2388
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6337a5a-4071-4073-b0c5-c174648be1f7} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" gpu
                                                    9⤵
                                                      PID:732
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {195d5007-95f6-4069-82b1-cda2e6c3bfb3} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" socket
                                                      9⤵
                                                        PID:3024
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3340 -childID 1 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c98d7b51-f582-4cc5-b240-d55e6fd16177} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
                                                        9⤵
                                                          PID:5048
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c3c792-8b20-4287-a638-c10e91db39d4} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
                                                          9⤵
                                                            PID:2500
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4248 -prefMapHandle 4244 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb4b0cd-f9a4-47c1-beb3-b903c820aabb} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" utility
                                                            9⤵
                                                            • Checks processor information in registry
                                                            PID:5412
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {226c14ef-f508-4814-b10b-7fb8da0fdd04} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
                                                            9⤵
                                                              PID:5212
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71fb11e7-13d1-4c21-8bec-a330a7e18a33} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
                                                              9⤵
                                                                PID:5224
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 5636 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bd2f44d-df05-400c-bb36-f1b031445c76} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" tab
                                                                9⤵
                                                                  PID:5240
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IIEHJKJJJE.exe"
                                                    2⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4912
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1548
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:2196
                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                                      1⤵
                                                        PID:5496
                                                      • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                        C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                        1⤵
                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Identifies Wine through registry keys
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:6000
                                                      • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                        C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                        1⤵
                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Identifies Wine through registry keys
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:7084

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\ProgramData\mozglue.dll

                                                        Filesize

                                                        593KB

                                                        MD5

                                                        c8fd9be83bc728cc04beffafc2907fe9

                                                        SHA1

                                                        95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                        SHA256

                                                        ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                        SHA512

                                                        fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                      • C:\ProgramData\nss3.dll

                                                        Filesize

                                                        2.0MB

                                                        MD5

                                                        1cc453cdf74f31e4d913ff9c10acdde2

                                                        SHA1

                                                        6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                        SHA256

                                                        ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                        SHA512

                                                        dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                        Filesize

                                                        64KB

                                                        MD5

                                                        b5ad5caaaee00cb8cf445427975ae66c

                                                        SHA1

                                                        dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                        SHA256

                                                        b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                        SHA512

                                                        92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                        Filesize

                                                        4B

                                                        MD5

                                                        f49655f856acb8884cc0ace29216f511

                                                        SHA1

                                                        cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                        SHA256

                                                        7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                        SHA512

                                                        599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                      • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                        Filesize

                                                        1008B

                                                        MD5

                                                        d222b77a61527f2c177b0869e7babc24

                                                        SHA1

                                                        3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                        SHA256

                                                        80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                        SHA512

                                                        d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        264B

                                                        MD5

                                                        c417b845260aba7ea1b9e41858c1c6c6

                                                        SHA1

                                                        6d68af2c393b5b55b85efd88c1a7173e05f1fa3c

                                                        SHA256

                                                        e0cd228852ba8b2e436b7ffb79a19ae9d4d3a89f0965f207649a99c671780dd3

                                                        SHA512

                                                        639b3902ec86ce01c9fc3f51380f6ee40844a8aeba408765d614f7df12746fd5b043ea69691f3c7bce153e74032fbd416a1c40f0f6114958ec61d063c67c655d

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                        Filesize

                                                        3KB

                                                        MD5

                                                        7741e17c79d31039279906bcfe72a2e0

                                                        SHA1

                                                        0dc29f474eb6a6845f2aac29d7fd8c67a71b5a7a

                                                        SHA256

                                                        0538ab173dcbeaf24bf939522c9fee135b0ad272309be4983f163bd1166e0d24

                                                        SHA512

                                                        c600476e2d67e4e5c39efc302ad69a8dc3647e4e089f884ac31b4edfadda8f9baca23bc5a5a92d1806a2efc320ab5afb0c0a4742c4922d7419645965b55edd8f

