Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-07-2024 19:15

General

  • Target

    185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe

  • Size

    1.8MB

  • MD5

    ee8c22e6860d138e1da227f83a788e7e

  • SHA1

    c7f1ec27a961ab3aab2799544d00dea208ba60b4

  • SHA256

    185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0

  • SHA512

    7d8e090daed5c9486991b97ef1b27174cc76a5b6e73e03c622da12f63d28548c2c2d952199a2855461621427b8be55d647d9c5570f4b46c7358a9c4d16657d2d

  • SSDEEP

    49152:ZWrDTFGICnAtlWKwbcOHtpkvpjx7twSgeRyC:ZYDTYIw4WnbcOHtpkvpNJwZC

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Extracted

Family

stealc

Botnet

hate

C2

http://85.28.47.30

Attributes
  • url_path

    /920475a59bac849d.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 6 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe
    "C:\Users\Admin\AppData\Local\Temp\185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
      "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:5356
      • C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe
        "C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:3460
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe"
          4⤵
            PID:6752
            • C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe
              "C:\Users\Admin\AppData\Local\Temp\CAKKKJEHDB.exe"
              5⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              PID:3452
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KJECFHCBKK.exe"
            4⤵
            • Suspicious use of SetWindowsHookEx
            PID:7140
        • C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe
          "C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:424
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D503.tmp\D504.tmp\D505.bat C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4408
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
              5⤵
              • Drops file in Windows directory
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:4024
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa7ecbcc40,0x7ffa7ecbcc4c,0x7ffa7ecbcc58
                6⤵
                  PID:1240
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1816 /prefetch:2
                  6⤵
                    PID:3596
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2132 /prefetch:3
                    6⤵
                      PID:2056
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:8
                      6⤵
                        PID:1132
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3080 /prefetch:1
                        6⤵
                          PID:6168
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3272 /prefetch:1
                          6⤵
                            PID:6232
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=892,i,9066371068315556653,12572747471161134436,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4608 /prefetch:8
                            6⤵
                            • Drops file in System32 directory
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5140
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
                          5⤵
                          • Enumerates system info in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of WriteProcessMemory
                          PID:1612
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa7eb73cb8,0x7ffa7eb73cc8,0x7ffa7eb73cd8
                            6⤵
                              PID:5684
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
                              6⤵
                                PID:5904
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1392
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
                                6⤵
                                  PID:5464
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
                                  6⤵
                                    PID:3372
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                                    6⤵
                                      PID:3880
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                      6⤵
                                        PID:6288
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
                                        6⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:6812
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                                        6⤵
                                          PID:912
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                          6⤵
                                            PID:5528
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                            6⤵
                                              PID:1760
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                                              6⤵
                                                PID:968
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
                                                6⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6532
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,44556067640498838,7352824788583069493,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5804 /prefetch:2
                                                6⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2300
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                                              5⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:1820
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                6⤵
                                                • Checks processor information in registry
                                                • Modifies registry class
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2592
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2611417-d019-496a-a606-8c21c196381b} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" gpu
                                                  7⤵
                                                    PID:4768
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00b821eb-97df-4d30-a68b-f5fbf57508b7} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" socket
                                                    7⤵
                                                      PID:1576
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3300 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3276 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa655c00-f0dc-4ef0-a8e4-1192163700d8} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab
                                                      7⤵
                                                        PID:3672
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3828 -childID 2 -isForBrowser -prefsHandle 3224 -prefMapHandle 3060 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a381d67-4f41-4466-b588-34a67a9ca393} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab
                                                        7⤵
                                                          PID:852
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4336 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4328 -prefMapHandle 4320 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d231babb-e06f-42c7-851d-0a617bfc4283} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" utility
                                                          7⤵
                                                          • Checks processor information in registry
                                                          PID:6124
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 4216 -prefMapHandle 2724 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29640fe-3188-419e-9f98-1f37bf1b1db5} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab
                                                          7⤵
                                                            PID:5836
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba41657b-79c5-41fc-9d3d-8d4695a09376} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab
                                                            7⤵
                                                              PID:4908
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ca9dd2b-c7b5-43a4-abeb-d963be05a6cf} 2592 "\\.\pipe\gecko-crash-server-pipe.2592" tab
                                                              7⤵
                                                                PID:5336
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:5060
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:5832
                                                      • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                                        "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                                        1⤵
                                                          PID:6612
                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          1⤵
                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                          • Checks BIOS information in registry
                                                          • Executes dropped EXE
                                                          • Identifies Wine through registry keys
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:6444
                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          1⤵
                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                          • Checks BIOS information in registry
                                                          • Executes dropped EXE
                                                          • Identifies Wine through registry keys
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1768
                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          1⤵
                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                          • Checks BIOS information in registry
                                                          • Executes dropped EXE
                                                          • Identifies Wine through registry keys
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5804

