Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-07-2024 20:39

General

  • Target

    e369a08e4ef871f499a80b23c1c6e63fa98b4d3d0fc11536a9ee269b087816a5.exe

  • Size

    1.8MB

  • MD5

    70724f469bcf35c601b952b1f3b42318

  • SHA1

    7a1430987f4b4d60cd3ce1ad67a1454d773ecfa7

  • SHA256

    e369a08e4ef871f499a80b23c1c6e63fa98b4d3d0fc11536a9ee269b087816a5

  • SHA512

    75eb8ec34373138b6c205fafea37dea2bf8d9a377c5c8fffd8ebaa1b4ec6d77d08144e06786b36d937063479760f80af5e6fa8c6241f513c80ea7971538cf5ee

  • SSDEEP

    49152:W1+4+j+RZyaN85okf7Kfw+uERO4Hp4JBVYnJ:V7j+G5iwXIp4JBK

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Extracted

Family

stealc

Botnet

hate

C2

http://85.28.47.30

Attributes
  • url_path

    /920475a59bac849d.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 33 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e369a08e4ef871f499a80b23c1c6e63fa98b4d3d0fc11536a9ee269b087816a5.exe
    "C:\Users\Admin\AppData\Local\Temp\e369a08e4ef871f499a80b23c1c6e63fa98b4d3d0fc11536a9ee269b087816a5.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:5848
    • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
      "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:796
      • C:\Users\Admin\AppData\Local\Temp\1000006001\c2a2ca55f8.exe
        "C:\Users\Admin\AppData\Local\Temp\1000006001\c2a2ca55f8.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:1656
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\GDBAKKKFBG.exe"
          4⤵
            PID:6316
            • C:\Users\Admin\AppData\Local\Temp\GDBAKKKFBG.exe
              "C:\Users\Admin\AppData\Local\Temp\GDBAKKKFBG.exe"
              5⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              PID:6436
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\ECBGCGCGIE.exe"
            4⤵
            • Suspicious use of SetWindowsHookEx
            PID:4196
        • C:\Users\Admin\AppData\Local\Temp\1000010001\5f4738b9b4.exe
          "C:\Users\Admin\AppData\Local\Temp\1000010001\5f4738b9b4.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:3060
          • C:\Windows\system32\cmd.exe
            "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CD04.tmp\CD05.tmp\CD06.bat C:\Users\Admin\AppData\Local\Temp\1000010001\5f4738b9b4.exe"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:4620
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
              5⤵
              • Drops file in Windows directory
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:2876
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd1feccc40,0x7ffd1feccc4c,0x7ffd1feccc58
                6⤵
                  PID:2336
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1812 /prefetch:2
                  6⤵
                    PID:5156
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
                    6⤵
                      PID:5316
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:8
                      6⤵
                        PID:776
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3132 /prefetch:1
                        6⤵
                          PID:3100
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3164 /prefetch:1
                          6⤵
                            PID:1436
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4036,i,12897542148089509411,14225183072466740818,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4604 /prefetch:8
                            6⤵
                            • Drops file in System32 directory
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4668
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
                          5⤵
                          • Enumerates system info in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of WriteProcessMemory
                          PID:1888
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd1fd83cb8,0x7ffd1fd83cc8,0x7ffd1fd83cd8
                            6⤵
                              PID:5540
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
                              6⤵
                                PID:3588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4748
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
                                6⤵
                                  PID:768
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                                  6⤵
                                    PID:5244
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                    6⤵
                                      PID:2784
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
                                      6⤵
                                        PID:3744
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                                        6⤵
                                          PID:2276
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
                                          6⤵
                                            PID:4640
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                                            6⤵
                                              PID:6368
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                                              6⤵
                                                PID:6392
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
                                                6⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6212
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
                                                6⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5460
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16967810139884564675,15164142376439631868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4888 /prefetch:2
                                                6⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6984
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                                              5⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:4952
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                                                6⤵
                                                • Checks processor information in registry
                                                • Modifies registry class
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                • Suspicious use of WriteProcessMemory
                                                PID:2376
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1900 -parentBuildID 20240401114208 -prefsHandle 1816 -prefMapHandle 1804 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cdde4c5-ea72-4e43-8cc1-9472ac37c0ef} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" gpu
                                                  7⤵
                                                    PID:1316
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2116 -prefMapHandle 2280 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f10c9b47-4c1e-4e96-a467-1f3d330ecd1c} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" socket
                                                    7⤵
                                                      PID:424
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 1 -isForBrowser -prefsHandle 3368 -prefMapHandle 3364 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b4967b6-81f3-4b87-9e72-c5c4202d3db3} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" tab
                                                      7⤵
                                                        PID:4996
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3828 -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12ff3791-0fad-4448-be1a-0a845d649be5} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" tab
                                                        7⤵
                                                          PID:2652
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4452 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4444 -prefMapHandle 4432 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87342833-a77a-4dd1-94be-70745389df40} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" utility
                                                          7⤵
                                                          • Checks processor information in registry
                                                          PID:3172
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75675d03-1e22-4313-81df-2006616a12a0} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" tab
                                                          7⤵
                                                            PID:4956
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9083f139-1e1c-48ce-adcf-f53e960aa5fd} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" tab
                                                            7⤵
                                                              PID:4952
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccdbbecf-fcd0-4b9b-a7f1-5a445ff6e0bc} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" tab
                                                              7⤵
                                                                PID:4880
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:5484
                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                                      1⤵
                                                        PID:5396
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:1556
                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          1⤵
                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                          • Checks BIOS information in registry
                                                          • Executes dropped EXE
                                                          • Identifies Wine through registry keys
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:7000
                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                                                          1⤵
                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                          • Checks BIOS information in registry
                                                          • Executes dropped EXE
                                                          • Identifies Wine through registry keys
                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:6292

