Overview

overview

10

Static

static

3

03f7b84ec5...c0.exe

windows7-x64

10

03f7b84ec5...c0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03f7b84ec50050cb78882d7d568811f38fdf7586ecf528938d8653829c22cfc0.exe

  • Size

    1.8MB

  • MD5

    a53a554301475205830875c9f876f132

  • SHA1

    4e7e89c4a4c251b755a0c6549e6385b9e0e21c86

  • SHA256

    03f7b84ec50050cb78882d7d568811f38fdf7586ecf528938d8653829c22cfc0

  • SHA512

    a1e0c21205bcb2a149efa95d43544f8dee2a52a3bccc6036f541cb3d183fd1fea9eacf482e1b862f22d5d4b0e624d1540cc6408682addeea4baae496ef1d481e

  • SSDEEP

    49152:zDuzXANA6q0ltRTdabE2nYGY+kNT1VeToBNe7dKKt:zSDd0lnTdaQeY7d1V3BNe7dKKt

Score
10/10
amadeylummastealc7c43939c9aa5default_valencigafed3aatalecredential_accessdiscoveryevasionpersistencespywarestealerthemidatrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Extracted

Family

stealc

Botnet

default_valenciga

C2

http://185.215.113.17

Attributes
  • url_path

    /2fb6c2cc8dce150a.php

Extracted

Family

amadey

Version

5.03

Botnet

7c4393

C2

http://185.215.113.217

Attributes
  • install_dir

    f9c76c1660

  • install_file

    corept.exe

  • strings_key

    9808a67f01d2f0720518035acbde7521

  • url_paths

    /CoreOPT/index.php

rc4.plain

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes
  • url_path

    /6c4adf523b719729.php

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://necklacedmny.store/api

https://founpiuer.store/api

https://navygenerayk.store/api

https://goalyfeastz.site/api

https://contemteny.site/api

https://dilemmadu.site/api

https://authorisev.site/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 14 IoCs
    evasion
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 10 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 28 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 9 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 5 IoCs
  • Executes dropped EXE 33 IoCs
  • Identifies Wine through registry keys 2 TTPs 13 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 7 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 9 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 50 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 17 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3568
      • C:\Users\Admin\AppData\Local\Temp\03f7b84ec50050cb78882d7d568811f38fdf7586ecf528938d8653829c22cfc0.exe
        "C:\Users\Admin\AppData\Local\Temp\03f7b84ec50050cb78882d7d568811f38fdf7586ecf528938d8653829c22cfc0.exe"
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Checks computer location settings
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1460
        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          "C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:3776
          • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe
            "C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe"
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            PID:408
          • C:\Users\Admin\AppData\Local\Temp\1000477001\Offnewhere.exe
            "C:\Users\Admin\AppData\Local\Temp\1000477001\Offnewhere.exe"
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1808
            • C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
              "C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe"
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3924
              • C:\Users\Admin\AppData\Local\Temp\10000020101\JavUmar.exe
                "C:\Users\Admin\AppData\Local\Temp\10000020101\JavUmar.exe"
                6⤵
                • Checks computer location settings
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                PID:4344
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                  7⤵
                  • Uses browser remote debugging
                  PID:5616
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae28dcc40,0x7ffae28dcc4c,0x7ffae28dcc58
                    8⤵
                      PID:5632
                  • C:\Users\Admin\AppData\Local\Temp\service123.exe
                    "C:\Users\Admin\AppData\Local\Temp\service123.exe"
                    7⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • System Location Discovery: System Language Discovery
                    PID:2944
                  • C:\Windows\SysWOW64\schtasks.exe
                    "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\Admin\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                    7⤵
                    • System Location Discovery: System Language Discovery
                    • Scheduled Task/Job: Scheduled Task
                    PID:976
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 1068
                    7⤵
                    • Program crash
                    PID:6136
                • C:\Users\Admin\AppData\Local\Temp\10000061101\stail.exe
                  "C:\Users\Admin\AppData\Local\Temp\10000061101\stail.exe"
                  6⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:2424
                  • C:\Users\Admin\AppData\Local\Temp\is-S64O3.tmp\stail.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-S64O3.tmp\stail.tmp" /SL5="$100178,5239339,56832,C:\Users\Admin\AppData\Local\Temp\10000061101\stail.exe"
                    7⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of FindShellTrayWindow
                    PID:404
                    • C:\Users\Admin\AppData\Local\BluRay Player 1.2.16\blurayplayer32.exe
                      "C:\Users\Admin\AppData\Local\BluRay Player 1.2.16\blurayplayer32.exe" -i
                      8⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      PID:4792
            • C:\Users\Admin\AppData\Local\Temp\1000817001\splwow64.exe
              "C:\Users\Admin\AppData\Local\Temp\1000817001\splwow64.exe"
              4⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1544
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c copy Beijing Beijing.bat & Beijing.bat
                5⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:4664
                • C:\Windows\SysWOW64\tasklist.exe
                  tasklist
                  6⤵
                  • Enumerates processes with tasklist
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2004
                • C:\Windows\SysWOW64\findstr.exe
                  findstr /I "wrsa opssvc"
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:2816
                • C:\Windows\SysWOW64\tasklist.exe
                  tasklist
                  6⤵
                  • Enumerates processes with tasklist
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:3980
                • C:\Windows\SysWOW64\findstr.exe
                  findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:824
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c md 197036
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:8
                • C:\Windows\SysWOW64\findstr.exe
                  findstr /V "CRAWFORDFILLEDVERIFYSCALE" Mtv
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:4852
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c copy /b ..\Twisted + ..\Molecular + ..\Sponsorship + ..\Various + ..\Witch + ..\Spirit + ..\See + ..\Fitting T
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:2572
                • C:\Users\Admin\AppData\Local\Temp\197036\Jurisdiction.pif
                  Jurisdiction.pif T
                  6⤵
                  • Suspicious use of NtCreateUserProcessOtherParentProcess
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of WriteProcessMemory
                  PID:2068
                • C:\Windows\SysWOW64\choice.exe
                  choice /d y /t 5
                  6⤵
                  • System Location Discovery: System Language Discovery
                  PID:4380
            • C:\Users\Admin\AppData\Local\Temp\1000828001\new_v8.exe
              "C:\Users\Admin\AppData\Local\Temp\1000828001\new_v8.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2924
            • C:\Users\Admin\AppData\Local\Temp\1000833001\fc1624fdd6.exe
              "C:\Users\Admin\AppData\Local\Temp\1000833001\fc1624fdd6.exe"
              4⤵
              • Drops startup file
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of AdjustPrivilegeToken
              PID:3732
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                5⤵
                • System Location Discovery: System Language Discovery
                PID:4060
            • C:\Users\Admin\AppData\Local\Temp\1000857001\c7c17dbf17.exe
              "C:\Users\Admin\AppData\Local\Temp\1000857001\c7c17dbf17.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4504
            • C:\Users\Admin\AppData\Local\Temp\1000965001\GOLD1234.exe
              "C:\Users\Admin\AppData\Local\Temp\1000965001\GOLD1234.exe"
              4⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2444
              • C:\Users\Admin\AppData\Local\Temp\1000965001\GOLD1234.exe
                "C:\Users\Admin\AppData\Local\Temp\1000965001\GOLD1234.exe"
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4984
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 1264
                  6⤵
                  • Program crash
                  PID:4136
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 264
                5⤵
                • Program crash
                PID:4596
            • C:\Users\Admin\AppData\Local\Temp\1001096001\RDX123456.exe
              "C:\Users\Admin\AppData\Local\Temp\1001096001\RDX123456.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:1756
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 1292
                5⤵
                • Program crash
                PID:1784
            • C:\Users\Admin\AppData\Local\Temp\1001527001\yxrd0ob7.exe
              "C:\Users\Admin\AppData\Local\Temp\1001527001\yxrd0ob7.exe"
              4⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1676
              • C:\Users\Admin\AppData\Local\Temp\1001527001\yxrd0ob7.exe
                "C:\Users\Admin\AppData\Local\Temp\1001527001\yxrd0ob7.exe"
                5⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:4652
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 1280
                  6⤵
                  • Program crash
                  PID:5540
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 276
                5⤵
                • Program crash
                PID:2500
            • C:\Users\Admin\AppData\Local\Temp\1001567001\hhnjqu9y.exe
              "C:\Users\Admin\AppData\Local\Temp\1001567001\hhnjqu9y.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Checks whether UAC is enabled
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:4660
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                5⤵
                • System Location Discovery: System Language Discovery
                PID:4448
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 628
                  6⤵
                  • Program crash
                  PID:5080
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
                "Powershell" Copy-Item 'C:\Users\Admin\AppData\Local\Temp\1001567001\hhnjqu9y.exe' 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ucloud.exe'
                5⤵
                • Drops startup file
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:5664
            • C:\Users\Admin\AppData\Local\Temp\1001580001\fe9d6329c6.exe
              "C:\Users\Admin\AppData\Local\Temp\1001580001\fe9d6329c6.exe"
              4⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Checks computer location settings
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              PID:4804
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
                5⤵
                • Uses browser remote debugging
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                PID:1628
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae28dcc40,0x7ffae28dcc4c,0x7ffae28dcc58
                  6⤵
                    PID:2656
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
                    6⤵
                      PID:1560
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3
                      6⤵
                        PID:920
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:8
                        6⤵
                          PID:4128
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3232 /prefetch:1
                          6⤵
                          • Uses browser remote debugging
                          PID:4596
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
                          6⤵
                          • Uses browser remote debugging
                          PID:676
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
                          6⤵
                          • Uses browser remote debugging
                          PID:5140
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:8
                          6⤵
                            PID:5220
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
                            6⤵
                              PID:5244
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                              6⤵
                                PID:5776
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,14868980014684789249,14491901407190711410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
                                6⤵
                                  PID:5844
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                5⤵
                                • Uses browser remote debugging
                                • Enumerates system info in registry
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                PID:6132
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae2f046f8,0x7ffae2f04708,0x7ffae2f04718
                                  6⤵
                                  • Checks processor information in registry
                                  • Enumerates system info in registry
                                  PID:5236
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
                                  6⤵
                                    PID:5476
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
                                    6⤵
                                      PID:5492
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
                                      6⤵
                                        PID:5536
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                        6⤵
                                        • Uses browser remote debugging
                                        PID:4404
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                                        6⤵
                                        • Uses browser remote debugging
                                        PID:2516
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                                        6⤵
                                        • Uses browser remote debugging
                                        PID:5556
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                        6⤵
                                        • Uses browser remote debugging
                                        PID:5544
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
                                        6⤵
                                          PID:4768
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                                          6⤵
                                            PID:1756
