ardamax | b8b7f974ed7603cf12d6953c9029b7c7e839c20d23a02f6cd3f4f14f8fe1e796

Analysis

max time kernel
1116s
max time network
1100s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install.exe
Size

2.2MB
MD5

672a0af8ae6ce97dcbd4247355a5d410
SHA1

238345add938aefcd90836e03f9179bd900d7c8c
SHA256

b8b7f974ed7603cf12d6953c9029b7c7e839c20d23a02f6cd3f4f14f8fe1e796
SHA512

6984011d6d294e6b78abd68392d4636c667f03fef64e7462c89732cef687513ec62c49d87caa1e1e1d0188bf67921eb7802c57d6a93825c81f2237db42a6ba1f
SSDEEP

49152:Q20UUaHdmZu15FVhFYbqbb/lc+g9IaWEKVaYz9:Q9dE2uXjYbqO+g21Vd

Score

10^/10

ardamax discovery keylogger persistence stealer

Malware Config

Signatures

Ardamax
A keylogger first seen in 2013.
keylogger stealer ardamax
Ardamax family
ardamax

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	Install.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	PPI.exe

Loads dropped DLL 2 IoCs

pid	Process
2360	PPI.exe
2360	PPI.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PPI Start = "C:\\ProgramData\\OKDBPF\\PPI.exe"	PPI.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Install.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PPI.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 26 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Accessibility\Blind Access\On = "1"	PPI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2360	PPI.exe
2360	PPI.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2360	PPI.exe
2708	taskmgr.exe
520	OpenWith.exe
2732	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeDebugPrivilege	2708	taskmgr.exe
Token: SeSystemProfilePrivilege	2708	taskmgr.exe
Token: SeCreateGlobalPrivilege	2708	taskmgr.exe
Token: SeSecurityPrivilege	2708	taskmgr.exe
Token: SeTakeOwnershipPrivilege	2708	taskmgr.exe
Token: SeBackupPrivilege	2052	svchost.exe
Token: SeRestorePrivilege	2052	svchost.exe
Token: SeSecurityPrivilege	2052	svchost.exe
Token: SeTakeOwnershipPrivilege	2052	svchost.exe
Token: 35	2052	svchost.exe
Token: 33	2708	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2708	taskmgr.exe
Token: SeDebugPrivilege	3824	taskmgr.exe
Token: SeSystemProfilePrivilege	3824	taskmgr.exe
Token: SeCreateGlobalPrivilege	3824	taskmgr.exe
Token: SeSecurityPrivilege	3824	taskmgr.exe
Token: SeTakeOwnershipPrivilege	3824	taskmgr.exe
Token: SeBackupPrivilege	2052	svchost.exe
Token: SeRestorePrivilege	2052	svchost.exe
Token: SeSecurityPrivilege	2052	svchost.exe
Token: SeTakeOwnershipPrivilege	2052	svchost.exe
Token: 35	2052	svchost.exe
Token: 33	3824	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3824	taskmgr.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	1372	firefox.exe
Token: SeDebugPrivilege	2564	taskmgr.exe
Token: SeSystemProfilePrivilege	2564	taskmgr.exe
Token: SeCreateGlobalPrivilege	2564	taskmgr.exe
Token: 33	2564	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2564	taskmgr.exe
Token: SeDebugPrivilege	2548	firefox.exe
Token: SeDebugPrivilege	2548	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe
2708	taskmgr.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
2360	PPI.exe
2360	PPI.exe
2360	PPI.exe
2360	PPI.exe
2360	PPI.exe
1372	firefox.exe
2548	firefox.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
520	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe
2732	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 2360	3100	Install.exe	82
PID 3100 wrote to memory of 2360	3100	Install.exe	82
PID 3100 wrote to memory of 2360	3100	Install.exe	82
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 628 wrote to memory of 1372	628	firefox.exe	106
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 3460	1372	firefox.exe	107
PID 1372 wrote to memory of 1672	1372	firefox.exe	108
PID 1372 wrote to memory of 1672	1372	firefox.exe	108
PID 1372 wrote to memory of 1672	1372	firefox.exe	108
PID 1372 wrote to memory of 1672	1372	firefox.exe	108
PID 1372 wrote to memory of 1672	1372	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Install.exe
"C:\Users\Admin\AppData\Local\Temp\Install.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3100
- C:\ProgramData\OKDBPF\PPI.exe
  "C:\ProgramData\OKDBPF\PPI.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies Control Panel
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2360

