hxxps://drive[.]google[.]com/file/d/1LtRfa9VF03BsbCoRfpKvrhwZYc6lPmkP/view?usp=sharing

Analysis

max time kernel
473s
max time network
475s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
11-11-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1LtRfa9VF03BsbCoRfpKvrhwZYc6lPmkP/view?usp=sharing

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
5748	7z2408-x64.exe
5464	7zG.exe
1584	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
2704	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
4368	Serum_x64.exe
4872	7zG.exe
6104	7zG.exe

Loads dropped DLL 5 IoCs

pid	Process
3536	Process not Found
5464	7zG.exe
4368	Serum_x64.exe
4872	7zG.exe
6104	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\Xfer Records\Serum	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\is-H0U4F.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-1MAEM.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\x86_64-win\is-G3608.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\is-TF03M.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Vstplugins\Xfer\is-O94KB.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\Vstplugins\Xfer\SerumFX_x64.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File created	C:\Program Files\Xfer Records\Serum\is-QMRT5.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Vstplugins\Xfer\Serum.dll	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\Vstplugins\Xfer	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File created	C:\Program Files\Common Files\VST3\Xfer\is-F30PN.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\is-6NDIF.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\is-S0006.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\Resources\Snapshots\is-OGFUF.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File created	C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\Contents\x64\is-7S5GE.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\is-G1TII.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\Xfer Records\Serum\unins000.dat	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File created	C:\Program Files\Common Files\VST3\Xfer\SerumFX.vst3\Contents\Resources\Snapshots\is-IR4MO.tmp	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 19766.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
4436	msedge.exe
4436	msedge.exe
5220	identity_helper.exe
5220	identity_helper.exe
320	msedge.exe
320	msedge.exe
5572	msedge.exe
5572	msedge.exe
2704	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
2704	Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeRestorePrivilege	5464	7zG.exe
Token: 35	5464	7zG.exe
Token: SeSecurityPrivilege	5464	7zG.exe
Token: SeSecurityPrivilege	5464	7zG.exe
Token: SeRestorePrivilege	4872	7zG.exe
Token: 35	4872	7zG.exe
Token: SeSecurityPrivilege	4872	7zG.exe
Token: SeSecurityPrivilege	4872	7zG.exe
Token: SeRestorePrivilege	6104	7zG.exe
Token: 35	6104	7zG.exe
Token: SeSecurityPrivilege	6104	7zG.exe
Token: SeSecurityPrivilege	6104	7zG.exe
Token: SeDebugPrivilege	5232	firefox.exe
Token: SeDebugPrivilege	5232	firefox.exe
Token: SeDebugPrivilege	5232	firefox.exe
Token: SeDebugPrivilege	5232	firefox.exe
Token: SeDebugPrivilege	5232	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5748	7z2408-x64.exe
4368	Serum_x64.exe
4368	Serum_x64.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe
5232	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 2816	4436	msedge.exe	82
PID 4436 wrote to memory of 2816	4436	msedge.exe	82
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 808	4436	msedge.exe	83
PID 4436 wrote to memory of 3676	4436	msedge.exe	84
PID 4436 wrote to memory of 3676	4436	msedge.exe	84
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85
PID 4436 wrote to memory of 3812	4436	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1LtRfa9VF03BsbCoRfpKvrhwZYc6lPmkP/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9a64a46f8,0x7ff9a64a4708,0x7ff9a64a4718
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x16c,0x164,0x104,0x168,0x7ff6fd555460,0x7ff6fd555470,0x7ff6fd555480
    3⤵
    PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7324 /prefetch:8
  2⤵
  PID:4684
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,15354022444159603773,6264198264133500591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap11950:124:7zEvent15296
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:5464

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5340

C:\Users\Admin\Desktop\Xfer Records Serum v1.368 WIN-TCD\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe
"C:\Users\Admin\Desktop\Xfer Records Serum v1.368 WIN-TCD\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1584
- C:\Users\Admin\AppData\Local\Temp\is-9VVK7.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9VVK7.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp" /SL5="$100044,202760713,792576,C:\Users\Admin\Desktop\Xfer Records Serum v1.368 WIN-TCD\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- - C:\Program Files\Vstplugins\Xfer\Serum_x64.exe
    "C:\Program Files\Vstplugins\Xfer\Serum_x64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4368

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap17360:142:7zEvent7073 -t7z -seml. -sae -- "Desktop.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4872