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\ProgramData\mozglue.dll

                                                          Filesize

                                                          593KB

                                                          MD5

                                                          c8fd9be83bc728cc04beffafc2907fe9

                                                          SHA1

                                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                          SHA256

                                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                          SHA512

                                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                        • C:\ProgramData\nss3.dll

                                                          Filesize

                                                          2.0MB

                                                          MD5

                                                          1cc453cdf74f31e4d913ff9c10acdde2

                                                          SHA1

                                                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                          SHA256

                                                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                          SHA512

                                                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                          Filesize

                                                          64KB

                                                          MD5

                                                          b5ad5caaaee00cb8cf445427975ae66c

                                                          SHA1

                                                          dcde6527290a326e048f9c3a85280d3fa71e1e22

                                                          SHA256

                                                          b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

                                                          SHA512

                                                          92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                          Filesize

                                                          4B

                                                          MD5

                                                          f49655f856acb8884cc0ace29216f511

                                                          SHA1

                                                          cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                          SHA256

                                                          7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                          SHA512

                                                          599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                        • C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                          Filesize

                                                          1008B

                                                          MD5

                                                          d222b77a61527f2c177b0869e7babc24

                                                          SHA1

                                                          3f23acb984307a4aeba41ebbb70439c97ad1f268

                                                          SHA256

                                                          80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

                                                          SHA512

                                                          d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          264B

                                                          MD5

                                                          f81712af49281e8fef5ddcc595ab5138

                                                          SHA1

                                                          52933a44db756e44037bea718c1b42a1dcce2e30

                                                          SHA256

                                                          6fc036e95fe93c52ddaad0c52755d39927dfe2f5570fafba570f4009cffbad8b

                                                          SHA512

                                                          2d5b80a4201a747150e76712640adc383edd1cb49ebc0437f87a3f38091dc51ad2da3017a69659eb71491a6edfd2a07c7ec2f9ad6813c8e64dcd71719da5bd20

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          bd8fc70b8ee0b9ce4211acaf4b04653d

                                                          SHA1

                                                          6a3408ab82b99c49f739793b8ccbc8afe6210121

                                                          SHA256

                                                          e38e9c7ddeccfe1745e794dc8aa0dd8aed33dc1754b0552550ae5c2dbe91b18c

                                                          SHA512

                                                          f58420d13b9248a5d853d96e1e389a2f39f192e4db3fab6dc82df27a51d6284d953c935a447aa00c9f7ae6150a7ea4cb040c20c70b9f1ca0412c3ded323143dc

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                          Filesize

                                                          2B

                                                          MD5

                                                          d751713988987e9331980363e24189ce

                                                          SHA1

                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                          SHA256

                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                          SHA512