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1316

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35334cba-22c6-44ec-a78e-9d0aa6c75a0e} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" gpu
    3⤵
    PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1172a974-b97a-40a8-b328-2e9d1c2c5478} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" socket
    3⤵
    - Checks processor information in registry
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2672 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3260 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {417a6c25-3cfb-4179-be68-9fe48f98b4bb} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2596 -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3684 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83100820-fea2-46e6-b128-a28b3eece4ed} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:4044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4836 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5ae175-22dd-4552-ad8d-8672d58413a5} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" utility
    3⤵
    - Checks processor information in registry
    PID:1184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b11cbe79-3ca4-4613-ac65-1c5cd98064d8} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {691b9c70-dac0-4762-8dbf-548f1b00a3bd} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5660 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4287811f-f088-410b-b594-a613e27aa5d2} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 6152 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1252 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac546843-d0e0-4240-969f-a348747968b5} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" tab
    3⤵
    PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6120 -parentBuildID 20240401114208 -prefsHandle 2780 -prefMapHandle 2820 -prefsLen 30453 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dee0a8d-b699-465a-b19b-4e828576aba3} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" rdd
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4552 -prefMapHandle 2764 -prefsLen 30453 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cde092a-99d4-4d5b-87f0-47ef6d0ac9de} 1372 "\\.\pipe\gecko-crash-server-pipe.1372" utility
    3⤵
    - Checks processor information in registry
    PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultccf7351eh0978h4acehad1fhacaa3dc08407
1⤵
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd079146f8,0x7ffd07914708,0x7ffd07914718
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10022247599955803606,9047795543668770734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10022247599955803606,9047795543668770734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10022247599955803606,9047795543668770734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3000
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 24856 -prefMapSize 244990 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5827d9e-b610-4dea-a474-e2b221338f2c} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" gpu
    3⤵
    PID:4072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24892 -prefMapSize 244990 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {154dd6a2-1484-40da-b978-cd9435c5e447} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" socket
    3⤵
    - Checks processor information in registry
    PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1460 -childID 1 -isForBrowser -prefsHandle 764 -prefMapHandle 3144 -prefsLen 25033 -prefMapSize 244990 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6becc01d-50c6-4cb8-a505-750796f48526} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
    3⤵
    PID:2060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4176 -childID 2 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 30320 -prefMapSize 244990 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5254b53-427d-4a4b-8d19-5d486419424a} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4648 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4552 -prefsLen 30320 -prefMapSize 244990 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c63d686-8022-44dd-aef3-a8a4a728978b} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" utility
    3⤵
    - Checks processor information in registry
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5100 -childID 3 -isForBrowser -prefsHandle 5112 -prefMapHandle 5072 -prefsLen 27652 -prefMapSize 244990 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff4eef33-efab-4eca-9084-17b2a541c494} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27652 -prefMapSize 244990 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbddda2b-a018-47ba-a9c9-8ef7c1bffaa2} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
    3⤵
    PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 5 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 27652 -prefMapSize 244990 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {664f66fb-8006-4691-9ef6-b22de9cc1ca1} 2548 "\\.\pipe\gecko-crash-server-pipe.2548" tab
    3⤵
    PID:2664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:520
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\GZG\2024-12-03_09-29-46.001
  2⤵
  PID:756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2732
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\GZG\2024-12-03_09-18-26.005
  2⤵
  PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GZG\2024-12-03_09-18-26.005

