c3e56e388d992bfed1ed7ab2db686aa4b06ea501c44ddc4be757ba6c265f08d9

Analysis

max time kernel
2700s
max time network
2604s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-09-2024 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

madeinwindows.exe
Size

74.5MB
MD5

7a65beb6edc153af3126ed933dbae7e4
SHA1

ff5491b526ef8f91719737971bf908cdc2075e3c
SHA256

c3e56e388d992bfed1ed7ab2db686aa4b06ea501c44ddc4be757ba6c265f08d9
SHA512

455edeca0af7873675c27d8c614938da04db46f86f0690bf5fa8477a65c70f1011757d617bcf91c99162e87b7c2ae1d6dfb5994f7d71fec129c418caf44e1d30
SSDEEP

1572864:fvHcRlnWNSk8IpG7V+VPhqFxE7ulhpBBPiYweyJulZUdgD7IAtyyOlPH1O3:fvHcRVYSkB05awFjLpnApu/7IAs3tO3

Score

9^/10

defense_evasion discovery execution upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	madeinwindows.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	madeinwindows.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	madeinwindows.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	madeinwindows.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
6272	powershell.exe
4804	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
7840	madeinwindows.exe
5116	madeinwindows.exe

Loads dropped DLL 64 IoCs

pid	Process
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
31	discord.com
4	discord.com
22	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002adee-1357.dat	upx
behavioral1/memory/2900-1361-0x00007FFD13050000-0x00007FFD13715000-memory.dmp	upx
behavioral1/files/0x000100000002a9b8-1363.dat	upx
behavioral1/files/0x000100000002a9bc-1375.dat	upx
behavioral1/memory/2900-1371-0x00007FFD2DB80000-0x00007FFD2DB8F000-memory.dmp	upx
behavioral1/memory/2900-1416-0x00007FFD28BC0000-0x00007FFD28BED000-memory.dmp	upx
behavioral1/memory/2900-1415-0x00007FFD29E70000-0x00007FFD29E8A000-memory.dmp	upx
behavioral1/files/0x000100000002ad7e-1414.dat	upx
behavioral1/files/0x000100000002ad99-1419.dat	upx
behavioral1/memory/2900-1418-0x00007FFD29D10000-0x00007FFD29D24000-memory.dmp	upx
behavioral1/files/0x000100000002a9bb-1417.dat	upx
behavioral1/files/0x000100000002ae75-1421.dat	upx
behavioral1/memory/2900-1428-0x00007FFD28BA0000-0x00007FFD28BB9000-memory.dmp	upx
behavioral1/files/0x000100000002ad90-1431.dat	upx
behavioral1/memory/2900-1436-0x00007FFD24B50000-0x00007FFD24C6A000-memory.dmp	upx
behavioral1/memory/2900-1433-0x00007FFD285F0000-0x00007FFD285FB000-memory.dmp	upx
behavioral1/memory/2900-1432-0x00007FFD28A00000-0x00007FFD28A0D000-memory.dmp	upx
behavioral1/memory/2900-1438-0x00007FFD28BF0000-0x00007FFD28C15000-memory.dmp	upx
behavioral1/memory/2900-1457-0x00007FFD24D00000-0x00007FFD24D16000-memory.dmp	upx
behavioral1/memory/2900-1459-0x00007FFD24B10000-0x00007FFD24B24000-memory.dmp	upx
behavioral1/memory/2900-1464-0x00007FFD24630000-0x00007FFD24647000-memory.dmp	upx
behavioral1/memory/2900-1463-0x00007FFD29D10000-0x00007FFD29D24000-memory.dmp	upx
behavioral1/memory/2900-1462-0x00007FFD24600000-0x00007FFD24622000-memory.dmp	upx
behavioral1/memory/2900-1461-0x00007FFD12B10000-0x00007FFD13043000-memory.dmp	upx
behavioral1/memory/2900-1458-0x00007FFD24B30000-0x00007FFD24B42000-memory.dmp	upx
behavioral1/memory/2900-1456-0x00007FFD24D20000-0x00007FFD24D2C000-memory.dmp	upx
behavioral1/memory/2900-1455-0x00007FFD24D30000-0x00007FFD24D42000-memory.dmp	upx
behavioral1/memory/2900-1454-0x00007FFD24D50000-0x00007FFD24D5D000-memory.dmp	upx
behavioral1/memory/2900-1453-0x00007FFD24D60000-0x00007FFD24D6C000-memory.dmp	upx
behavioral1/memory/2900-1452-0x00007FFD24D70000-0x00007FFD24D7C000-memory.dmp	upx
behavioral1/memory/2900-1451-0x00007FFD24D80000-0x00007FFD24D8B000-memory.dmp	upx
behavioral1/memory/2900-1450-0x00007FFD24D90000-0x00007FFD24D9B000-memory.dmp	upx
behavioral1/memory/2900-1449-0x00007FFD24E00000-0x00007FFD24E0C000-memory.dmp	upx
behavioral1/memory/2900-1448-0x00007FFD24E10000-0x00007FFD24E1E000-memory.dmp	upx
behavioral1/memory/2900-1447-0x00007FFD24E20000-0x00007FFD24E2C000-memory.dmp	upx
behavioral1/memory/2900-1469-0x00007FFD24520000-0x00007FFD2456D000-memory.dmp	upx
behavioral1/memory/2900-1470-0x00007FFD243B0000-0x00007FFD243C1000-memory.dmp	upx
behavioral1/memory/2900-1468-0x00007FFD24570000-0x00007FFD24589000-memory.dmp	upx
behavioral1/memory/2900-1465-0x00007FFD28B50000-0x00007FFD28B83000-memory.dmp	upx
behavioral1/memory/2900-1467-0x00007FFD24590000-0x00007FFD245A5000-memory.dmp	upx
behavioral1/memory/2900-1466-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp	upx
behavioral1/memory/2900-1446-0x00007FFD24E30000-0x00007FFD24E3C000-memory.dmp	upx
behavioral1/memory/2900-1445-0x00007FFD24E40000-0x00007FFD24E4B000-memory.dmp	upx
behavioral1/memory/2900-1444-0x00007FFD24E50000-0x00007FFD24E5C000-memory.dmp	upx
behavioral1/memory/2900-1443-0x00007FFD24E60000-0x00007FFD24E6B000-memory.dmp	upx
behavioral1/memory/2900-1442-0x00007FFD24E70000-0x00007FFD24E7C000-memory.dmp	upx
behavioral1/memory/2900-1441-0x00007FFD24E80000-0x00007FFD24E8B000-memory.dmp	upx
behavioral1/memory/2900-1440-0x00007FFD24E90000-0x00007FFD24E9B000-memory.dmp	upx
behavioral1/memory/2900-1439-0x00007FFD24EB0000-0x00007FFD24EBF000-memory.dmp	upx
behavioral1/memory/2900-1435-0x00007FFD24FA0000-0x00007FFD24FC7000-memory.dmp	upx
behavioral1/memory/2900-1434-0x00007FFD13050000-0x00007FFD13715000-memory.dmp	upx
behavioral1/files/0x000100000002a9bf-1429.dat	upx
behavioral1/memory/2900-1427-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp	upx
behavioral1/memory/2900-1426-0x00007FFD28B50000-0x00007FFD28B83000-memory.dmp	upx
behavioral1/memory/2900-1425-0x00007FFD28B90000-0x00007FFD28B9D000-memory.dmp	upx
behavioral1/memory/2900-1473-0x00007FFD24EB0000-0x00007FFD24EBF000-memory.dmp	upx
behavioral1/memory/2900-1474-0x00007FFD19010000-0x00007FFD19048000-memory.dmp	upx
behavioral1/memory/2900-1472-0x00007FFD1A250000-0x00007FFD1A2AD000-memory.dmp	upx
behavioral1/memory/2900-1471-0x00007FFD24390000-0x00007FFD243AE000-memory.dmp	upx
behavioral1/files/0x000100000002ada2-1424.dat	upx
behavioral1/memory/2900-1423-0x00007FFD12B10000-0x00007FFD13043000-memory.dmp	upx
behavioral1/files/0x000100000002a9c6-1422.dat	upx
behavioral1/files/0x000100000002a9c0-1420.dat	upx
behavioral1/files/0x000100000002ad7c-1412.dat	upx