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\ProgramData\mozglue.dll

                                                          Filesize

                                                          593KB

                                                          MD5

                                                          c8fd9be83bc728cc04beffafc2907fe9

                                                          SHA1

                                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                          SHA256

                                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                          SHA512

                                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                        • C:\ProgramData\nss3.dll

                                                          Filesize

                                                          2.0MB

                                                          MD5

                                                          1cc453cdf74f31e4d913ff9c10acdde2

                                                          SHA1

                                                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                          SHA256

                                                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                          SHA512

                                                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                          Filesize

                                                          64KB

                                                          MD5

                                                          b5ad5caaaee00cb8cf445427975ae66c

                                                          SHA1

                                                          dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                          SHA256

                                                          b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                          SHA512

                                                          92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                          Filesize

                                                          4B

                                                          MD5

                                                          f49655f856acb8884cc0ace29216f511

                                                          SHA1

                                                          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                          SHA256

                                                          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                          SHA512

                                                          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                          Filesize

                                                          1008B

                                                          MD5

                                                          d222b77a61527f2c177b0869e7babc24

                                                          SHA1

                                                          3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                          SHA256

                                                          80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                          SHA512

                                                          d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          264B

                                                          MD5

                                                          06debf4a6e91d40485b56ff1fa8f7612

                                                          SHA1

                                                          9e7164e7f36d8186459ceb9aba6078264e7f8d3c

                                                          SHA256

                                                          dbfefa617370c7421e8dfae2fc2bdd12d26820679fe877f67036a5dc8fc04d84

                                                          SHA512

                                                          84a4d44e890ff8c3c4e82400daca01ceca1f73c8d139b68b5d3aaabe7a25bf077e0f39077b1cb9d63aec7d5950b37121c5229463af0cd195b5972e4b928ee1e2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          4c5d4b12053773d8b20f80ca23a5df20

                                                          SHA1

                                                          a5e6479b59729d2ce2e930f1f0639c2c7f88e125

                                                          SHA256

                                                          67b8026dee2a65882dda9fe1649aaaafe431b8ed2649e9ee3f134be483c90d27

                                                          SHA512

                                                          68f8b17db1acbce47a4211de26e9d96031c74784d8c7a22a906469d3f03c40c35c9d2f013ae24f777b3d2630926dc300813f0d03ef96321cfcdcfd03f32a47c3

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                          Filesize

                                                          2B

                                                          MD5

                                                          d751713988987e9331980363e24189ce

                                                          SHA1

                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                          SHA256

                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                          SHA512

                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          356B

                                                          MD5

                                                          835131fdc909798a21b5f67a04af6c86

                                                          SHA1

                                                          45d5fbbead3b6d7a0f9d6728f29442217b9c4f0e

                                                          SHA256

                                                          c96c8b8323d42c20dc60707d15964cb928ab5f47ad9938b80ad0522a55f3ff7a

                                                          SHA512

                                                          1fb397e2ab67df1826387b31b1f728ec5a38e8af8ae05308711bf0734bd00d7542614e0f9cad12573ba04538c2c34953fe424662eaa88b18923805cd0da2b903

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          c0663158ed1ed20e00991cd3ba5d2a70