Filesize
114KB

MD5
a38184b32688789b42862d6ea9360ff8

SHA1
90a4ea6dfb330ba4daae497049d096edae1a8fba

SHA256
5ab648cffd6162d118610547790167498fee816cff94889dcf78c47247a3e2a5

SHA512
b2116207c742c4e659a007c4559c3b30003187809337a2d5b1f790ecf1ce25387e67f50642ede4271f7a5e3f5594a11d1558d21fc666b5180d3588d29d8de0af

Download Submit
C:\ProgramData\GZG\2024-12-03_09-23-26.005

Filesize
112KB

MD5
06a83d44ca3fffac28224d961dc6f570

SHA1
0d7312391da692b45a8871b80c02a4015e8e1d24

SHA256
e3cc50698d2b82efc296ab1450609c35b87f8c95182209edab656f11bcba7ba6

SHA512
4b9fd59b64f239c6f68060aff38478c48125c25f6677eb356bbf5c3c2770ba13c139b79a29192a4c0c453262edee0b7034db8aae268eb227ccc7054b7632218d

Download Submit
C:\ProgramData\GZG\2024-12-03_09-23-38.001

Filesize
293B

MD5
7de7d371f80aab7698c8677e0cb41590

SHA1
1ba7d4fb6c304b02e02a169139aaa572566fe920

SHA256
ef847c950d93fd030209bd796b1bb87cef8ac3041b5cf4af06a7497a63f16bc4

SHA512
8aff98cfc48fea13e2b1c37b57570a2e9e66078003c99d0e4f111f241e291bf495461b19372830410f7096b4e98af4977d089381d7785750153c9a04a35ac036

Download Submit
C:\ProgramData\GZG\2024-12-03_09-28-26.005

Filesize
63KB

MD5
28b724f53b9ee2852f3cc41432a109e1

SHA1
3b1c28e6394873f27cce318ca70a303b46e56e42

SHA256
d0b34e907423a7b93b7d7647aee0338df4dd33b94b8b4a140c131b76694a17e7

SHA512
17166d0970d9de3fa80262fccecc9d264d2527ca579ba9deb1791f0835cd9ec861856cc3435d9fffbd72747e3ea8076aba041c2eeee33d6f9371dd90365b3a83

Download Submit
C:\ProgramData\GZG\2024-12-03_09-29-46.001

Filesize
409B

MD5
e08ce681661843e0473f2c79d815f29c

SHA1
58b9f3c70732b8eaa5f6935e3835dee4e81273d3

SHA256
13a405cd5a0e4eb64b56f79139c1a639f56b4d549df127944425f233ddf76ccc

SHA512
8f055e51ba5635fe6d3af03d85d9ba8091e1f24c62f6dff4ddabee3a9ec159fbcb8921119bf637c6b120d138da496538c4dfeeef262071943690a1ba99e647c7

Download Submit
C:\ProgramData\GZG\Keys_2024-12-03_09-23-38.html

Filesize
592B

MD5
229643bd614ddb86a5d7b362f919199e

SHA1
ef15c46be0b02132784df053bf8b4ebaac1784d6

SHA256
75a5a9f8af84eaa3b35eeb162b3e494eb3ad550cf73be6738bed07418f3ec8f6

SHA512
ca3e4dcbe9ccbe83077fcf33391640c1d44b7500d36077c58105e084f8aab2c45c85d38ed59efef0812a15a6d2f26a861f1b19fc1cb3ebbff784b8dae9038417

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-18-26.html

Filesize
610B

MD5
8b08d490237157d918b98d320d3b9976

SHA1
ebe5922414d86615e3ab31b55c6df015bc63b44a

SHA256
cdb5172dc0bbf2a17ad2e92c7206b1dc329d5fab17e4b32a625e24c8695fb435

SHA512
e65e9bf721e790b238e11ad3d1ab0965551f03fb6c0096dd650e97f27977582ade745a74ffcc5b561ea5a2964397b5cdd21d618b95b92abd301eeb2dbeeb7ac4