                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          356B

                                                          MD5

                                                          2a3a211f0f262e378c4ff97212a53923

                                                          SHA1

                                                          0fbf61c64687564db4afb98537bae982bd3c4ac1

                                                          SHA256

                                                          7393c1ba64598ecc6c605fe2cd10dfa1e0a5ce4678a815b1e0c2556552cdd34b

                                                          SHA512

                                                          8773ac33aab6173b957085bb98f3ea4a47c04beab0ba5c635b2cb8de9eb8abc9975b041183c815e055384eb47f4dd88c6890a7eb65085e0c6b29aab82c93be67

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          3c92a74ebabd002911a13124f30a1dd3

                                                          SHA1

                                                          47ce28382c5aca4daf5f9860f86451cda8fecc99

                                                          SHA256

                                                          b12664ff988482619907682d3b16c00cd0c8bea72f151499171bc4bed05310ed

                                                          SHA512

                                                          74c1931a68c4569aa3ec13ff1e7bcc99c15decb8309d6cf7330df218533b5f3a6d7e064221fe0d260ad3cee869fc143ad6c4779f8a8a9a2b6e93d38551eae72a

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          8a124370e95d54a1c66f3f1fdce42e28

                                                          SHA1

                                                          89bf953c7d53ed3d8c21ff422fb565c57b15e74a

                                                          SHA256

                                                          905074f392bbb5b28afa31a880e3a684c0313f0a507f9e2993447b89c768c3c0

                                                          SHA512

                                                          d45728ac3dec8e527b9e12e1ab0a7b3251bc38934c2cdd408f0e5607c2232a0f23e179cfe3f450054d3b411d9598dd8427ac4e50b53d20f3f124abd136120453

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          fcafc8e2ba3f8da71556e3359f10bd16

                                                          SHA1

                                                          00ace62d8311bc6776b6967f323d76b968c7f40d

                                                          SHA256

                                                          40ad435cdf418091575a735fd2b7f1378d8632a7e95a889a2bd39af457125b2d

                                                          SHA512

                                                          26a5dec34c222cc122e4bf90b4869dc6ab989fd79e1dc6df12ba5e476495a48b95e87c2170be8d29223615322019c5deceb8ec27c5d1474ff9d87aa57f3d02fe

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          9c5e3f6f14929fc5754b0649eedb870c

                                                          SHA1

                                                          1c35067f1f3c1282a8af602df9f7b2d177a7d099

                                                          SHA256

                                                          6c65349dfd09b18f116af49b7b2084fe0f4f60f1bd2677354ae045573b90238d

                                                          SHA512

                                                          9b8894c639179451bd20bc5b338cd2961ecc3deed66ebdf1b2d14a02972aa8c3f7c32f61fcc91a0d3e752c406dedb00ca522b830018ea7fb4a1d7d02f226c1a7

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          bc746966f9577a3c284204b8f1086c9e

                                                          SHA1

                                                          ea951db6215abb76248c67a42eb53b48312775c1

                                                          SHA256

                                                          6d19a8771eb874512b70a1280fe22c42e47d65b02479d66b1a616fe14dff7b40

                                                          SHA512

                                                          01e8b3e81919fdea660ef4639fd8bdc14b5cd66baa7e08fbdb9002c9cad266fdf2190a14fa2808fb1a54f42fdd795cdaca745c894d444c986d806b0395d7e744

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          84e42a9c27422231bfd56eac0479a95d

                                                          SHA1

                                                          daa53ede32bdd7cf6450fee5aae32266ed89e83c

                                                          SHA256

                                                          8a8ebaa96061609ff19bc2d36225843d8d1f80a9bef9376ed4987ea8f3a304f7

                                                          SHA512

                                                          97eae2e24217d75ac82021101d6e273345466db65509edcc0e486ceacf920c048aea72e837cbe9a9b0319b8eb72723687f2ec5b01fdeae694193b5b8b2c09ed1

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          e5d62cc979c7e7ea1edfd2b4c59f5ff4

                                                          SHA1

                                                          a152b8952fabc4453f8751669b4852426323807c

                                                          SHA256

                                                          6b1332bb01e98706ec7ccf2b26a00fcf84a74a56cecd41c0d65cbde1dfe9440b

                                                          SHA512

                                                          1b8daef3cd8c635a810ee3118da871a7f113a508802db75cd7d980f639007f4d7e282b94cbb0fab477d9a8c5c077026f8d3a0a4396b1f2af29b8800f0867b482