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2636 /prefetch:2
                                            6⤵
                                              PID:2444
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3620 /prefetch:2
                                              6⤵
                                                PID:5228
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2707632255964685562,13300150559334121765,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4568 /prefetch:2
                                                6⤵
                                                  PID:756
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsAKKEGHJDHD.exe"
                                                5⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:2656
                                                • C:\Users\Admin\DocumentsAKKEGHJDHD.exe
                                                  "C:\Users\Admin\DocumentsAKKEGHJDHD.exe"
                                                  6⤵
                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                  • Checks BIOS information in registry
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Identifies Wine through registry keys
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • Drops file in Windows directory
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4768
                                                  • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                    7⤵
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Adds Run key to start application
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3324
                                                    • C:\Users\Admin\AppData\Local\Temp\1003301001\9642afe02f.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1003301001\9642afe02f.exe"
                                                      8⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5772
                                                    • C:\Users\Admin\AppData\Local\Temp\1003302001\398336fd92.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1003302001\398336fd92.exe"
                                                      8⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5592
                                                    • C:\Users\Admin\AppData\Local\Temp\1003303001\0e606ee63b.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1003303001\0e606ee63b.exe"
                                                      8⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious use of FindShellTrayWindow
                                                      • Suspicious use of SendNotifyMessage
                                                      PID:1580
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /F /IM firefox.exe /T
                                                        9⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:2300
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /F /IM chrome.exe /T
                                                        9⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:344
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /F /IM msedge.exe /T
                                                        9⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5284
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /F /IM opera.exe /T
                                                        9⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5252
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /F /IM brave.exe /T
                                                        9⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5380
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                        9⤵
                                                          PID:5548
                                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                                            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                            10⤵
                                                            • Checks processor information in registry
                                                            • Modifies registry class
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:5228
                                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbfc8bf1-0331-4f5e-9726-c02a1881d422} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" gpu
                                                              11⤵
                                                                PID:3732
                                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2ea09b1-a1c7-4f19-b2f1-af3edbc04806} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" socket
                                                                11⤵
                                                                  PID:1620
                                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82f01c39-9b26-4af4-971f-c16e5f9a898a} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
                                                                  11⤵
                                                                    PID:6044
                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3776 -prefMapHandle 3764 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e0318e-0f65-4135-ab4f-0ada1d3cd996} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
                                                                    11⤵
                                                                      PID:5488
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4624 -prefMapHandle 4616 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fc6c1ac-220c-4e1b-879b-7b39588ba11f} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" utility
                                                                      11⤵
                                                                      • Checks processor information in registry
                                                                      PID:1308
                                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5100 -childID 3 -isForBrowser -prefsHandle 5088 -prefMapHandle 5092 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {172b0510-68b4-4c2c-8f0c-7a1b87bdf4ac} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
                                                                      11⤵
                                                                        PID:4360
                                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 4 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22a4f99c-e3a6-4b7a-9d13-be9ded053600} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
                                                                        11⤵
                                                                          PID:4736
                                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5160 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c1f928-5f4b-4fba-bedf-eebf604d59e1} 5228 "\\.\pipe\gecko-crash-server-pipe.5228" tab
                                                                          11⤵
                                                                            PID:3196
                                                                    • C:\Users\Admin\AppData\Local\Temp\1003304001\b9198095d7.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\1003304001\b9198095d7.exe"
                                                                      8⤵
                                                                      • Modifies Windows Defender Real-time Protection settings
                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                      • Checks BIOS information in registry
                                                                      • Executes dropped EXE
                                                                      • Identifies Wine through registry keys
                                                                      • Windows security modification
                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                      • System Location Discovery: System Language Discovery
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:1856
                                                            • C:\Users\Admin\AppData\Local\Temp\1001581001\ba12fa7b10.exe
                                                              "C:\Users\Admin\AppData\Local\Temp\1001581001\ba12fa7b10.exe"
                                                              4⤵
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:1924
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          cmd /c schtasks.exe /create /tn "Wall" /tr "wscript //B 'C:\Users\Admin\AppData\Local\GreenTech Dynamics\EcoCraft.js'" /sc minute /mo 5 /F
                                                          2⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of WriteProcessMemory
                                                          PID:4976
                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                            schtasks.exe /create /tn "Wall" /tr "wscript //B 'C:\Users\Admin\AppData\Local\GreenTech Dynamics\EcoCraft.js'" /sc minute /mo 5 /F
                                                            3⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Scheduled Task/Job: Scheduled Task
                                                            PID:3428
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          cmd /k echo [InternetShortcut] > "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EcoCraft.url" & echo URL="C:\Users\Admin\AppData\Local\GreenTech Dynamics\EcoCraft.js" >> "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EcoCraft.url" & exit
                                                          2⤵
                                                          • Drops startup file
                                                          • System Location Discovery: System Language Discovery
                                                          PID:4796
                                                      • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                        C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                        1⤵
                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Identifies Wine through registry keys
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:3180
                                                      • C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
                                                        C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
                                                        1⤵
                                                        • Executes dropped EXE
                                                        PID:2372
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2444 -ip 2444
                                                        1⤵
                                                          PID:896
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 1756 -ip 1756
                                                          1⤵
                                                            PID:3172
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4984 -ip 4984
                                                            1⤵
                                                              PID:2816
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4984 -ip 4984
                                                              1⤵
                                                                PID:4588
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1676 -ip 1676
                                                                1⤵
                                                                  PID:4600
                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                  1⤵
                                                                    PID:4640
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4652 -ip 4652
                                                                    1⤵
                                                                      PID:5508
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                      1⤵
                                                                        PID:5892
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4448 -ip 4448
                                                                        1⤵
                                                                          PID:3076
                                                                        • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                          1⤵
                                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Identifies Wine through registry keys
                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                          PID:3580
                                                                        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                          1⤵
                                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Identifies Wine through registry keys
                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                          PID:5028
                                                                        • C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\23a0892ef8\Gxtuum.exe
                                                                          1⤵
                                                                          • Executes dropped EXE
                                                                          PID:3816
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4344 -ip 4344
                                                                          1⤵
                                                                            PID:5320

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Reconnaissance

                                                                          Resource Development

                                                                          Initial Access

                                                                          Execution

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Persistence

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Registry Run Keys / Startup Folder

                                                                          1
                                                                          T1547.001

                                                                          Create or Modify System Process

                                                                          1
                                                                          T1543

                                                                          Windows Service

                                                                          1
                                                                          T1543.003

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Privilege Escalation

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Registry Run Keys / Startup Folder