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                        Filesize

                                                        2B

                                                        MD5

                                                        d751713988987e9331980363e24189ce

                                                        SHA1

                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                        SHA256

                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                        SHA512

                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        524B

                                                        MD5

                                                        5fce4407b999f59501bacc4f9d82fe49

                                                        SHA1

                                                        0fd836b9c221938d8b14db1ae5155ef3bab20f4e

                                                        SHA256

                                                        5f7f529de210123f4eaaa39a24f0509187ad2387f5782a96f0c9107ebdb71143

                                                        SHA512

                                                        e63edd340488a6b7892e12f6fb1ce329b0907faf05c37fae6c12e81ff1281ec3462001792b188823b739d4352bd4bb534f5c3b57d8e2edbe125d1429cd4911b9

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        70f773a4a662a76f0dca788cf3dba6cc

                                                        SHA1

                                                        45ce2d6c17417a17d9375cc3b7858b5340ba3666

                                                        SHA256

                                                        159be13c0ab13a1360b6946e91fc437a30a0f729e08f022a436525967b0f006a

                                                        SHA512

                                                        c65c1f0e1cd8731f6fb4fa682d33ec1281037ef05a584d8d81aff7a8be9fa668a6198d24dd3d6d586573208b40fae66f6a10bde5b59fe51dcd0626eac8995f9a

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        4f0f147a1f49c6adbd3ddc02854b48b7

                                                        SHA1

                                                        f5392861467e6df3d43cf5b08203e5ad4ece05a7

                                                        SHA256

                                                        d771f1f8d45bc846fe7814e5ecfd8dd282a6597d2a771d810d8cb72b71882c6a

                                                        SHA512

                                                        e3f171e1babe8bde2b015e04624166651e4e39cb36a64216df780eff3e5f600bceff9d4648bb93c1e303ffdaf6c5324b5a353e2b87994feab3d454079330fa2d

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        a94dbb084e2bb1411bd01f1dd8095073

                                                        SHA1

                                                        0f5e10984de91cb8318cd7939bd9bca613c70896

                                                        SHA256

                                                        8fb2d57d1cf8826a2d02e525258b3c22da94104094c7491aa9ee266ccb2affe4

                                                        SHA512

                                                        908032289e99addbd3969de8d2ae92afedfbe1f4c86d37ff79a29d676f58840ad8ceaf75987f3941de733685e595fbbc85a8a9bb167beb8910c235edafaa6e03

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        f2aede8f5e53ebc38f7cc6d0c9a1f96e

                                                        SHA1

                                                        40ceab0ebb6cb6e4b6e182e8fd663056ddbaab2f

                                                        SHA256

                                                        9a5fcae6951cdd8a38b12ab2bed08790751818b4d6d2c8b62ddc4d0e77299f5e

                                                        SHA512

                                                        0de217bfe78c3aca3676421b726d630cec0aaf318591a4e405aa824650379dcf474ac6a3ae2f3be01b14286e3d6d1bd4b149c284c26fcbcfe360b0233502812a

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        3d3401d7708f216229fa628c35097362

                                                        SHA1

                                                        102d2088bdda2be4253605ba4f6215c7c036bef7

                                                        SHA256

                                                        0a4cf19abd9a126e34da605dba37eab17cef4b51ffdbe3f70419e275b4cfb38b

                                                        SHA512

                                                        20d0658ae4464274140bc6f43e8deb9092bceed5b7d1728a2872238848a235054ef7510bc599304883dad3a180036ae8ee3a00d3e857874a376d3c70718cd5fa

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        e8f35139ae5a08c13d3cdae9631c52ec

                                                        SHA1

                                                        843c40ed3ac9b5c15a550c530dfec6686ded387a

                                                        SHA256

                                                        b59cf029ae60ae91572adf5b1ec602aa235e8deb8d0920498a1f2e82d216f75b

                                                        SHA512

                                                        8ef0bf72323ca84205650e2dbb5cb66c40dccd152d598b45c465f8221bd58fc9bf1e5933e79506913489fb7b07e8c41cce2c50e0ac85249f288c3e59e801ce1c

