Analysis

  • max time kernel
    1776s
  • max time network
    1522s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-07-2024 19:55

General

  • Target

    Cerber 5.zip

  • Size

    161KB

  • MD5

    9b18a780ee4f0797f45151b9107ad4d7

  • SHA1

    d4aea66a973a0b2f9b1733af30029686d98f2d74

  • SHA256

    9003d86df3dba6a8aad7f9642ace677ba53b7eeb44acd75c3159a984f0a0356b

  • SHA512

    a113a8be579c0b2ebe70445c0aa1107e25d17a848d9b8d0c5efd8c43c046f126a83a9819babd7e79dd3e2f4f79357dd75a3a4317b2e7d6c7e986bafa2f85c25c

  • SSDEEP

    3072:ssLya4KM2bVinYjqKok8ValLPfkgLDoa3A0cK/u1Ntn4PBRC/jCpFT62aJJxnMyM:G2oq72n9dH5M2vkm0y3Cl3pId9Rd9qvB

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\_R_E_A_D___T_H_I_S___84V1ET_.txt

Family

cerber

Ransom Note
Hi, I'am CRBR ENCRYPTOR ;) ----- ALL YOUR DOCUMENTS, PH0T0S, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only one way to decrypt your files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_R_E_A_D___T_H_I_S_*) with complete instructions how to decrypt your files. If you cannot find any (*_R_E_A_D___T_H_I_S_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://xpcx6erilkjced3j.onion/FB48-0804-A8C2-0098-BE8A Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://xpcx6erilkjced3j.1n5mod.top/FB48-0804-A8C2-0098-BE8A 2. http://xpcx6erilkjced3j.19kdeh.top/FB48-0804-A8C2-0098-BE8A 3. http://xpcx6erilkjced3j.1mpsnr.top/FB48-0804-A8C2-0098-BE8A 4. http://xpcx6erilkjced3j.18ey8e.top/FB48-0804-A8C2-0098-BE8A 5. http://xpcx6erilkjced3j.17gcun.top/FB48-0804-A8C2-0098-BE8A ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://xpcx6erilkjced3j.onion/FB48-0804-A8C2-0098-BE8A