                                                                          1
                                                                          T1547.001

                                                                          Create or Modify System Process

                                                                          1
                                                                          T1543

                                                                          Windows Service

                                                                          1
                                                                          T1543.003

                                                                          Scheduled Task/Job

                                                                          1
                                                                          T1053

                                                                          Scheduled Task

                                                                          1
                                                                          T1053.005

                                                                          Defense Evasion

                                                                          Impair Defenses

                                                                          2
                                                                          T1562

                                                                          Disable or Modify Tools

                                                                          2
                                                                          T1562.001

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Modify Registry

                                                                          3
                                                                          T1112

                                                                          Virtualization/Sandbox Evasion

                                                                          2
                                                                          T1497

                                                                          Credential Access

                                                                          Credentials from Password Stores

                                                                          1
                                                                          T1555

                                                                          Credentials from Web Browsers

                                                                          1
                                                                          T1555.003

                                                                          Modify Authentication Process

                                                                          1
                                                                          T1556

                                                                          Steal Web Session Cookie

                                                                          1
                                                                          T1539

                                                                          Unsecured Credentials

                                                                          4
                                                                          T1552

                                                                          Credentials In Files

                                                                          4
                                                                          T1552.001

                                                                          Discovery

                                                                          Browser Information Discovery

                                                                          1
                                                                          T1217

                                                                          Process Discovery

                                                                          1
                                                                          T1057

                                                                          Query Registry

                                                                          8
                                                                          T1012

                                                                          System Information Discovery

                                                                          6
                                                                          T1082

                                                                          System Location Discovery

                                                                          1
                                                                          T1614

                                                                          System Language Discovery

                                                                          1
                                                                          T1614.001

                                                                          Virtualization/Sandbox Evasion

                                                                          2
                                                                          T1497

                                                                          Lateral Movement

                                                                          Collection

                                                                          Data from Local System

                                                                          3
                                                                          T1005

                                                                          Command and Control

                                                                          Exfiltration

                                                                          Impact

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\ProgramData\BKFCAFCF
                                                                            Filesize

                                                                            116KB

                                                                            MD5

                                                                            f70aa3fa04f0536280f872ad17973c3d

                                                                            SHA1

                                                                            50a7b889329a92de1b272d0ecf5fce87395d3123

                                                                            SHA256

                                                                            8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                                                                            SHA512

                                                                            30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                                                                            Download Submit

                                                                          • C:\ProgramData\FHIECBAFBFHIJKFIJDAK
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            b37b0376fc62963848ea8350d436b089

                                                                            SHA1

                                                                            b4b5eb40164738121b58252f67d5f5506c46a7ee

                                                                            SHA256

                                                                            2408556e87bcbfb8b819370b6b76d5a5e1c1c980f3455deeeeb2bfbd15e124c9

                                                                            SHA512

                                                                            05784c0fa6127ee9160d564c90d67ce7edbae5d62ffa4be6d74438d368c180f272f3b1ca788a85e78bca6c88edd268a0e91701956cadfe364fdf823f57d105d1

                                                                            Download Submit

                                                                          • C:\ProgramData\HDHCGHDH
                                                                            Filesize

                                                                            114KB

                                                                            MD5

                                                                            2dc3133caeb5792be5e5c6c2fa812e34

                                                                            SHA1

                                                                            0ed75d85c6a2848396d5dd30e89987f0a8b5cedb

                                                                            SHA256

                                                                            4b3998fd2844bc1674b691c74d67e56062e62bf4738de9fe7fb26b8d3def9cd7

                                                                            SHA512

                                                                            2ca157c2f01127115d0358607c167c2f073b83d185bdd44ac221b3792c531d784515a76344585ec1557de81430a7d2e69b286155986e46b1e720dfac96098612

                                                                            Download Submit

                                                                          • C:\ProgramData\chrome.dll
                                                                            Filesize

                                                                            676KB

                                                                            MD5

                                                                            eda18948a989176f4eebb175ce806255

                                                                            SHA1

                                                                            ff22a3d5f5fb705137f233c36622c79eab995897

                                                                            SHA256

                                                                            81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

                                                                            SHA512

                                                                            160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

                                                                            Download Submit

                                                                          • C:\ProgramData\mozglue.dll
                                                                            Filesize

                                                                            593KB

                                                                            MD5

                                                                            c8fd9be83bc728cc04beffafc2907fe9

                                                                            SHA1

                                                                            95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                            SHA256

                                                                            ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                            SHA512

                                                                            fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                            Download Submit

                                                                          • C:\ProgramData\nss3.dll
                                                                            Filesize

                                                                            2.0MB

                                                                            MD5

                                                                            1cc453cdf74f31e4d913ff9c10acdde2

                                                                            SHA1

                                                                            6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                                            SHA256

                                                                            ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                                            SHA512

                                                                            dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\BluRay Player 1.2.16\blurayplayer32.exe
                                                                            Filesize

                                                                            4.5MB

                                                                            MD5

                                                                            72dfeb99daf355dde1a7cd0482a98954

                                                                            SHA1

                                                                            bbe61f570508446222cfbebcc2a648199085b95d

                                                                            SHA256

                                                                            c1e5aa5ce3b549cfc00285b701f0c074dc66a6087c6ed7f275619c30e7067a70

                                                                            SHA512

                                                                            b7dbf6278139e994e58e1180c45f568473b3093cd3cf5ad30bbee30ebdee579fcf2acd9781fd20cca401290a1d2539b762e8097aac05ec45287b880854d9217a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                            Filesize

                                                                            649B

                                                                            MD5

                                                                            6cb9e9002c35fb80981a2a62c69f7fc3

                                                                            SHA1

                                                                            123eea5ac2a862acbadc156deec54492e41995f1

                                                                            SHA256

                                                                            8ae87ec4b786e49533357df25a733ebb4351de0f62a95eebd35d1e73ac0910f4

                                                                            SHA512

                                                                            469d4b2a7e0337355de0cbe1bd37c2e1eaa97694a1389680ee3dc9cf616ad4b15de01d6b820c8c53503dc3f7485ed69d08de450d6d6e2c38991cc909b06eb618

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            d751713988987e9331980363e24189ce

                                                                            SHA1

                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                            SHA256

                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                            SHA512

                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                            Filesize

                                                                            150B

                                                                            MD5

                                                                            529e6242670c2422fb6ec0433f219617

                                                                            SHA1

                                                                            d2bc09a0c2f38a5b4979710264b40c62a4358441

                                                                            SHA256

                                                                            9047e35b681d628ab1b84cef1c3ba9f4695291ac6665e763fac18813788f753a

                                                                            SHA512

                                                                            319092c85d25622ba79c029310fbd9de86587cf29bdedc9837ca0a57400eb2e5e713d6b7de8840e75de3f3d2fe2c8ad9de89976a3c9e7af770d3f16534f4d7ae

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                            Filesize

                                                                            552B

                                                                            MD5

                                                                            fd7e1a64c0b32c7a6d0ac82920eb82fe

                                                                            SHA1

                                                                            f35468dffaa1b12f98f329805991bf16dfb69d65

                                                                            SHA256

                                                                            f10c3e67cdc948edd13e1b9bc6b1c8cdf54054467dd1fe093f6e9b9f22ef8b57

                                                                            SHA512

                                                                            2bea7ea35eff98ea28629df1316ce2d47c031ea2c1bf691dada1332321e142c3e2783fe4ec3662b010b73ffa705cfab8ead98994517f80f3b680a26ae5157422

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\373ecdb8-23d7-4454-98d0-d1c653456557.dmp
                                                                            Filesize

                                                                            838KB

                                                                            MD5

                                                                            39b55620195d7cc67a852b33cac35798

                                                                            SHA1

                                                                            dfb437d7c528619c6632d065516852e2303d5060

                                                                            SHA256

                                                                            0a69edabcc530d030a0ec9a49d47359fcaba736645ad6b9d535d20a5dd74dc69

                                                                            SHA512

                                                                            526daba7adf807e943aa5c51c696c63ab39c5bb356f2bd40a2f2c5ccd367082a6c32e3ae43bbd27e1a067493cff9cf9019c70e9c14f5c4c6d72a27c9d40689fc

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5b732380-92a7-489c-8874-21917586e90e.dmp
                                                                            Filesize

                                                                            826KB

                                                                            MD5

                                                                            bd13d254a4ea0bb40724fc26febc6b71

                                                                            SHA1

                                                                            1926649e6a654db5b158923a08c5a683a9443618

                                                                            SHA256

                                                                            415e237d6a05150394b8e4bc6624eff4ebcb81ecf8bf594ced4b1a67fc645711

                                                                            SHA512

                                                                            fc04263e5dcde0d27c74ae94b2d0049ee86d9c208485f01801a91ffab6aff362c8f43d6127dc7b58e315f2fae63dff68dce018fd8960dcd19cbe5e791cce16bb

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b35864cf-bb12-40e4-be17-f690e8b6abb8.dmp
                                                                            Filesize

                                                                            826KB

                                                                            MD5

                                                                            da3952e1f807bd803bb17cc9599fbd02

                                                                            SHA1

                                                                            2862a39cabc2db0907a85b021f35386a59fef8fa

                                                                            SHA256

                                                                            c57de37dea444248cbb84d51c75bd75bc5efb7e72e23bf026d81ff449d9e7385

                                                                            SHA512

                                                                            d800110caddb24311c003070d2a3c52175f7c0acde1d0220da356076e9fbaf74faeea72831683e5060eca1c1a3d6ff5e7dcc2dbc61ecd4accc97ce701d5d4c3a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ce19127f-eab8-4fb3-a53a-0c4cbc734a8b.dmp
                                                                            Filesize