                                                          SHA1

                                                          4a655dd4ee97df0f9f348543eaad1950489ce986

                                                          SHA256

                                                          aa48076acd68704a5d9bee6fd3536fa8311d8f2ef66efcbba91d2ce495b655d7

                                                          SHA512

                                                          97bbc1188c890250ed44399250dfd90695f4e21bf71c4a803494e5a900883e16493a7259fed60e697ae66226f6e123978e6fccb75e60dbaacac1d36e82ce7491

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          e8e705591ff825c8151e2c7e32513c7b

                                                          SHA1

                                                          ac424e34d0dae860c91c6c39f50e709395957ef0

                                                          SHA256

                                                          7e3877cbe6f4d85c36d22ccc197a6a98b7ffd568df231c68c787f7ffc1043292

                                                          SHA512

                                                          e12a62d3dcf918202ada37adbbcad55465bbd670847d593ae658d20a1cdf443a7b1ac9e090334d35fd8188f3101bbe1fda334ec9e3db580c856b6d1948691391

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          bf768ad4357db497af2c5acca9833962

                                                          SHA1

                                                          88460e92ac28dd614a5d32a422f1d7f574d2293d

                                                          SHA256

                                                          a8b61e66f426a8745352de8a2c73a119ea15b9c7ac36f37edd0ffc79d238c887

                                                          SHA512

                                                          95f09a73bf64a03c2e56f266796fb97488ffbf03f2f5280226c372dbcf436b99810dc34b81bee42ffc5bc82cb9f92e37a4961c70404ccca68e07941cf41166cc

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          4ac3b4153d2fd8255a037b60ad5d2e1b

                                                          SHA1

                                                          29cbd7e4b9e72ff0288cf0b12abdf048cad19446

                                                          SHA256

                                                          fe0186c19e491a5cf9d6f3b32d827da3f2ea15d3859abb169d071afc7fbf2ef2

                                                          SHA512

                                                          2361344058ffacef3da1ac26aacbf0895d91d9d6f7413aacc18c05c9ebe8452800d3f2b430048c56b4b068d9332192e52638e7087ccf95e02b014229a6e2bace

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          bdae50f33696cb66d0f7b9683f5092f1

                                                          SHA1

                                                          356d18de06f19755404b00e51f7fe21ef9861fa3

                                                          SHA256

                                                          57f1111aa9d39567acde3fb21987fd34642f67afc23b6afb6fe0ddd7d6e8a16a

                                                          SHA512

                                                          e21af2fe0068cf6eb62c2548ad5823bc345d4b32211ba7fd70216e587f3535c51c03e3f18e36b0d66b5b1ec531a16da66bcd2a6ebe571913a79270182df33a16

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          d57d3c8baa4d4bc5f29aecb45713c327

                                                          SHA1

                                                          08b7124537ce5cc02a1d996a1d0ca80f0b6b2992

                                                          SHA256

                                                          8dbc3b59933031b8f9e4a69ff32b758e57de248e343460d6b03389d8a4ae7294

                                                          SHA512

                                                          cd68cd36bdba02956e7060e381e6ea7ea226e7fb910575fa87181926fd5caa7cbde6490f3e5f6a4600fe9bd933c9b9ff36a81bed34e7ea2396409360d3eacc21

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          82dd067ccf093fb3eb130f8fcc89c9d7

                                                          SHA1

                                                          31802aad8a95fbee058e258fb37d4ffc661a0e85

                                                          SHA256

                                                          3d41e6da2207269494347c5cf4b26a69677e0930d948637845ece17a708fdb7f

                                                          SHA512

                                                          bd75a4a7f082f7ad6a9889f0fa73e4558fdc59ce5246bdd530e95d5bb25298f42e79a0ba4b9474fcc78ef5d9e5f28984c67bfb1659632964d8f32bd4bdfb1d5e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          233355b9a8a7d846953c1963f873ea0a