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          8785013f7bc965e499b7ae4da0577f70

                                                          SHA1

                                                          3834c0aff5176ca17e6004e8c811efc97d93f4bb

                                                          SHA256

                                                          5e77606b6fe1e484e8aa313abd7bbb625f8f57ada1c5d4eea4152ef99092ddf6

                                                          SHA512

                                                          b39d7a9c660b216698aea9afb38bcfca670c1087f8e1b165ee9ce313c63b76384d6dcd0d5e3ce0008d184dd1b9b23ceccb4dfc5ee898e493dc42ce5865c3fad8

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          a473d3c6f0f52ccea275052dd5335dcf

                                                          SHA1

                                                          09991663966641921e6e1f16ca0259090202b400

                                                          SHA256

                                                          3d10f8f21f91cb30eb62cbea5a4b878b3b1cb631cd3d387e68bcc314e46df275

                                                          SHA512

                                                          8e9b237c047df23d23ef42a156249563b1c132b5d70691a95f07fe91b5033210f6170a41d80d58b9938ddcc31711a12474e6de8e35979096c7e5e2e58413f838

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          92KB

                                                          MD5

                                                          8a6b68bd3746b3e2830ac083c6834a03

                                                          SHA1

                                                          40ef77ff2a6db58470f4f1d0d21a682d2b66442a

                                                          SHA256

                                                          06ed3309cbaeee4492832c1aa846d7d6d3cd961efa89cfcd134b38b5ddea1703

                                                          SHA512

                                                          cb3de195479e63a665f5af813e74c2556367e2a935d2db2c4364eb5186fa063e7e0895dba4db9b78449f901c0b8a5659c38a985a33e28f8bc19d7264b8c77966

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          92KB

                                                          MD5

                                                          029853e1dbf47d97e74dabe8da529a61

                                                          SHA1

                                                          1bcdb462d8989399211403ba153cc1421a9b2fdf

                                                          SHA256

                                                          72a3580f85ccb8a4d21a7a22584ebcafa0f8d51af94467392d45b090166a611a

                                                          SHA512

                                                          509f70439879af2834cfee42c9a735b579bbb00fe0a5f91416258c51d25ec04f8c137b7fe76a187ce4c2aee1615f54a3690a4be85c4225323f507feb804070d6

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          6f3725d32588dca62fb31e116345b5eb

                                                          SHA1

                                                          0229732ae5923f45de70e234bae88023521a9611

                                                          SHA256

                                                          b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140

                                                          SHA512

                                                          31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          c0f062e1807aca2379b4e5a1e7ffbda8

                                                          SHA1

                                                          076c2f58dfb70eefb6800df6398b7bf34771c82d

                                                          SHA256

                                                          f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca

                                                          SHA512

                                                          24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                          Filesize

                                                          38KB

                                                          MD5

                                                          c3aa6e31c125d83fb2eabcc9e33843dd

                                                          SHA1

                                                          ad91b78e1a9853ee876b77b82f75100ff5690d11

                                                          SHA256

                                                          c32b5cffb8ac92df9bd9340b75b8d0772a071af36df5b27879e45f6112f9b5b4

                                                          SHA512

                                                          897efddeb2d96e24aca43385cfb86a065034c4bb045c2e2b7391572e0ddd4a820b70fa83854de5048d7b7316fc9fa2f078924aab62206a7a135aaf91176a4c6b

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          240B

                                                          MD5

                                                          8db8f7b21957576c425cb54e8876a857

                                                          SHA1

                                                          170a2345d11061c6ac20992b0c352218a1b58a79

                                                          SHA256

                                                          d163326395249245f8e876280e5094d3bd08ff06b81ff729de7eae9418837b33

                                                          SHA512

                                                          2cb21cef8590a51cf0a22b6862096027ec8aacb420f69899390113253b0d2794ab42618da92a637e7b4489d07019b92bf37e36c0fe5223b74e8d470873dd2047

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          acc6ffd04f040cf9814a215d7a59845f