                                                                            826KB

                                                                            MD5

                                                                            c58cd9288608e90c6ba1d6df158ed75a

                                                                            SHA1

                                                                            a3faf39eab0abeb2b981680300534efdb6dbb61f

                                                                            SHA256

                                                                            7aa7c4b12c2766e594342d40cdbb737aaf0ff062f89ade0911f50e775052a5a8

                                                                            SHA512

                                                                            4a40276d185b18a29d666890401d4f020150375e31b07eaa9610ba1ddb639656508baf94ca161d06c9f0329cd89d503aca1992cc935bd4c9033c2829f7daa67c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e577eba8-3126-4c15-8ce7-d9cd7ca535eb.dmp
                                                                            Filesize

                                                                            838KB

                                                                            MD5

                                                                            d6a088ffc6368deed7ee59b7bf0a1ef1

                                                                            SHA1

                                                                            1d1510ec3e2cf720a71661174f1ba21f07bbbdfd

                                                                            SHA256

                                                                            ab3b0346a1f39d04ed01ac09a5b4c7d2768f0679b4408836d4175066b6d89f9b

                                                                            SHA512

                                                                            0a562e023d987cb48405c37a4ea176f18dc9b35909fd75d4223b7876f96fd4fde3a6a5110680d34135634901bb6420ac72e1e70ceb3db26c1f72344a811de3c6

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                                                            SHA1

                                                                            010da169e15457c25bd80ef02d76a940c1210301

                                                                            SHA256

                                                                            6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                                                            SHA512

                                                                            e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            85ba073d7015b6ce7da19235a275f6da

                                                                            SHA1

                                                                            a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                                                            SHA256

                                                                            5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                                                            SHA512

                                                                            eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            7ebdabf96fce5d9fdb9dc864b47b4aee

                                                                            SHA1

                                                                            811460ab55225fd55975546213a828f96563f3c8

                                                                            SHA256

                                                                            9623b8f67e1a1b98e4b65c3cf66bac06805c2f4e34074c3bae941dbc72c9037f

                                                                            SHA512

                                                                            54c2ea2f6304b0f82f7ad4d81a24b080babb6da4bf6f7ea32e283fa609acc1fa0175537053d71ca7099c1d28ab0211e463201253617b977685cc6d659ca33003

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            096d480dd8aaacfb5879baa16b09a8cd

                                                                            SHA1

                                                                            1f176e2eea7fd2f141807367d5bb981b97e7aafb

                                                                            SHA256

                                                                            41c9619e486282eeb049aa500613af1c06a797b1520e842f256251289a9310c5

                                                                            SHA512

                                                                            5e23f0c60760892aba906fefdd74ed7f5c8984b00dbc12715ef50361da62400a3920f3c112386c476e0cbff367ac2573b08a4a08972e62586d293f43ce67d9f2

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            f50f89a0a91564d0b8a211f8921aa7de

                                                                            SHA1

                                                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                            SHA256

                                                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                            SHA512

                                                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            2aa337714475544e918dff23597eb2ec

                                                                            SHA1

                                                                            81e87aa72c4dc9a134ea753def333f66c2bdffd4

                                                                            SHA256

                                                                            6ce9cb6799d717c2b6d1a2334c3dfd0b44b7c8c45f978ac7a858e5c09b7e7ba9

                                                                            SHA512

                                                                            ca1bc90ca7d6a5eb43ec7d896c6b4e195c3dc972d4f4a11cac9edff56365f3113ed5b8b0aad93b2065c68350b84dae1f9923b9b403d855dbfff365974cb7ebb4

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99
                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            192a7c8d47983e1c2ed7ac66f09997c4

                                                                            SHA1

                                                                            19c250bbf0d51de91d20870425ab730a26329987

                                                                            SHA256

                                                                            51d95198805ca4b1b0a2a07a5658c61fd1fdb4644ab1703f7f2e65f34951efb2

                                                                            SHA512

                                                                            63b60cffcd8ac914b2d885d804c0eb2e65cd32440c084c6cb889b244f100315a3d568fb2dc43a7d1361c016cc46950af0695bf5718a9f7ede4650c4fee2da336

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\10000020101\JavUmar.exe
                                                                            Filesize

                                                                            6.4MB

                                                                            MD5

                                                                            331990a29afa36193295a7b63ea4e712

                                                                            SHA1

                                                                            5bd7935dccb305cad7c1f2026b8f6629eb2e61e4

                                                                            SHA256

                                                                            80c8797268cb88f5bef1791ccc88b62288763a27528709886e55175b9bd94487

                                                                            SHA512

                                                                            b7ce03289ec5339fcbe116538734ada73763fa18a42b3c95f63106bd0f85dc60111fc555eb6b5d6950d5b1fdd65f26cd4f5450bf82d330059d8184fafd52b4f2

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\10000061101\stail.exe
                                                                            Filesize

                                                                            5.3MB

                                                                            MD5

                                                                            dcf45a3386d6e8a1efa6b2040125c3ca

                                                                            SHA1

                                                                            6a7e356507bd3777b6cd9677627e31ce6be7d9cf

                                                                            SHA256

                                                                            e709b26315714057ce041823f8a63f38064790a4a2af8fa00a9b63ea19d82329

                                                                            SHA512

                                                                            c32ecdc9ec8aaab6c1fd12eff22e83b74f9300e66d9cdfce1f1cf182a944e54a9f4e1a3ee6508aadc7927691760faa89591da6ba8b4298e5eb5cd513bdad6ae8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe
                                                                            Filesize

                                                                            307KB

                                                                            MD5

                                                                            68a99cf42959dc6406af26e91d39f523

                                                                            SHA1

                                                                            f11db933a83400136dc992820f485e0b73f1b933

                                                                            SHA256

                                                                            c200ddb7b54f8fa4e3acb6671f5fa0a13d54bd41b978d13e336f0497f46244f3

                                                                            SHA512

                                                                            7342073378d188912b3e7c6be498055ddf48f04c8def8e87c630c69294bcfd0802280babe8f86b88eaed40e983bcf054e527f457bb941c584b6ea54ad0f0aa75

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000477001\Offnewhere.exe
                                                                            Filesize

                                                                            429KB

                                                                            MD5

                                                                            c07e06e76de584bcddd59073a4161dbb

                                                                            SHA1

                                                                            08954ac6f6cf51fd5d9d034060a9ae25a8448971

                                                                            SHA256

                                                                            cf67a50598ee170e0d8596f4e22f79cf70e1283b013c3e33e36094e1905ba8d9

                                                                            SHA512

                                                                            e92c9fcd0448591738daedb19e8225ff05da588b48d1f15479ec8af62acd3ea52b5d4ba3e3b0675c2aa1705185f5523dcafdf14137c6e2984588069a2e05309f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000817001\splwow64.exe
                                                                            Filesize

                                                                            1.2MB

                                                                            MD5

                                                                            5d97c2475c8a4d52e140ef4650d1028b

                                                                            SHA1

                                                                            da20d0a43d6f8db44ff8212875a7e0f7bb223223

                                                                            SHA256

                                                                            f34dd7ec6030b1879d60faa8705fa1668adc210ddd52bcb2b0c2406606c5bccf

                                                                            SHA512

                                                                            22c684b21d0a9eb2eaa47329832e8ee64b003cfb3a9a5d8b719445a8532b18aad913f84025a27c95296ebeb34920fa62d64f28145ccfa3aa7d82ba95381924ee

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000828001\new_v8.exe
                                                                            Filesize

                                                                            5.7MB

                                                                            MD5

                                                                            5009b1ef6619eca039925510d4fd51a1

                                                                            SHA1

                                                                            22626aa57e21291a995615f9f6bba083d8706764

                                                                            SHA256

                                                                            fbc8c32bf799a005c57540a2e85dd3662ed5795a55f11495f0ba569bbb09df59

                                                                            SHA512

                                                                            2b5bbd9449be00588058966db487c0adfac764827a6691f6a9fc6c3a770a93bda11c732d2eb2a3c660697cbc69b1c71a2bf76d2957f65cd2599fb28098b24f14

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000833001\fc1624fdd6.exe
                                                                            Filesize

                                                                            514KB

                                                                            MD5

                                                                            26d8d52bac8f4615861f39e118efa28d

                                                                            SHA1

                                                                            efd5a7ccd128ffe280af75ec8b3e465c989d9e35

                                                                            SHA256

                                                                            8521a1f4d523a2a9e7f8ddf01147e65e7f3ff54b268e9b40f91e07dc01fa148f

                                                                            SHA512

                                                                            1911a21d654e317fba50308007bb9d56fba2c19a545ef6dfaade17821b0f8fc48aa041c8a4a0339bee61cbd429852d561985e27c574eced716b2e937afa18733

