Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-08-2024 05:02

General

  • Target

    259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe

  • Size

    1.8MB

  • MD5

    b2f0d9cde6cd1f83091b9f2a6875e6a9

  • SHA1

    a7bb83cc3f9edc38751ba908d3e0bf393dcfdfc6

  • SHA256

    259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd

  • SHA512

    51bae1077f202a997dbb78e3ece8cf14737362aaeb0e263917a0ba44cfb89cee3b2532c2e5db88151e07c2c8f644be5a4fc3cffb4c6a7f202ee58812afae5de6

  • SSDEEP

    49152:38+S7Y13iG6Fl9z0+S92ONgoknqqFwY0OiMl+SkIxsNo:M5zplR0njNZviwYZjl+Yu

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0657d1

C2

http://185.215.113.19

Attributes
  • install_dir

    0d8f5eb8a7

  • install_file

    explorti.exe

  • strings_key

    6c55a5f34bb433fbd933a168577b1838

  • url_paths

    /Vi9leo/index.php

rc4.plain

Extracted

Family

stealc

Botnet

kora

C2

http://185.215.113.100

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

  • Stealc

    Stealc is an infostealer written in C++.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 14 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 9 IoCs
  • Identifies Wine through registry keys 2 TTPs 7 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe
    "C:\Users\Admin\AppData\Local\Temp\259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
      "C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe
        "C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
            PID:4396
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:4304
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:4056
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
                6⤵
                • Checks processor information in registry
                • Modifies registry class
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:3192
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.0.19618515\652589225" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1652 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {070a6be1-ecf6-4dd9-a9b5-5ab269c7b113} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 1764 2246ebdbb58 gpu
                  7⤵
                    PID:1660
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.1.1101292760\478660733" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdd798b3-ae81-4337-a4a5-001753a6db5b} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 2140 2245c872158 socket
                    7⤵
                      PID:3176
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.2.1422336327\878201955" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2796 -prefsLen 21809 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {484b2c63-a3ea-4af2-83d1-ec57f7b6d0e0} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 3040 2246eb5ce58 tab
                      7⤵
                        PID:4108
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.3.794031687\1621949624" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 2464 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee19dc2-4ccc-4510-91fb-d98caecb6bb0} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 996 22473064a58 tab
                        7⤵
                          PID:2972
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.4.1683067599\460580353" -childID 3 -isForBrowser -prefsHandle 4708 -prefMapHandle 4692 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a64049ca-e622-4596-aae9-c069d4b04358} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4716 22475c76c58 tab
                          7⤵
                            PID:5004
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.5.695800744\1999302700" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa3a6e0-5134-4e68-881e-41bcb8fe4110} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4960 22475c77258 tab
                            7⤵
                              PID:4220
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.6.1521049519\553312737" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 4968 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50958ed-7ee6-4893-a65a-3406b9dfe4d4} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 5088 22475d54558 tab
                              7⤵
                                PID:4952
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3192.7.1782515130\1096917961" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5544 -prefsLen 26529 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {740ae149-2aa6-42b3-80bd-3dbb1747fddf} 3192 "\\.\pipe\gecko-crash-server-pipe.3192" 4892 2247713fb58 tab
                                7⤵
                                  PID:2024
                        • C:\Users\Admin\1000037002\d97bf81a34.exe
                          "C:\Users\Admin\1000037002\d97bf81a34.exe"
                          3⤵
                          • Executes dropped EXE
                          • Suspicious use of SetThreadContext
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of WriteProcessMemory
                          PID:832
                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                            4⤵
                              PID:2108
                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                              4⤵
                              • System Location Discovery: System Language Discovery
                              PID:2104
                          • C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe
                            "C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe"
                            3⤵
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:3584
                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        1⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        PID:716
                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        1⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2812
                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        1⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4956
                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        1⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4740
                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
                        1⤵
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3644