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\ServiceState\WinHttpAutoProxySvc\Data\cachev3.dat	svchost.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\madeinwindows.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721901672568722"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-8d-fb-e4-37-69	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-8d-fb-e4-37-69\WpadDecisionReason = "1"	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-8d-fb-e4-37-69\WpadDecisionTime = 6794cba56113db01	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-8d-fb-e4-37-69\WpadDecision = "0"	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\madeinwindows.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
2900	madeinwindows.exe
4804	powershell.exe
4804	powershell.exe
4804	powershell.exe
5116	madeinwindows.exe
5116	madeinwindows.exe
5116	madeinwindows.exe
5116	madeinwindows.exe
5116	madeinwindows.exe
5116	madeinwindows.exe
6272	powershell.exe
6272	powershell.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6936	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2900	madeinwindows.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeDebugPrivilege	4804	powershell.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe
6936	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5696	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 2900	1080	madeinwindows.exe	79
PID 1080 wrote to memory of 2900	1080	madeinwindows.exe	79
PID 2076 wrote to memory of 3992	2076	chrome.exe	83
PID 2076 wrote to memory of 3992	2076	chrome.exe	83
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 2008	2076	chrome.exe	85
PID 2076 wrote to memory of 1164	2076	chrome.exe	86
PID 2076 wrote to memory of 1164	2076	chrome.exe	86
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87
PID 2076 wrote to memory of 1540	2076	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\madeinwindows.exe
"C:\Users\Admin\AppData\Local\Temp\madeinwindows.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Users\Admin\AppData\Local\Temp\madeinwindows.exe
  "C:\Users\Admin\AppData\Local\Temp\madeinwindows.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2900
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\yuo\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd2477cc40,0x7ffd2477cc4c,0x7ffd2477cc58
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1728,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1404,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3556,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5152,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5176,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:7432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3268,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:7672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5484,i,3941248557924498613,778945331149950206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=216 /prefetch:8
  2⤵
  PID:7680
- C:\Users\Admin\Downloads\madeinwindows.exe
  "C:\Users\Admin\Downloads\madeinwindows.exe"
  2⤵
  - Executes dropped EXE
  PID:7840
- - C:\Users\Admin\Downloads\madeinwindows.exe
    "C:\Users\Admin\Downloads\madeinwindows.exe"
    3⤵
    - Enumerates VirtualBox DLL files
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5116
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\yuo\""
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6272

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D4
1⤵
PID:4552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2756

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:7540

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:7188

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:696

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:7912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:7324

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5704
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {712af31c-11fb-4be8-a268-993d181c5c27} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" gpu
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16716f1f-2e31-430a-a4f3-ba04cc42bd69} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" socket
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2896 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3d67b50-17a5-42a4-afc4-9e630fd70d64} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3460 -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3748 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adaa1cec-340a-4328-a81a-62e5cc607db8} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:4900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4176 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4104 -prefMapHandle 4288 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8fe113-c634-415c-a450-74387f8e183c} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" utility
    3⤵
    - Checks processor information in registry
    PID:2308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5276 -childID 3 -isForBrowser -prefsHandle 3232 -prefMapHandle 5432 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f23d73-b0bc-41b0-9833-cbe7da69a38e} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:4036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 4 -isForBrowser -prefsHandle 2888 -prefMapHandle 5468 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd8e48b4-658b-4c27-97db-2202821d3f3f} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:2640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 5 -isForBrowser -prefsHandle 5824 -prefMapHandle 2888 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {736afd6c-5c5a-417e-9b18-097295950276} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 6 -isForBrowser -prefsHandle 2836 -prefMapHandle 3876 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {282bfc70-e2f3-434f-a96a-787989561565} 5696 "\\.\pipe\gecko-crash-server-pipe.5696" tab
    3⤵
    PID:1288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:7800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7d69a35b8147ada80bca136e41627be0

SHA1
1f574af44f53c4e1186354e00b1a12bfecda478c

SHA256
2f655658fc3f4eba24c2c53c6013ad37bb5c86abb2aac7fcfec89b4b0445171a

SHA512
0a45091bdd3940ed81a83a113c2b672ac4cf5b8bc7cb65da70ae927774e4f0e861e7c1c36f81b8af8b880a72e08b034695730959b1a3e4a175ed78311fec30db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
80d0889e3708058c1ffc6f421e23456e

SHA1
056e09dffc737e74efcb5084eac4732e44fcdc1b

SHA256
1f514acd2edab86df4b2162b24735a0b630dd57dbdd6fe7d4f93111fdfcd64e9

SHA512
9863d32795684919e6fb03f18b4a1d1cfa4955a920d1fdf799fcb81c16db095124a771a83fb587f4891faafdcf902a48e200eda47521ca6b00356064a3dfe0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
50fda4724684bf9a5b789b17a02e0a43

SHA1
50fcbaa02642396808db3a1e92204969f9885bef

SHA256
ca9c73f83f8540a5de46620dec376344110ddcad22d50ca06971726fe7d28360

SHA512
25f7b4204e1e7ab99557cd524e05c78b7ebc71d3d06227bee8f454a6b27f5ee53e3b8e55ec29d3146cbb8061e877d77561fddecc5ed85e32320012382ec23c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ed2af076-5e29-455b-b6f5-bfca427ee2ee.tmp

Filesize
356B

MD5
8c35b4c76cf5bb67229b9ac2934e155b

SHA1
e2286fdd73b4a46c134189d8b1dadee18b74bc96

SHA256
3233f7aee23f29454c3f5f161bd8476425ef3e3da1cc2ad376ab15d7d4f172c1

SHA512
109b5880c1db699bbe1e22c63958c6f7a9cf3c6095fd9c8c2341d46f3cf3bf4e6e5fa2f9defda3507b23613c164be317ba11bf31b8c19275b0cc8f0d46644c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f1dd94b42e7c86bfc921f20df4d7a56

SHA1
100edd1117fca0cc26f7eced4813017d1fd3b3e2

SHA256
fcdf12459d6d8dc9fc10bf5e35a15e26fcbdab91031a1c5b18f53d9fab1f77c5

SHA512
6f95e788db0f1a53f96415cbe9ab21b2ef0de93f49b23805550106bd6fcfeacae484c1dd6ecbbff2986bbe24a7260c56c88fc1e3574df0b6745e17349028621f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10e8e1ddfdd23fe5dc96999f0b0eab78

SHA1
e91278998c2caf719d49f501764bd2ab1e57d992

SHA256
c29f8efdfa4ebbdba33664e4c1d166df22d7abc6d2a740f9db2e5899f90d5c60

SHA512
0340e99e2de0c3ef7aa9651cecf3dd15edfe73703a195a932ce1e1a5295169975a0fc3ee9171b253c21732f599c6d2c203bcd129fa90549e9471eb17f2369110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
356c6bccea3dd3f1da0fb7e7c63236f3

SHA1
b541e004696e03ca4235dd44a40c1576b4d1d16f

SHA256
bd311b6659519907517bb2d30e384afa1ca8ae868382514bf33efb319dfd35b0

SHA512
a67225f5a28da1ec6593cb0a879f697559121395d2a138dbfbc7ad13e647d5f29edc8952c6005269c9012452e6e722f257141d49bb7e1a8a757ab3c4a633cc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
82b59f39e58ea0c4948547697c8a2c60