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000857001\c7c17dbf17.exe
                                                                            Filesize

                                                                            2.9MB

                                                                            MD5

                                                                            956bb46804fdd8364dbb9a91bac72fac

                                                                            SHA1

                                                                            e1eb828050030effe8799a915dde5b5df94763ea

                                                                            SHA256

                                                                            82f48fee64e8a13ff7a4063f2769f7f82e738e060c19c1cb3349f8f4645049af

                                                                            SHA512

                                                                            15c33ccb73ca8fa114041469b57c2d4ceb173e0775b2d148bb8e39fc61e95720900b5aa87f3b24bba3d6f83dc6ad8aa7850929191b7c996e0e779cc73caf19c0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1000965001\GOLD1234.exe
                                                                            Filesize

                                                                            645KB

                                                                            MD5

                                                                            bdf3c509a0751d1697ba1b1b294fd579

                                                                            SHA1

                                                                            3a3457e5a8b41ed6f42b3197cff53c8ec50b4db2

                                                                            SHA256

                                                                            d3948ae31c42fcba5d9199e758d145ff74dad978c80179afb3148604c254be6d

                                                                            SHA512

                                                                            aa81ccbae9f622531003f1737d22872ae909b28359dfb94813a39d74bde757141d7543681793102a1dc3dcaecea27cffd0363de8bbb48434fcf8b6dafef320b3

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1001096001\RDX123456.exe
                                                                            Filesize

                                                                            327KB

                                                                            MD5

                                                                            fba8f56206955304b2a6207d9f5e8032

                                                                            SHA1

                                                                            f84cbcc3e34f4d2c8fea97c2562f937e1e20fe28

                                                                            SHA256

                                                                            11227ead147b4154c7bd21b75d7f130b498c9ad9b520ca1814c5d6a688c89b1b

                                                                            SHA512

                                                                            56e3a0823a7abe08e1c9918d8fa32c574208b462b423ab6bde03345c654b75785fdc3180580c0d55280644b3a9574983e925f2125c2d340cf5e96b98237e99fa

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1001527001\yxrd0ob7.exe
                                                                            Filesize

                                                                            731KB

                                                                            MD5

                                                                            98d80ccce4381776207b8a09f7cf0c11

                                                                            SHA1

                                                                            d5d98427cfd1108ceb60354f5d2bbb0c564eda93

                                                                            SHA256

                                                                            963a20f6631013a1c9b0f17a3d15ed9546dae5b5f347789dbde36d02a51ee3de

                                                                            SHA512

                                                                            ee6ab1686b48565a10bed17451d37273234f6c55c2e2b990521547453a09d27574077a7c88f9750d83dd9b6b51c109248f67b3d4c0f662ed9c9a63806f02d1ee

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1001567001\hhnjqu9y.exe
                                                                            Filesize

                                                                            3.4MB

                                                                            MD5

                                                                            b45668e08c03024f2432ff332c319131

                                                                            SHA1

                                                                            4bef9109eaeace4107c47858eef2d9d3487e45f0

                                                                            SHA256

                                                                            4b5a876b1c230b28c0862d5f8158b3657016709855bf3329d8fea6cada3adbfe

                                                                            SHA512

                                                                            538c8471fc0313e68885d4d09140ec3e3374af3464af626195b6387a67b9bae9c3c9fd369d9dc7965decc182d13e8bbf95b4cf96b5ffc78af5d7904d59325bbc

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1001580001\fe9d6329c6.exe
                                                                            Filesize

                                                                            2.0MB

                                                                            MD5

                                                                            cd75adb80b6ccafd5db77b4673cdd49e

                                                                            SHA1

                                                                            fff32ec01216b9a57bd7f0efabaabc75808ce6b3

                                                                            SHA256

                                                                            7a9b9f8c6f5f16844845028f7af75bdc6c01f6c4b5a9dd8e7e23b17b849e505f

                                                                            SHA512

                                                                            8fc685088bdfb721a24db108ea20ebcafceeaf1447408d9bf733fdcd95e25037725eff4cefe3e22322f1d7c1ed53403633f2434bfe65e0bf03595cbe8684a080

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1001581001\ba12fa7b10.exe
                                                                            Filesize

                                                                            2.9MB

                                                                            MD5

                                                                            84d305a4e3cb0a81a05d22a32ac9faca

                                                                            SHA1

                                                                            3645fb6bc1c5bcbe8acac6f9992d5eaa69d8bf3e

                                                                            SHA256

                                                                            e2c0d740a1981a8460a07e21eb35c1a926e3f38fa8e2465e493cecfd833ce26f

                                                                            SHA512

                                                                            0dd7a37aa67db07b605786d47d00d4dd83870e1c31dbc63e469bb79ad04ec7f45d33324d126115758b3f989ed52d3e9b732095ee2932decf763ea7bf6c0684e2

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1003303001\0e606ee63b.exe
                                                                            Filesize

                                                                            898KB

                                                                            MD5

                                                                            9a39e037c2e8630e68a0a5a95eb45528

                                                                            SHA1

                                                                            222f3657ee4d2505c16122b5d13900fb28bd33ff

                                                                            SHA256

                                                                            60c273053a91936dc76db7bb2775d033cf17400210628c09a6425a4c7f06c721

                                                                            SHA512

                                                                            14fd4e5a4f4eee9732b91786bfb675efed796352513504b3f1c5036a80f6d5047639164370cbcb59b4edfc451ce6eb92966cc9f4d235056b369961b75ee18e09

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\1003304001\b9198095d7.exe
                                                                            Filesize

                                                                            2.7MB

                                                                            MD5

                                                                            ee76aa4338131cc2c03d9c47c25162a1

                                                                            SHA1

                                                                            b61218066588e37b144ec6cf801bc52f8fb9242e

                                                                            SHA256

                                                                            ada0b19b299c6dfac92d888d3f7cf2bbbf53bbeb6e76eb23c7d3747e1b94bc9f

                                                                            SHA512

                                                                            f838ac7a1b94fa914d693a6eb05dac7b761cc8a7abfa7cde9aa6c8e5792b37a3455bd288bb330a1c2b5291766ccca71187b2ff36c7543c9bf459b54b8f633809

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\197036\Jurisdiction.pif
                                                                            Filesize

                                                                            872KB

                                                                            MD5

                                                                            18ce19b57f43ce0a5af149c96aecc685

                                                                            SHA1

                                                                            1bd5ca29fc35fc8ac346f23b155337c5b28bbc36

                                                                            SHA256

                                                                            d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd

                                                                            SHA512

                                                                            a0c58f04dfb49272a2b6f1e8ce3f541a030a6c7a09bb040e660fc4cd9892ca3ac39cf3d6754c125f7cd1987d1fca01640a153519b4e2eb3e3b4b8c9dc1480558

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\197036\T
                                                                            Filesize

                                                                            580KB

                                                                            MD5

                                                                            4b0812fabc1ba34d8d45d28180f6c75f

                                                                            SHA1

                                                                            b9d99c00a6f9d5f23e244cc0555f82a7d0eeb950

                                                                            SHA256

                                                                            73312c3ea63faf89e2067e034a9148bf73efb5140c1ba6a67aaf62170ee98103

                                                                            SHA512

                                                                            7f72ffd39f7b66ea701ec642a427c90f9c3ee9be69a3e431c492be76ae9a73e8b2b1fbb16553a5a6d8722baf30b2a392a47c7c998d618459bf398d47d218d158

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\350944739639
                                                                            Filesize

                                                                            77KB

                                                                            MD5

                                                                            31ab3d322792073a745e87839d41aa28

                                                                            SHA1

                                                                            5ea1ceb01dfd738acb3c42d5ccf926652b2f4fd4

                                                                            SHA256

                                                                            5b994336f3cb51aaeecf088ad74b4d777bc287734f51bcfac562342436a57188

                                                                            SHA512

                                                                            02bf31eec753e1b424432ab862c94d8410a8fc8e5e4ccd6bf9ba19956eea729b0ff9059fe2bbed3633cfdfe94bf8d778bbeafd3719a252b91fa7b5e0a27f1037

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            a53a554301475205830875c9f876f132

                                                                            SHA1

                                                                            4e7e89c4a4c251b755a0c6549e6385b9e0e21c86

                                                                            SHA256

                                                                            03f7b84ec50050cb78882d7d568811f38fdf7586ecf528938d8653829c22cfc0

                                                                            SHA512

                                                                            a1e0c21205bcb2a149efa95d43544f8dee2a52a3bccc6036f541cb3d183fd1fea9eacf482e1b862f22d5d4b0e624d1540cc6408682addeea4baae496ef1d481e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Beijing.bat
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            2a84a77ad125a30e442d57c63c18e00e