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\1000037002\d97bf81a34.exe

                        Filesize

                        206KB

                        MD5

                        62c81eb8cd78dbcf5767f84caad6972e

                        SHA1

                        9a508e8724c1431394717ebd3c6dee2f9f21d082

                        SHA256

                        166a8fac98b553a4e3647cefc034fe826b753958c0be902d9483148edb001250

                        SHA512

                        2feaa6cb070e548790b01601fe13846cd7eb005e2f1b8441092f4f92a1e4cfea6c1bc84314f78ea023e10bec8e3d5712ca43336c090eed0073c7ed99ebbf5af5

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

                        Filesize

                        49KB

                        MD5

                        d748aa903bd5ecc6b4d26dee23c88cb5

                        SHA1

                        261d184847ab1d3de7871e5c4af723217980d590

                        SHA256

                        c9d52b3fccdee15501fd916b79365d0af36ddeb5f806a3f4393a2c62cfe149ca

                        SHA512

                        0b4a181cbb29d50299f1872ce243b13a17efc7a876261158d1f41ed6f75a0a9a9398ec5eeadd8e108e5ad88dfa619510c9141a95b04b37f3bb8578afbe22aeb7

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

                        Filesize

                        9KB

                        MD5

                        04222f80e7f668fe6cb5abb2acf2de55

                        SHA1

                        6d5d768eea5845023a639e280f1a50f33285323a

                        SHA256

                        7dd188c29e4731db706c9c995e92a42a50f8c0fb0566e42bb353319a0b7383c1

                        SHA512

                        520731a998038d10c5ffa65a165545e7cb15358fbf90f9245073e176ffa8bf0e8fd658c466d2c0ed4d497eeb6c5d06b336b198849d1c3719bfc2f79cf82f7ae5

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\099EB2BF8827A4F91EAB3E38B14650D0205226F2

                        Filesize

                        15KB

                        MD5

                        325f5e16d84528b677d98f2b79ccd63d

                        SHA1

                        2528f4a3f759a424a87d3bc769ef7c8deaea5250

                        SHA256

                        8c4f3969ff34b500255257b852b171350dd68d6cb01ceae162dd44dc176122a9

                        SHA512

                        894dad44183358c95b6a52f6aa090a98236dc8aa8b11e2695f0777d42f51c5bb41339b396c8a357821c7a187e0ff3c690cd0e65fc13d20d1aebfb805b590e432

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                        Filesize

                        9KB

                        MD5

                        8bd42b1079076bbe8a3c2e738518ac8c

                        SHA1

                        170c1db96c59d8d0c74f7d7fdbb371a587abdae8

                        SHA256

                        f3132d1d1ce636f5f04050c1e583ca932b9e556e81c2d8afe7e13ed5e7d13de9

                        SHA512

                        21f4385a504363dfc0014abdd8b1e1cc249f79ac06422bc6feae25ff594b3d444a85f844653e4e7ef5af2650083d67c7f50ceb303579c6818301ef4856a6c5f6

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

                        Filesize

                        13KB

                        MD5

                        68968659f79a5aec142dab2ec004cb93

                        SHA1

                        ae015f484fe1dc0b20c8eb71af16390f7c56da03

                        SHA256

                        7b94f8092ab8e74155171d5344ba8737ec0380128a88e1f0f6c6b64a6863a29f

                        SHA512

                        266d58a8160c92da21053c3db12a97b26d40cbbec14d65dff48f3cf9d2a13bd4db246b07174d45ee09c34c28e86ea0f8d781cb13bec227e20856528a029e2c7b

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\54075BE4BB4CEC68713D2AC66A9955D8EB1B7384

                        Filesize

                        35KB

                        MD5

                        03d4bb994b34199f9d4660b95c94dfe1

                        SHA1

                        d924323ce6eec4237e0e10b87096c5312eb05a39

                        SHA256

                        3917c00b0dc29489213f0ae3863935bee9b79a95aa6bcb75d84be5a3d4cd131f

                        SHA512

                        3995fbd42a64e1f0065b2f945391f4800464cb8990ec227273a10f3fc0d436def57f6fb9dcb2747dc36f19093831829abba02cdfef6474b3644f9804165a46ca

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                        Filesize