http://xpcx6erilkjced3j.1n5mod.top/FB48-0804-A8C2-0098-BE8A

http://xpcx6erilkjced3j.19kdeh.top/FB48-0804-A8C2-0098-BE8A

http://xpcx6erilkjced3j.1mpsnr.top/FB48-0804-A8C2-0098-BE8A

http://xpcx6erilkjced3j.18ey8e.top/FB48-0804-A8C2-0098-BE8A

http://xpcx6erilkjced3j.17gcun.top/FB48-0804-A8C2-0098-BE8A

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

  • Contacts a large (1127) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Windows Firewall 2 TTPs 2 IoCs
  • Drops startup file 1 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
  • Drops file in System32 directory 38 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 64 IoCs
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 49 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Cerber 5.zip"
    1⤵
      PID:5060
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4492
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2856
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.0.897043194\169027303" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1720 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d559e689-2f89-41c9-a18c-24f0c945cc44} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 1808 20e299d9758 gpu
          3⤵
            PID:4680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.1.1695159279\1898633417" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67eaeb9a-624d-4d31-b1bd-e900b7828c52} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 2164 20e294e3558 socket
            3⤵
              PID:3556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.2.632880036\860316017" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3044 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5b7cb4b-f2ec-4aeb-bd51-675bb76d8995} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3012 20e29960f58 tab
              3⤵
                PID:4544
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.3.1579714695\504621238" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a830d348-42fd-41b8-bb92-1ae89be858ff} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3452 20e2e52f558 tab
                3⤵
                  PID:1416
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.4.1113802680\452176855" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8de60f-ddd2-45a1-8bcb-9dc123fc11ec} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3868 20e2ed28258 tab
                  3⤵
                    PID:4716
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.5.73091822\402880746" -childID 4 -isForBrowser -prefsHandle 4044 -prefMapHandle 4960 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac1800a2-0ae6-41ca-8bc1-b693efa73eac} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4956 20e1e62ed58 tab
                    3⤵
                      PID:804
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.6.961618435\926534524" -childID 5 -isForBrowser -prefsHandle 4876 -prefMapHandle 5028 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b8aff69-4fbf-4957-bdb2-5b95cfea7835} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 1560 20e2f0d5258 tab
                      3⤵
                        PID:2796
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.7.1515851732\879536253" -childID 6 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a4bd0f-e76b-4d6b-b6e3-230815277d0d} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5220 20e2f0d5e58 tab
                        3⤵
                          PID:320
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.8.1565700835\385213657" -childID 7 -isForBrowser -prefsHandle 2732 -prefMapHandle 2820 -prefsLen 26698 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a17953-80cc-48be-99b8-e26befab017e} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 2844 20e2bdaa458 tab
                          3⤵
                            PID:3512
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.9.952090346\1216888564" -childID 8 -isForBrowser -prefsHandle 5072 -prefMapHandle 4828 -prefsLen 26873 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a36c600-b2e9-4ef6-b29e-d2ccf81ad647} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5068 20e2bca7f58 tab
                            3⤵
                              PID:2940
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.10.630349615\407224709" -childID 9 -isForBrowser -prefsHandle 3900 -prefMapHandle 3928 -prefsLen 26873 -prefMapSize 233414 -jsInitHandle 1040 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab04256-2f15-40b5-b306-a233753432c3} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4136 20e31c0eb58 tab
                              3⤵
                                PID:4732
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:1660
                            • C:\Users\Admin\Downloads\Cerber 5\[email protected]
                              "C:\Users\Admin\Downloads\Cerber 5\[email protected]"
                              1⤵
                              • Drops startup file
                              • Enumerates connected drives
                              • Drops file in System32 directory
                              • Sets desktop wallpaper using registry
                              • Drops file in Program Files directory
                              • Drops file in Windows directory
                              • Modifies registry class
                              • Suspicious use of AdjustPrivilegeToken
                              PID:1196
                              • C:\Windows\SysWOW64\netsh.exe
                                C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                2⤵
                                • Modifies Windows Firewall
                                • Event Triggered Execution: Netsh Helper DLL
                                PID:2028
                              • C:\Windows\SysWOW64\netsh.exe
                                C:\Windows\system32\netsh.exe advfirewall reset
                                2⤵
                                • Modifies Windows Firewall
                                • Event Triggered Execution: Netsh Helper DLL
                                PID:1408
                              • C:\Windows\SysWOW64\mshta.exe
                                "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___V9W2_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                2⤵
                                  PID:240
                                • C:\Windows\SysWOW64\NOTEPAD.EXE
                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___5RH4MKP_.txt
                                  2⤵
                                  • Opens file in notepad (likely ransom note)
                                  PID:1224
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\system32\cmd.exe" /d /c taskkill /f /im "E" > NUL & ping -n 1 127.0.0.1 > NUL & del "C" > NUL && exit
                                  2⤵
                                    PID:2704
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /f /im "E"
                                      3⤵
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:720
                                    • C:\Windows\SysWOW64\PING.EXE
                                      ping -n 1 127.0.0.1
                                      3⤵
                                      • Runs ping.exe
                                      PID:1080
                                • C:\Windows\SysWOW64\werfault.exe
                                  werfault.exe /h /shared Global\4d2c43894d084acd8518ba5134f0142a /t 3288 /p 240
                                  1⤵
                                    PID:4000
                                  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
                                    1⤵
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of SetWindowsHookEx
                                    PID:3496

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Persistence

                                  Create or Modify System Process

                                  1
                                  T1543

                                  Windows Service

                                  1
                                  T1543.003

                                  Event Triggered Execution

                                  1
                                  T1546

                                  Netsh Helper DLL

                                  1
                                  T1546.007

                                  Privilege Escalation

                                  Create or Modify System Process

                                  1
                                  T1543

                                  Windows Service

                                  1
                                  T1543.003

                                  Event Triggered Execution

                                  1
                                  T1546

                                  Netsh Helper DLL

                                  1
                                  T1546.007

                                  Defense Evasion

                                  Impair Defenses

                                  1
                                  T1562

                                  Disable or Modify System Firewall

                                  1
                                  T1562.004

                                  Modify Registry

                                  1
                                  T1112

                                  Discovery

                                  Network Service Discovery

                                  1
                                  T1046

                                  Query Registry

                                  4
                                  T1012

                                  Peripheral Device Discovery

                                  1
                                  T1120

                                  System Information Discovery

                                  3
                                  T1082

                                  Remote System Discovery

                                  1
                                  T1018

                                  Command and Control

                                  Web Service

                                  1
                                  T1102

                                  Impact

                                  Defacement

                                  1
                                  T1491

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\_R_E_A_D___T_H_I_S___84V1ET_.txt
                                    Filesize