                                                          SHA1

                                                          2b4fafa3eb6d61970b36095fc077fc10ff6003e4

                                                          SHA256

                                                          90d52738be8de5c44b573f7d1fb42783d17af647d9794286fd24f2431f62ec8d

                                                          SHA512

                                                          d4611859ddd27002822ebb990c3dfeea5dc6285f20a65d305bd4fc491f36b7d51ae144bb490faa37006ad2c4dabb429f63b8fc432edbca064e6ae95718766b01

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          1e17fe603a1690845a499bc6f3c4ce2b

                                                          SHA1

                                                          608398b164dfd2984b78fb156b16f42b13504917

                                                          SHA256

                                                          1219394933d23028c4b2da2fbdea80e0f507fd64471831ef9d788e40e0d1d547

                                                          SHA512

                                                          c0d64274a5e28d3569746f3d906b70deff3aa5ab93054d50987393dfd700fcb0c86db1653d1e0162273a0ffcf728dd57a46cd9e6f65fe23e4f8117e3769020dc

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          92KB

                                                          MD5

                                                          88c0eeb5b09e47c812b8768bcec7520b

                                                          SHA1

                                                          65029693a93afc90c450f8a3dc0a915c343cb104

                                                          SHA256

                                                          d155e18a2cae33ec7ac95d78a5e7cc150aa32f42e8c2c944e31c53e6d4f9d164

                                                          SHA512

                                                          50e197b6ce460452b82d6852a2473cbbe059ae37270217f61b0c250d9979412fee01cb1f249bcee3812aa6a72c6a80aba74a1bdff7dec20b0470f8162f0f0fed

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          92KB

                                                          MD5

                                                          c18d0427dd34902d828d9e1c4dfabd57

                                                          SHA1

                                                          2338625ba821e7c864fef426bc7e412d3d7ac1f9

                                                          SHA256

                                                          cd0a0c647210e9274dcdafceb2d818596e046344f5c11381239950f96b472bf3

                                                          SHA512

                                                          155bc4aa3382970cb25ba313a2645c1049aecebe4d0016c83ea0d0275500d8e69d0017e1260cd4ec68656c0ad8f71a6cacba896d3618e78f276168c99a105f10

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          bc5eae38782879246edf98418132e890

                                                          SHA1

                                                          46aa7cc473f743c270ed2dc21841ddc6fc468c30

                                                          SHA256

                                                          b9dd7185c7678a25210a40f5a8cac3d048f7774042d93380bbbd1abb94d810d7

                                                          SHA512

                                                          73680b22df232f30faa64f485a4c2f340ba236b5918915866f84053f06532b0a722c4ee8038af3689ac04db41277c7852f7a11a0a15833ef66bcc046ee28afb7

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          4656c526f71d2c1122865ef7c6af3ff5

                                                          SHA1

                                                          61684265064c225f323d304931ff7764f5700ac2

                                                          SHA256

                                                          7172417b8464d5c2f52edfc867f4d83e475b58fd316b1916cdde30ed5bdde80e

                                                          SHA512

                                                          c3e4fc0baa216ef561a448e42378af01a50e0ebd9b5fe554c9af0ea3362b9ca2f4a1b99cfab66c18df085250dd7a5ca1b01ab256e28156d657c579f5518aa56a

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                          Filesize

                                                          38KB

                                                          MD5

                                                          c3aa6e31c125d83fb2eabcc9e33843dd

                                                          SHA1

                                                          ad91b78e1a9853ee876b77b82f75100ff5690d11

                                                          SHA256

                                                          c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

                                                          SHA512

                                                          897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          240B

                                                          MD5

                                                          7231ae3f693f50b5e000aa1fa51fb406

                                                          SHA1

                                                          aa352bbd247de950e8881fd8cfdd5d2d98be494f

                                                          SHA256

                                                          e10807d2d997483c43559794a714dc5e63534bd225f7e93f1f5a47a20c2ece46

                                                          SHA512

                                                          592034a385bc50fbc0a013a651539eb2e08feaa83a59ab5c9bcaa51102c99dd169436535729779e60e068a10a6685dbd82d99461c159733e0d350af2388cbc92