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        ffe065ab68e6d993c687959fa9ee8164

                                                        SHA1

                                                        02ea33d70226e9707a097316f69bd9082b41c7dc

                                                        SHA256

                                                        5a5c94ae2b2cd799b9c8b32dc05a6cfd62f07b8c37e7ea211dd29b19958979f9

                                                        SHA512

                                                        a93e274e2259580f122909f04813d0232543bc19ad2256fd4fdf95f53bbb6ec5b5ad0d955003fd5e2ab90cb89a52f2828bbb7149fe6fca629fb244d0196e7c05

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        a12ce14c727075facc63989e75f91228

                                                        SHA1

                                                        1b2ce05176dc2c3347ee1ab37f1879ef877593a6

                                                        SHA256

                                                        51f5f61caf575b42e952188b292db6303b838eb2180bca437fd2dac9c70cbf75

                                                        SHA512

                                                        4cd9f086e431472a37719694d8cfd2abe940080a59dd2ad7cce022cbd1fbd71b8b2100d118b03da9ce51c22da662e9cff00c260ad4ab816e27126a4646252820

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        d7d2d051853f17d1b48672b4f7e609c2

                                                        SHA1

                                                        b2bc05ce4b4d868948845a5e2102aafb96fc51c2

                                                        SHA256

                                                        1173d6e53b163ae3190acb118756c692e7ce44e6f72a64af8ebbf069c6f662e9

                                                        SHA512

                                                        f488d6b8afd389d27c524bb8391dc3e73ef75bbd316e9fa81e699a0443169af4df2de7ba6be57689f710791347d97afef6a9414e37b3ad26c3e2056796774eac

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        92KB

                                                        MD5

                                                        fc3e1709c71e8d3cf46a8fb8ba0ee7b8

                                                        SHA1

                                                        98e85abc0b214569da06607e319f17e70d7fc355

                                                        SHA256

                                                        85cdb7aa4693b79e09e1708c04a68d5468f1bd5e91b7ade646781eac15269627

                                                        SHA512

                                                        37a3af9fdbd532a9f562a276042926c94fa776b9f53cbe73ecca573e55642efd1fb646cf699bbb8b141290ce893815bd53f10b85592b63a3a8753a595aed4e14

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        92KB

                                                        MD5

                                                        08165ae72d85bbe91a5b26d85d159343

                                                        SHA1

                                                        3195fc2ca6e1428a85a441ffae4d5053d558c87f

                                                        SHA256

                                                        2dca43e9c3a3652703e50b651a3ec4936429a06dca2ca0df36b25804bf6088fb

                                                        SHA512

                                                        34281bb40500cb0cb9473e6dcb132640d22a2195d72d95883480b75b54692afb5642b92798a411edf4819745595772eea6237ea56cf3e2941b2a37997f5f279f

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        5478498cbfa587d1d55a9ca5598bf6b9

                                                        SHA1

                                                        82fedfb941371c42f041f891ea8eb9fe4cf7dcc8

                                                        SHA256

                                                        a4e82ce07a482da1a3a3ba11fcceee197c6b2b42608320c4f3e67f1c6a6d6606

                                                        SHA512

                                                        7641a2f3cc7321b1277c58a47dfd71be087f67f8b57dca6e72bd4e1b664f36151cd723e03ea348835581bcb773eb97911f985d5ee770d4d1b8b6f7849ce74b44

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                        Filesize

                                                        152B

                                                        MD5

                                                        bb87c05bdde5672940b661f7cf6c188e

                                                        SHA1

                                                        476f902e4743e846c500423fb7e195151f22f3b5

                                                        SHA256

                                                        7b7f02109a9d1f4b5b57ca376fcacd34f894d2c80584630c3733f2a41dddf063

                                                        SHA512

                                                        c60d8b260d98ced6fe283ca6fed06e5f4640e9de2609bcfbfa176da1d0744b7f68acabfa66f35455e68cad8be1e2cfc9b5046463e13ae5f33bbbf87a005d1e0b