                                    1KB

                                    MD5

                                    436f809bd3102cc780878f5bdf9ca63a

                                    SHA1

                                    06af49def04be45c7ddc4f84ca9dfad6fa9e0363

                                    SHA256

                                    44334207cc66917ec09dfe8ba62f47ea0089715c98eb438920bc7747bff58dc7

                                    SHA512

                                    2050b26a3830234fa9be71cd87b0662d364fbe73b3d015f5da8d235902346816cbcfc270e3e994493c53e7239aee1bb8cc972ec48701bfd947dfe8ff4cd62a5e

                                  • C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___SKWJJT_.hta
                                    Filesize

                                    76KB

                                    MD5

                                    a65ebdae28ba88f199029d93e8aec3b9

                                    SHA1

                                    8aa73ba527a97d9ab5671b42d4559de66227655c

                                    SHA256

                                    88bd9dba49b1a8da0a7d5c9f8c6faab73cb507a3d68d0f229cf0c04e9cbb8688

                                    SHA512

                                    81d3c2ac12fd6aec6661bf3351060305d3474d2467860497a2de18d60b460633e87d60d142b9e1a518f54445b1ea50eaeb949a6b466e5e1f07bf3746517ed116

                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                                    Filesize

                                    23KB

                                    MD5

                                    18d20039aec6b6623afceb861b57b956

                                    SHA1

                                    c5cee1e3fdd842cd56b4c7dbd28e724c6357db07

                                    SHA256

                                    b55923590368e23f13a729edd3a6d9a9ad0b36ef3df1876bda54f48d81148e3e

                                    SHA512

                                    3f4db1b2db973319c988b85bdcf1da2c815b36fbbc87fa9de1926321c451c577916ceb6436030c62fdf0ba20902410c41df695fe26ba0e4dde8843fb65d10184

                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\29470
                                    Filesize

                                    11KB

                                    MD5

                                    c428f406fe72c9c68c7ad52cc91c6988

                                    SHA1

                                    926c76c413f23cca9d2ccc187bda57eba58b4540

                                    SHA256

                                    fcab6b0783a73a965ddbbfa4c66db5d9e6d3778a33cb840a052c2ee966995f68

                                    SHA512

                                    5bd316f27f2195742b478e5dc758ebd395f2a73f42886429f29a0146d263bd20112d23abc6358e7bf9e23f246eb41df850a88a5bf38677e07b0338081381cfd8

                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                                    Filesize

                                    7KB

                                    MD5

                                    c460716b62456449360b23cf5663f275

                                    SHA1

                                    06573a83d88286153066bae7062cc9300e567d92

                                    SHA256

                                    0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                                    SHA512

                                    476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                                  • C:\Users\Admin\AppData\Local\Temp\TCD6931.tmp\iso690.xsl
                                    Filesize

                                    263KB

                                    MD5

                                    ff0e07eff1333cdf9fc2523d323dd654

                                    SHA1

                                    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                                    SHA256

                                    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                                    SHA512

                                    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                    Filesize

                                    442KB

                                    MD5

                                    85430baed3398695717b0263807cf97c

                                    SHA1

                                    fffbee923cea216f50fce5d54219a188a5100f41

                                    SHA256

                                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                    SHA512

                                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                    Filesize

                                    8.0MB

                                    MD5

                                    a01c5ecd6108350ae23d2cddf0e77c17

                                    SHA1

                                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                    SHA256

                                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                    SHA512

                                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                                    Filesize

                                    18KB

                                    MD5

                                    27daa2685d6bca9c584252872ea9f954

                                    SHA1

                                    2e61855482f94f2393370a3e1393e8a8a3ee5f5b

                                    SHA256

                                    f8246447402b2ae73abb292e0e526ed75473ded279e5c85586fbaf71ac2fdac1

                                    SHA512

                                    6a4e5869d653fdf1fff0b123aa790ae665655bcc91582ba7bd3b4f7327da2840e273eb42a4f7ed2e2793bfde1b734aa253223923eabfe8b47d090a0e8050d3b2

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                                    Filesize