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap30902:142:7zEvent24280 -t7z -sae -- "C:\Users\Admin\Desktop\Desktop.7z"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3684
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cb42a44-1b09-4ce4-ac61-9bdf9da6b5b5} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" gpu
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a878b1-4079-4d88-b928-e9609058bc26} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" socket
    3⤵
    - Checks processor information in registry
    PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 1 -isForBrowser -prefsHandle 1468 -prefMapHandle 2588 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81fcb9c1-349d-4af0-94d5-2ea9451e2a44} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4232 -childID 2 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66d5ad07-320c-4040-8c79-05e74562ff46} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4872 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0af80524-fa81-444c-bf94-4d301086d500} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" utility
    3⤵
    - Checks processor information in registry
    PID:5480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5248 -childID 3 -isForBrowser -prefsHandle 5240 -prefMapHandle 5204 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cba60648-75b2-4a21-afef-97036f9ea3e5} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:3264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f63469c3-201d-4300-afb7-2f68de254f75} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {314c9b66-04fe-45c1-bb3f-eb9a98c8d2a4} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6052 -prefMapHandle 6116 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb7e180-ddbd-40a2-8392-9869fdbbc654} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3488 -childID 7 -isForBrowser -prefsHandle 3512 -prefMapHandle 3516 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71bb0351-c4cf-4935-822b-e7fffe4d52ce} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6512 -childID 8 -isForBrowser -prefsHandle 3496 -prefMapHandle 4720 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a8ab7fb-5c06-4609-b1cc-20cc2a9dd650} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 9 -isForBrowser -prefsHandle 6808 -prefMapHandle 6804 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b46ceaaf-569d-412e-99b7-05a2c2159878} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6928 -childID 10 -isForBrowser -prefsHandle 7008 -prefMapHandle 7004 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8624118d-abc1-4ef9-ae7b-9a44a6807a7c} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7164 -parentBuildID 20240401114208 -prefsHandle 7176 -prefMapHandle 6796 -prefsLen 30583 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3702cbd-e050-489e-89c1-aee9bf4e99ed} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" rdd
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7008 -childID 11 -isForBrowser -prefsHandle 7276 -prefMapHandle 7288 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d620f88d-c1a7-49fb-8da3-4cc3fc3b7951} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 12 -isForBrowser -prefsHandle 6468 -prefMapHandle 4688 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75369450-a56e-47e9-b4ee-44bea44c9830} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7292 -childID 13 -isForBrowser -prefsHandle 6936 -prefMapHandle 7300 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beb00bbc-acf0-411a-aaeb-c1d5e30bd57b} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7332 -childID 14 -isForBrowser -prefsHandle 7176 -prefMapHandle 7384 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9976b5b-7e54-456d-9094-0cdd302fad1b} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7920 -childID 15 -isForBrowser -prefsHandle 7996 -prefMapHandle 7628 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5702dcb4-fd9e-4c7f-bce1-3a47e8ab9ad0} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8008 -childID 16 -isForBrowser -prefsHandle 7056 -prefMapHandle 7060 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb3af08e-7d8e-4bfc-a014-81a1536508f3} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8304 -childID 17 -isForBrowser -prefsHandle 8296 -prefMapHandle 8292 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aafeeea6-088c-486a-97c2-2c1b264c003d} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8236 -childID 18 -isForBrowser -prefsHandle 8244 -prefMapHandle 8248 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce3e41f-411b-4de3-bc03-f04b990b62e8} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8956 -childID 19 -isForBrowser -prefsHandle 8936 -prefMapHandle 8984 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74289f7d-a7a0-4e3b-8f57-3f645cfa41dc} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8500 -childID 20 -isForBrowser -prefsHandle 8940 -prefMapHandle 9160 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fca047-6922-4d4e-ab67-a4c0370f8adc} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9356 -childID 21 -isForBrowser -prefsHandle 9364 -prefMapHandle 9368 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7f16bde-6c15-487f-8fcd-ef201b8b6004} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9416 -childID 22 -isForBrowser -prefsHandle 9584 -prefMapHandle 9588 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2727b5d-e2a4-4141-8fdc-1bffc363c91e} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8212 -childID 23 -isForBrowser -prefsHandle 9580 -prefMapHandle 9584 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22c3d752-6736-4d81-a272-b496695c3158} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8484 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 9928 -prefMapHandle 8636 -prefsLen 30583 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36fe2f40-0ca4-41d5-b75f-79d159982e64} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" utility
    3⤵
    - Checks processor information in registry
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1680 -childID 24 -isForBrowser -prefsHandle 8480 -prefMapHandle 6652 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13228d42-82a6-44d5-a7c4-06de5060a05a} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 25 -isForBrowser -prefsHandle 5532 -prefMapHandle 5540 -prefsLen 28095 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56abd8d7-fbef-4758-90ec-edb6d4c243b7} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:6404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10112 -childID 26 -isForBrowser -prefsHandle 6308 -prefMapHandle 7004 -prefsLen 28095 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d0f265-81be-4793-bf2c-1e52dfc0a2d6} 5232 "\\.\pipe\gecko-crash-server-pipe.5232" tab
    3⤵
    PID:6852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
692KB

MD5
4159ff3f09b72e504e25a5f3c7ed3a5b

SHA1
b79ab2c83803e1d6da1dcd902f41e45d6cd26346

SHA256
0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101

SHA512
48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\SerumFX.aaxplugin\Serum.ico

Filesize
16KB

MD5
fd339f6494134dfbbd63a832bb740273

SHA1
a378c6f06093d3a899e280d7c95a188a81856971

SHA256
7c029fa4527da5f1ee584ff39c26f74776a30711678225ed2684ddb1dfc2227c

SHA512
b0ddd3134010508ae8204aeabdc3245eb1ecf3e4a0aef865722fb9c885e8f9245280259da370430f3ec1383c29968dcceec114f3181192496c6b1d7a0c8c469e

Download Submit
C:\Program Files\Common Files\Avid\Audio\Plug-Ins\Xfer\desktop.ini

Filesize
45B

MD5
219983e644a372ec539e04b7da6a1562

SHA1
ea6b6fde11fe7dbad780d1c8f8462e5751ccda9f

SHA256
0e6e526114de654c25e3759d2db54a58ae73b642a92a54dce9993a3300e42797

SHA512
f9f8a63a158096706a2731bf007ebf89013e8513529811d5519e980b344e8bbfb404c2e25d8a24e01c2874f1f1e5f711f53acf796fbbfb66016f53e81810b52c