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-18-26.jpg

Filesize
114KB

MD5
fafccd6c0468c62fd936ad7bed97cec9

SHA1
821f66f43e4bd07bf50a023a607e6f85b7f1ef74

SHA256
9a759f36cc79a4c1b1a6b71197d20691f0b2a9b69e64af2df45861566de52839

SHA512
6d08ff5aa2ecfe02660194c42cf65baa11af4f1549cf5103eae19781d8d680480eb99f9a0c64246bdd31f6b4f8469508d372cea9ab8fcb77db2e7e02af6e643d

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-23-26.html

Filesize
610B

MD5
0dd2260c3ba3e59d020175506971c600

SHA1
805161011b5bf30c22bf044ee4e79d87cf122da3

SHA256
9f82b4d4cb58c196931ee447829f9d25acf5ff217fbde82fa3546cf1141dc17d

SHA512
15d5eb0ea578d7996a0e22111f4a14fcd2d2ecba6f5d1bef278c3b8791fb9b1913ffa085eee111b62393845c28615b8bc18142b344838665f1faf9ebd99651b9

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-23-26.jpg

Filesize
111KB

MD5
e5895eb0d912e946e7b317ea236d5176

SHA1
98e6a12b7be85afb7771c88740fc4f7b3064971b

SHA256
cc2308ec3e52d1df5009ad19af9ba72f9d5fa58d716726f94ff99ce4459e9b59

SHA512
edfa2394ce573399f0dfcdc35f446508828f5f481785c755a17bffd5e383a67cd0eaa14a49c0fd29369dbd226cd1490fdb415c73e9048594255886d30c7a52fc

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-28-26.html

Filesize
610B

MD5
0c7bd7de23c9a43998a5277f754b21a5

SHA1
d072f26e4a21273c6246341772767cc0fceca5ab

SHA256
f2505bb11d654a1a66a967bb1a13de349e917ab0991da0bb89d4e22fd2d26b17

SHA512
796d018915859ae79dd5688cf00d30f74126871c5f596b79c704dac170597a4917a19b13c2f0c5e79cd05181c105794b880e1989b8d362f42385c6f7ad50fa83

Download Submit
C:\ProgramData\GZG\Screen_2024-12-03_09-28-26.jpg

Filesize
63KB

MD5
23a5221efe926da16a8d4839caf71bc8

SHA1
9de1dfc40542ac7182628e48b917d43a6fbea27f

SHA256
bf6723451451c165de8199a3397a8cfcbc1a9d178baaa1c2baced3ea9e665724

SHA512
76e89b0bee6c1590e4d1138c7f3dc7db986556be12c8e6031c154a77706d80a502ae3b78c0becdef2ce7ca54d6f7e006ae7d555a57ae8a1567304015fd3739c3

Download Submit
C:\ProgramData\OKDBPF\PPI.00

Filesize
2KB

MD5
f1dd353e0d747c02749f74b3842ac761

SHA1
8d1c0295f1503cb6e1c5c0eec94feb60c684cb8b

SHA256
bbb2a82bced19e5cabd93e870c7e1a566873a7e0ebbb2c09861762eedcabc55d

SHA512
49dd6d3394392cee49737b475257a958993d5f9df1d0a3ded4400be9f14d161d28bb29a5c94f35aa88e05180945196080b963bdc6335123aa2fbbb06aa3cdfb9

Download Submit
C:\ProgramData\OKDBPF\PPI.01

Filesize
79KB

MD5
677892e571baed3b0cd45034d1d2b526

SHA1
3edbfc5e1ee54a28ad78167112f663e5cd2e112d

SHA256
a9c016ec26f121ca092112bd02f771f65432486b13b27c407a07af48ce463521

SHA512
9b7664e12ef4e31458fd7e55a057c3fb75623cd756560d65075eaa59f643944303a4f0c93405c0bfb98db181b52f56e8b8bf9d8af0169095853b46c3a25e00e8

Download Submit
C:\ProgramData\OKDBPF\PPI.exe

Filesize
2.6MB

MD5
34a65e40715553485437cd7125bd3bf8

SHA1
601643073102fddf316605a2dc8740248c970846

SHA256
b89d699290fc99d131d6788cd7b46ca9d8f63508a9209a715cc3e390f3eae2eb

SHA512
0e7001bf6a490df17a989e96f1ffce489ab3b1031ed20e45b29882237b6af77ecacec40abfa499b8b59067ac4e37ee95f19d533a1287e296d77e2f830017a5c5