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                        Filesize

                                                        33KB

                                                        MD5

                                                        1c0c8433626cac08202f23a1dae54325

                                                        SHA1

                                                        3a5700eeeacd9f9d6b17c2707f75f29308658cd3

                                                        SHA256

                                                        7aad4c7a174a145a4f9f11506145b521631ee2cb1ca2f7617b900ba515b31cd3

                                                        SHA512

                                                        da693d1d63c9971cb80792063f0e8d3335edb67ee1dcde4040d0dc8f44398f99d9f683eaab8cf44ebf5cdb78eae6672d43fd9ed9b45a526a80a311d8c77bcc8c

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                        Filesize

                                                        38KB

                                                        MD5

                                                        c3aa6e31c125d83fb2eabcc9e33843dd

                                                        SHA1

                                                        ad91b78e1a9853ee876b77b82f75100ff5690d11

                                                        SHA256

                                                        c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

                                                        SHA512

                                                        897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        216B

                                                        MD5

                                                        bb7f69d037246d7a4412d49574b9c935

                                                        SHA1

                                                        1e3468a3c5b9eb137c9b79c190d4f8e6d438bbe9

                                                        SHA256

                                                        678c5eeed6e3f94aa32852a2734bf95b94fcbb83349fcda6109c689dc8a865c6

                                                        SHA512

                                                        b5c61d0bb693ea9cb60eba3a1b6c559579a3a5846f6b0e0c35105d17cfe82de31ddf37999a0044a6532ad750b26052aee950f339c9d5dc55f7c79502631ebd74

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        fb66ad9d629838f2ee682856f02bc793

                                                        SHA1

                                                        ff3467b9c6e5ba47afd8c622cc2e35fc699f014b

                                                        SHA256

                                                        6b8313b227ca54ee5c6e0dd58320b0fb2a84ea09d76145690d0994273524de33

                                                        SHA512

                                                        ab616c0e1f26776fbc906679f6b77b099337f16fe7f96f1b2ebd2c639f4c6eb46ec3d6232ad911d21864d8df4822d7cf966bb6742eec22201364041d91e9dc08

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        5KB

                                                        MD5

                                                        2786342294130b09e253c8b011f4894c

                                                        SHA1

                                                        07451f6462a66b961e0fe88737b51f5e74c05ad7

                                                        SHA256

                                                        d1f1c32e50ba8adfaf47f748e7adf32c5f000808da2431f8b012b2e6e3875a5f

                                                        SHA512

                                                        fd9660a1771bb9206ad870a41be664c57f4134bdbf8a5b21dfa151555afa481ff1edc014e43f862ebbce754b738ff79e9ecd9902ccb0927e62d34caba5dadfb4

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        ca4c3ac400c1b69bfc36a80f0c94c5be

                                                        SHA1

                                                        c2d0b0b67feeb2fb4e3f8b709ad9c36ac28af9f1

                                                        SHA256

                                                        a62bfb2f27685d3169ecf21320611337ccb7ca13d0d87bca78e78b134de0f73f

                                                        SHA512

                                                        1d7436b32cbbe67bed85743b614af36f5b15d715e55e35e6a3e77cdf0061a35c196f83cb908bd86de89d8e829a9ac2f38bd494686c6cdd76d142724c8041c9af

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        46295cac801e5d4857d09837238a6394

                                                        SHA1

                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                        SHA256

                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                        SHA512

                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                        Filesize

                                                        16B

                                                        MD5

                                                        206702161f94c5cd39fadd03f4014d98

                                                        SHA1

                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                        SHA256

                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                        SHA512

                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                        Filesize