                                    18KB

                                    MD5

                                    afe0956d418b9ce6d1f7d161c5bb131a

                                    SHA1

                                    2f985e29da5d9ab82a6f69290aff39b16f6c46e6

                                    SHA256

                                    71880f44a6dfdc88221d131dd78624ce13712173d4565ff60a4db84c03ce3858

                                    SHA512

                                    5d0025b127586e3954677d68eaf9caeaad8c970a9253383cd4ef62588400403f60e93e7a59719e1ac0b87b167fba517f2b9c9e8bcb65623170e62f2e87f61b3b

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\AlternateServices.txt
                                    Filesize

                                    1KB

                                    MD5

                                    435ca61203612b53abc9b3f057a94168

                                    SHA1

                                    11380938554c0c41595597147b9760ba957e7055

                                    SHA256

                                    a74c75114cab253f32bd0bd78ba3a9812a014599425b6dac7602be220f14f124

                                    SHA512

                                    c36331eea1d90f329272efdaee1fad85044210023c8af7a418e75ffb4b05e749cbc43d988f14aa2103cc7f856f77d9d96b44be98692e8554e1888a7cb2257450

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\SiteSecurityServiceState.txt
                                    Filesize

                                    1KB

                                    MD5

                                    2980c7599c6ea8fcaaee658e49f22d3b

                                    SHA1

                                    6c2d622385cac6bfcd5382945e23bd72550005d5

                                    SHA256

                                    c037d84520e6febff97daf0ae9e8dbf1fdc000b881ffa87a36788943a5b293a1

                                    SHA512

                                    7a4a2be952ccaaa217d49a224f8c62279bab47a67363228007ff143b4bf1438525ccccb19d2345a05ed91d169f1ba7af6de4e39d607f6819e4bce867fd97977f

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-07-09_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4
                                    Filesize

                                    953B

                                    MD5

                                    14e152530b0003973263fd54064ea363

                                    SHA1

                                    98a18c46e4980317a1f795bb0f364f02b7524f06

                                    SHA256

                                    98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199

                                    SHA512

                                    21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json
                                    Filesize

                                    204B

                                    MD5

                                    72c95709e1a3b27919e13d28bbe8e8a2

                                    SHA1

                                    00892decbee63d627057730bfc0c6a4f13099ee4

                                    SHA256

                                    9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                                    SHA512

                                    613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                                    Filesize

                                    2KB

                                    MD5

                                    662b42ce143750235619d872d3de59a9

                                    SHA1

                                    4fc967e169a56d7369eb89ea62207f9bc366f21e

                                    SHA256

                                    769112fab8966228c3471cc11d08889279e11f3403f7ba4a6dc6daf6f21741be

                                    SHA512

                                    b64738b2d4845091db01cf899b8fbc1d9a89ebb0dc5ffa6101226c9001f1b891aa3ccf906e6c2fc35d7cf9d7b7384b5b82aab010ab2fe22d63d9f41c7e1a761f

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                                    Filesize

                                    2KB

                                    MD5

                                    dacf5920904a5bc127f63b7c66e06c2c

                                    SHA1

                                    604677e06dbc125f129c2a1c66c349439a53e4ff

                                    SHA256

                                    d85ae7d25126b8fbbc8a623df40225ca1bfad4b785bee60e058ae71f10897591

                                    SHA512

                                    c7e3c86390741a15ce3bb76568ad107723543fb0050e84b7b33dff8cc4b3c2e9665397afd7cce5096b6042f1e8533991d1dc2ef0bc1c4aab539d8fbe6c6ec5e8

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\120cc18c-e253-4cc2-8f53-ebdbe4c0f349
                                    Filesize

                                    746B

                                    MD5

                                    6e9036fe188a2063b62595d0e14619db

                                    SHA1

                                    8b5b5b22472a4e250fa02f46dbee5e09dfe97cf9

                                    SHA256

                                    826e43782d0ebc517f52b200c2371eb6aaabf05d9453131cc01a9d729182f70c

                                    SHA512

                                    0a678afba0efe4f92d4e9eaea2adaa10072218e0759262091835af2baad2283b47f7841889e3d42d3f82b60f889c317bc2dbfb078ef9b40dcfbebb50811b013b

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\83c24078-a67a-4832-8dc7-cdf6f32e49f5
                                    Filesize