SHA1
6acdfdc61fd101d656e4db754d852aabdc4fe7ec

SHA256
4edd7141c1e3fa068d427dc10f5db94ca56c13f75349ee77fad9d540f8f369a5

SHA512
6b956ccc712526a26a207644a1ccb942502e4f6a48232bfdf1ebf539f81308aa7d1bd8d8078abfc93fe6185cc158493235db68962f36ba736736ba50b79ce62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
a58acc57cd1771b0c04598581f089eb7

SHA1
c92e7122945079daec9f8512f2c454a0ed5d0c58

SHA256
9d968e4a2d9484bdb1b467725f2ccb9759c6430966b8d6d5ec384b2c8b236f5f

SHA512
24ae256c2b3d9d7e3bbb4eeb8b79d6351ef77c6e5a39e1e477d4c4db9352beb209416c81499e45ecaa7dc2eb67ab3af5574e2a6c47e49bacb3cc7bea277cde24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
1a55ec4da00c0e04eeea9795217402c1

SHA1
967e8648861c5213fb96041b3ebcf7ca9f7bad68

SHA256
68bd0bcbc75850f3a60e0adcdad5778859363cd31115dda2ef511340386ccd93

SHA512
745f725b89aa49b1b40a39a8a544ded2349462e2936231719238e1ae4171ad0a895cf8ee1cb99d2f7d654eb1322f8481626ac116ac920280680aff3bb1a1b33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
a156ac63926a7af99740fa90965831d0

SHA1
01a069b10344e78dd1ef0f8286a9f70c861eafcc

SHA256
5fee519edb01748c44fd3a2de9974aecae93b75c42fb69d124afca653deb62dc

SHA512
57e4580f27176944af222ad70b9c83de77f6aa2f873041fa262e11a811d37ef9686587a2e6022d6b10fafa245f5aaa19410fee40c33d582c07091681241e6525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d2fe8bfc64746807252fee1f9f5529dd

SHA1
0b7a6323004b2df2ff960efb7bf9fe8235f61f5a

SHA256
a1fd7c958d88362a425296d5e409c3700a9bab8c4034f59cf28fe5759b2944f5

SHA512
4f237c82f86a12ce1789a7c584c1d534d04d81575872e95bb6d1087e563a341c68355b49d1d98a2e5de15c21bfaed55e997fad11a06e43dfccb4fac9c76eeefa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
e71d563ed84da70ba9faf2a3b2f87bfd

SHA1
11fe14daa497d1b32daa3bcf9d3618eed98ba924

SHA256
65bed0e30e8360db012b7b9f3dd85cbefad4ef1919d609196b1d257a913b856d

SHA512
03575925210f60fc19839d60359b266962b3eb2eb65380d25259db242f55285d8f6f6dce22807d2f8cb3e659ec5c58c8339a770b57cef84d560ce141c5d6de01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
5d06fa4c6d9a7918f987485bd4cb3316

SHA1
c942dbd530ac033962f64a69a0916c0885104166

SHA256
8a232824bef00711d9ceb99bd54ce9665d8363b4a22844cda391d204a89bcc81

SHA512
26d108414b8cdb760ee6d95bef101ec4fb11038714d54dccb173589e6c1b3cbe3ebd0d9b588e2f0f473266ba659f7cb146427d021c40ba1f8b938030af6cba57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_asyncio.pyd

Filesize
38KB

MD5
1c7e301d8d26d01b37617b2684e46820

SHA1
65578da01212105a77cd12d0dcae4be068a143af

SHA256
a6910f94f6b97e8dbd264b6560c550583b3c19672a2d04969135b4e3c3de1a0f

SHA512
7a7feb3df4543e6f98c8d006d1c4860564458de0ac1773dd7665c807d88d0ee3e171bbc10384ef4058f058139322d9378976e5850881cc8b882ef181de98b023

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_bz2.pyd

Filesize
48KB

MD5
02b3d81015e639b661618c41e04b4880

SHA1
ce3c380e6a950839bcdd09d77719c09ced70e56d

SHA256
ed1c62990501eaca4be730b968a304fefe4d17ee529b87f3626e256e297abcfe

SHA512
46408b646249e3b704f7984eb9f590650a6f88454339f9c012b7df1f9fda4096f290d7b3dc3e957ed896b6a29ef98f20d477519a89ccfbf993856617ffbcf99d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_cffi_backend.cp312-win_amd64.pyd

Filesize
71KB

MD5
c7f92cfef4af07b6c38ab2cb186f4682

SHA1
b6d112dafbcc6693eda269de115236033ecb992d

SHA256
326547bdcfc759f83070de22433b8f5460b1563bfef2f375218cc31c814f7cae

SHA512
6e321e85778f48e96602e2e502367c5c44ac45c098eed217d19eddc3b3e203ded4012cab85bcad0b42562df1f64076a14598b94257069d53783b572f1f35ae5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_ctypes.pyd

Filesize
59KB

MD5
2c86195dc1f4c71e1f2b5e765b857134

SHA1
b6aac5a04a5cdee7760c51517a17146110fc034c

SHA256
aeda97261a50726546bef435bf27e042d425227e35b4e452c737afd8d74df755

SHA512
d4e85d0eaab94ecca94a2f143286d78b0a89fa50ecf880abcdcd04d84085fdaed874f87c25433cd8bb5340acf59b48da86ebc674142e42d4b904ccfb7ff78e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_decimal.pyd

Filesize
107KB

MD5
1271d3f1cf720ce7311985e85b01fffa

SHA1
bc8c7ec55c8906eadc00600ecf59dd4415b7dd04

SHA256
0884738ed4343f5e969b0f7192023fd50912d80f78fc85f3782dbc2d58d56a8c

SHA512
aa48e224af344672a8a6fbbc45a63cd0babf352c7d3969cb5a006ef9c22240e596fb09d3111a95a9d42b1d08207bec9bfe206d1298f000e70e3808e0664471ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_elementtree.pyd

Filesize
59KB

MD5
ba964d542b9670251580f7391c6aec03

SHA1
ccdcc81034e06c6c892657b84f3e7501a1784f24

SHA256
3938d7eba76c2be7c1b781eca90019d0b1b5a7282a7f0ff265993418986b003b

SHA512
65334d1f835458e48fa55d365e0083b3dedfa58042c004f239571456fd6bbffc1d58837ad2492d4a850d2e9c577c9ecd13514ea404227a2578b5986508218fe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_hashlib.pyd

Filesize
35KB

MD5
22d66a4b49d23111f9db66cb74ce4c7f

SHA1
bd5f0b34a85392db47dfdee6bc888991bdbd165a

SHA256
9fde62c2d6f0350b197880460678b0fe5bf47b1ceff9f12afd0b3b78f67dd9fe

SHA512
27f6cb3c6c681f29c81ff16d02a5624be8a335e33f27ac4a38672bbb34caaf5e859b78acc9026f31ad90b19dd48b9ace1e0e52c8a4911ccc4ef3825a83fe10e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_lzma.pyd

Filesize
86KB

MD5
152a1031c78a2e4d5f0c2077403fb604

SHA1
21f5aeb5e7504afde2701fe59b45027087fb5928

SHA256
10360bb7dc515e7282cb7f9be5427399117e76c3da8804cac35703e42bca8395

SHA512
3799d96cf634cab00d06454502ec68c017d8625346017cbf23a8cf38e63837b6e6608ecc044680557fb2c5060bb936d9c10080b2478c2601b4c33b5f31d2b6de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_multiprocessing.pyd

Filesize
27KB

MD5
fdc2f7fd61f977d756e99c2f61fd4605

SHA1
17702b50fe3866e7921bfa85478ac3f65065ed6d

SHA256
768e3d69ee50e786f8a4d94927a61dc2306134fb5d8d4c00fa767b346e1d4cc7

SHA512
c48ff8dd7e8d3e6c864e9ee0ab8e2920cebd171ee1c81f3df133d985bfae88f7e17d3488885a9efefac2b1f9934000d5196634d563bf3e987b3dc4acea8bd4bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_overlapped.pyd