                                                        11KB

                                                        MD5

                                                        1f055b25d7d394e982c5a97aa95b1895

                                                        SHA1

                                                        856666444f7fd1542b0e77125d4e0bc399808afe

                                                        SHA256

                                                        3419aca293df56830376880fdf0f156d5f318289e153f9c5191c8bb2f0a51afa

                                                        SHA512

                                                        c35a666bbc67e13376394528d91f2f80b31b150a8f567423ddf023db5a2522554f4ab6784d6a350e9686b8a7e7a3b8be06d2accb4d6b1572db5a79f5788d4c5e

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                        Filesize

                                                        11KB

                                                        MD5

                                                        97c162f01cc66ed405139e86683a4173

                                                        SHA1

                                                        4ac5abdb635141dca55574a03e953012672913b6

                                                        SHA256

                                                        150fcd8ba9c607922c82a860a78bc6f54880eeb50dfe38b1ab8007004a6e348b

                                                        SHA512

                                                        b7a60eb6265a956384fae0e536d498a2cd4b97fb12c5f42dc1d4ed74672409bced72cfbbc045a89e0e4492ec6424598733f3fc74b5a4e46a6f5a3177fc7cba29

                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp

                                                        Filesize

                                                        18KB

                                                        MD5

                                                        c24ef437e95acca7b9f301dcca62439f

                                                        SHA1

                                                        0de61a01aafb58b20866c4be86e309cef716c75d

                                                        SHA256

                                                        a9e9f36d8209e3a4b664c9240661edfbb43c2adf97f5e8e9e2beef8e7d9e398f

                                                        SHA512

                                                        78be14718a3a3b3daba65028b7ad8e2c09a1a2fc4bb57470c2dd54a47272fe9c92af5474a8e9c2da6d2733e2bf7de0110cb95905d67121d13d182ad001368cf6

                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

                                                        Filesize

                                                        13KB

                                                        MD5

                                                        84b42050bbe3c4102ef82b5afdefa2b6

                                                        SHA1

                                                        794fd6e59220b01eb263f0933d9237a9d5d64300

                                                        SHA256

                                                        164d534883dd7b8e39479930834afefd5d99e8556c2dccd9cae9fa6a91cb121c

                                                        SHA512

                                                        8d02293836e441114648d71b98deb127dc9af85ba359a48a605b16c8a79edaf01172d7276701c167ec91e34408f916099520cc4e2b8a94e782dc010e396019a4

                                                      • C:\Users\Admin\AppData\Local\Temp\1000006001\4b8adf2ee4.exe

                                                        Filesize

                                                        2.4MB

                                                        MD5

                                                        b6bf96c3900b28a9970323938a1752bd

                                                        SHA1

                                                        fff9ac5ee2a9849759bf02538f8a431738a894c5

                                                        SHA256

                                                        1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506

                                                        SHA512

                                                        475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

                                                      • C:\Users\Admin\AppData\Local\Temp\1000010001\ad33104d3b.exe

                                                        Filesize

                                                        89KB

                                                        MD5

                                                        bc08b445116ecc06852a929a5d302c4a

                                                        SHA1

                                                        a78aa42220b90d47b4cf63119e6082f06b295f57

                                                        SHA256

                                                        5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6

                                                        SHA512

                                                        657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

                                                      • C:\Users\Admin\AppData\Local\Temp\D8BC.tmp\D8BD.tmp\D8BE.bat

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        de9423d9c334ba3dba7dc874aa7dbc28

                                                        SHA1

                                                        bf38b137b8d780b3d6d62aee03c9d3f73770d638

                                                        SHA256

                                                        a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

                                                        SHA512

                                                        63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

                                                      • C:\Users\Admin\AppData\Local\Temp\IEHJJECBKK.exe

                                                        Filesize

                                                        1.8MB

                                                        MD5

                                                        8bc520e6b221e7998eb73c10c830fbd6

                                                        SHA1

                                                        8a825403f8bff789c60e4dfb67ead847c957b0d4

                                                        SHA256

                                                        506ecb56dcf6b280d4f553a0fb009ba1760251e411916ab715701b53ae8fe943

                                                        SHA512

                                                        58d087c499275776e155cb38782f3eca9bdcb516a5707023eb60f31e99ace240076f59ce0c1fc8b7c7382583edfa0f29a68fde23c891a6f0d28de0d3703c94d6