                                    10KB

                                    MD5

                                    73b0f13d5166afe90d225be48084bfba

                                    SHA1

                                    921c567881eba73f66e837ad923b3c92f2860233

                                    SHA256

                                    d496eaf5f2f875cecd320128ca9114ae8deda271825ae249a57032199bc905f1

                                    SHA512

                                    124bade149472078f3d209a7e59a6c5d5811026ae227422987cf14e979bbabe27d52b7e0dea8a55c0b6e5e43c4944d4338085c12640e84899fd3c36222d8b5fa

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                                    Filesize

                                    997KB

                                    MD5

                                    fe3355639648c417e8307c6d051e3e37

                                    SHA1

                                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                    SHA256

                                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                    SHA512

                                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                                    Filesize

                                    116B

                                    MD5

                                    3d33cdc0b3d281e67dd52e14435dd04f

                                    SHA1

                                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                    SHA256

                                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                    SHA512

                                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                                    Filesize

                                    479B

                                    MD5

                                    49ddb419d96dceb9069018535fb2e2fc

                                    SHA1

                                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                    SHA256

                                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                    SHA512

                                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                                    Filesize

                                    372B

                                    MD5

                                    8be33af717bb1b67fbd61c3f4b807e9e

                                    SHA1

                                    7cf17656d174d951957ff36810e874a134dd49e0

                                    SHA256

                                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                    SHA512

                                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                                    Filesize

                                    11.8MB

                                    MD5

                                    33bf7b0439480effb9fb212efce87b13

                                    SHA1

                                    cee50f2745edc6dc291887b6075ca64d716f495a

                                    SHA256

                                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                    SHA512

                                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                                    Filesize

                                    1KB

                                    MD5

                                    688bed3676d2104e7f17ae1cd2c59404

                                    SHA1

                                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                    SHA256

                                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                    SHA512

                                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                                    Filesize

                                    1KB

                                    MD5

                                    937326fead5fd401f6cca9118bd9ade9

                                    SHA1

                                    4526a57d4ae14ed29b37632c72aef3c408189d91

                                    SHA256

                                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                    SHA512

                                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                                    Filesize

                                    6KB

                                    MD5

                                    b7496bdce27add1595f57fdd4f403671

                                    SHA1

                                    9c20f42e2a606accefc8cc98ef0c5e717adbb639

                                    SHA256

                                    1eaa556cd2df178f9457e4f4fc752a14c8b14b22e8909ecd3e6e569e7f5d607d

                                    SHA512

                                    3b48305d5597aed992fd1b0fa4e5955b1e7715540ddfab89d4387446b799e1b1c34865124a1333dbad6fce9e26b5f5763ebc0d5866041cbcb42205127b97ae16

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                                    Filesize

                                    7KB

                                    MD5

                                    a45e1f5b2dbb63188ff7aef17ed822a4

                                    SHA1

                                    3e55bb0f307823078854957653d0e4ac2255e911

                                    SHA256

                                    2b60004c46b992887de1be8afcfd93b0c2b1fd42a1b7e786c6ca9129529d553f

                                    SHA512

                                    bd065ad6cef1844cfb20d36864a0ea42f522e6563ca9cb15c50123704b1951a1aff064b73c1bd2178f7f966db08317311bfc3acf6849613ea1412a1cc8423d45

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                                    Filesize

                                    7KB

                                    MD5

                                    2efffaaae917d1155bd302739fc9db01

                                    SHA1

                                    029d1fbb6cac0766a315030e2e224b81f4798693

                                    SHA256

                                    f356fa3a95583c327514b62da53b1bbdde1f311534bfb7b544756e372bbc8351

                                    SHA512

                                    ddfd3167d1c78510ba4c60544974318b1cd5ceae1bcfa948d2ccc5e7f416793f6a09a961e22c9d35614c955bf3ff570755269a426513534878f776343afde23b

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                                    Filesize

                                    6KB

                                    MD5

                                    4db81c00a55c610b120fa24fd20006d6

                                    SHA1

                                    f0b245b1f5823441daa18266aa69c919d7cc20eb

                                    SHA256

                                    7a1d51d92a5e6a456563c48c215d79b8a1be594473929b88dc95c0405813edb3

                                    SHA512

                                    218a3dd73ddf2e9107f1d9262d605a83b5a68b81fe55d0e1199c8e9b1388541d7daaa3d7e2ee725b799c34a3d9f0cc763b82789c7e4deb51e2c275f3e00b6627