                                                                            SHA1

                                                                            68567ee0d279087a12374c10a8b7981f401b20b8

                                                                            SHA256

                                                                            0c6ead18e99077a5dde401987a0674b156c07ccf9b7796768df8e881923e1769

                                                                            SHA512

                                                                            9d6a720f970f8d24ed4c74bed25c5e21c90191930b0cc7e310c8dd45f6ed7a0b3d9b3abbd8f0b4979f992c90630d215b1852b3242c5d0a6e7a42ecef03c0076a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Fitting
                                                                            Filesize

                                                                            62KB

                                                                            MD5

                                                                            46a51002cdbe912d860ce08c83c0376b

                                                                            SHA1

                                                                            6d0ae63850bd8d5c86e45cba938609a7f051f59b

                                                                            SHA256

                                                                            18070c4700df6609e096f2e79f353844e3e98c9aacca69919a8baeb9f9890017

                                                                            SHA512

                                                                            ed7c8d09e305687dc687ab23f6a83692232677c120836c8f4b876c4dfa867b47e29684e7e1c7973f6c29eeed1b8530b96f609a6111dde36d94f6657c9b5a4e44

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Molecular
                                                                            Filesize

                                                                            69KB

                                                                            MD5

                                                                            8ca4bbb4e4ddf045ff547cb2d438615c

                                                                            SHA1

                                                                            3e2fc0fdc0359a08c7782f44a5ccebf3a52b5152

                                                                            SHA256

                                                                            4e4bb4aa1f996e96db8e18e4f2a6576673c00b76126f846ba821b4cd3998afed

                                                                            SHA512

                                                                            b45ed05fa6d846c0a38cefcd5d256fdee997b9010bc249a34d830953100ca779ab88547353cc8badaf2908f59ff3a8c780f7cac189c0f549246feb504ecb5af9

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Mtv
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            f3d7abb7a7c91203886dd0f2df4fc0d6

                                                                            SHA1

                                                                            60ffbb095fceeb2ea2b9e65355e9dbf1de736d6c

                                                                            SHA256

                                                                            5867350b8ad8bb5d83111aed8b296b8c28328ba72b5bedb0cbeb99b3dc600cb3

                                                                            SHA512

                                                                            9af80787c63fa7de9a22eea3d1f13d25ff1558ed95321a8178da734dce5126f0b7322f13cddd40c1bc67b65140f684a190dd117247f06600a07db97b015aa367

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\See
                                                                            Filesize

                                                                            58KB

                                                                            MD5

                                                                            84c831b7996dfc78c7e4902ad97e8179

                                                                            SHA1

                                                                            739c580a19561b6cde4432a002a502bea9f32754

                                                                            SHA256

                                                                            1ac7db51182a2fc38e7831a67d3ff4e08911e4fca81a9f2aa0b7c7e393cc2575

                                                                            SHA512

                                                                            ae8e53499535938352660db161c768482438f5f6f5afb632ce7ae2e28d9c547fcf4ed939dd136e17c05ed14711368bdd6f3d4ae2e3f0d78a21790b0955745991

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Spirit
                                                                            Filesize

                                                                            80KB

                                                                            MD5

                                                                            0814e2558c8e63169d393fac20c668f9

                                                                            SHA1

                                                                            52e8b77554cc098410408668e3d4f127fa02d8bd

                                                                            SHA256

                                                                            cfdc18b19fe2c0f099fd9f733fe4494aa25b2828d735c226d06c654694fcf96d

                                                                            SHA512

                                                                            80e70a6eb57df698fe85d4599645c71678a76340380d880e108b391c922adadf42721df5aa994fcfb293ab90e7b04ff3d595736354b93fcb6b5111e90b475319

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Sponsorship
                                                                            Filesize

                                                                            71KB

                                                                            MD5

                                                                            6785e2e985143a33c5c3557788f12a2b

                                                                            SHA1

                                                                            7a86e94bc7bc10bd8dd54ade696e10a0ae5b4bf0

                                                                            SHA256

                                                                            66bbe1741f98dbb750aa82a19bc7b5dc1cdbecf31f0d9ddb03ff7cf489f318c7

                                                                            SHA512

                                                                            3edad611d150c99dbb24a169967cc31e1d3942c3f77b3af2de621a6912356400c8003b1c99a7236b6bed65bd136d683414e96c698eabd33d66d7ab231cdfee91

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Sweet
                                                                            Filesize

                                                                            865KB

                                                                            MD5

                                                                            6cee6bd1b0b8230a1c792a0e8f72f7eb

                                                                            SHA1

                                                                            66a7d26ed56924f31e681c1af47d6978d1d6e4e8

                                                                            SHA256

                                                                            08ac328ad30dfc0715f8692b9290d7ac55ce93755c9aca17f1b787b6e96667ab

                                                                            SHA512

                                                                            4d78417accf1378194e4f58d552a1ea324747bdec41b3c59a6784ee767f863853eebafe2f2bc6315549bddc4d7dc7ce42c42ff7f383b96ae400cac8cf4c64193

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Twisted
                                                                            Filesize

                                                                            95KB

                                                                            MD5

                                                                            ba8c4239470d59c50a35a25b7950187f

                                                                            SHA1

                                                                            855a8f85182dd03f79787147b73ae5ed61fb8d7b

                                                                            SHA256

                                                                            a6272116dc959a3197a969923f85c000a1388b0a02df633dec59b7273bdb421b

                                                                            SHA512

                                                                            1e6d42c249d206815000cc85d5216d13729246e114647d8ccf174b9bd679530b6b39dfab2bfcc5d957cc0778a8cf029e544228978682fa285c5e3f9564c2eaf0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Various
                                                                            Filesize

                                                                            92KB

                                                                            MD5

                                                                            2759c67bccd900a1689d627f38f0a635

                                                                            SHA1

                                                                            d71b170715ed2b304167545af2bd42834ccf1881

                                                                            SHA256

                                                                            510cfd9523a0f8462e8cbdcbbf1afccf2aa69a9153472ee48fd28ad4fe06ca05

                                                                            SHA512

                                                                            aa9e26ad8824ed2ca8bf45c24939e305660cbc19f821a84a7407a16f91d71b2eb9daba9059d379908f17c9e5a17c0c3e873e5cd7350ee8715e45b2b3eff2531e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\Witch
                                                                            Filesize

                                                                            53KB

                                                                            MD5

                                                                            79156afddd310be36f037a8f0708a794

                                                                            SHA1

                                                                            09ef36ae22b5eab65d1f62166542601b8919399d

                                                                            SHA256

                                                                            7faaf10d09a27842330725e6510d2754487c5b69bd40e11181dd75b03df61503

                                                                            SHA512

                                                                            d1449126f2365f607a390e3b6fecb3be100bff9fae1a773cf5815cab29eeb72ab4e341022bde9de653fd62ede0fb0c26d9010e524d87060aa364bf92a14e9d01

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rmdq1xsl.ctu.ps1
                                                                            Filesize

                                                                            60B

                                                                            MD5

                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                            SHA1

                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                            SHA256

                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                            SHA512

                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            861e6c96d6bdbcfe69e15c7345d33e62

                                                                            SHA1

                                                                            a9c27f4a3417618b7eb88c1502884f326c65eb20

                                                                            SHA256

                                                                            a35a2ffe71f72a280bb31cbf25b01fdbb31c1491bcdc054bd56c18ec04ce1317

                                                                            SHA512

                                                                            63032633248f22062c3a9280bc4097883c70bac27639479f8d27c0dc58b45fd744be87d154079f8608825209efe11ef3872ce7507e09663c6a7dda34b4aa2215

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\is-7SSR2.tmp\_isetup\_iscrypt.dll
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            a69559718ab506675e907fe49deb71e9

                                                                            SHA1

                                                                            bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                                                            SHA256

                                                                            2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                                                            SHA512

                                                                            e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\is-S64O3.tmp\stail.tmp
                                                                            Filesize

                                                                            690KB

                                                                            MD5

                                                                            aa4c6a433329f72ad8b338f73bab7738

                                                                            SHA1

                                                                            50f3dff83ca91ceb667de82f80be1e15f8daae2f

                                                                            SHA256

                                                                            94c50a23774a7953c7b916c8726fb36143437b0308c57283a1f72eebf6ed6bab

                                                                            SHA512

                                                                            53bcda0eb56def8bb22659c51862aadda178e2c51c174cd06ed79b270f417a4f3712c186988c36d2643753a50722ca78c54cf44a46377bbb6900135fe6f5ff83

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                            Filesize

                                                                            479KB

                                                                            MD5

                                                                            09372174e83dbbf696ee732fd2e875bb

                                                                            SHA1

                                                                            ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                            SHA256

                                                                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                            SHA512

                                                                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                            Filesize