                        15KB

                        MD5

                        acbdc382f38de38a5495c914f7fe932b

                        SHA1

                        047f1a1efc23947655b9bb7a9ad5a78329463f06

                        SHA256

                        67c3cabb021990f076dd487ba808cb051c6cce45bd5eb5169e7c2ef7d5e621c6

                        SHA512

                        ed328d4d8ddef5f3b701baf1fc84153ad69be7f18b8a6c4afc1cbea5506eeacec4b24c382201e9b7e137b3e2301dccffce1020bd4c8c2acc93bdad50c0ca05c4

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

                        Filesize

                        13KB

                        MD5

                        b3f0484972145486d9d48812126b3ae9

                        SHA1

                        e722b538026a854ab97afd41e3640bcd6a1ccc2f

                        SHA256

                        ff7634592301e774e3faf6a9a62902d3a9de0a0223786fe9bc90fdd71c8312fc

                        SHA512

                        cd7bd0c3c93329aa4ce09f769deff22160f625dd21d254013137e999cd49e260050ca4ac562a2c74706850ccff2867b702729b78caf05b0adef1917fbe9666a0

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

                        Filesize

                        11KB

                        MD5

                        193b93ec2f42f5bae489f61ed1602433

                        SHA1

                        3b4eccd8f40a08ee86cd0c6a84cd902edacf4008

                        SHA256

                        6e01ed9e60cf205d3075e10c222314385dd52aec9908e39eac38c78771e91d68

                        SHA512

                        2e1331ce0a06471bdbcc6fad2b63c8ab78d1c5089692fb9c6ba3eaeaa9e8b831f684cb1b584425c52e052bdf0fe34b6260275c1e8b3733ff84802a67e9996f7e

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

                        Filesize

                        9KB

                        MD5

                        aa5fc5770f44440cb78299565d31c268

                        SHA1

                        0c7cbdb9c09b368ae0cb6205e4c64ee604b6bafe

                        SHA256

                        13d8650cfcd6e18fdf6c5b9a9a13436a906510935d981fa2f412aadfc866c6bf

                        SHA512

                        810d62549624a36cb9365d0d58e9faf6e6f11f5bca0a696207ba3543baea998fef799fe29977df2cfbe6696dffe440baf4866e0750448cce95d5a98ff04938f9

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                        Filesize

                        7KB

                        MD5

                        c460716b62456449360b23cf5663f275

                        SHA1

                        06573a83d88286153066bae7062cc9300e567d92

                        SHA256

                        0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                        SHA512

                        476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                      • C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

                        Filesize

                        1.8MB

                        MD5

                        b2f0d9cde6cd1f83091b9f2a6875e6a9

                        SHA1

                        a7bb83cc3f9edc38751ba908d3e0bf393dcfdfc6

                        SHA256

                        259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd

                        SHA512

                        51bae1077f202a997dbb78e3ece8cf14737362aaeb0e263917a0ba44cfb89cee3b2532c2e5db88151e07c2c8f644be5a4fc3cffb4c6a7f202ee58812afae5de6

                      • C:\Users\Admin\AppData\Local\Temp\1000036001\445fa0a4b2.exe

                        Filesize

                        1.2MB

                        MD5

                        db946418424011c782182c76ab8c179f

                        SHA1

                        d640d54d341cf6341bd434c9015d23d22156612a

                        SHA256

                        bfdffea79fd6126c2256fab3f3b0421ec9b3a77a618fc406cd0f2e7d4a38f04e

                        SHA512

                        a73c645fe96ff6e49207326af35635998af343d2aa5ddd5e8b2bbd2bcded52869d588bb8c69eb220593d3152be99812e3462b1b09deea80adcac30bed9ed8956

                      • C:\Users\Admin\AppData\Local\Temp\1000038001\00a5877a53.exe

                        Filesize

                        187KB

                        MD5

                        278ee1426274818874556aa18fd02e3a

                        SHA1

                        185a2761330024dec52134df2c8388c461451acb

                        SHA256

                        37257ddb1a6f309a6e9d147b5fc2551a9cae3a0e52b191b18d9465bfcb5c18eb

                        SHA512

                        07ec6759af5b9a00d8371b9fd9b723012dd0a1614cfcc7cd51975a004f69ffb90083735e9a871a2aa0e8d28799beac53a4748f55f4dd1e7495bc7388ebf4d6a0