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          1a060b3d416b54df420434d247b75081

                                                          SHA1

                                                          133cf120428710c99ee86ba9616f72398c5153f5

                                                          SHA256

                                                          ff77e6b1f090d8369a474493bb630029ae28e7d9c2631f435fbf4488e292f421

                                                          SHA512

                                                          2d1c77bddc4aa44f5c026c0c677d64201fa664c3a8cd6e3059c51e573a8b0da4c32909e8b3635b5682c1025cddd667f33cb3cd8232a4629b7f3552fb1971eccf

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          23dfddab447dc5a7b43428c576432c9e

                                                          SHA1

                                                          4fa3c2d84b9da49ce03e1dececd59d035a0bb355

                                                          SHA256

                                                          9f5a85acb8f85cc14010000dc8a5eeda4c74813f369a752b9c0438c1cf2e2a42

                                                          SHA512

                                                          4a2a01a524b63010df1ee8a5f1bf093666cb2777dc08a1c3a23d669891c7ad9cfa0825d783dd0d3c24407a9a6316cdaa95dacf794d6c9282668cd22eee2b11b0

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          830eb7354f2e921955d63f9f098664bf

                                                          SHA1

                                                          a21eaa107f63c4d26eda6532ecd5b3a2e8f2c5d5

                                                          SHA256

                                                          52e7f63cc9c52a05738b0cb8338bfabf7fa2bbe51aa435fddf4628a4016ab1ff

                                                          SHA512

                                                          f2bd04ad46c658a2679e30955a445279ed400dc103002790d491bbac8fecf88266f9885fce638b58440790df02f7cab2effe35fff261b91907df0159dd4fc22b

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          1dda92f2c149d9271a94a72c1b22a1e8

                                                          SHA1

                                                          36118395032bcbea7aa377680ae443a95e98e3bd

                                                          SHA256

                                                          611cdfc39277666ba0b9228cbf4fbe20cff2b722bb37f11bada6b6fd17784e70

                                                          SHA512

                                                          059977642ca6a2bf55d970f73245670111ea840a6550d7fa5449fbf02ca53ab3344cf4d79cff38b4f6e1a0b2bc292a849d67d202e6a556df3232d018106ad4c6

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          a69ac073b64f7e2804a8e4e46644846f

                                                          SHA1

                                                          81ffbe1d323f0891090e08200e979f207973f989

                                                          SHA256

                                                          b3e076b93a12d15ea681ef3045bcf1f563a894f599057e0fab11053d4429ab75

                                                          SHA512

                                                          8100e38ae46ae8779980915e13bea7494710c14f33a40a070db578ce0f5226e9a365365ccc2eaa11242a2ff7911a3b90495ecb301703b2151f1104ea73a9e575

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\activity-stream.discovery_stream.json.tmp

                                                          Filesize

                                                          18KB

                                                          MD5

                                                          de24714c4090cee1a0efcd6556078097

                                                          SHA1

                                                          4e695dfc6e30bfaa6b34c5cd5203a26a983a758f

                                                          SHA256

                                                          a49be59e68bc23357b3936720c9a38564c90c5bb6908d333fdc5ee1f6019021b

                                                          SHA512

                                                          3f8bd1e3e84757c32f4431a73c3aa420f0a64c3281e28d545981876f946655c5fc3f7f3220b6cca0ac7d2359e8b8fe518f1c23a9f4ee8ec698636d1214c538f4

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

                                                          Filesize

                                                          13KB

                                                          MD5

                                                          d151e091b29d6812b8167820ce1ed0fb

                                                          SHA1

                                                          b122289ccd40e2bb97ff173fe729718d1d3f83f3

                                                          SHA256

                                                          c81a08c8729e420547a426f211007be540bdda457545e2a67fbbcc76c657da54

                                                          SHA512

                                                          8b840c686aa674daa5a1c8a5d4b4648f33b7e9156b40a13d2e0fefd491ff6ca02f754c3ca4e90074fb3251dc054908b181591ba7527d091fda855acfefa28c70