                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                        Filesize

                                                        479KB

                                                        MD5

                                                        09372174e83dbbf696ee732fd2e875bb

                                                        SHA1

                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                        SHA256

                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                        SHA512

                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                        Filesize

                                                        13.8MB

                                                        MD5

                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                        SHA1

                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                        SHA256

                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                        SHA512

                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

                                                        Filesize

                                                        12KB

                                                        MD5

                                                        e30e197f656186d13fffd257ab52bd54

                                                        SHA1

                                                        ea5510e380e36fa430959f7375783cbd73012d08

                                                        SHA256

                                                        231fb995a8fc0b82f790b4ff866a70b50e0b12826a2aeb785a0453917c7fd147

                                                        SHA512

                                                        b1370d2a1496de0455f63c40e5aee3850125117e3a45fd2b22e2a4e77dc0494ffd283fa31cb691200721f7b912513f2c61022dbe1844118491a4ed0ace9e1884

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin

                                                        Filesize

                                                        12KB

                                                        MD5

                                                        8127deaa507988277dd786f7c74c28d9

                                                        SHA1

                                                        4f5aaf7fb47f24e3828ab3b813c2bb75d85da7a3

                                                        SHA256

                                                        a05f17bb1ac2caffffeddeebe960ef0a142e549927a250da8e09385d968de8c9

                                                        SHA512

                                                        deaa1fe8e0dc5a952274e3a9c1da06d0e244f3a7b22ae837b4b2d163df9b2f5b0953ffc6665335bbb477ef96cb0aca20d10183168d273b6bca9c24494b145398

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

                                                        Filesize

                                                        22KB

                                                        MD5

                                                        7763eb3b92ad4c309fe62303dff36068

                                                        SHA1

                                                        9072b48ccf06d02528052b86ea20e94381f42184

                                                        SHA256

                                                        aaf0e8712ae3ac3318c55473ef93b42ca993ee6c7384cacdc40482a0a2c7fd63

                                                        SHA512

                                                        5cf94108ad2363c87fefe73e03a800e7fd774e965bb65acf7b73cf0bb6f1be7b9905429b89fcde46d978aec330f179b8e9cf39bd931b3a9fb2b959a7c0a38678

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

                                                        Filesize

                                                        25KB

                                                        MD5

                                                        408cbd65a14cefd8cfbd9024d2e148cc

                                                        SHA1

                                                        e757f6ada8d083b6d9a9d1fe7f2abf4a5c84236e

                                                        SHA256

                                                        85bad880480244787dd73380de5eb9c2f162112d46238f2bcf7fb5b89d4fc387

                                                        SHA512

                                                        1188b4d940f3407c389aaa6b5f71c34587ba2f51541f693d6f8eb5fc3e851cb85dd8169790f5f7e9b0b2916a64b4b7c1153b8f9fb7d350df93197fafeed60ac5

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

                                                        Filesize

                                                        25KB

                                                        MD5

                                                        d82b8710f65c5eed9b933726f201153b

                                                        SHA1

                                                        475aa19377704c21410ab851fe4c2f61c2199bb6

                                                        SHA256

                                                        3fe35ff67409f945c27437b9ed8806e3c0d5bb00ea6578657e9d4c6ebd2574eb

                                                        SHA512

                                                        3cd8b7b62d8ca3b47e6810f139cefbf5f0f87e5cfd8fd812c3e99fa5e0304c39e0a58c98c57169a6b8d2d45558047ff2298f57c7bd3dac7ece0f296f7161286a