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                        Filesize

                        442KB

                        MD5

                        85430baed3398695717b0263807cf97c

                        SHA1

                        fffbee923cea216f50fce5d54219a188a5100f41

                        SHA256

                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                        SHA512

                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                        Filesize

                        8.0MB

                        MD5

                        a01c5ecd6108350ae23d2cddf0e77c17

                        SHA1

                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                        SHA256

                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                        SHA512

                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                        Filesize

                        7KB

                        MD5

                        8d1608192f86fa02da06a201581d83b3

                        SHA1

                        d4a2a67feb97c94b2483701ddf4d4a357af0b5e9

                        SHA256

                        80357437cbf3956dc51104ec36495f1ce9fae74b5cd39b9eff9df34d57c16f64

                        SHA512

                        541ddec725992e88063f9593b9da22945e176e5fa864cca5fe6d4dde59a956324c553456813b2ac3d78ac4d68ac1e4e9dd347ef6ea27ca70f6a07932eb0508d2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-08-12_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4

                        Filesize

                        953B

                        MD5

                        14e152530b0003973263fd54064ea363

                        SHA1

                        98a18c46e4980317a1f795bb0f364f02b7524f06

                        SHA256

                        98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199

                        SHA512

                        21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json

                        Filesize

                        204B

                        MD5

                        72c95709e1a3b27919e13d28bbe8e8a2

                        SHA1

                        00892decbee63d627057730bfc0c6a4f13099ee4

                        SHA256

                        9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                        SHA512

                        613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

                        Filesize

                        2KB

                        MD5

                        c2cced1d7aa1ad750047f4c020d8bfcc

                        SHA1

                        c6055b89e52ccac5cdf52ec8aae8e1c2c03088ce

                        SHA256

                        c480c6a2c0672c121680db26926775a37b402d7e434b8390119ad872c17b469d

                        SHA512

                        7f40892814764bb079d8b41c33742223d23649c901d463cb0bf9a41c0e73da3c6318245f744b8829ebb0f1c05b6258d5cff8284bbe9f8022caf0fb3b2ecf8fc5

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\e175b8a1-6099-4d69-a76a-781f3eb0d5dc

                        Filesize

                        10KB

                        MD5

                        7b47b0e42a336407b8cf5d4f314b485b

                        SHA1

                        cf61d0941230bea56173595e8237ec1d7b57aafd

                        SHA256

                        356f4979450f5390bbedf168f00e00bc33a802b458ec94bf4a034e73fc9ef826

                        SHA512

                        ac1e84f39b9a3daee5b97d62c3a2489b7f43b97731d0f7ea3b88e1b271b3b1fc512b81d33f42eb89cfe9c18ce4a6d774b8d71ac5fc61732f29d814e19ba2de6f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\e7f69535-c382-4282-8fca-7f272ad2b08b

                        Filesize

                        746B

                        MD5

                        8eb5dac91382eada115a2d7c506f8de0

                        SHA1

                        c89a803a204a90cf07b57acbb245d3371c95c95a

                        SHA256

                        55ef004d98fb9c9fc4ea73e55ffd554190c8973a5a18ea8009d4b5c053bb5899

                        SHA512

                        165867cb7eba8b9adb3e74a9f298901768ac6edf29f78212ce07ef5000cf8e8d6815af3c9048f565c7b2ebba261302b72ad2e9a771fa3b0d3baf58f3f18aeb3a

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                        Filesize

                        997KB

                        MD5

                        fe3355639648c417e8307c6d051e3e37

                        SHA1

                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                        SHA256

                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                        SHA512

                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                        Filesize

                        116B

                        MD5

                        3d33cdc0b3d281e67dd52e14435dd04f

                        SHA1

                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                        SHA256

                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                        SHA512

                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                        Filesize

                        479B

                        MD5

                        49ddb419d96dceb9069018535fb2e2fc

                        SHA1

                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                        SHA256

                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                        SHA512

                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                        Filesize

                        372B

                        MD5

                        8be33af717bb1b67fbd61c3f4b807e9e

                        SHA1

                        7cf17656d174d951957ff36810e874a134dd49e0

                        SHA256

                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                        SHA512