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                                    Filesize

                                    6KB

                                    MD5

                                    b20e23bb8e5ff9b462019908e2cfb626

                                    SHA1

                                    197219614fdf7991b4b76bd8f3e6c8965c9636a5

                                    SHA256

                                    fb75643d436b85bf7d1db247e1bed7da31e017f25fda95ccf6b53d0ba311682c

                                    SHA512

                                    1b28b80877a48ec952f15df93d3817571ab59890cc1c60acfcd3223944448e09c6ceb63e2f50d77061f8220907c7ede3ee01609d9623743c9f578abdecccba3d

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json
                                    Filesize

                                    90B

                                    MD5

                                    c4ab2ee59ca41b6d6a6ea911f35bdc00

                                    SHA1

                                    5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                    SHA256

                                    00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                    SHA512

                                    71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    3KB

                                    MD5

                                    0d86c825fa0ca56b3f5049e8cd65fabe

                                    SHA1

                                    c199517757f8e892e89b2c77b36a75d2bc2f36f9

                                    SHA256

                                    31d9b0f7c9f7af19d167e047f7a2e425c4aba11778b98aaacc33675cb7739660

                                    SHA512

                                    7c0d431e37eaeef0244aa5530cdfafd02844e907ea0dc517610c2526be937aa3146625ddf079d29fd9a867a6384f85dbb9b1459a6cad0087e43fd452c4954c90

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    4KB

                                    MD5

                                    decbdf0ab479424a78b6e89d3a826eb0

                                    SHA1

                                    c4674c52594dd31513e74eb1ab358b8d2bb3f0e3

                                    SHA256

                                    a819d0aa4f5224d2e00ee63046d01dacea1db98e6970893f2a0d98ebf3ed14ba

                                    SHA512

                                    43df4cfb707c2b830a546046e79f9dba46a0ae0a7a7ab7f6379d40fc18f4245d7e1631a74c7b6692535c4af0dbf68e5fe6ec885a4b43b470091697d895d034dd

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    7KB

                                    MD5

                                    5b9cd3956d8ec62164e9dfab447aa256

                                    SHA1

                                    07786bee11556775a1ad3200e17bc73ace02a79a

                                    SHA256

                                    c6056a51206a349ca452635549e7d5c678e6d8979444dc5f08a5a4a066d4b316

                                    SHA512

                                    df885b1e47ce3c0668f872a499cca0296881bfc1dcadf5e962e6628921389d27a2aad4a96c11c38dc5b0df64a3db0ba638656e40a37f84715386b8179f9692c7

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    1KB

                                    MD5

                                    25d783186bbf7dbb3f816f6b2988cc5e

                                    SHA1

                                    aef82d899eb08e9a9b4abb4268f1cf5e4f2f6bab

                                    SHA256

                                    2915725a1d6684c881a32e7d98722a05f09f4139e6226b225aa3aff7194dec5f

                                    SHA512

                                    d97c68c787f9810407f759c3eeb664e1e47ffdc2d157fd5e1a39ad782309ca35097e46ec1be84e94fd39f9dda9126dfec009b6214eddbe38fdffb200a31a5112

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    4KB

                                    MD5

                                    c79ac2507f6bfd5bb91481c813eeaa3d

                                    SHA1

                                    3ac2d2374723f532848beb6d8be8a2e9ad022dc9

                                    SHA256

                                    eae8aa9737fdf13a76ab7626a1428b8a74d6c056a200199d736a0619cbf09695

                                    SHA512

                                    5c561bcf97179544040cfd6c44015c55f75d70242950d9d2b44f689e093b817449ff3ab7f1d2a0b6c44493c105dff2d7437cb81ef85e46980b3edd0f6b5f6d37

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    8KB

                                    MD5

                                    0a58a4d04fdeaff506e36d273a26e23b

                                    SHA1

                                    5199c340f3d8b72bbe0e90c318dde1e5c11e7161

                                    SHA256

                                    6a774c75746efb53f7b90cced2ad622fa335e530bece1af7db33c8ad1e8b11ec

                                    SHA512

                                    20d9d63e5bb7fac355cc3bd98bf67fa0410b442ad9628fdf008f425b80de2afebe9e55ae7e0dca7150bbef9f0741f6cb3f4a83da9a34f36f7ead002cbd10d2a1