Download Submit
C:\Program Files\Common Files\VST3\Xfer\Serum.ico

Filesize
16KB

MD5
94a0e05982477cc34ef1a1f3620f8ee0

SHA1
0f6210cf69b71a507cec8d7dee5238d206ffdf5a

SHA256
9bba3ffde88cf5b931e5efe69071f8c7a8714c02ae2737337a51196d67de4ba6

SHA512
7bc3cf1d7f9477064e25c7adea56ac59ccd6dd24586da6f52e40547a7f208b5cadcb315574e42c9f4d39abe050a89805e31d8f897a21c72ccc773ffa42e13d10

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.dll

Filesize
7.7MB

MD5
2448edd1a85b9fac716b4811dc061cf6

SHA1
7fc5be918d39a422beb2f636e55c0c8b0798bfe0

SHA256
3236ad6a9a848c5e1b6091505398e98ba8686e2c9fbf586535bfe59d7c453f69

SHA512
727b7a2678b5e92a9696a8f3ddda486071145c496dd0d2c51b69f7bc8e14d02d2d21788d724e6c3ead9a8179214c1721c638e732eef63ef2281e54f7c61dc973

Download Submit
C:\Program Files\Vstplugins\Xfer\Serum_x64.exe

Filesize
3.7MB

MD5
69c521c8c68e7d7da15f0cafec8a3072

SHA1
a9f4ef0836c4ab6a798ede59ad3e9b6e6d5aa3da

SHA256
a86787531cb4b017f5843c93ab8ee6f9d9ba13bd29d8d9e7e8af5ff9cba993d8

SHA512
7341f6868a033ce97fc53ef0669acd78222893b3fb849a8a834072d533a1cc107a73ae49d1103e7fb16911952f193bb1f44336ff55843552fbab0e5dea0b8628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a134f1844e0964bb17172c44ded4030f

SHA1
853de9d2c79d58138933a0b8cf76738e4b951d7e

SHA256
50f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589

SHA512
c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78bc0ec5146f28b496567487b9233baf

SHA1
4b1794d6cbe18501a7745d9559aa91d0cb2a19c1

SHA256
f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109

SHA512
0561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06986bd2-b977-4287-a824-5e91462653c4.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6289e5f2-89c6-40b5-8366-e6a805530701.tmp

Filesize
5KB

MD5
39c574d21b8d9c51f372250cae6e54d4

SHA1
cc048db6015fc84d82c3e6360cb968c14d80af76

SHA256
2a903ef618a9f66cb2416c0ae4c7aa4eda2eb98c7ed6cfe64e5ac995a280dc27

SHA512
0edf4b4aea847da41a0c138714d29d10f9c9d698d2eddf45771fc333f7564632f07976413cd44aedd5dd3df1bbd9bb8d43b89aca6562fa4f6c683faf30fb104d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9b2987f49716ad44c56cac65edb4e100

SHA1
c7c82ff39f3c0cd78cbf317a2fbbe9ec6b00adf1

SHA256
d2e7d141c93a19ee07bac7bf8dd690c67e365919bb823472da073b5eb134910b

SHA512
d33e6f419829c1f738cf16dc60965fb5e46bda84cb12a5027dc8f21d6299dac28ea55a7eba6e9bc5a73cc3314fdaa0558985e08b2bd8c28f1519c86f27b58d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
079b98ca4b0a8d2f28c58a11b47e0cd6

SHA1
734de69689858385915db11cdb51033691cdc55b

SHA256
0eac967b867752e89dd1702e9eccbfdf33e6f24671a6a9f55b927b676ce40571

SHA512
309bf2083fa1e28d8b0f40a82fdcf3d3191380edd172b5a99ad2184fca5009911082329a6ec825fd319ff5d4f0e0cb800316bdd2a230ffed3ef3903640fba47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1dc54c2943d6356ebc9b58e3fb9c580e

SHA1
ac8591a37875168e22f809ddc950471311acad9c

SHA256
67dd303936222c0fff02887f3a7d6c4bec0ee40241a3a077c1c08b2c05e0dc23

SHA512
19ccad471ffa2eb14a1d89175ceb13fe083dc0b8b0d7f144d74dd4145bb9c1376f5f6ccf2f493b4adf56ac6ee8c3a107aed17d780541a5664dedd5cc91bb7c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
1fe65591f9eb2053ef4fadf099fe7b5d

SHA1
751d76335731fee53c4ad2425082e33d5af1aa89

SHA256
e8a49fe8b18010b5798e3143440a3738bbef8d1add6ed1a57d1e21dfb2fb3a88

SHA512
3501f6c8945d00e4f76bf54d77d33d452a5478a89c167fc9a249c71dbfe00b4ccf0575b0f4490c878b675eec95c40e3e37c0472eb5a8d795569473024ecada57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5cd403dcfb0036e1256dc04db332ba5

SHA1
149596b253952403bd783df1ac6f7b88773e98d7

SHA256
39a9d1d3d54ec6a7c7194006a2a519bee6ca3ba8b45d1f3d0bbc079224d09202

SHA512
fc5765b3ce9048ce86e5617358d89f472717796597314fc4a6be5eaa04cdb8422a648dcb8612723451d5b88e511dfa4f427b33cbcedb65c492fbfa44d5ac90e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16fdaff3008b329606c61c766536eafd