                                                        • C:\Users\Admin\AppData\Local\Temp\1000006001\17053ea06b.exe

                                                          Filesize

                                                          2.4MB

                                                          MD5

                                                          b6bf96c3900b28a9970323938a1752bd

                                                          SHA1

                                                          fff9ac5ee2a9849759bf02538f8a431738a894c5

                                                          SHA256

                                                          1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506

                                                          SHA512

                                                          475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

                                                        • C:\Users\Admin\AppData\Local\Temp\1000010001\2b68cd845f.exe

                                                          Filesize

                                                          89KB

                                                          MD5

                                                          bc08b445116ecc06852a929a5d302c4a

                                                          SHA1

                                                          a78aa42220b90d47b4cf63119e6082f06b295f57

                                                          SHA256

                                                          5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6

                                                          SHA512

                                                          657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

                                                        • C:\Users\Admin\AppData\Local\Temp\D503.tmp\D504.tmp\D505.bat

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          de9423d9c334ba3dba7dc874aa7dbc28

                                                          SHA1

                                                          bf38b137b8d780b3d6d62aee03c9d3f73770d638

                                                          SHA256

                                                          a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

                                                          SHA512

                                                          63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

                                                          Filesize

                                                          1.8MB

                                                          MD5

                                                          ee8c22e6860d138e1da227f83a788e7e

                                                          SHA1

                                                          c7f1ec27a961ab3aab2799544d00dea208ba60b4

                                                          SHA256

                                                          185ec222500924ff9b485f662fabc533dfc6be8d728412c751576355208499b0

                                                          SHA512

                                                          7d8e090daed5c9486991b97ef1b27174cc76a5b6e73e03c622da12f63d28548c2c2d952199a2855461621427b8be55d647d9c5570f4b46c7358a9c4d16657d2d

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                          Filesize

                                                          479KB

                                                          MD5

                                                          09372174e83dbbf696ee732fd2e875bb

                                                          SHA1

                                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                                          SHA256

                                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                          SHA512

                                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                          Filesize

                                                          13.8MB

                                                          MD5

                                                          0a8747a2ac9ac08ae9508f36c6d75692

                                                          SHA1

                                                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                          SHA256

                                                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                          SHA512

                                                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          8e99264919f50c37cd6e72cf1fa8eb00

                                                          SHA1

                                                          40c46d697898cd5f927d0b5a18d15a251aea619e

                                                          SHA256

                                                          d19d1f679fff34ecebdf68e969a084a5d8b7efc91dd1f3ab0c97f04aaca46759

                                                          SHA512

                                                          f5a682c9aadf2bad46b74478b6b800d9ea809dd54d763d26d587d3e1b9ad951fd93b9aae2f97f9fb7145971ac0a6c31a789777b323dc512e7e51c25e68e0841c

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\AlternateServices.bin

                                                          Filesize

                                                          12KB

                                                          MD5

                                                          9db0da90f1bfe1575bb0008104367295

                                                          SHA1

                                                          01bc8763947fd46c3c77617d1d53961aea0e23fe

                                                          SHA256

                                                          c08569f9e9e1fd060e2b0edb169c721efd6c12ca8fdb394b6ec2bd44ab8c2117

                                                          SHA512

                                                          4240b66cc7e755120b4477c1e6d43be84105bc075d35a90c1e8fcd43638580747a766c2ae3ec49dc66c237f380668674dd08552b668de2f35839938b844c7541

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\cookies.sqlite-wal

                                                          Filesize

                                                          256KB

                                                          MD5

                                                          be8b6249f076190a9daf53cee3fd2e58

                                                          SHA1

                                                          dc364dc1f5ccaac70bf85f686cafe4275c212e56

                                                          SHA256

                                                          2c288cf8c85d5f4cd8d8c96abbc90dbb553259abe25c09706563374145b3179b

                                                          SHA512

                                                          2f6434c8aece085f87116f827e670c7c76e5f17ce6a51745e636c455d951533c1b6d4b062a2500d5a39d1070c21e57502082f4fd3afb902f2ff9b04bc973728e