                                                                            13.8MB

                                                                            MD5

                                                                            0a8747a2ac9ac08ae9508f36c6d75692

                                                                            SHA1

                                                                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                            SHA256

                                                                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                            SHA512

                                                                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            f486efde7413782bead5a8a7ad64885c

                                                                            SHA1

                                                                            61ed45aaf998e4eb1205c3f7b98e8fa785e0aeb7

                                                                            SHA256

                                                                            12657d60841e6d5b9fb6efa4c618f326c77cef13d647e1f8215e24260f3eb78a

                                                                            SHA512

                                                                            e61739f791e6b58f2f01d7000b92c52fdb198304990d00cfade7423c69c70e9ba826b33e1d9ad650050012c9bebdbef34355f0d0ebae8a6800d88b3b0cd46d77

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            9ba3669a5faebd80a7b8b391fa24fff4

                                                                            SHA1

                                                                            8183edd9782ace68de30a009aee9859d12f1d8a8

                                                                            SHA256

                                                                            39a946746223327ca6ed1aeb617553373b89f0828588ab9967ff5a1d3c97af4b

                                                                            SHA512

                                                                            2adcb490134105247eb471929550c72fcffac68937125e5a4c9146385f5d976c2ad362899fbdcad5e8d3d7b1670bb4bbea9918a905c95f00da5a3fbf9ba38dd0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            09891d60b87ca0714a38619b7b152875

                                                                            SHA1

                                                                            e9531ab149a6b8cdafb3289db4a926e9e7cef05c

                                                                            SHA256

                                                                            97d41a5b305c17348dc63ba275d491096e4afe5f4597e3c04e8b4152ee823cb2

                                                                            SHA512

                                                                            0f52eba423f704f93d7b144eacad0b4a03e53d50924851f40e1f03e2be804aa5a3bf17416ad474bff4947154404cae17d509cac85ba0e8010b099cf28bd4297c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            6fffccd8459ea9af0cc2e5d7f342c6e2

                                                                            SHA1

                                                                            9f3a22ec19bb5b9db66a3b56afcc12bb5111456c

                                                                            SHA256

                                                                            802c9e85783efee3ac3833f3f247bafbf3cc43f041b9b30c0af4782b826f7ce2

                                                                            SHA512

                                                                            630b2669561ccbdf5d7aa502bbcbb24ce2cb92e5322d27037277e39a86eb30a9b6b16bc57c7cb3c59b2c2f57d3139e279d42ae4d26fc32977a64e681b0a71c40

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\41b6c51f-c974-417b-b7fd-5ebaf9acb107
                                                                            Filesize

                                                                            659B

                                                                            MD5

                                                                            5d11967ae962b1fff372ae1441ea6c2a

                                                                            SHA1

                                                                            6293b701c116ea2c6d4839a27f34083c584fef52

                                                                            SHA256

                                                                            cdb7c6ea76efc26b865882cec35c25858b53a77b87fc50cf1aa5884d4ccd8ea6

                                                                            SHA512

                                                                            90946ceb1af5f8474ebf9db3cf892724b2510265fb5d1e11fcb547d751cfb6bda92fce1b0aa45f86a11b12ee51fb8d5a7b844989e179819bc9768dcdb14bdaf8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\97131735-8a47-4ecd-a11e-f743fa12026b
                                                                            Filesize

                                                                            982B

                                                                            MD5

                                                                            154be54cbc3b639ed0c932edef13472c

                                                                            SHA1

                                                                            bff8b7cbf7bd8cc09a22c3d79c0cbd638ca17231

                                                                            SHA256

                                                                            5e961733f1189a95c6500421fd376f6819007b7f282b5382434f9460d4b35dd8

                                                                            SHA512

                                                                            8d6e0da90d57c6a7dbab7f8801414dcdafaa00ceafabdc53d43378af21dde58aad52628834ae02cd265c8a679c4fbdecfe92249301f0d09cec5e925f06724ee5

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                            Filesize

                                                                            1.1MB

                                                                            MD5

                                                                            842039753bf41fa5e11b3a1383061a87

                                                                            SHA1

                                                                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                            SHA256

                                                                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                            SHA512

                                                                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                            Filesize

                                                                            116B

                                                                            MD5

                                                                            2a461e9eb87fd1955cea740a3444ee7a

                                                                            SHA1

                                                                            b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                            SHA256

                                                                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                            SHA512

                                                                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                            Filesize

                                                                            372B

                                                                            MD5

                                                                            bf957ad58b55f64219ab3f793e374316

                                                                            SHA1

                                                                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                            SHA256

                                                                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                            SHA512

                                                                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                            Filesize

                                                                            17.8MB

                                                                            MD5

                                                                            daf7ef3acccab478aaa7d6dc1c60f865

                                                                            SHA1

                                                                            f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                            SHA256

                                                                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                            SHA512

                                                                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            c066e027b4be46d9a95deda20002a2bb

                                                                            SHA1

                                                                            3cce33087b3ac1cb5b8bb24d782b94ad67416452

                                                                            SHA256

                                                                            726c029c0e6be8aa85c7adad93615e3af7385be70c0c360492cc92dcec731d6c

                                                                            SHA512

                                                                            e53e6056c8abb3f2f03a8da301e9d3095a1ae212393b67e7bb5e76fd384e8a60f4ee04ee2faf48ccfde9f5dd3a9eec759aef2db8dadec643042ee73e0a0ecd9c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js
                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            060a200b7ba23c10745be25f5ab54157

                                                                            SHA1

                                                                            aa3855936a19ca51d0202c25dc6909911cc196d8

                                                                            SHA256

                                                                            87f993965702a25c528c41ba8a4a0fd21960bce8df787188fc2995f09b0e6537

                                                                            SHA512

                                                                            210908302a1a8ba561d6f3cd866b3bb0df11f276035dcbc7cd07755cce91c1c36ac45bf3afc34db84448530595aba980398d24c633659c74dafadc69c49c370d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js
                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            76bd8fdb41060139ef58ff8818e2ad0b

                                                                            SHA1

                                                                            dbde411f5a513a3570dde7eb0099ed4d7d1ce697

                                                                            SHA256

                                                                            261da9e0feda48db951c09fdd616a2c2e555ddc11e68f209de2abda32414c859

                                                                            SHA512

                                                                            091dceef8391b1243b5974c9993fe56e0b61f6b0ef482a1af59b5ba5763ea308330fa3adef2b1ba0640114e7a5173f65de352276b30cfaad8a961113aed6b996

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            908050c5d50a3779e4c446a4c95cd344

                                                                            SHA1

                                                                            f4e2fcee228cd62e5fdc6d6091b84562e99bd157

                                                                            SHA256

                                                                            0262a3f23986ad620e49dfc38fb8b0852f1a0f31ed41ec4a0c8ebff76f6b1d06

                                                                            SHA512

                                                                            8c0a06d1788de384041154b2bfad9bc3a9e65118e89f18b055843a20a8d204f016022bb74674846c8be5aebcc070e3b6471d98ccf237874937c1e16961cf281b

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                            Filesize

                                                                            2.9MB

                                                                            MD5

                                                                            1b402304e58b2ccaf075dc0a47e2addc

                                                                            SHA1

                                                                            93645434bafc931d97cf2d00dd9f881bae6c510c

                                                                            SHA256

                                                                            7f5384d570d8e61b895e3fce8f3cd1b8d4867760ac22cee92b6da41a2fa2fbeb

                                                                            SHA512

                                                                            b1bb65600266a37c6b14426f8828d4c0de1b74653a3bd538f295ddbceb7d38ccf03040e7f25dacc9f507817bb8050bdc322f3b2e7bc6dadb01aac97297e082ae

                                                                            Download Submit

                                                                          • memory/404-1012-0x0000000000400000-0x00000000004BC000-memory.dmp

                                                                            Filesize

                                                                            752KB

                                                                            Download

                                                                          • memory/408-36-0x00000000003B0000-0x0000000000611000-memory.dmp

                                                                            Filesize

                                                                            2.4MB

                                                                            Download

                                                                          • memory/408-483-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                            Filesize

                                                                            972KB

                                                                            Download

                                                                          • memory/408-784-0x00000000003B0000-0x0000000000611000-memory.dmp

                                                                            Filesize

                                                                            2.4MB

                                                                            Download

                                                                          • memory/1460-18-0x0000000000030000-0x00000000004DF000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/1460-1-0x00000000776C4000-0x00000000776C6000-memory.dmp

                                                                            Filesize

                                                                            8KB

                                                                            Download

                                                                          • memory/1460-2-0x0000000000031000-0x000000000005F000-memory.dmp

                                                                            Filesize

                                                                            184KB

                                                                            Download

                                                                          • memory/1460-3-0x0000000000030000-0x00000000004DF000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/1460-4-0x0000000000030000-0x00000000004DF000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/1460-0-0x0000000000030000-0x00000000004DF000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/1856-1703-0x0000000000DF0000-0x00000000010A6000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/1856-1876-0x0000000000DF0000-0x00000000010A6000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/1856-1867-0x0000000000DF0000-0x00000000010A6000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/1856-1702-0x0000000000DF0000-0x00000000010A6000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/1856-1522-0x0000000000DF0000-0x00000000010A6000-memory.dmp