SHA1
aa5927e644144683d5a7952ea63df5415424d10e

SHA256
c68c0d90d3626fa5f09d2bfd98ce1f9745b0eab726a0702c4bd6b249782b0673

SHA512
c738e9c50df21d61632707a0447823704bd313b3bf9b0b5b1855a4719fd7bc096f09692b51b119688789acee55a503ffcd987ee28e61faaa4ed245e5e9ff2d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b2fd6b801526b7879e7db77e28c85b9

SHA1
70adc97867e57aa7de574cafcd4188d03ce2fe0c

SHA256
7e6fd0c5cff1618c0fd14aa93019888476c1505cf3c5803ed499713844265a0c

SHA512
537e0b647c792ff56a77523792577778148b8c75a1f5bac93489c8152e9af071e334b24c913d17a314b82ebb6a0f8872ba993589a40011589725f3d872413e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2dbafcd79c4ededb5a4543d2a7d3ee6f

SHA1
b1a47e7a89e2e2962c81a7d19bcc52f64cd36334

SHA256
0c3c3cc322ce33662a47725578628e893c317474eb4b7d9c44f05f17ace1a81f

SHA512
d5d8f12899f1001910b2cdcdef541c21f814a27fd04100375a0e511414fb65141e249ddaed4493b76e961489e528be35d4633536dc9412955a3253dd2c035021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9010fe212d7da97a4e9cf63a903ee7a4

SHA1
8f124a736d045eea3c50a9597d18c9af8b128e28

SHA256
c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834

SHA512
f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
21320325bdfc20c6f4e4d136228fc9c5

SHA1
7e96950811d7ddbc1daeb7341ddb9768980bf2b5

SHA256
5e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e

SHA512
ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
652ca23712021024ec852996734e556c

SHA1
63e6823fccaa7770b4cec84dccb5021f1e7af07f

SHA256
5ed3b16f6407b14e95fc0743cb427860bc4ee153b14b193afc5ce9f62b0988d1

SHA512
76dc5f86a92dc9b0b950595ad03a735b2132d3c5b1122482f2db6e427fc3090d22c00498f524b65b0a62b62de417f92a62f040c738d9180557a37d15f44cb404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584d60.TMP

Filesize
1KB

MD5
fb50d61626af5368c6f0e2980545899c

SHA1
e38e81ad642d1f8a0b615dcbf00973ca3fffd2cc

SHA256
949ad67b6ecb03983e6733a46270ada5ffcfaa745ffc0d15f7fa9cc8a4977ffd

SHA512
3f26820ee3abc0e424083a00676664637582f1abb575e173f5f8e91233d335303c7305162d47cc2eb94a2fef3730e123031eb39757b15cfe16f5a3fbf2d3e01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c9bafc1901f769c3c60b78b69b33dcb3

SHA1
d9b379a3ae1a557e82ef309d4e7ee9a6351e9d16

SHA256
bb99b8cc88efd66f34d6af6be8ae97423595694c5d0d2342c70c8c4e1a077112

SHA512
57a05ff4ee32adc928c31277b013acf8256f1b8563b31eee3f9d590bab33fc486123b0ffec0077f7458abbc27d82b533eace19d2ac69269fb2f30ce44ac7505c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
61cc9fb0808d49dad45fa49c64f5d00a

SHA1
f841bea4fe05dbdb949898cb2ff8425545bbee30

SHA256
76a68f9f8fd9a3cfdd816ebad5b84015a0c2c9af84b8d97f2d1c2ebb9d7a6e56

SHA512
85ea1443a084765d0d33f4db6ade5bb9c4932d900a96e0073a3a774029363518f713bace1fbf653f2ef4942df03ed1a0b88cdf042cee5c8bd216efb0799fb641

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9VVK7.tmp\Xfer.Records.Serum.MERRY.CHRISTMAS.&.HAPPY.NEW.YEAR.v1.368-TCD.tmp

Filesize
3.0MB

MD5
ede7579ea135a0b8caaeaebcd76ff500

SHA1
99eb17f3c7b96275e44472046ec2cd6a48c9d677

SHA256
5eea98260d9712ae1adce8c2d4fe394a36f0a22611f6f0f85d158db5d1f46513

SHA512
1c2dd5d70fd0a46ac3de68b6e3201f70501056c1bd8301ab6b0d2a56dabdc782ac5aaf4aba354c771cb81c137c1b3a41021c9bfc90873fe52a528765f378c17d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
29d629be0fe44690476255e20bb8d89b

SHA1
780ab7c4f8c06efea323bee3d0e018f22d13d2f5

SHA256
739797d0332adb1bf74a803503dff58e36ffd535012c52f792bc7736cf88266f

SHA512
fb83758a8951349a78b2cb0ba19c41cacb98eb9fd9d8df0807519e9d6e6bb273a9f880b52a756aac9d7921229e5a8f263277b0d41fe69f06db8b4a1b6e001068

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
887537e0038e1c13d7424fc25d7b4680

SHA1
d148ad6c7d615ab7593cd2b3ada615630fd355a1

SHA256
0e59688c7c5fa9a5f9f41dc116eab2e0084ec1622b4cf1a3dfa1e02d717e7089

SHA512
25e03723a6bb35c89b82654a022274486fcf2aee36aaec1d4ff7047be930f671b9544c858e2ced9fe1ec10d546a3891258b0868682882a149aaaaba5d2ab2043