                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                        Filesize

                        11.8MB

                        MD5

                        33bf7b0439480effb9fb212efce87b13

                        SHA1

                        cee50f2745edc6dc291887b6075ca64d716f495a

                        SHA256

                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                        SHA512

                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                        Filesize

                        1KB

                        MD5

                        688bed3676d2104e7f17ae1cd2c59404

                        SHA1

                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                        SHA256

                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                        SHA512

                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                        Filesize

                        1KB

                        MD5

                        937326fead5fd401f6cca9118bd9ade9

                        SHA1

                        4526a57d4ae14ed29b37632c72aef3c408189d91

                        SHA256

                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                        SHA512

                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                        Filesize

                        7KB

                        MD5

                        556188707146e39beffee94f3ef47eb8

                        SHA1

                        26d3de95b90635525bf7362d9b742d793e454c80

                        SHA256

                        f86551698b34a6fcdfaebe38529d596eaa06d3e63552520f1138e3a00833c88e

                        SHA512

                        180e15a7f6231ef02cc6ddfcf2d5578b7c69cd936aa41f19d22f93309cbb4c1339ea68c98500e693b7d384c27fccefdd1eb37cf7e050c9b0d0e029dbe8b3f447

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        da8d649e80251e5aea3385e1556c8c43

                        SHA1

                        2663b67d9f253ae19f79ebabb4362db2eee1bab4

                        SHA256

                        42ef1f55a030b61bb317376cacead743edf464a826ca5665bd4873cc18fac779

                        SHA512

                        5d11ccff32dc4f6e5575c65270cc7e9e8d3e39cb9d719c02307593ae23f6cec76c61af38a38cf9e7966592be5994536c312368cdb27b3af038475bf294ce53d4

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                        Filesize

                        7KB

                        MD5

                        4067c76945ad26046292a71176842f03

                        SHA1

                        a88c0e5380eb8cad6819b1c0438ebbf0290e2bb6

                        SHA256

                        e993a03aa88a21a20330d190c1e7bda88390ed6e01c2574d85b55e6431e0f652

                        SHA512

                        c2dd79d421db188b78805f91c7df0d617ba0402cb9f5256790b791925f85dfe2b267485de3e6954942402dd86c5f0ffbd8c7acd49d4d1da40573130588fa4b10

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                        Filesize

                        7KB

                        MD5

                        cb6eaa309751919d2f146ebb6b7b980d

                        SHA1

                        ccc40bf1ea7107ea934034b01d5b6ac0e04577fe

                        SHA256

                        0d39b8c8223863b694b543482464db109ddb975aae9189d5387df6b4ef7fa497

                        SHA512

                        7d045d77ad47947ae526eb59700355882860a4b245c58add2adf871ab1a3375ac73c9e64a92722f3cff571989514ca48c80f0b660045bce15dfebc96427dcd6b

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js

                        Filesize

                        6KB

                        MD5

                        851cb82269f00d289553c1447c7b9c58

                        SHA1

                        91cdab107b3fe885a1b41d67ce956190470e9a59

                        SHA256

                        bf7282998779d72095775f6c1a6a0c1dd3154fe8df9198fccfd8bed7c654ead0

                        SHA512

                        5bb6a3c97e2a73af139efe5942e4d3183fc543f683dd41ef760e52af49d1cff5e4c02702d5bf4b24a9733f42d148cf904411b50efa7929a07f84c3354034c466

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json

                        Filesize

                        90B

                        MD5

                        c4ab2ee59ca41b6d6a6ea911f35bdc00

                        SHA1

                        5942cd6505fc8a9daba403b082067e1cdefdfbc4

                        SHA256

                        00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                        SHA512

                        71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        4KB

                        MD5

                        f6ea354907746df9dd80ec9ed4c83653

                        SHA1

                        b23e04cfa0daca79f316fffde8e93494e074d61d

                        SHA256

                        d62bfefa2cba7650effc22e472645ed6125f3f0ac294af93d6e5de6cfffa9a30

                        SHA512

                        139f4afacb4ee156d7bf7fd5abcb15e86927053d3da7ba8e61caaebd3b90026d4f45f87cf1e2bc031eb54d0d426d95e707e64186454e3ea68b5e519cc3cd704f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        4KB