Filesize
33KB

MD5
b282def432c192ddb778c3b0b9f6e3c4

SHA1
68503436a323ff0bbfe05308c69bfdf8691e45ab

SHA256
5e6c9f923f9ab715a7f434990ee8e54a7df39d3de3142ac9002c9bc12e7422e8

SHA512
2b05f3cf72eae5ce3825bf6bbbb1e04b1543f561ea51f87d0e09e623a10f2e31c7c254cfa91037a5309c5be950e99b8161e95d8a1f8022f8ea6d2069aa1378af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_queue.pyd

Filesize
26KB

MD5
3f06deb27ee87c53e8d90a16bff3f97a

SHA1
024b295e3a5ebf7acfe670148d0a1c5e0045362e

SHA256
23f209374ffe8b287bae0992c0c16a471afaeeae37d673a5c0e9613468efb1bd

SHA512
2aa7af161ba980079ddf75c4b52f878e6c50e0434593e2d55e9a1d572b4d2cf786e2fa7ed1be77ed92b58d1fcf7173c45d0c6d2c895e3926fcb40213844e5947

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_socket.pyd

Filesize
44KB

MD5
063908a4548f692fd6e7379231193c26

SHA1
059a6308cbfeeb79c890c764da94de4da79e8575

SHA256
538a658d1ffe2dd5d34117876f5af21f1cb60b037aeac515a9127186c2f6559d

SHA512
fcf92c08707f28c0b7450671858b54372c41f30588ff33489b64cbcb16a2affe166739cfff7f0332c2cde3e7c7b27b3fdea74618c36a6b345028a88926e60dc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_sqlite3.pyd

Filesize
57KB

MD5
bbea87a1dbfca2c573b51fb5139cec86

SHA1
ddf1bf7b2675f7481bdb9b57b950c7bf1d503a90

SHA256
5ef848ee26b07a70110ab8c87fd51aed2cc6cb14523091c7581998291900b107

SHA512
94eae60028b000d6f304cae8c5fec93410c407bcfe6ed231d566d5d0ada0533c931ef0a7ffd72922d8325964b9a8eb071b013d8dc56b4d949f29b4ceaf368c06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_ssl.pyd

Filesize
66KB

MD5
c3daf768d7cc56590c66cd02ea127435

SHA1
fae6145bd89d7f532de904e9748c9e09c813244a

SHA256
b36ff049404edd74c1f9094d03f3ba35fc54a2c76bd3d5d45272aa6438c9cd3b

SHA512
176c3702f2c8105e34ca702eb50d216be153fda0aa63f6b41a70e168100eb0b006f1b7a683f2440dcd4c2319a8aaa11491d97990ef62d0f6df262ddd6f72d719

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_tkinter.pyd

Filesize
38KB

MD5
4cfac34f2599f5ac9357b65362e348cb

SHA1
a980f014fd066e42fbc84b880ab5e76044d44c13

SHA256
f37c9dd6c145c3ba1794cf3f2ebf175284b4b316bda335301c0653afefb401e1

SHA512
20628a72fb9e0f44780c3baa8a51ffc877561a9b42e62def36a4229daa0bb46e6e3d195596844decb75c881fbd29f08f04aacb4afa504bb7eef2e8595383ce0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_uuid.pyd

Filesize
25KB

MD5
d8c6d60ea44694015ba6123ff75bd38d

SHA1
813deb632f3f3747fe39c5b8ef67bada91184f62

SHA256
8ae23bfa84ce64c3240c61bedb06172bfd76be2ad30788d4499cb24047fce09f

SHA512
d3d408c79e291ed56ca3135b5043e555e53b70dff45964c8c8d7ffa92b27c6cdea1e717087b79159181f1258f9613fe6d05e3867d9c944f43a980b5bf27a75ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\_wmi.pyd

Filesize
28KB

MD5
83a339d52dac4ba7a119317665440baa

SHA1
4657f0ac1e8cb823f0972ff665d49b6974bfa9c9

SHA256
63ecdf4708b284ba1425053ff71f8565c425a1760142bf6e4cc7fb838bb26190

SHA512
c94051b4732bed5ec6c2edef0028b14244940bffd5dc28149969b53c086a0934fabce638e5ee8ae66279944c33fb1f1ba421de0324318b1788ce8dc94d07992f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\base_library.zip

Filesize
1.3MB

MD5
8af5529b3a42efe0c066b1b87c37d8f8

SHA1
cb9f9cc0330e7ea75b1fc4ecb2d970f857df7c13

SHA256
b634ce28b2e42c8d72cbca67140d7f38684411bf6c6ae815064ea87381666414

SHA512
c8d515c30006008b96bbaf4dbdfe846b511290af483fc705c393f2b5377f678b6ff63cbdc27d0284e538f5bcf2b7d0a30c678b9187a96dc76a930292d2d608da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
9KB

MD5
191c247b7e0543cc769718232ead35da

SHA1
e3f0be22199ff1f5cf131a12c1c7a58805f2fff5

SHA256
3d393309cbc6e88919c4fd472394d7c31f26f1709dffadd1c7e8895097e6cab3

SHA512
ad0316e9430308a05672e28050bf5c23bd2f7d81e7dc97e7926cd54a9fc0ba78ba904dee87b04688e7d0377ba69892a6cea7ab9f972c08e8d9da1d7c13693f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libcrypto-3.dll

Filesize
1.6MB

MD5
ecf92d1e849c1a4b89ed9dac0c2d732d

SHA1
bd2dbf194e9c891f27ef5b4521318d3804f76425

SHA256
afc166f8f1906cd75b4de9f7c72e92e36e4282437a02fedadb5ec3145c33c3a1

SHA512
44e3d6b37a11b715efb77c28c1c4fca4c25ba7f663183bcef4ba52e9c5271715f43f7b22b6307c6d8788c1ea4e8b709060b0a711aeae249164ba7bfd1d571f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libssl-3.dll

Filesize
221KB

MD5
5b63295552454d570281d321e4ca7266

SHA1
d849e5c470d63953ec55f2d732fd6f611cb2c655

SHA256
cff180ce2bcf7daa19d6f3702e416f54a55eebfaff382f4b6d8ee00c0954b861

SHA512
a2286ca195b5a8287e8fbee6d20678e3bbefc7eb20f89e510bc94801239d08c8ea620603254fbfc6c6c0d5306dc38dc1f78a675d62e9bbb8a625ec4f7b894930

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\pyexpat.pyd

Filesize
88KB

MD5
273b7e06191d59c4d45e42a124385573

SHA1
efb6e512fe502c18faa8d5888c5976beaf1d0c04

SHA256
edb0bdc928ed2f577571fb65a526cea8a817272f4b3383a248a3ef59402a0b74

SHA512
87de09ae95d42714fadfdde9f9d1065f8e708cb73fedf8c20a199ceec71a6edf8ce12d9fa373ff02f48ad8950b06044ef66650006ec9e6bc5bdbd1d9011eb465

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\python3.DLL

Filesize
66KB

MD5
5eace36402143b0205635818363d8e57

SHA1
ae7b03251a0bac083dec3b1802b5ca9c10132b4c

SHA256
25a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2

SHA512
7cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\select.pyd

Filesize
25KB

MD5
6d047b0e87575f2aff6f2658f996f16f

SHA1
cb0b95a07c01c4a0afe3d94019da9c7af930a3a3

SHA256
b51f783800587fb079ac2b7c9bb9b9fafa078249d7ea0e634ac0a6717cbc218b

SHA512
5c4d1e014e71565a002b6d2645aad2b95dccb91b16c06e1855b900968efc294fd0a54b1147d2bb25ebc8410a3f763659648eae4dde716f2fc5f79c4a6c92d6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\sqlite3.dll