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

                                                          Filesize

                                                          25KB

                                                          MD5

                                                          8f0dfda53ce183a40bc57b37f31591d0

                                                          SHA1

                                                          4d8feeea1ad00e7476dfcbd0f384b1cc5f47512a

                                                          SHA256

                                                          3944a8821c6af22ec8dc452caf2a5ff737ac96908e96fb7b440d261e70f67993

                                                          SHA512

                                                          7d3d2acf73df1c30ff968d6f5c29c157b095eb1f260d5956c178c338e90b7678e111f96a5b6877a21ae894c525572d827b14c866c7bd560a6a623b9833405dea

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\db\data.safe.tmp

                                                          Filesize

                                                          22KB

                                                          MD5

                                                          f692e9b05379c1380ad5dda2f0570bec

                                                          SHA1

                                                          bce8ae1f609e36bcd099bcba966267f3514557f5

                                                          SHA256

                                                          77a2b934b15fc7b831f1c2eca2b9e76da706926e938b38039b6a98944a11f452

                                                          SHA512

                                                          500c396cc5aa54d086b0a9647e0e395b52d04c2230d2d2b9b2ce4d40521879fdfa25947444506bf4420028a0a65fa78f001cc4b6f29f1d3b1782013cffafdd10

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\9c329077-31fa-4ee1-b525-15e1c8659716

                                                          Filesize

                                                          982B

                                                          MD5

                                                          7ec4c7d96c6bf24d6cc830e4b3dc14f0

                                                          SHA1

                                                          3cfb4e08412e1518a50bacc6b023925d9af0807e

                                                          SHA256

                                                          d01c9179f3bd7a44241448ff770ab02f91ceb927d6d806d18235297dc78635c8

                                                          SHA512

                                                          c2292cb9b687ca6a30663ad22937ba45805b25803749376460fb908f170b55c387f546c62b5f60a583cb939e10c2caa2d8139fcfec8949e5f68e43a6672ecd3a

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\datareporting\glean\pending_pings\f325887e-ccf0-4aa1-8dff-45556be38fd1

                                                          Filesize

                                                          659B

                                                          MD5

                                                          f30ef91e674ca40aa5c768e6a8cad903

                                                          SHA1

                                                          99863e18f959e04b177b3e6efb84dec25d9e6fc3

                                                          SHA256

                                                          10909dcac4281f499380279241584c272894119d7b1c684b1cab69d51b9e6fba

                                                          SHA512

                                                          4a30c990fdc7d7b9f2a933e747520dca266b450ed62b775619735f5ff62953066e34ffe43ee34094d31644560e352de43582e9dd689d5ac0cd2802f007b0e348

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                          Filesize

                                                          1.1MB

                                                          MD5

                                                          842039753bf41fa5e11b3a1383061a87

                                                          SHA1

                                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                          SHA256

                                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                          SHA512

                                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                          Filesize

                                                          116B

                                                          MD5

                                                          2a461e9eb87fd1955cea740a3444ee7a

                                                          SHA1

                                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                                          SHA256

                                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                          SHA512

                                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                          Filesize

                                                          372B

                                                          MD5

                                                          bf957ad58b55f64219ab3f793e374316

                                                          SHA1

                                                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                          SHA256

                                                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                          SHA512

                                                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                          Filesize

                                                          17.8MB

                                                          MD5

                                                          daf7ef3acccab478aaa7d6dc1c60f865

                                                          SHA1

                                                          f8246162b97ce4a945feced27b6ea114366ff2ad

                                                          SHA256

                                                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                          SHA512

                                                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\places.sqlite-wal

                                                          Filesize

                                                          992KB

                                                          MD5

                                                          f3bb8edd7bc374a19544ddb9888ef9f7

                                                          SHA1

                                                          e5ae9fa0442f76eeacb5161da531654732366e87

                                                          SHA256

                                                          21737aeafb47568c6b1e9519afab543266cc8bbbd3cef9a5fa2422ec19f9f088

                                                          SHA512

                                                          cba285278eeb630fb2fa25f91b61b942e315d92861523ffac3c100ece22ca28973e6b321e2da30ceb3c2797ee81e4a351eeeb01283a549b3b0d6f69bdb190824