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

                                                        Filesize

                                                        21KB

                                                        MD5

                                                        974c7c62f6823ef58b2a60c421d119cf

                                                        SHA1

                                                        70d378ff73e0270eeb1fa1ae180fd24970070c26

                                                        SHA256

                                                        04efd75d7c00193638a4968679930b082ee58bead9bb0e5ad25f9bf069d5465b

                                                        SHA512

                                                        4e83567fe07d51eb803ae69ebe080adbbafe37118a38b551987f7d1f7e1c62894812c753231edb56b791ed003f5456c369c0a8d925c3ff62075df8ae004b561f

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp

                                                        Filesize

                                                        22KB

                                                        MD5

                                                        2426b9d146b5f9cdea12a4b646672d32

                                                        SHA1

                                                        dd6e65d482bcc1c6df08007de6b2d75436875f04

                                                        SHA256

                                                        ed84dc1123e1546497dccc2f4091c5bf91a8171765555e3ce25ea72d62b99b7a

                                                        SHA512

                                                        1b1a9fc8645f3c7d2fd57ebeee131df7e2bc6da155ab01ba3c08b7c7d52784b9c5516c7145da8f9f07ba7d3ea8dad3861e4b9462d630e4b648f809608f92d219

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\696f8625-61b3-4ad3-8311-ce524f710c07

                                                        Filesize

                                                        659B

                                                        MD5

                                                        fce0eb095029369cdeec67e966907c02

                                                        SHA1

                                                        c689af9e45a36d20597c857f000bf10ba2e06507

                                                        SHA256

                                                        5eaddb4ad4730b81796c52355dd280b4d99c5fdf98ff170fbdd8a27a9ec6915b

                                                        SHA512

                                                        47173f5ce95a27298d50809e48b9758f14fefad58f37da1d55c9d2b35a82991fb96dfd0de38f003bef8315725f480f821f560cd0d6f93553a9d44bdfb2c6ff47

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\a218dea3-b757-4fef-a392-9141277ad3c5

                                                        Filesize

                                                        982B

                                                        MD5

                                                        d08d9ef0623db6f8537503405643da04

                                                        SHA1

                                                        767b800b6a37797563df81fe4f74563aff29732e

                                                        SHA256

                                                        cc95e7fdea6ce4c5cc2f9f28e29873e64e8f2630211f832c5c61a0e3e5701cbe

                                                        SHA512

                                                        85c50a37a1fad02e899b1e9fa09831f6b5ce25d857518ef6de42ae150e3acfa0bf25c6d6b489a0194bd613e153858857b213340d6f4b3a2ad40744868f60efa1

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                        Filesize

                                                        1.1MB

                                                        MD5

                                                        842039753bf41fa5e11b3a1383061a87

                                                        SHA1

                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                        SHA256

                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                        SHA512

                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                        Filesize

                                                        116B

                                                        MD5

                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                        SHA1

                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                        SHA256

                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                        SHA512

                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                        Filesize

                                                        372B

                                                        MD5

                                                        bf957ad58b55f64219ab3f793e374316

                                                        SHA1

                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                        SHA256

                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                        SHA512

                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                        Filesize

                                                        17.8MB

                                                        MD5

                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                        SHA1

                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                        SHA256

                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                        SHA512

                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        9cc1a22306df7c69b91e36ee33d155b4

                                                        SHA1

                                                        9f403612270a19f12016e5d203f0ac9242761d07

                                                        SHA256

                                                        ae7892e545c651239e5e3c00c2519a9ca0f9f54b2de5522efe140fc21cbd19a0

                                                        SHA512

                                                        d8c83ba3a73fcd45991a82d1a1f85df492adef3a3601f5d9a9faaac7f60aa3235ba2372f2450ad78cc2a63e9f3956671038508f619ab63d56a025e4e3cf7f619