Filesize
644KB

MD5
7685e8d24450e8579d16d4258dde3d32

SHA1
32b63fdee4d95acaddf7c26846108d3b21ee1a23

SHA256
30f1f818a05b38891bd12d6cc210ec38570ccbb414876453dfd157834f25e342

SHA512
374eba7eddc6e9d98d26c4f57a1515bfa6b0e4bfc1ae5b4056b23a83f723b59eb29dad9158580bae852a12fa9ccecdca916839b9a73c7519693dd37e6334d8ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\tcl86t.dll

Filesize
652KB

MD5
58e6de475c640dfdc11c56bc9a38c0ea

SHA1
23328a953c2136c67397c296ee75754e29bd8efa

SHA256
28867333d4aa9df7c5b37675e52065e0ae77119dbe826d8d546d79b9900685d5

SHA512
a6ecd11fdc8b028204df3e96b447aa542a14b6b4de87c4fd8e9ffa14ae0a93277e4880329253b7d74f7ef3ec966c02cab4380923893d4d560d8c14bfdc404e6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\tk86t.dll

Filesize
626KB

MD5
4758174d9ebc8f98cf9edcd6a5cb5273

SHA1
f918d59ba988f8d3e861accf617ff31692ae033b

SHA256
efabbc899725f97e59a0c6e2e5a9224f45bbf4b0cc2a768383382a3760e5f5db

SHA512
592ce66b46a7418a676840b161532a2c1e5846e10fdbef573dded9a1e9c1245a3576842811e586eaddae9f669bf3bd33b691973074b1f6f3149dbcfcae7da9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\unicodedata.pyd

Filesize
296KB

MD5
089a5d7b52a7c32297dffff3e3c58e54

SHA1
78514e436f73316223f14a19d53b104e7dfdb490

SHA256
abcc4d2c8b624e64f7b19753e14995fe3b8a14175737b16977b14634692022f3

SHA512
821d296e84ef8608dbc085333a5f8e8df58627eafdb710ae4d8ac0995f818179d45f85c5e0a63d39514795a80d003fa59fedd2acdf44712024d645741e70d963

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10802\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI78402\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI78402\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\top_level.txt

Filesize
7B

MD5
0ba8d736b7b4ab182687318b0497e61e

SHA1
311ba5ffd098689179f299ef20768ee1a29f586d

SHA256
d099cddcb7d71f82c845f5cbf9014e18227341664edc42f1e11d5dfe5a2ea103

SHA512
7cccbb4afa2fade40d529482301beae152e0c71ee3cc41736eb19e35cfc5ee3b91ef958cf5ca6b7330333b8494feb6682fd833d5aa16bf4a8f1f721fd859832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI78402\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k5qbblap.hsb.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
55a9aacaaab4b46410897d3fa14c46e6

SHA1
49c210872d8389cd0fae2c10ef7eacb9e2e8fbae

SHA256
98733a391ab9d8822fdbb7cb36acb022e2a3a156c64b0d914f8d7b6b519e5843

SHA512
d33fd342a8225d29d2303d9324cc4b4830acee5671dc03c9fa5e5ec258973625315e8d1fc3477cd79aaaa78a32fcb6431ca527140b6b83191dfbdd5a5073b839

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
6KB

MD5
57e2f2f26292b7b8d9715a735e819aa0

SHA1
4e48c4445f0b958753a11f2b7c2a42ccad5ee182

SHA256
5930289af0e038b70f0e6cfd8d8866cc7c5f435e64f2d195e008be7a1334a42e

SHA512
9815080a0243303738da2464b60cb614f7e061b58fc0668595ec40c4ef7919af88fef7b0c1c0a3ab4e846e10f495cef986a0672b6a60178bb46c1180e63000c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
8KB

MD5
1ad6706be304dba0838875ef41b4070c

SHA1
f8a89761fcf7b8fc317212a6b04a9e4477ccfa82

SHA256
591f22bd19018c9f1f53d5e0d43b9a815ac8150f9895bbeb13fba9eb66503b3e

SHA512
a8c296f5092a3e9646113d24c8b3741a14ceb64861085ab5f361cb5a65fcde52194394e127b33134ccff9e8699fc251b20e911875e2f413b3125f3a0a11744e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\bookmarkbackups\bookmarks-2024-09-30_11_eAiIrjDp+QKaDwErgN7HSg==.jsonlz4

Filesize
1002B

MD5
2e88bedc4d88a3881c482802ac943e35

SHA1
afffa898647ee9be306decd8dc8901c044f56e92

SHA256
797c88549be46412e9ef217618c41ff85e34bd130ecfc2e706c8995a11d335ba

SHA512
63f2b5bcbb20e4b7255a4936904eec813314d82bd0f378828e3ac2e24d3b5c43453d99ee44a1e6a4af3a2639dab121ae65d2ec3d9030ef70fc8f2ad24dba8fd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b9ac7b2ed66cf65ccc4b8bfe5b9a9f1e

SHA1
e8de6f141804858dc4923aeebd62cd95d600cad0

SHA256
66f179b7368b828cab61a011e697b8e21f3c9a259955ca17c1f0d9ffeb04a786

SHA512
577155336eabe0a9a4d6d554c59c6adb3130de9f5f31af716e9fcfdc22adb3733d30cf2c3c32b96ac537adc4ce75893a9c588594c711fb7d3a5fa65131cda0b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
9441ae6880263cc34b9f7606010cdfb1

SHA1
d92fa091d33bbc1a685936a5a8e20cb6724ea0f2

SHA256
b9cc8aa7cfdc1ede5b521085f870ddc9e35afd64eb375021c4e78f2140b6ba62

SHA512
f3772eaadcff9804540839ff8f00b1245f27d8d8f7fa2633d0c5c7740157a2d7b9e035a639670f3917d83c8e42012bbb0931bda162a55502316b567fa729d070

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
8323511058d113c39e33a2b007995647

SHA1
5022b0608d4d21aaf3fcd16185bcdc1475dee69a

SHA256
11a64d63486ce2130566a46549e5fa0417f7d237127de4d1aa408a7eab2fbc83

SHA512
6ecdf458f47d01aea58a6608464ccacbfe4949b7954c72a36d4b7af949d4e5d11d9c9b8e990f39a23ea89d66dcc9661a73f16c27c2a453c40cdd5c2c716e37e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5a79fdb645c26409fb59687a12fe75d4

SHA1
c7c9bf9c53d1d8e395bdbe7fe8f2419721d258c0

SHA256
77df4da876d3348231ef681a97b655231f052b2869c1f28927c996734d20f95a

SHA512
11a7c5617dac42e9f7146a70167cf4e49ef2c755a5e508aaa4ce327299cdd1a4613e8262641e20d3845e7b8f0ae8adfc9d7ec80d0862ef8e928f4f4446467c8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
da991d2eb42653e0242454dc4e25478b

SHA1
6c7ba978362331640a983669cc9b71b53e4febec

SHA256
eaa4b010d738784dba8b147dc1c830c52fc004699eb7637948edf8b3a62b5365

SHA512
808cad40ea510972560aa827402ec6efd46586098c6605727f915204bce3edb719dcb912a71e4a3f2d560bfaec5fb861391ce989b7a37c8553d72d3c121afb17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\d5dcc888-f7fd-48b2-bb01-e2791287953f

Filesize
671B

MD5
92091ead556eb7de3105889b25781938

SHA1
21bdccefca77c9e0bf8492b82a8cf7524614d30f

SHA256
067d0af63ea374a83cc4fd0aeda456d8b0c4db494bdfab75776917608dbe0092

SHA512
c61a3c9d60e95af664f5644c562ebb46d9598125015901de609ab1727ceb4e304a28454c5b024553058151f0dafa9cbded204cc650a6c193d94d75005a4d3073

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\dfda7cc6-4702-4a6d-b4b1-c571ffc5d582