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin

Filesize
8KB

MD5
471576a2675f987ca903a38adc90eef4

SHA1
43b0f65ce71557eecfef66aab9263089ff4f16b5

SHA256
1802815f9482fd078dba1de0b532764b230b9d82c1504838290ec079ec1dd9e3

SHA512
397919034bd898e448cd405fc00effa64c891d355b337f087e1bce669f5fe9e0a2bc62e0183e3b2516c6411b5533df89833b1d14012c83a85cccf96c6116d0a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
46KB

MD5
fa0e57ff7cab95d3e0a9e8ef986af2c6

SHA1
0445948b0446ad3b0589008e574e8bab8ad64c5e

SHA256
8f541aa4a93cb368473b45ec64569dec1dd74174b16a9f7028be32fd5e7f08d2

SHA512
42b5e9a48c7e6e959649a0c35a8438b413a04ab6311f7c728e931e7199ded080b47ca3b8969cb08e0322d5755290c57c733be0dbe333104ed8d86fbfbcf890e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d0a5e896b576693cdf1faef95d86ce58

SHA1
ce187c6d75cef5f7bbe7e07d32f3c1cd2124ab49

SHA256
e7fff4162935ff6422cdd03e5cae24eb924a159cebe8bf4f9a556d4bc85ec2cc

SHA512
eef829da1185958c7d05153301927d78fe9fc4b04d3cfd3189eb1d78a24097b9c631754add988f1c586efc5f0bb6d8add99d46681c9e14e18d5158bf3a5bc09d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8afe0c11c3e5c38e7466101b7f64f1a1

SHA1
5dbb048d35a978d14ad3bd708f42968686e4be6f

SHA256
6789e5ec987aaeddf55eec4ad52c4115846b297df951d34700e61603e0fba2ff

SHA512
faa83e8887afac5e7ac971c331411f8b1f996cf65c36978a0a65be4a39f56b50f291c66b8ba2271a690c4f1dad70b7e96056aa84023aca125354d4183e973897

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d64340b3f88692bd16b976820070fa0f

SHA1
68274838fe21317de58366c03d230d3ce8b786a6

SHA256
5bbf5282253715835904a359aa129fed62b9036796a0819745c3c4c8dcc753aa

SHA512
3bc93a7bfdc8c1b29454a9e880298394862252f3544ec2f99e6d0b9b9279fd34c77be3c5c98d3d64d4dfaaeea88af38fa4829b79ae3644aeb506991d9b65ad2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5c73378dc8a56c72f25abdbb36e93f9d

SHA1
e17e2520e7859df1bae240867cb1adad67ecbc7c

SHA256
50fd3ff1ffbebccf9a9b2aa5f1bacc73c47e2adf2dd5d398707ba317383be018

SHA512
79191a2102f08806b256829ef18c7840dc3048c97180ef8635118a16275da2a0912af6ebfea85603ff0999797f04ecbbd2a1250dff90e3bc697ce509ccfe7306

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6162e85c747fab997bc117a04a0e87a9

SHA1
576562399570ac89d0ee2b4aba3b07934b32b8ac

SHA256
b88400cc0d050593c47369686ed6f607585d6f19a3bdd4490089e7f025ea77aa

SHA512
dc9499a102ff4fb4212c51e0d3ebcc9dae5a7a88a149834aae6048ae966dd90148bb03bb8b91417bedaa06ea755051b653350f6dd50ef80fc92783a3833f186b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\41d6a2f2-cde2-4c90-b139-63bdfdee8372

Filesize
671B

MD5
c51f6d9dcbcb931e88087164f2262961

SHA1
78bde5a614c2632684c9dd8ccca515bec60509fe

SHA256
744f4542451d4f8d0191818e1545127560769c4248cb64452c0f5d933f6b8122

SHA512
b417c31f88bcef6257afbc93d5e669f50ab5180bc1e971dfe7ad7b1aee28721e8f9c83118670e97eef109f6a12c69d08720b7feb92115a880865a01957cd827d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\8c64b62c-c097-4086-b48c-c3fe10a7b719

Filesize
982B

MD5
8b69b93ba4241689093e555def4ebe1b

SHA1
b6efbd4e49b2a947e8c31646b0c57bb2585fff89

SHA256
5a97e9a240ecfcc7de559197e6ac814f57104446b140654a02559b0a1affbaa5

SHA512
69d9280d5139aeea31f832b98172463a4bee0140c70c20fe6b23305461071c11ab4cf2c3b4493f8bf78c59eff44ac28cd9672aa271d1aeb7d9a1be4d176506f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\cad129c8-ae83-4468-ba72-c4ea9d29afdd

Filesize
25KB

MD5
9e2142f11565ce0eff5d4519be9d8b30

SHA1
45fac61deb658e4b8a613636bcc7a48dbd84075b

SHA256
a8b340028e33df647d58fb18dea794cbab275ae812e1706fbbb32d7d8673501d

SHA512
746787f6ea93a9a18478102b5e08cc7bc5f5a33dfe99414bb240f83c63b00c5c9bd8c44b2eeee58ea4a013b7ea550acbb78fc0c9b7a4cc621d25c0b02e42361e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\cdae065f-33b6-4c44-ab12-b13df73a559e

Filesize
11KB

MD5
224ef197f6fb8afdbf73654541f7c3c9

SHA1
99697565a35373988a68f8438fea8649f618b7a3

SHA256
114a102b70162632e29be82f0ff30df5e29ff831babfa5888b3da0913261fd92

SHA512
bbb03350b516c73951bf8a13304002e469c4857db9cf65db7b1dd1b3104fd2d13c2e803de7db6ba62ba0b7d54e504a5cfb9549f8df8d4b3b2aa6380c9e8fa5d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js