                                                          SHA1

                                                          e414734104787b93062c6f850ecb05c31bf5e18f

                                                          SHA256

                                                          588db59952c70f603c5e30520d3f25037d0482084ee7a67f634552501c5b647c

                                                          SHA512

                                                          36c8625ec5345f97b83a4f5c5607de2e7563e9533a5a7d4938b37e136eaacd77609a1141f043de26c7eca5079d5bc60877feb3a3a2821a31df3358ed6351b066

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          e3e20b383ba2a69c1fb462bb7302557a

                                                          SHA1

                                                          839cc5742665aee8d86bfaec2e54f1a3cb631889

                                                          SHA256

                                                          f1fb2ae6edeb14632429b5c46bf3597c90b9160105289cb98f0bdd9ab882db2d

                                                          SHA512

                                                          16427e1473a3a6cb80a48b09022f76745bce2aa1f64d7b74c8fc9abe379098788758ca5e96e05c973957031d47701d426466458466b7a21422357b17d7320e51

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          692cd8dd1774d19b5ae291311185b3e2

                                                          SHA1

                                                          820cc0f7f87735d7a2b440991bf3aa1751bca87f

                                                          SHA256

                                                          bf7f4d189637da35a1277488e5123d853292bae0d44da6e2a656001cf08dd04f

                                                          SHA512

                                                          8a18f5d4b1904598f4764061c98adacf99987ca156782bf5ec9d61e875f9b496d50a0ef8143b5a34b94ccf63926a6cc6ba118065483fbb07514ea8733cd484a1

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          9a9fd1fd39d430d9f0ea45bb08b722cc

                                                          SHA1

                                                          c80c9169b34371e05ee41ef7f4764307697ea985

                                                          SHA256

                                                          6033bbd9a6d099b3b6600ad903a514c9e108744671fd019553b6532084ce4f7d

                                                          SHA512

                                                          91194d9186c6d208ffa836855e85487c64717b44d65f5f35cebcd0ccb2c108661f2b8d4fa65025e19a0e792dace607c0b3a446ec403a8e758d067c5365c6ccec

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          718465a848d0e544ab8d79c3d5f0fb33

                                                          SHA1

                                                          d59efc756238417b128403578a2b4fdb35813d6c

                                                          SHA256

                                                          a0c594a28eb000e31ed79fccb8147d20d2c60749c67fdc83442856c8d3e361b1

                                                          SHA512

                                                          a4fd397cd33f61f3fa371a670ef30a68a9f8ca7a58b7a0813463a86a5b36033534cdb0103153759304904e523daef501f4d905057a4f52e8fd9ab7a5f23a3f3b

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\activity-stream.discovery_stream.json.tmp

                                                          Filesize

                                                          21KB

                                                          MD5

                                                          4ecf81ffb0b85b1f17c692651b4bbadc

                                                          SHA1

                                                          34bbc2d0d3e261e91e1a3f07adfad26fff39cc05

                                                          SHA256

                                                          2bf9502d70f3bc4829ea0ea81fda51304293a4a008eefd74cb6a6427d2c12d70

                                                          SHA512

                                                          afe82037cb95017c77359abb884d83493546f1abdcebcea89350716c5237f97d317a7b74da4932cc4f4f1fa30063422a85d76483a9afc415e1ec413e841b8bc5

                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

                                                          Filesize

                                                          13KB

                                                          MD5

                                                          6029b75b0b63b583cd81495f8b259028

                                                          SHA1

                                                          f78ef55e25859c6502c79eb848ccfcad73827681

                                                          SHA256

                                                          92aaceb2545d727de8801fb0d2cf23f005b1324e7bba0b42acb5d5b635095ab2

                                                          SHA512

                                                          6dbb239c549304b8dde009abc0b5ce6661cbdd584c91fbd85f761d0544f95352582b7d04c9775add1675c49ec7d0fdb01fe7b7d87b39d6a3ac500b2ee94439da

                                                        • C:\Users\Admin\AppData\Local\Temp\1000006001\c2a2ca55f8.exe

                                                          Filesize

                                                          2.4MB

                                                          MD5

                                                          b6bf96c3900b28a9970323938a1752bd

                                                          SHA1

                                                          fff9ac5ee2a9849759bf02538f8a431738a894c5

                                                          SHA256

                                                          1013ef0d12658680241090322d56cbfd6ad665fd922049180184c3fef077a506

                                                          SHA512

                                                          475848394c20823bf0c05f3d66ff27422b22670babde769f936791881d0da800cadf3ae08e0e99fe0a85abeafaa072672575d020de9267d87142047c1e1033ec