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          2ae503c7a736897d3ea62c5639f6e2ef

                                                          SHA1

                                                          6807d71136406a3c8cc25e7fd4513fe60851343b

                                                          SHA256

                                                          d469a6a843820f1badf0fc07c1cefa89ee70d2987497002337dd5043b3235f1f

                                                          SHA512

                                                          c050172ea2dfd149e879c9fde5cbdab5a8203f438c2141421c06def11757902571f2d47b32b58521c1534dca755beea2f94c1495ff358b4cb3f1983a953d78dc

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          5daf287b9d8b06fa1f5418731a986918

                                                          SHA1

                                                          e1f0ad6d8b4a96091d20db28fe96346825bcf2dc

                                                          SHA256

                                                          aba1367fe124fbdb2465297647dcc7a6a84bbecacc84b50dbad650c05d231e2b

                                                          SHA512

                                                          3872720b73c056c52a8132c1f6e59efafa5976be61f7155dc07fc2a798132d37f8bb539685fc02a2cff73f9f43f50341ae348c612f0307f3a868c1415b95583a

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs-1.js

                                                          Filesize

                                                          13KB

                                                          MD5

                                                          3c3991f83206fc3fce0b1c7fc4191065

                                                          SHA1

                                                          47eba3e4f40687fb41e9a5464d2456ccdd8abefe

                                                          SHA256

                                                          ef7680e5acf12493ef3ce1778c43096f4ac1398b037e46d1d18ccddb531ef1b5

                                                          SHA512

                                                          2be74c79aa0d3e39039dd2d512c9fa081a0de5515868c7d56516d0f3cab36a5ba42994bfae083effd1fc474c418fdc17adfb28c73cff8286ee6fef9c23bd342b

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\m7qr6qvv.default-release\prefs.js

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          18cacc8cc0d6ff15169421cc905ae1de

                                                          SHA1

                                                          7c06f0b9f005da1db19bda11f8df13b3db5f705e

                                                          SHA256

                                                          72b78808a04c005fb83a9526fb0c8b148bf2ef7f4ab51f69d3daa7c11a0523d5

                                                          SHA512

                                                          e9edc23d5fc330595c11a7a5e87b3868639e1aa029c139ed67e8fcc6d7208bff28c9fc769c11f3443a4fd5c2384424469e2f39722eb13e1db95a52952da59c08

                                                        • \??\pipe\crashpad_4024_JPAZDTOZFMWNCBPT

                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        • memory/1768-3182-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/1768-3184-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/2764-2-0x00000000004C1000-0x00000000004EF000-memory.dmp

                                                          Filesize

                                                          184KB

                                                        • memory/2764-18-0x00000000004C0000-0x0000000000971000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/2764-1-0x0000000077036000-0x0000000077038000-memory.dmp

                                                          Filesize

                                                          8KB

                                                        • memory/2764-3-0x00000000004C0000-0x0000000000971000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/2764-5-0x00000000004C0000-0x0000000000971000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/2764-0-0x00000000004C0000-0x0000000000971000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/3452-579-0x0000000000E20000-0x00000000012D1000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/3452-597-0x0000000000E20000-0x00000000012D1000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/3460-287-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                          Filesize

                                                          972KB

                                                        • memory/3460-37-0x00000000006D0000-0x00000000012B5000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/3460-575-0x00000000006D0000-0x00000000012B5000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/3460-555-0x00000000006D0000-0x00000000012B5000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/5356-19-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-459-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-737-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3179-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3290-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-610-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3155-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-21-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3217-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-20-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3223-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-2112-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3233-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3156-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3243-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3244-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-17-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-633-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-857-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-609-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5356-3277-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5804-3279-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5804-3280-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6444-549-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6444-540-0x00000000003A0000-0x0000000000851000-memory.dmp

                                                          Filesize

                                                          4.7MB