Filesize
25KB

MD5
39ca70ac7f1b39d65d655db15d059ce8

SHA1
55a0abe0a73a9fbb53cd02212a9a194a4a443be6

SHA256
3335ab7820225d38c1c0fac68665689157e407f7674199d827d7967e02d35d79

SHA512
fcc1bd9b92dd60b30ccce8823b56d2fa29d2f0275096dc4870d53fd86b58934f4767a19c57f23ea5c1debfd3e70d864a8cf03541fcd20349733849349cd2cd43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
12KB

MD5
c74dac4d3e047decb96b81f12ae1ca44

SHA1
e8a5baefbd5027a954a698d99c1475571781fbc7

SHA256
5bd523ecb1531d3397f89c9576ce5cc9efad2124b951a8490819e2e86644fb10

SHA512
6cc709f4d7febefa38ce89440dd3602a94b3deffc0f086f4a5d807a2368a34c3cdedc09ae62dfd6a368dfbafe70e0088cf50c918686d8978620ed9c4e24452ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
12KB

MD5
24058357b44faa2720151575a4e7ca89

SHA1
f37585b267a08d01def0da8cd187df16e9bccb2d

SHA256
e07b183ddf52839ccac0177b7a1e7b7cd55ddc8903f89a1d7160a98696172acb

SHA512
26253332530a2147fc47d0449afb1725f00ca90033879be60db01e2be5eb5fafc5cbb5b665c18a3cedd02bd9da3650da83b482605f15c6b0386d50f3ff27ba03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
9df870380a77c7ebf3b062dd91c7b651

SHA1
6fbd6059935e70de862d450813a87877fe6d56a8

SHA256
4cd03f406044023600c6b6ab5bf00260da3a4588753e9e02db32517daa0d2ac5

SHA512
a919e387609db67f7e1ef64a1e8ab328067ee16382b5da379b8f96550e4a21cb7b5037eb69b0556e6fd1410cdd8444ddedba7df1ebdf35be02b0b06b95e8b878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
b87a9d8861f25b7b17f31eda2968c713

SHA1
8ccf3932e9f3c8372390d791707880ce6b2140f5

SHA256
d5f972533100ea9bf66b5c1f4b885896dc4b4e5ace40c512f478631c8aa2bae7

SHA512
8492d427d8969722b8a0b41527ca2ac8d4716b94ac8066636af5ae5dbc1a9844d42a23487204bd3bf8e48dbb55869e8e914026248584dbe32ec60f9af1ddb084

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js

Filesize
10KB

MD5
effeb6a04cd47b9e43432077178971f4

SHA1
dcf5274f918204fff9ccbb99235b2bd17ffa1b42

SHA256
86c12dcec6aa96d16057c482502f9beac10e2fc85d67cf964ae643fdffb9dc1d

SHA512
bc024b32913f4b0a1ecf8a3f2af155bad3476b52f4c4b89f99ae5444e9495da075aa3ae9ea57fda41601daa0ca41e0f751505883e714bfc5d047f9d2ee3e3ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
bdc2dc5bf64908fb0a974ff2ee9335f4

SHA1
e1a283eca6a76c0d608d7b3ffc25fdcbd6ad96a4

SHA256
cd2c66fcb0f7b8d0435103417218b11facde4f5bfdf9335e6bc1496a4c30f93c

SHA512
baa66bee6a3277204ed2d1feacee095aae1a0f2020eb1a38bd08428acb22ccfb767e2874b8d7910a22d99cc43d17c8dfe6923760ddb15116614f16820b57fa9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
34668e1623fc56f5344a6df34617d06e

SHA1
ccf0a8116c4c1409f216cff7919b6d69076762d3

SHA256
51813d4d8ea53437239c7c5fe869690bce712c39aabee6201f60773e56713028

SHA512
4374c71fbf02d6c474fd4788d2caf08e598a1e23e986ad2e34bfdfa32c113d11abe1982e028bb40ef749d9677e239f2977147131a2d07eb060832d098a4182b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
dc4fcd40bbc25e13c58a34ae0878597a

SHA1
0c0894992d7bb75708f1417f9c88b3104b4eeeab

SHA256
da230280505618229849e79abb8d38ae01dc826604e82427f1300a1e35980c7e

SHA512
0ff4b37b6438fc26ac9c9bb46c0ac6e38014fc7e226cb4574b4a230ccdf9141be66eea17ef72dc27c76bdf8aee7e2f5f9472420e8fc33ddaf13ef032771274e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
0481f4840f6f16ecc538e077e172d448

SHA1
fa05d4b6f8470eefb676a09f9b3a5edcc56f0f15

SHA256
bf0a91593fd0524d121037981ab51a011fae641037fcc8a2815d0b66cc9e29cd

SHA512
2181685d0d7b258cd22d64e81ebc8ab5657e6898fda370d0c079bb7d041d760a4698f27eab9dba1d985db42d16f73dbfbbd78c52bc50462ad9d9053f7e30b73f

Download Submit
memory/2900-1526-0x00007FFD0D120000-0x00007FFD0D142000-memory.dmp