                                                                            Filesize

                                                                            2.7MB

                                                                            Download

                                                                          • memory/1924-1075-0x0000000000C10000-0x0000000000F2A000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download

                                                                          • memory/1924-1105-0x0000000000C10000-0x0000000000F2A000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download

                                                                          • memory/2068-785-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-789-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-788-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-792-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-790-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-787-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2068-786-0x00000000001B0000-0x0000000000223000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/2424-843-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                            Filesize

                                                                            80KB

                                                                            Download

                                                                          • memory/2424-1011-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                            Filesize

                                                                            80KB

                                                                            Download

                                                                          • memory/2924-738-0x00000000009D0000-0x0000000001285000-memory.dmp

                                                                            Filesize

                                                                            8.7MB

                                                                            Download

                                                                          • memory/3180-800-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3180-799-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3324-1467-0x0000000000480000-0x000000000091C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/3324-1432-0x0000000000480000-0x000000000091C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/3580-1493-0x0000000000480000-0x000000000091C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/3580-1488-0x0000000000480000-0x000000000091C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/3732-783-0x000000001CDA0000-0x000000001CE22000-memory.dmp

                                                                            Filesize

                                                                            520KB

                                                                            Download

                                                                          • memory/3732-764-0x0000000000F30000-0x0000000000FB6000-memory.dmp

                                                                            Filesize

                                                                            536KB

                                                                            Download

                                                                          • memory/3776-802-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-66-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-16-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-65-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-19-0x00000000006D1000-0x00000000006FF000-memory.dmp

                                                                            Filesize

                                                                            184KB

                                                                            Download

                                                                          • memory/3776-53-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-1030-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-957-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-737-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-67-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-21-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-20-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-518-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/3776-694-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/4060-949-0x0000000000400000-0x0000000000473000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/4060-951-0x0000000000400000-0x0000000000473000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/4060-946-0x0000000000400000-0x0000000000473000-memory.dmp

                                                                            Filesize

                                                                            460KB

                                                                            Download

                                                                          • memory/4344-791-0x00000000004D0000-0x0000000000B48000-memory.dmp

                                                                            Filesize

                                                                            6.5MB

                                                                            Download

                                                                          • memory/4344-976-0x0000000069CC0000-0x000000006A71B000-memory.dmp

                                                                            Filesize

                                                                            10.4MB

                                                                            Download

                                                                          • memory/4344-1008-0x00000000004D0000-0x0000000000B48000-memory.dmp

                                                                            Filesize

                                                                            6.5MB

                                                                            Download

                                                                          • memory/4504-956-0x0000000000AB0000-0x0000000000DC3000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download

                                                                          • memory/4504-825-0x0000000000AB0000-0x0000000000DC3000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download

                                                                          • memory/4652-1033-0x0000000000400000-0x000000000045E000-memory.dmp

                                                                            Filesize

                                                                            376KB

                                                                            Download

                                                                          • memory/4652-1031-0x0000000000400000-0x000000000045E000-memory.dmp

                                                                            Filesize

                                                                            376KB

                                                                            Download

                                                                          • memory/4660-1881-0x0000000000150000-0x00000000009CE000-memory.dmp

                                                                            Filesize

                                                                            8.5MB

                                                                            Download

                                                                          • memory/4660-1406-0x0000000005380000-0x00000000053A2000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                            Download

                                                                          • memory/4660-1003-0x0000000000150000-0x00000000009CE000-memory.dmp

                                                                            Filesize

                                                                            8.5MB

                                                                            Download

                                                                          • memory/4660-1007-0x0000000000150000-0x00000000009CE000-memory.dmp

                                                                            Filesize

                                                                            8.5MB

                                                                            Download

                                                                          • memory/4660-1009-0x00000000053E0000-0x000000000547C000-memory.dmp

                                                                            Filesize

                                                                            624KB

                                                                            Download

                                                                          • memory/4660-1010-0x0000000005A30000-0x0000000005FD4000-memory.dmp

                                                                            Filesize

                                                                            5.6MB

                                                                            Download

                                                                          • memory/4660-1097-0x0000000000150000-0x00000000009CE000-memory.dmp

                                                                            Filesize

                                                                            8.5MB

                                                                            Download

                                                                          • memory/4660-1405-0x00000000056F0000-0x0000000005830000-memory.dmp

                                                                            Filesize

                                                                            1.2MB

                                                                            Download

                                                                          • memory/4768-1431-0x0000000000BD0000-0x000000000106C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/4768-1417-0x0000000000BD0000-0x000000000106C000-memory.dmp

                                                                            Filesize

                                                                            4.6MB

                                                                            Download

                                                                          • memory/4792-932-0x0000000000400000-0x000000000088C000-memory.dmp

                                                                            Filesize

                                                                            4.5MB

                                                                            Download

                                                                          • memory/4792-933-0x0000000000400000-0x000000000088C000-memory.dmp

                                                                            Filesize

                                                                            4.5MB

                                                                            Download

                                                                          • memory/4792-2032-0x0000000000400000-0x000000000088C000-memory.dmp

                                                                            Filesize

                                                                            4.5MB

                                                                            Download

                                                                          • memory/4792-1028-0x0000000000400000-0x000000000088C000-memory.dmp

                                                                            Filesize

                                                                            4.5MB

                                                                            Download

                                                                          • memory/4804-1419-0x0000000000B60000-0x0000000001291000-memory.dmp

                                                                            Filesize

                                                                            7.2MB

                                                                            Download

                                                                          • memory/4804-1029-0x0000000000B60000-0x0000000001291000-memory.dmp

                                                                            Filesize

                                                                            7.2MB

                                                                            Download

                                                                          • memory/4804-1112-0x0000000000B60000-0x0000000001291000-memory.dmp

                                                                            Filesize

                                                                            7.2MB

                                                                            Download

                                                                          • memory/4984-973-0x0000000000400000-0x000000000045E000-memory.dmp

                                                                            Filesize

                                                                            376KB

                                                                            Download

                                                                          • memory/4984-975-0x0000000000400000-0x000000000045E000-memory.dmp

                                                                            Filesize

                                                                            376KB

                                                                            Download

                                                                          • memory/5028-1492-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5028-1489-0x00000000006D0000-0x0000000000B7F000-memory.dmp

                                                                            Filesize

                                                                            4.7MB

                                                                            Download

                                                                          • memory/5592-1462-0x0000000000690000-0x0000000000DC1000-memory.dmp

                                                                            Filesize

                                                                            7.2MB

                                                                            Download

                                                                          • memory/5592-1465-0x0000000000690000-0x0000000000DC1000-memory.dmp

                                                                            Filesize

                                                                            7.2MB

                                                                            Download

                                                                          • memory/5664-1885-0x0000000005880000-0x00000000058E6000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                            Download

                                                                          • memory/5664-1900-0x0000000005EC0000-0x0000000005EDE000-memory.dmp

                                                                            Filesize

                                                                            120KB

                                                                            Download

                                                                          • memory/5664-1895-0x0000000005AE0000-0x0000000005E34000-memory.dmp

                                                                            Filesize

                                                                            3.3MB

                                                                            Download

                                                                          • memory/5664-1880-0x0000000004920000-0x0000000004956000-memory.dmp

                                                                            Filesize

                                                                            216KB

                                                                            Download

                                                                          • memory/5664-1901-0x0000000005EF0000-0x0000000005F3C000-memory.dmp

                                                                            Filesize

                                                                            304KB

                                                                            Download

                                                                          • memory/5664-1884-0x0000000005810000-0x0000000005876000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                            Download

                                                                          • memory/5664-1883-0x0000000004E10000-0x0000000004E32000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                            Download

                                                                          • memory/5664-1882-0x00000000050E0000-0x0000000005708000-memory.dmp

                                                                            Filesize

                                                                            6.2MB

                                                                            Download

                                                                          • memory/5664-1904-0x0000000006440000-0x0000000006462000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                            Download

                                                                          • memory/5664-1903-0x00000000063C0000-0x00000000063DA000-memory.dmp

                                                                            Filesize

                                                                            104KB

                                                                            Download

                                                                          • memory/5664-1902-0x0000000007070000-0x0000000007106000-memory.dmp

                                                                            Filesize

                                                                            600KB

                                                                            Download

                                                                          • memory/5772-1446-0x0000000000E20000-0x000000000113A000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download

                                                                          • memory/5772-1448-0x0000000000E20000-0x000000000113A000-memory.dmp

                                                                            Filesize

                                                                            3.1MB

                                                                            Download