Filesize
11KB

MD5
73d89d1bc18dbc881ea30ed7a86ccb56

SHA1
d61a37f3f36cff8c0ec833d49fabaf1751b4f917

SHA256
68df88dc4bba138bf3fc3fb571626b869ed203d1a7662bd53efc588adce6d7bd

SHA512
6033d3f3706491eebf71c83ddd98ecf690b3b1e42cd64ba45eef5281f1784ea84b554990abae8bfbc87bceefa4a87947e90474140aef0a62c00c486a5444e135

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs-1.js

Filesize
10KB

MD5
328879d8bb359e6222a74f04d946cb5c

SHA1
086adcc83191f5a5050360c6e9a7934f1af04332

SHA256
fc204aa7158bdd02576f2d98527397322c5621fe8b35f7a0c3fa3af43c2f380a

SHA512
de568ae2d5e02accac0596913baafd4d3f57f8f30ac0d37a28ceea8e834089163eca1ce99ec43473ca1c3a8512a745bc102ca907eefd2ab8199ba0d8d9d70a4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js

Filesize
10KB

MD5
492be699d8894d45e8feadfcf30c0449

SHA1
8f404cb4657a820dc3ca54831e914cf736cc26a5

SHA256
b5f9eb3b8548c567335c1eb99616af0787c7385cdf79112150de2c5c4f52a2eb

SHA512
7a1aab53c5d105e6d29ea8cd4b325001c2fabedc7616348b1e241e830643e3e7d4eebe56fdb407b4340af239edfb31fa3c027e6046f5535efd2e834b2e37ed86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\prefs.js

Filesize
11KB

MD5
5e4af77d772ec9d515041306ec4c49cc

SHA1
6ffb0fd01b288067a0df2cfc4e88e6733b0c45ff

SHA256
c31b411a8c31c9a54df24b897411df8e523901abffa33012a51e58f98f62325d

SHA512
c86e52d5c16412045b1a68e934c8f9d842eb3b0e660108d496bd9cd2d9049cbabcb5c8cc3e7aee91e0e17dd67de1b0c7faae6733eb0dd0179a636cb52df4d662

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
a1f625247de5a08e25e145ca8baf9525

SHA1
89dc2574058a55c4c1a18ca5a1f01bef4a088ca3

SHA256
a426c0ae84d3d98b59329dd8f21ff34980ef744b0c5d64bdaa5472f884a421ac

SHA512
d8545e3d6d7e04f5c32e691843defb08fc131dce8dce882976b309f637bb4468cfc556d645b3e0025f1da4a957dbdd0bfd429a2553ba3bfa00cc2c3092113637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3ce597a6d61c052c3e065b20f1315ee5

SHA1
d71407d67168067d2baa1c9693021e6a21b826ac

SHA256
de713f1307f4b21f7de3c5f1c6d29710cc6082347a406dfec78a71ebcf304428

SHA512
4028469743e89221502ecc7c74cb0e1b9f1f2216dd57e628dc92b323b18c01a0f04dfa3c982eead16d7114e76c65fa6d400941e6d85f15d910ef981d445396c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7cf3a2d4de2389daddcd9446787c0de3

SHA1
9f05e19511a8f2958f91ef1bb5bb45c992e0aed3

SHA256
3ed49cdaaddb2f64a323cfbcec0c1735f88ecfe155a836d6c875c1c082df9cda

SHA512
7791a7b2b7613363b301e458f0045abd365462aeabf9967386b9730feb3d557e89ca12acee81fed8ce8b6f6edf7d29422d11aa95a9c6d4afc6bc4c58a0f2d169

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
a2756792041cdb0b670f8e482b16b5d9

SHA1
b6eeddac5e08bc8d6f86cb9310c71d5548b473c2

SHA256
1e24674c47e8fa07d9eb674be2ba28f1f65dfcd58142dc783a2610c9516792a8

SHA512
5ee117d1f3c0024181370d3ec1d93b4d969bef0dc9e4ec7c57202932f1f02f018e845135f931605d0839a5126327a78a5a0e55f978523b8994caef8d61b14ac7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
8196520e9055eeab682c7e58880c3fd2

SHA1
33dba1cb48adecfeea3c49348178b1314f73e9c5

SHA256
b10d7cfef361e5aab7949b79981117abaeb31697ebc22fb990210309dee36090

SHA512
771c606c92382bf7247127704b4311ec6fa6837e46686c8107a66bd4434ce209ddf62e4b6670a5cad8457ec74842c5aab6e1f49bda4a3675fe809a3c6811c29c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9f9cc35a37c29ab64c8394c73433ccd5

SHA1
0aee91d4893054b7847c0f694cf9db703b31c652

SHA256
b4a2adb70eb3b4538509485ee28099e3c3cf595d78332d7c093f6e6f2349cdb8

SHA512
1c5840a83d0873c54111cb3db24cf5688ac89ee5c082121de6ae40c9f1340e4f2882259f8e086bf14687141d26b0b9e308ecb11cd58023766c7e79c144e8e574

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
c569fc08a71bff545186ee41645d7e4f

SHA1
1b34c681a89627913bab1b8d6ca8ef779fe64766

SHA256
12e3f93e604b5aa568288a336c92e335acfbd13e030baff655ab4e12315ab527

SHA512
ae041e67981c4b4c89f4ada3fc22e7311f3301fb2c8c9f28e2ff0376fef75c757df122cec1fce60868c0780a858e0ae7351e93bc9f3fb730d7b616c40515f936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\10\{72745975-965a-4b8d-adfc-020dc4bcf80a}.final