Filesize
136KB

Download
memory/2900-1594-0x00007FFD24E70000-0x00007FFD24E7C000-memory.dmp

Filesize
48KB

Download
memory/2900-1492-0x00007FFD24CF0000-0x00007FFD24CFB000-memory.dmp

Filesize
44KB

Download
memory/2900-1493-0x00007FFD24B00000-0x00007FFD24B0B000-memory.dmp

Filesize
44KB

Download
memory/2900-1494-0x00007FFD24510000-0x00007FFD2451C000-memory.dmp

Filesize
48KB

Download
memory/2900-1491-0x00007FFD17D50000-0x00007FFD17D68000-memory.dmp

Filesize
96KB

Download
memory/2900-1490-0x00007FFD24600000-0x00007FFD24622000-memory.dmp

Filesize
136KB

Download
memory/2900-1450-0x00007FFD24D90000-0x00007FFD24D9B000-memory.dmp

Filesize
44KB

Download
memory/2900-1451-0x00007FFD24D80000-0x00007FFD24D8B000-memory.dmp

Filesize
44KB

Download
memory/2900-1496-0x00007FFD24380000-0x00007FFD2438C000-memory.dmp

Filesize
48KB

Download
memory/2900-1452-0x00007FFD24D70000-0x00007FFD24D7C000-memory.dmp

Filesize
48KB

Download
memory/2900-1498-0x00007FFD1D450000-0x00007FFD1D45C000-memory.dmp

Filesize
48KB

Download
memory/2900-1499-0x00007FFD1A240000-0x00007FFD1A24C000-memory.dmp

Filesize
48KB

Download
memory/2900-1500-0x00007FFD18F70000-0x00007FFD18F7E000-memory.dmp

Filesize
56KB

Download
memory/2900-1501-0x00007FFD17DB0000-0x00007FFD17DBC000-memory.dmp

Filesize
48KB

Download
memory/2900-1453-0x00007FFD24D60000-0x00007FFD24D6C000-memory.dmp

Filesize
48KB

Download
memory/2900-1454-0x00007FFD24D50000-0x00007FFD24D5D000-memory.dmp

Filesize
52KB

Download
memory/2900-1455-0x00007FFD24D30000-0x00007FFD24D42000-memory.dmp

Filesize
72KB

Download
memory/2900-1456-0x00007FFD24D20000-0x00007FFD24D2C000-memory.dmp

Filesize
48KB

Download
memory/2900-1502-0x00007FFD137F0000-0x00007FFD137FB000-memory.dmp

Filesize
44KB

Download
memory/2900-1503-0x00007FFD0F620000-0x00007FFD0F62B000-memory.dmp

Filesize
44KB

Download
memory/2900-1504-0x00007FFD0F610000-0x00007FFD0F61C000-memory.dmp

Filesize
48KB

Download
memory/2900-1505-0x00007FFD0F600000-0x00007FFD0F60C000-memory.dmp

Filesize
48KB

Download
memory/2900-1506-0x00007FFD0F5F0000-0x00007FFD0F5FD000-memory.dmp

Filesize
52KB

Download
memory/2900-1507-0x00007FFD0F5D0000-0x00007FFD0F5E2000-memory.dmp

Filesize
72KB

Download
memory/2900-1458-0x00007FFD24B30000-0x00007FFD24B42000-memory.dmp

Filesize
72KB

Download
memory/2900-1461-0x00007FFD12B10000-0x00007FFD13043000-memory.dmp

Filesize
5.2MB

Download
memory/2900-1462-0x00007FFD24600000-0x00007FFD24622000-memory.dmp

Filesize
136KB

Download
memory/2900-1463-0x00007FFD29D10000-0x00007FFD29D24000-memory.dmp

Filesize
80KB

Download
memory/2900-1464-0x00007FFD24630000-0x00007FFD24647000-memory.dmp

Filesize
92KB

Download
memory/2900-1459-0x00007FFD24B10000-0x00007FFD24B24000-memory.dmp

Filesize
80KB

Download
memory/2900-1457-0x00007FFD24D00000-0x00007FFD24D16000-memory.dmp

Filesize
88KB

Download
memory/2900-1438-0x00007FFD28BF0000-0x00007FFD28C15000-memory.dmp

Filesize
148KB

Download
memory/2900-1370-0x00007FFD28BF0000-0x00007FFD28C15000-memory.dmp

Filesize
148KB

Download
memory/2900-1512-0x00007FFD0F2A0000-0x00007FFD0F580000-memory.dmp

Filesize
2.9MB

Download
memory/2900-1517-0x00007FFD0D1A0000-0x00007FFD0F293000-memory.dmp

Filesize
32.9MB

Download
memory/2900-1518-0x00007FFD1A250000-0x00007FFD1A2AD000-memory.dmp

Filesize
372KB

Download
memory/2900-1523-0x00007FFD0D150000-0x00007FFD0D171000-memory.dmp

Filesize
132KB

Download
memory/2900-1522-0x00007FFD19010000-0x00007FFD19048000-memory.dmp

Filesize
224KB

Download
memory/2900-1521-0x00007FFD0D180000-0x00007FFD0D197000-memory.dmp

Filesize
92KB

Download
memory/2900-1524-0x00007FFD17DC0000-0x00007FFD17DE4000-memory.dmp

Filesize
144KB

Download
memory/2900-1525-0x00007FFD11980000-0x00007FFD11AFF000-memory.dmp

Filesize
1.5MB

Download
memory/2900-1533-0x00007FFD0D010000-0x00007FFD0D041000-memory.dmp

Filesize
196KB

Download
memory/2900-1534-0x00007FFD0CF40000-0x00007FFD0CF54000-memory.dmp

Filesize
80KB

Download
memory/2900-1535-0x00007FFD0CE80000-0x00007FFD0CF32000-memory.dmp

Filesize
712KB

Download
memory/2900-1530-0x00007FFD0CF60000-0x00007FFD0CF7C000-memory.dmp

Filesize
112KB

Download
memory/2900-1529-0x00007FFD0CF80000-0x00007FFD0CF99000-memory.dmp

Filesize
100KB

Download
memory/2900-1528-0x00007FFD0CFA0000-0x00007FFD0CFBA000-memory.dmp

Filesize
104KB

Download
memory/2900-1527-0x00007FFD0CFC0000-0x00007FFD0D001000-memory.dmp

Filesize
260KB

Download
memory/2900-1445-0x00007FFD24E40000-0x00007FFD24E4B000-memory.dmp

Filesize
44KB

Download
memory/2900-1532-0x00007FFD0D050000-0x00007FFD0D080000-memory.dmp

Filesize
192KB

Download
memory/2900-1531-0x00007FFD0D080000-0x00007FFD0D119000-memory.dmp

Filesize
612KB

Download
memory/2900-1432-0x00007FFD28A00000-0x00007FFD28A0D000-memory.dmp

Filesize
52KB

Download
memory/2900-1508-0x00007FFD0F5C0000-0x00007FFD0F5CC000-memory.dmp

Filesize
48KB

Download
memory/2900-1600-0x00007FFD24E10000-0x00007FFD24E1E000-memory.dmp

Filesize
56KB

Download
memory/2900-1616-0x00007FFD24520000-0x00007FFD2456D000-memory.dmp

Filesize
308KB

Download
memory/2900-1615-0x00007FFD24570000-0x00007FFD24589000-memory.dmp

Filesize
100KB

Download
memory/2900-1614-0x00007FFD24590000-0x00007FFD245A5000-memory.dmp

Filesize
84KB

Download
memory/2900-1613-0x00007FFD24600000-0x00007FFD24622000-memory.dmp

Filesize
136KB

Download
memory/2900-1611-0x00007FFD24B10000-0x00007FFD24B24000-memory.dmp

Filesize
80KB

Download
memory/2900-1610-0x00007FFD24B30000-0x00007FFD24B42000-memory.dmp

Filesize
72KB

Download
memory/2900-1609-0x00007FFD24D00000-0x00007FFD24D16000-memory.dmp

Filesize
88KB

Download
memory/2900-1608-0x00007FFD24D20000-0x00007FFD24D2C000-memory.dmp

Filesize
48KB

Download
memory/2900-1607-0x00007FFD24D30000-0x00007FFD24D42000-memory.dmp

Filesize
72KB

Download
memory/2900-1582-0x00007FFD12B10000-0x00007FFD13043000-memory.dmp

Filesize
5.2MB

Download
memory/2900-1603-0x00007FFD24D80000-0x00007FFD24D8B000-memory.dmp

Filesize
44KB

Download
memory/2900-1602-0x00007FFD24D90000-0x00007FFD24D9B000-memory.dmp

Filesize
44KB

Download
memory/2900-1601-0x00007FFD24E00000-0x00007FFD24E0C000-memory.dmp

Filesize
48KB

Download
memory/2900-1599-0x00007FFD24E20000-0x00007FFD24E2C000-memory.dmp

Filesize
48KB

Download
memory/2900-1598-0x00007FFD24E30000-0x00007FFD24E3C000-memory.dmp

Filesize
48KB

Download
memory/2900-1597-0x00007FFD24E40000-0x00007FFD24E4B000-memory.dmp

Filesize
44KB

Download
memory/2900-1596-0x00007FFD24E50000-0x00007FFD24E5C000-memory.dmp

Filesize
48KB

Download
memory/2900-1595-0x00007FFD24E60000-0x00007FFD24E6B000-memory.dmp

Filesize
44KB

Download
memory/2900-1495-0x00007FFD244C0000-0x00007FFD244CB000-memory.dmp