                                                        • C:\Users\Admin\AppData\Local\Temp\1000010001\5f4738b9b4.exe

                                                          Filesize

                                                          89KB

                                                          MD5

                                                          bc08b445116ecc06852a929a5d302c4a

                                                          SHA1

                                                          a78aa42220b90d47b4cf63119e6082f06b295f57

                                                          SHA256

                                                          5b232254dd2d33eb576516116977c884fba81d5a8427f742a73655f9e076efc6

                                                          SHA512

                                                          657a21d453112fb909be4005e0cab1ebf467840e275a159eb535b486432ffa0bfcc60da92475b26f08a0ea481c927654520a43163e04e34324551cb3bfd69fdf

                                                        • C:\Users\Admin\AppData\Local\Temp\CD04.tmp\CD05.tmp\CD06.bat

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          de9423d9c334ba3dba7dc874aa7dbc28

                                                          SHA1

                                                          bf38b137b8d780b3d6d62aee03c9d3f73770d638

                                                          SHA256

                                                          a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

                                                          SHA512

                                                          63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

                                                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

                                                          Filesize

                                                          1.8MB

                                                          MD5

                                                          70724f469bcf35c601b952b1f3b42318

                                                          SHA1

                                                          7a1430987f4b4d60cd3ce1ad67a1454d773ecfa7

                                                          SHA256

                                                          e369a08e4ef871f499a80b23c1c6e63fa98b4d3d0fc11536a9ee269b087816a5

                                                          SHA512

                                                          75eb8ec34373138b6c205fafea37dea2bf8d9a377c5c8fffd8ebaa1b4ec6d77d08144e06786b36d937063479760f80af5e6fa8c6241f513c80ea7971538cf5ee

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                          Filesize

                                                          479KB

                                                          MD5

                                                          09372174e83dbbf696ee732fd2e875bb

                                                          SHA1

                                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                                          SHA256

                                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                          SHA512

                                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                          Filesize

                                                          13.8MB

                                                          MD5

                                                          0a8747a2ac9ac08ae9508f36c6d75692

                                                          SHA1

                                                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                          SHA256

                                                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                          SHA512

                                                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\AlternateServices.bin

                                                          Filesize

                                                          12KB

                                                          MD5

                                                          a0644dec75626c115982a3bb128ce3f1

                                                          SHA1

                                                          c6c485809a59018873822e0c5e21f17e4715b217

                                                          SHA256

                                                          f793a4ab006f196975e35221777cb6ec63ac0921edc2f9d183e63930a3576ce1

                                                          SHA512

                                                          5c33c3d5574342accced93893175335179f9ffde51aa4de9cada00dfb43d982533796f0d2cca76452b0da963f87843f3c109915d56d79c7d4bd2fe13cef7a811

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\cookies.sqlite-wal

                                                          Filesize

                                                          256KB

                                                          MD5

                                                          bd350f2593e4cfade336abfe4506ca21

                                                          SHA1

                                                          c53fe6437c4d63833734b45df36e5b0c23dc0f91

                                                          SHA256

                                                          641bd3fc52af19c8511db51e43eb6a5a60949fc051b3ec7b3416205a6048c988

                                                          SHA512

                                                          e7f98cc74166c97d52462d35c53963965ec46fe60d0fbddc74ac8a57382f547a79538a5c82095a0b940b57863544d05cce4e4f1471b759189d3eb80f958fa281

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp

                                                          Filesize

                                                          25KB

                                                          MD5

                                                          8b81229ba6fda68ed9ee5094dfe5f7d0

                                                          SHA1

                                                          521e289195ee4102ab6d599b648aaa44e488e4c0

                                                          SHA256

                                                          6002e7c118b9fa043386abb3a7b79e2bd62d3c385d12d559d1bb9152695339fe

                                                          SHA512

                                                          1dd118a41efab3a04a2eda30b1ff01e2d5d62057498b206a1e1447066358d86906cba125142359d987b3d456cd1c41daab34f3dd936f95fc28acc8495d67066d