Filesize
766B

MD5
13bb7cafbb20a6fa9f4bc3ad8c6f445f

SHA1
6213a897213cc032762e499bfd0fce811c455e05

SHA256
424b5bcbd11ddb43282b3d0041b1664d12992994116ce6e473a8679e18043874

SHA512
b6c8715b80b32816fa1512a0ce86f8a4583d54f75a118e2b17f07a757a7012601b77a4ea3e0cc33fbede46d12780376a0616aabb71330973005c89507acf4da0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\134\{e79f0fa9-ddc0-4d95-abc1-4c32d2da1486}.final

Filesize
463B

MD5
7004f20cae1adb3acfd6a2e66a249d67

SHA1
74f91d638a7a974894bb0502d62638f56b2e57b9

SHA256
8f503fb7cf36105221e29684674f9da176ae85019b82e889e70ca3f181803af8

SHA512
1b10acea9bc2ab27bc9644410439136b56af3a307b7b5f1335039b54603a78b4261685b14fee86b4572a0067c5b13218f0c6eeec9febdaf6c349db31447d9bf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\156\{d87bc874-f7e5-408d-b832-46a5d56a3b9c}.final

Filesize
31KB

MD5
4bfe8e77bd1310f663096697db87ae6a

SHA1
46b2e8c8ae0d646535a4dea56070913cf354ef2f

SHA256
85dd75f0fdea3b8a116f833fd7a44f24844fbbcddb01f444d445e3461d46ba88

SHA512
3bdbd35512cf5fbf1856a3ba21fe2dbea03ea36480ff5c6efc35eaad703319daf271ff4c81198a1796e7f96f2a058a9c7d79187f88322b6a9ccb2557f5e212af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\157\{02e39671-34c5-42b6-b594-5b2a6759f69d}.final

Filesize
1KB

MD5
405b669e8079d96f7bcc412bc1c2e9b8

SHA1
708cbb4f6beee3f4d5f0d371b081c5c251601fdb

SHA256
19c8781adef7b3758fc70b15072ad164095d8b7bc6f30de8e5919283b83d140f

SHA512
4dfbda91b86fe59b77bbfe1ae4d193b6677d1d6c9bd25f691da0c05b60c25d1d0d2aceee347c3324afff7e7071f2810f74742752407fbc04a0cf247c359815ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\158\{efb78ed3-8df3-42ee-a594-2f73fb6e189e}.final

Filesize
914B

MD5
42be2d91dc1832eaf1260fa229a36e5e

SHA1
8a9705fbc8e6b1d239e4830b985b446e8ba82824

SHA256
586ec9b20c107b3bc831af9a3999e6b040b13c0c140ac10dcbb150fe7e724c11

SHA512
ac5ba80bf723afc86efb632959236de0563bfc5425bdec4cc0039e38aa8c50848159577b1d7229da82d726cd93d069dd12e47c41378ecd5e51cbca2808b4e808

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\241\{1633b00a-7efa-4721-8b79-15de8f364df1}.final

Filesize
889B

MD5
a7da4cb90c13baf8d8e9eb051ccea9e0

SHA1
6120025c6820a5a74ff71966e521bbfa66c8f5dd

SHA256
8b362cb4f00aac3423dc90d28871105d2436600b0ff8ad8309ff9296a826e692

SHA512
962f166a9658623a4dae5fc2d52b0c40472a3648b37d62629c96150fef28fa4f02ebdd7ea62529da9715d054f2f1f6eac9194bb0b501c2500595c2287cf8d8ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\245\{51ffd5a7-2443-463c-8326-51cbe7a99bf5}.final

Filesize
496B

MD5
a60533e1a43b07c7b6b5d026896fa7d4

SHA1
a9eff8cfba426a21a39f4fc2f1078bb6e41a915c

SHA256
c2be993a36460471113c9c1c60b146f08591b34a033e62cde1f4a97eff18c639

SHA512
66fa58027edc3f8b371d80e8a4cea629bb81837c6437e756266418f900e897e052cef7eca4ea8ed87b71c79695c427914c8a3ce99226eecb24da435fe4078279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\255\{6cc3c650-0db6-4fae-b585-d3ab0d6b6dff}.final

Filesize
1KB

MD5
1ca3cf57769dcc70bc5b5bec5f472f2d

SHA1
dcad2370499395ff807e5f2bbfab69d7255b0099

SHA256
82f8ccbabf81006933f2b4a212dc45521bf512ae513ffa04140a776753f52be4

SHA512
6d016cfe9586dc6926c6d93b704949b6e12bb9ecf1b09da83e085cfc4661577b718376fb8771bbf5c5df4c75aca0fc8df55f7314e45efd33e6b95e5e00a9ca2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\54\{1ab0baa2-d4d3-4779-9e87-35b43b92f336}.final

Filesize
231B

MD5
6de7aa303cf9221ae762ea40bdd4c2a3

SHA1
4d78038733358dadfc4d99a4e06547fef2480c12

SHA256
fa7935dbd66301c7c780ae92563943fdbdb04ee0b1a1641f30c008bfdb174f85

SHA512
468a77dfcbf8ee2257b1dbf8246977de7405631fc821579cb1c30b68e2f19bd8eac77ba4a2c3900e64e16cb10253781caa0346b972b547d495295563662ecfd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\73\{e5bb2102-a84b-48de-aca7-d49f6bf07d49}.final