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

                                                        Filesize

                                                        10KB

                                                        MD5

                                                        e59cd97f57f3ae9d6b6162d71f8b04bd

                                                        SHA1

                                                        cf15164797c442e0d279f095c591ffbce8d01f9f

                                                        SHA256

                                                        ef609da47234b2ec4a7f0e74723426f158c9fa6640367ecf3f54822e9aed8536

                                                        SHA512

                                                        8e3f77064d54b4cd34f10d601ec8e50c376b37fdda79d1b7e8fd793e5196d2e6ba73c6bb3e0aea3677d68b7c8ba04a2569b0bc9f1fc62f40a336d415cdd994c3

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js

                                                        Filesize

                                                        13KB

                                                        MD5

                                                        54f5e969f941ac64cc65679f67842920

                                                        SHA1

                                                        a23c32dd6f701daa391238377ac6701f49b899ba

                                                        SHA256

                                                        3ca25762e2603b714d96beef86ef9b7d6ad9ef5fa3cc2d759640516e1eac2f73

                                                        SHA512

                                                        c1c380c69784a75a1f29d8f3d72d3457983bdef769a7a68374c171b4c0442127527819e7aa871c7414354a1ab3f0bdba4f5ab997b21a4f2d7918dcee2ffaf948

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js

                                                        Filesize

                                                        8KB

                                                        MD5

                                                        f267022dcce693bcaf66903091889bae

                                                        SHA1

                                                        a7d9e41c8627265c0989232de8198eb4eec7dc73

                                                        SHA256

                                                        1cdd2b3e41a4dc6732793954c1c5e2f844f48bbf2e63776b074c45bdc914b698

                                                        SHA512

                                                        548c04fe24f73f4a36250b02f4d2ed537cdae7b99b6169751ded9c106a112cd8aa189d7c784e0edd90d838cfb9b093ec2543a41066b69854b1ddb3cbbbec702c

                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                        Filesize

                                                        1.1MB

                                                        MD5

                                                        38b6d68c445e87a50870b1d842eb0df6

                                                        SHA1

                                                        3c6c5209d602d9840040512eb5f92236826c5c80

                                                        SHA256

                                                        4fc607b7cab168208eff02674624fe25136cb0ecb02f45d90ef46dd71a35d4dd

                                                        SHA512

                                                        8def2ab4466cc41a65350a91679e2348aa570a59c057c37db430e9f63249aac39084f90931fa75de5f573e90696265e0a3d23f568d6d20343210765b32054a05

                                                      • \??\pipe\crashpad_2404_CJVNECKRVEPQOIZO

                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      • memory/2604-114-0x0000000000CD0000-0x00000000018B5000-memory.dmp

                                                        Filesize

                                                        11.9MB

                                                      • memory/2604-113-0x0000000000CD0000-0x00000000018B5000-memory.dmp

                                                        Filesize

                                                        11.9MB

                                                      • memory/3424-1-0x000000007F920000-0x000000007FCF1000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                      • memory/3424-2-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                        Filesize

                                                        972KB

                                                      • memory/3424-78-0x0000000000480000-0x0000000001065000-memory.dmp

                                                        Filesize

                                                        11.9MB

                                                      • memory/3424-79-0x000000007F920000-0x000000007FCF1000-memory.dmp

                                                        Filesize

                                                        3.8MB

                                                      • memory/3424-0-0x0000000000480000-0x0000000001065000-memory.dmp

                                                        Filesize

                                                        11.9MB

                                                      • memory/4116-3411-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3436-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3352-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3349-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-97-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-543-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3412-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3469-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-2612-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-897-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3425-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-612-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3435-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4116-3373-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4924-83-0x0000000000070000-0x000000000052A000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/4924-96-0x0000000000070000-0x000000000052A000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/6000-898-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/6000-973-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/7084-3424-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB

                                                      • memory/7084-3414-0x0000000000C10000-0x00000000010CA000-memory.dmp

                                                        Filesize

                                                        4.7MB