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp

                                                          Filesize

                                                          22KB

                                                          MD5

                                                          2a3fdd808bf612c67cd15375751e089b

                                                          SHA1

                                                          88282602ada2f785658fedafbb274c6281afc087

                                                          SHA256

                                                          36a466529faae91931b6906897d295bcfd447dd2a1c2bd92e9bfc44b1e934f1c

                                                          SHA512

                                                          628f5dcbc58d90550be66aa7975d70fa18a5a455ffcfcbfcceb73267e97de6e143aa9493bab3a0092212946d2f11cff3becff56b566ce2b0b4711045711f23dd

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\c0e2795f-ab62-4889-b4d7-bf9a0cf9ef75

                                                          Filesize

                                                          982B

                                                          MD5

                                                          d1923c15824ace73287fdfa09da1ab86

                                                          SHA1

                                                          6b1ab41ed58298e1f0cb3585fdb9e7e344aa7065

                                                          SHA256

                                                          f4ff329470fcfe15d50c66f49464913747f4afd7d59aad11198a3d897f2f36da

                                                          SHA512

                                                          f5236d021c5e9830b8e2ac71288516c63dc5d9edba17fde348152d4fc215363f947f40a38073c2af059a41d5842d273778cd4b20e39e9f7edee343f4d7024a38

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\de115a9b-d794-42db-9272-23a1e2a57e21

                                                          Filesize

                                                          659B

                                                          MD5

                                                          a0180d023c5dcd48ab7253e4e59e1704

                                                          SHA1

                                                          862674c03fca879fde8934a3ae582ca9449fadd5

                                                          SHA256

                                                          a6703208e0698e2b6bab8699a67215f4d83fe9a77377c202081cb64fbf5d48ea

                                                          SHA512

                                                          07b5a96397129f13f5f54f72ba1b09edbfdf3f659d033bcd1ec1aafb49b4f33092d71f3d3a192ff984c51b96e3871e55d5510f23f440c186c772bc03c0dc385f

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                          Filesize

                                                          1.1MB

                                                          MD5

                                                          842039753bf41fa5e11b3a1383061a87

                                                          SHA1

                                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                          SHA256

                                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                          SHA512

                                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                          Filesize

                                                          116B

                                                          MD5

                                                          2a461e9eb87fd1955cea740a3444ee7a

                                                          SHA1

                                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                                          SHA256

                                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                          SHA512

                                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                          Filesize

                                                          372B

                                                          MD5

                                                          bf957ad58b55f64219ab3f793e374316

                                                          SHA1

                                                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                          SHA256

                                                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                          SHA512

                                                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                          Filesize

                                                          17.8MB

                                                          MD5

                                                          daf7ef3acccab478aaa7d6dc1c60f865

                                                          SHA1

                                                          f8246162b97ce4a945feced27b6ea114366ff2ad

                                                          SHA256

                                                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                          SHA512

                                                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\places.sqlite-wal

                                                          Filesize

                                                          992KB

                                                          MD5

                                                          1d0efe39605d4e380f9ee645c4979eef

                                                          SHA1

                                                          ca35dd90904e52b9403fa0f38b428903abdf553a

                                                          SHA256

                                                          6dfe929975688dace70d125a59b541a68dc56805372965c9fa8ebfa1e471c68c

                                                          SHA512

                                                          1ff147f20c4f626393885215fec627bdf475fc46c1954e25d4d58fbbc155dc26418b591502aa1ed54f921073e2b6465b98a2f1e95cb9641d1ede08b84a185186

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          fece2c44d52284a75bff3240ce3390b0

                                                          SHA1

                                                          9253aaf0d86e11e437b03de5e73815d1b4fedc10

                                                          SHA256

                                                          fdee006a69622487914b865a809568cdb5f7bf058a87cdba073355f2cd2319b1

                                                          SHA512

                                                          75d90001f93acc3a8db00dcf6eb9efdacba83797262a70b59708410c1dd4e26ed1f034c189fa5405605588a56482d17556479cbf2ef8d88222f8d6bfa7c88dac

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          423a5d026e07380ea643169e4b1d272c