Filesize
337B

MD5
b46bb855075541f60eea8ad442f517b9

SHA1
ca4373bc0e8aed3b7b02ed851aa72ff40680b0eb

SHA256
a97b85742818490272f85519dbe775243b9c2fd83c0fdf7d9577ff1a8b6721ae

SHA512
8f788d7d00f20881c3066cc1ddfffc82abcdc0702ca004b0614a67ef935ea3ce7a74a87a2882203d86a273a69cb7b2cca8bfad7b0a0b6f546d75a3c8b274d7b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\storage\default\https+++send.vis.ee\cache\morgue\94\{810becc1-2bb5-46a0-9bb1-b7a5242d515e}.final

Filesize
428B

MD5
bd0fb6c22ff19f80048e77c6eef33bf3

SHA1
bd9c8294f218dd922054d89698d189d377a9df3b

SHA256
54e87ae167f0372aab65ac65d6c69328bfc5e8ff440b3855852323b9e83d8b93

SHA512
c35d77cbe3b5408b6c68d782e0f78bdce1c4b801bff7156f67a1589e8573a8da9582f8c20351c105595d3d46a116c72e9acb2bbf8ab805c33120ab6d0ba95ad0

Download Submit
C:\Users\Admin\Desktop\Desktop.7z

Filesize
3.5MB

MD5
f74f59ca3205a427dd2f467797cac151

SHA1
8b1d8e85026981abc1dbdfcc8f523604ffc02f5d

SHA256
9c829cbe7738bec1a417d8947545578534e9a17ebfeab6b723f6c51d98b2c126

SHA512
6c881ec637c8656dcd81a40bc7008bf72ff432a1ed46d18488f5704526663cf40603d1f092726fb9dd8dd7efb39a770a455bd1b81088c529d7bba41ce0c56200

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Noises\Organics\AC hum1.wav

Filesize
152KB

MD5
7b2a9827fb9d8295064fa6e68cfacbb4

SHA1
e3a980aaaf6e825d833750247cd6260cf5fbff79

SHA256
d61fed9b09caf6abf64672991e25bf0bb206fb0d4742d11be53e820c11ba2ac5

SHA512
e6b7d736d0af38b30c8ce88181237d6b8f840c2b3323c4a63e8000dec99ac243757602ce935168010d97a7a6a7f5d5634606513f9673be9b5293673890dce0a3

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Default\1x\is-HA7NV.tmp

Filesize
1KB

MD5
5bb22ab624d9c111ccff980846e21c99

SHA1
a200fec196a8f0a4b798d3fa73f2e715ed547835

SHA256
a0a1c6ea69b0a6a1aa6d6bd6bd295e8df710ab4f819c1aeecf2c5786f26d1059

SHA512
0b9c2a9a0b18bebe29790355affeab7cdfcf4955e7464c9660c08d737850ad3ec7c8457be8980e567a8d922fe28beec8f29ed4ae30ca4a1e05896669ea26736d

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\1x\is-BQGJT.tmp

Filesize
1KB

MD5
3d370826d1b4c223b7975cbc2a064eb1

SHA1
8eabeabf9798ee63cf7cbe3df3f2c22c5aa4798c

SHA256
d34652d56f2a61d28d1c350fc180a1ce1642c29bcb5fe05a77b9b256711468f4

SHA512
b502d2dd5e572705a7d7a75060ecd5c20e8f0f7307dfad659ebd3c62079d48bba0b3ba80117b62412ad2bc0eb114e8037c9e8ae9201b30acd72e9217861e4d6a

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\1x\is-GH6UE.tmp

Filesize
1KB

MD5
c2636cab1581b01001bd665189fda63c

SHA1
76b394eea28541efc8574bd7773a35e1fca67ce5

SHA256
7f489f7a78e8153edd85b24f6f724a21895d10d5c8f40197c7af7e68960bda66

SHA512
5387376cc01d2d638c628d20c0471d582896641b9a5236bd78f76331a92b173d59a3d09cdda38fa2c648a07c3716972e657f5ab4868557d5bc928bcb36d721d7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\2x\is-2283P.tmp

Filesize
2KB

MD5
5d857b9000d78b502e2ffb8d0e6647de

SHA1
0e27ede07ddb9dcc6ddf1f9831c4c70988ca066c

SHA256
f8e352e45b99c51541c641e79336b0ac71bed60de31f866caed96e42b42adae4

SHA512
d3ebb20a9cff226947e477aa990982e0a8a4b27202e7b915d66622531e9e7832a3a1e9ecb86c5d27688498a88d3fbcec3b4272a340be8a4a03e52db99d5161f7

Download Submit
C:\Users\Admin\Documents\Xfer\Serum Presets\Skins\Promethium\2x\is-38AS0.tmp

Filesize
2KB

MD5
2b4d9090fdb2bdedb973155412b06ab8

SHA1
11d7b407d00d081414fbed0f35b8cfb491e0e90f

SHA256
981ca03de861ee80f0049bd33abbbcc2322aaa23499f31c6bf274750cc14dfd8

SHA512
6d0428b866103203b38fb06b22364c8e3591adf23fcc0b32d7f5de048348a4af1e2d7913f39de84e7e47eca3c41995365959c2a1c77243a3d5f42809c5d14072

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 19766.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
memory/1584-3618-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/1584-722-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/1584-715-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2704-723-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2704-1153-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2704-3501-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2704-3594-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/2704-3617-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download