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                                    Filesize

                                    9KB

                                    MD5

                                    a1c3711d43f423aa32ceaa393bcfd288

                                    SHA1

                                    4ca3ab04fc5f992022676cb746ebf2d7eac0c752

                                    SHA256

                                    a77d6f9121f7ef04dc96d02d9143486291b806a5b51f2a1edabd95539d79459d

                                    SHA512

                                    c1d4e9f7d1c953a9904ef1f042d9c069e0f90c7ae7dc25567920bfd8bdebafc254bfd6f9301d1e44e8317e711b585c71905c600f6940b6f8775d73ebeb196639

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                    Filesize

                                    192KB

                                    MD5

                                    db9aab43ec95455c7c0b90eba65418bb

                                    SHA1

                                    4200b6d8e29decca640573dcb3f67514b4e451cb

                                    SHA256

                                    246b0fb5f8e18b010f2929d571cdad5147cf727656a113655539cdbb26eaabf4

                                    SHA512

                                    d7ff6f8c4dfc249bcac2ef902e527b7043dd1ce88db9621c216d8f7dbba9b93f538b94d245e83a24764ab4051c450d1ac507cba7c5f7ad9a207e05355ccb509b

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json
                                    Filesize

                                    4KB

                                    MD5

                                    ddbd352421cb3eafcbd03bf42cc8915e

                                    SHA1

                                    3f699740d1ce85aa53d02f4ed6f6ba5f9006606b

                                    SHA256

                                    f05f5a1fb2749a24de2ceece625f8e066a25ebe056d6afa45b801815a9172c31

                                    SHA512

                                    c45ee4e4fa74d08052e7b82c4e76985cfb0963f8f4012b090abe3e93a74b3fb754d83853b575f32970bbd8e91193b7225395bcc4b5decfa9d6ffdbd2cb66f1cc

                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\xulstore.json
                                    Filesize

                                    141B

                                    MD5

                                    1995825c748914809df775643764920f

                                    SHA1

                                    55c55d77bb712d2d831996344f0a1b3e0b7ff98a

                                    SHA256

                                    87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

                                    SHA512

                                    c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

                                  • C:\Users\Admin\Downloads\LF6mMyRs.zip.part
                                    Filesize

                                    181KB

                                    MD5

                                    10d74de972a374bb9b35944901556f5f

                                    SHA1

                                    593f11e2aa70a1508d5e58ea65bec0ae04b68d64

                                    SHA256

                                    ab9f6ac4a669e6cbd9cfb7f7a53f8d2393cd9753cc1b1f0953f8655d80a4a1df

                                    SHA512

                                    1755be2bd1e2c9894865492903f9bf03a460fb4c952f84b748268bf050c3ece4185b612c855804c7600549170742359f694750a46e5148e00b5604aca5020218

                                  • memory/1196-951-0x0000000000400000-0x0000000000433000-memory.dmp
                                    Filesize

                                    204KB

                                  • memory/1196-593-0x0000000000400000-0x0000000000433000-memory.dmp
                                    Filesize

                                    204KB

                                  • memory/1196-584-0x0000000000400000-0x0000000000433000-memory.dmp
                                    Filesize

                                    204KB

                                  • memory/1196-977-0x0000000000400000-0x0000000000433000-memory.dmp
                                    Filesize

                                    204KB

                                  • memory/1196-978-0x0000000000440000-0x000000000044E000-memory.dmp
                                    Filesize

                                    56KB

                                  • memory/3496-992-0x00007FF899560000-0x00007FF899570000-memory.dmp
                                    Filesize

                                    64KB

                                  • memory/3496-985-0x00007FF89C630000-0x00007FF89C640000-memory.dmp
                                    Filesize

                                    64KB

                                  • memory/3496-986-0x00007FF89C630000-0x00007FF89C640000-memory.dmp
                                    Filesize

                                    64KB

                                  • memory/3496-987-0x00007FF89C630000-0x00007FF89C640000-memory.dmp
                                    Filesize

                                    64KB

                                  • memory/3496-988-0x00007FF89C630000-0x00007FF89C640000-memory.dmp
                                    Filesize

                                    64KB

                                  • memory/3496-991-0x00007FF899560000-0x00007FF899570000-memory.dmp
                                    Filesize

                                    64KB