                                                          SHA1

                                                          46316a20dc47658a38bcbe9d39d72456d7609eae

                                                          SHA256

                                                          e133cef6c81d6e5fb02746b26fa92181a86fe4fc15fe57a69a84216684f7069a

                                                          SHA512

                                                          4ac110175d6319b1dfe044bd454a2d44ed70e4064fddb9cfec6b12e777982ca82274f660717a0bc4a68e2c8bb68eeb790b9364f251827924cbf741d1dca539e4

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js

                                                          Filesize

                                                          13KB

                                                          MD5

                                                          f9d040c93ec31eccbdd761d9fe17807a

                                                          SHA1

                                                          07a177df07bbcd7925f7dee7b69c8878b6bf89cf

                                                          SHA256

                                                          89d0480181deaa659498628869f08748215e3799a7f3c806494f9f1c32344c47

                                                          SHA512

                                                          039bfd07319ae1c18d5b50160a5bebada849ab351b75c5082fd7b25247371fc7b56d42f1dbbb65e522722d2971ac44061d32e0862cff5b7942a2eef001e2aed1

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          abb9521dc55274a59086612675508b9e

                                                          SHA1

                                                          0b3050482cfa2170216299e72b55d06320ee006e

                                                          SHA256

                                                          88f5e213067c94bfdef9d8a7b3d85644eeb4686d7d09c43ec94fa6f0c320d2f8

                                                          SHA512

                                                          8c7fd521c31c9dbbe6e60423f6817456d4be9a59baf67033c20a31ff83a3919210b62fdcf36de74868367a72b6abf131d639c887c84a16f55a6a820895111543

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                          Filesize

                                                          1.1MB

                                                          MD5

                                                          b84b898fa53079cb4a4e03c84f813c4f

                                                          SHA1

                                                          504b97a706e06256a5047ceee6a339de7981dc47

                                                          SHA256

                                                          c7233da672e8c47ca4098dbee91ad405e96ab5207e99c4be17954707a1f152e8

                                                          SHA512

                                                          e36dfdf19418c1dcb209b23128485197e9a79c24921505bc422bef5b50224904714ee43df7893b5bcfe1950bea02ea602d69055f315050a7ff4987359ac305d9

                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                          Filesize

                                                          7.4MB

                                                          MD5

                                                          322bb81a94041d3abb136505e4dd4800

                                                          SHA1

                                                          958858e9148814b08acf2aaebb61f252f7b63b61

                                                          SHA256

                                                          8c99f21d6679cc472ba1c5f3c14808514ed726a06c58a458386eb5e51a63f26a

                                                          SHA512

                                                          18a019c39421c3e1c015ca950b31019d6cbcfeb7dfd6f595c6b741142b99fd65ee3fbffc2a588cfb5461e75d7f0b8da8b96010fe1baec3e6a65106de465eb8d7

                                                        • \??\pipe\crashpad_2876_IQRHETIGHKTDIOYJ

                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        • memory/796-607-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-387-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-604-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3386-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-612-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-529-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3343-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-1195-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3358-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-16-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3333-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3330-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3319-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-2808-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3257-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-19-0x0000000000B01000-0x0000000000B2F000-memory.dmp

                                                          Filesize

                                                          184KB

                                                        • memory/796-3279-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-3281-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-21-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/796-20-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/1656-530-0x0000000000C90000-0x0000000001875000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/1656-37-0x0000000000C90000-0x0000000001875000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/1656-557-0x0000000000C90000-0x0000000001875000-memory.dmp

                                                          Filesize

                                                          11.9MB

                                                        • memory/1656-94-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                          Filesize

                                                          972KB

                                                        • memory/5848-2-0x0000000000381000-0x00000000003AF000-memory.dmp

                                                          Filesize

                                                          184KB

                                                        • memory/5848-5-0x0000000000380000-0x000000000083F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5848-18-0x0000000000380000-0x000000000083F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5848-3-0x0000000000380000-0x000000000083F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/5848-1-0x00000000773A6000-0x00000000773A8000-memory.dmp

                                                          Filesize

                                                          8KB

                                                        • memory/5848-0-0x0000000000380000-0x000000000083F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6292-3332-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6292-3331-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6436-566-0x0000000000BE0000-0x000000000109F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/6436-585-0x0000000000BE0000-0x000000000109F000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/7000-1647-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB

                                                        • memory/7000-1204-0x0000000000B00000-0x0000000000FBF000-memory.dmp

                                                          Filesize

                                                          4.7MB