Filesize
44KB

Download
memory/2900-1593-0x00007FFD24E80000-0x00007FFD24E8B000-memory.dmp

Filesize
44KB

Download
memory/2900-1592-0x00007FFD24E90000-0x00007FFD24E9B000-memory.dmp

Filesize
44KB

Download
memory/2900-1591-0x00007FFD24EB0000-0x00007FFD24EBF000-memory.dmp

Filesize
60KB

Download
memory/2900-1586-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp

Filesize
824KB

Download
memory/2900-1576-0x00007FFD13050000-0x00007FFD13715000-memory.dmp

Filesize
6.8MB

Download
memory/2900-1606-0x00007FFD24D50000-0x00007FFD24D5D000-memory.dmp

Filesize
52KB

Download
memory/2900-1605-0x00007FFD24D60000-0x00007FFD24D6C000-memory.dmp

Filesize
48KB

Download
memory/2900-1604-0x00007FFD24D70000-0x00007FFD24D7C000-memory.dmp

Filesize
48KB

Download
memory/2900-1433-0x00007FFD285F0000-0x00007FFD285FB000-memory.dmp

Filesize
44KB

Download
memory/2900-1436-0x00007FFD24B50000-0x00007FFD24C6A000-memory.dmp

Filesize
1.1MB

Download
memory/2900-1428-0x00007FFD28BA0000-0x00007FFD28BB9000-memory.dmp

Filesize
100KB

Download
memory/2900-1510-0x00007FFD24520000-0x00007FFD2456D000-memory.dmp

Filesize
308KB

Download
memory/2900-1418-0x00007FFD29D10000-0x00007FFD29D24000-memory.dmp

Filesize
80KB

Download
memory/2900-1415-0x00007FFD29E70000-0x00007FFD29E8A000-memory.dmp

Filesize
104KB

Download
memory/2900-1416-0x00007FFD28BC0000-0x00007FFD28BED000-memory.dmp

Filesize
180KB

Download
memory/2900-1371-0x00007FFD2DB80000-0x00007FFD2DB8F000-memory.dmp

Filesize
60KB

Download
memory/2900-1511-0x00007FFD0F580000-0x00007FFD0F5B6000-memory.dmp

Filesize
216KB

Download
memory/2900-1361-0x00007FFD13050000-0x00007FFD13715000-memory.dmp

Filesize
6.8MB

Download
memory/2900-1509-0x00007FFD24590000-0x00007FFD245A5000-memory.dmp

Filesize
84KB

Download
memory/2900-1497-0x00007FFD24150000-0x00007FFD2415B000-memory.dmp

Filesize
44KB

Download
memory/2900-1482-0x00007FFD242B0000-0x00007FFD242D9000-memory.dmp

Filesize
164KB

Download
memory/2900-1483-0x00007FFD23EE0000-0x00007FFD23F0E000-memory.dmp

Filesize
184KB

Download
memory/2900-1444-0x00007FFD24E50000-0x00007FFD24E5C000-memory.dmp

Filesize
48KB

Download
memory/2900-1443-0x00007FFD24E60000-0x00007FFD24E6B000-memory.dmp

Filesize
44KB

Download
memory/2900-1442-0x00007FFD24E70000-0x00007FFD24E7C000-memory.dmp

Filesize
48KB

Download
memory/2900-1441-0x00007FFD24E80000-0x00007FFD24E8B000-memory.dmp

Filesize
44KB

Download
memory/2900-1440-0x00007FFD24E90000-0x00007FFD24E9B000-memory.dmp

Filesize
44KB

Download
memory/2900-1439-0x00007FFD24EB0000-0x00007FFD24EBF000-memory.dmp

Filesize
60KB

Download
memory/2900-1435-0x00007FFD24FA0000-0x00007FFD24FC7000-memory.dmp

Filesize
156KB

Download
memory/2900-1434-0x00007FFD13050000-0x00007FFD13715000-memory.dmp

Filesize
6.8MB

Download
memory/2900-1446-0x00007FFD24E30000-0x00007FFD24E3C000-memory.dmp

Filesize
48KB

Download
memory/2900-1427-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp

Filesize
824KB

Download
memory/2900-1426-0x00007FFD28B50000-0x00007FFD28B83000-memory.dmp

Filesize
204KB

Download
memory/2900-1425-0x00007FFD28B90000-0x00007FFD28B9D000-memory.dmp

Filesize
52KB

Download
memory/2900-1473-0x00007FFD24EB0000-0x00007FFD24EBF000-memory.dmp

Filesize
60KB

Download
memory/2900-1474-0x00007FFD19010000-0x00007FFD19048000-memory.dmp

Filesize
224KB

Download
memory/2900-1472-0x00007FFD1A250000-0x00007FFD1A2AD000-memory.dmp

Filesize
372KB

Download
memory/2900-1471-0x00007FFD24390000-0x00007FFD243AE000-memory.dmp

Filesize
120KB

Download
memory/2900-1423-0x00007FFD12B10000-0x00007FFD13043000-memory.dmp

Filesize
5.2MB

Download
memory/2900-1466-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp

Filesize
824KB

Download
memory/2900-1467-0x00007FFD24590000-0x00007FFD245A5000-memory.dmp

Filesize
84KB

Download
memory/2900-1465-0x00007FFD28B50000-0x00007FFD28B83000-memory.dmp

Filesize
204KB

Download
memory/2900-1468-0x00007FFD24570000-0x00007FFD24589000-memory.dmp

Filesize
100KB

Download
memory/2900-1470-0x00007FFD243B0000-0x00007FFD243C1000-memory.dmp

Filesize
68KB

Download
memory/2900-1485-0x00007FFD11980000-0x00007FFD11AFF000-memory.dmp

Filesize
1.5MB

Download
memory/2900-1484-0x00007FFD17DC0000-0x00007FFD17DE4000-memory.dmp

Filesize
144KB

Download
memory/2900-1449-0x00007FFD24E00000-0x00007FFD24E0C000-memory.dmp

Filesize
48KB

Download
memory/2900-1448-0x00007FFD24E10000-0x00007FFD24E1E000-memory.dmp

Filesize
56KB

Download
memory/2900-1447-0x00007FFD24E20000-0x00007FFD24E2C000-memory.dmp

Filesize
48KB

Download
memory/2900-1469-0x00007FFD24520000-0x00007FFD2456D000-memory.dmp

Filesize
308KB

Download
memory/5116-4397-0x00007FFD28A00000-0x00007FFD28A0D000-memory.dmp

Filesize
52KB

Download
memory/5116-4389-0x00007FFD29E70000-0x00007FFD29E8A000-memory.dmp

Filesize
104KB

Download
memory/5116-4398-0x00007FFD285F0000-0x00007FFD285FB000-memory.dmp

Filesize
44KB

Download
memory/5116-4390-0x00007FFD28BC0000-0x00007FFD28BED000-memory.dmp

Filesize
180KB

Download
memory/5116-4391-0x00007FFD29D10000-0x00007FFD29D24000-memory.dmp

Filesize
80KB

Download
memory/5116-4392-0x00007FFD12950000-0x00007FFD12E83000-memory.dmp

Filesize
5.2MB

Download
memory/5116-4393-0x00007FFD28BA0000-0x00007FFD28BB9000-memory.dmp

Filesize
100KB

Download
memory/5116-4394-0x00007FFD28B90000-0x00007FFD28B9D000-memory.dmp

Filesize
52KB

Download
memory/5116-4399-0x00007FFD24FA0000-0x00007FFD24FC7000-memory.dmp

Filesize
156KB

Download
memory/5116-4396-0x00007FFD25020000-0x00007FFD250EE000-memory.dmp

Filesize
824KB

Download
memory/5116-4386-0x00007FFD12E90000-0x00007FFD13555000-memory.dmp

Filesize
6.8MB

Download
memory/5116-4388-0x00007FFD2DB80000-0x00007FFD2DB8F000-memory.dmp

Filesize
60KB

Download
memory/5116-4395-0x00007FFD28B50000-0x00007FFD28B83000-memory.dmp

Filesize
204KB

Download
memory/5116-4400-0x00007FFD24B50000-0x00007FFD24C6A000-memory.dmp

Filesize
1.1MB

Download
memory/5116-4401-0x00007FFD285D0000-0x00007FFD285DF000-memory.dmp

Filesize
60KB

Download
memory/5116-4402-0x00007FFD24EA0000-0x00007FFD24EAB000-memory.dmp

Filesize
44KB

Download
memory/5116-4403-0x00007FFD24E90000-0x00007FFD24E9B000-memory.dmp

Filesize
44KB

Download
memory/5116-4404-0x00007FFD24E80000-0x00007FFD24E8C000-memory.dmp

Filesize
48KB

Download
memory/5116-4405-0x00007FFD24E70000-0x00007FFD24E7B000-memory.dmp

Filesize
44KB

Download
memory/5116-4406-0x00007FFD24E60000-0x00007FFD24E6C000-memory.dmp

Filesize
48KB

Download
memory/5116-4407-0x00007FFD24E50000-0x00007FFD24E5B000-memory.dmp

Filesize
44KB

Download
memory/5116-4387-0x00007FFD28BF0000-0x00007FFD28C15000-memory.dmp

Filesize
148KB

Download