                        MD5

                        792a9225c20ba7bee624f485d35b2dfe

                        SHA1

                        4d187d56649087d735626221ce5c1cbf4f65d6e2

                        SHA256

                        79fa15f6bf5b35d7ee0b1f13c188be35c8f1939de7b08534c1c1a6f22694d728

                        SHA512

                        337669f8ea6723711080ff3a3523592b8ab036ea85a0619805602c9702eba231c32cde3e6c167ff8964ea147e237be626b1bdb2b178c565b94ca9c034de6de3e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        184KB

                        MD5

                        4c1f58aca80b52032da4ac4bee4ce462

                        SHA1

                        9ce602c07d2e23aebc8a60043c1e530197c6b04c

                        SHA256

                        84b09dcc0173819e4e0f7e70560d18b08b7588e87a1243a1331a8e8cee3ce372

                        SHA512

                        60c5f8e824fcd032d05bbc1cd356ecd3d53b7952283670ad5b06f548d1ffd330400af830c44b0400de1eb606c893af4f53b5165ba7ab7b8ab19a3bedcedfe83d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json

                        Filesize

                        4KB

                        MD5

                        c8645ab5ca9cbf9b935755443884f23a

                        SHA1

                        7e0b69d3c0b3d6568aba62f83f01b2a4bbdec1fe

                        SHA256

                        0f569c91685fb13de271a2e04a0061a72192d447e9ff5ee73a56f876ee67be6f

                        SHA512

                        0360c0e0ea147773eccdfbffb7650b29db53f2fc3b0b8327f368b1d2514c37557a75aa1e408665da2c126720c487dfcb10d3fa95165d7892bf3e39ffa04974d9

                      • memory/716-362-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/716-363-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/832-44-0x00000000003B0000-0x00000000003E8000-memory.dmp

                        Filesize

                        224KB

                      • memory/1908-407-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-352-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-259-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-194-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-517-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-509-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-409-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-508-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-507-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-270-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-496-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-374-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-376-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-381-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-382-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-383-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-384-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-492-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-14-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-410-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-389-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-390-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-396-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-397-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-398-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-15-0x0000000000861000-0x000000000088F000-memory.dmp

                        Filesize

                        184KB

                      • memory/1908-406-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-277-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-408-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-269-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-388-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-411-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-16-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-415-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-17-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-18-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/1908-276-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2104-51-0x0000000000400000-0x0000000000643000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/2104-47-0x0000000000400000-0x0000000000643000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/2376-3-0x00000000011F0000-0x00000000016BA000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2376-0-0x00000000011F0000-0x00000000016BA000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2376-1-0x0000000077694000-0x0000000077695000-memory.dmp

                        Filesize

                        4KB

                      • memory/2376-2-0x00000000011F1000-0x000000000121F000-memory.dmp

                        Filesize

                        184KB

                      • memory/2376-13-0x00000000011F0000-0x00000000016BA000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2376-5-0x00000000011F0000-0x00000000016BA000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2676-39-0x0000000000960000-0x0000000000A90000-memory.dmp

                        Filesize

                        1.2MB

                      • memory/2812-386-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/2812-387-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/3584-68-0x00000000011F0000-0x0000000001433000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/3584-67-0x00000000011F0000-0x0000000001433000-memory.dmp

                        Filesize

                        2.3MB

                      • memory/3644-516-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/3644-515-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/4304-54-0x0000000000400000-0x000000000052D000-memory.dmp

                        Filesize

                        1.2MB

                      • memory/4304-52-0x0000000000400000-0x000000000052D000-memory.dmp

                        Filesize

                        1.2MB

                      • memory/4304-48-0x0000000000400000-0x000000000052D000-memory.dmp

                        Filesize

                        1.2MB

                      • memory/4740-414-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB

                      • memory/4956-405-0x0000000000860000-0x0000000000D2A000-memory.dmp

                        Filesize

                        4.8MB