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
795dc9c06b58bbf1165bbfd086c5589c

SHA1
f8a6a7554a75dfa9685416ccc202498b7c0b0cee

SHA256
6d76058d4ed2316fd7f876928af1342ba1864607fdd380ccebd0f8b0236a6d77

SHA512
4eee1db9d13ae00e9681ec849036113f90a7a091f6f42669955d6cb1356fc396eeb335fe8162fbdc1b2256d3e8f3a886da5f18fdc092dd6ebac62baeb067c978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
86f37fc1f0962c5a550ec7a5608fd46c

SHA1
68399df4eccd45d926a809292928af4a74485731

SHA256
f11a9d2d5de33c6632ecf8eba16d317f151d5373857ffad3742147ff75792bfb

SHA512
65f6f3069cf2eee8b329e8639cd5988628b670d8c85c132186d929135705bc75284ca8ec0c4e472e73791dff62e4cfa180a3dbd8cc2bb8c21e5a7ea9e722355f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
5dcb32f9cc2b419cdede3e6ad38ee860

SHA1
ac8377ddd822cf5d21f7b0b1b8d3dcaa19d6e26f

SHA256
c20bd1a538558841cc94b33e964d81530e769e243a52b508d0fe61c35a57107b

SHA512
9167a516e4b1d17697fde577b7cfa2bb87b75a21050ab090e372a9c979f6f0030a24bdbf783a53543171ca047a75f69436c3f305099a995fa46041213ee3febe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
a2fcfd90504e3283fb2604b0669810e5

SHA1
759dcc6a59b597671abe3be5cce33c2223371ccc

SHA256
227d5020f6539bee87ecbd45c2eb7c3af7bd344fdc5659e23e996d0ab57e151a

SHA512
5975e24b79f952c820d11819ac7d2ebffa64764071abe392077e8e74de8fd5fc3d36a36526d76feee103f5f9d340decddea86d449082a68aa09ecbbc12dd6954

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
e5b1cb40a1eb20f5616cf9d4e70727da

SHA1
fb53828ca4b1eafcd71259a1f1c9c8637d28449e

SHA256
9eefd36b5f6bec0055f97715af7b2434a126a974a4b18f2841dcbdc97b4cec56

SHA512
430566206afdfc538e07ec2da13c2b15634b438d79e56bc9c1978f93c49a037ecfe85553ab6ad6caf21f3307de7104fa172248fca4d1c008ead666dee43d141a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\B65F5ED64928E7E0BA9636238E5AEA964D628772

Filesize
40KB

MD5
0554382ee7c03b638a97e6811dde44bc

SHA1
53bf9ed184bcead4e72249db375ec9e0d1879b2f

SHA256
d4e45a395df86ab3e4d3539e503e425dff04f397259eb80d3024d94c66b86fd1

SHA512
f7956552395682400baa74c820b4fdb4577af7069c763c75d04234f07df623f8636318c7ffc72a78d2f1247ef1c5397b2fc3ff9399dc831468934d1ce945b050

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
132KB

MD5
7bb730a2793a3993d9e67e819987fd89

SHA1
0ed41653c0a278844ec36d7db332add560c4f562

SHA256
924569c3221c924a63084a39ffbbe1adbdf34681dd7caa12046981b94c1099ee

SHA512
d57e18cfa3007ade80b15fe5760816d056aec4e1e3a0a58ef29f9b1cab86f7eb4c97b67b4db8dde548d0fbd82b8551ef24616fae67214f546108702225fa7290

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\startupCache\scriptCache-child.bin

Filesize
705KB

MD5
19bcb67b36d0284fb32873aad9382b44

SHA1
c2ce4e7798ff2373b2b576ded609847b5a472a70

SHA256
df3d383cba8360899ab4f9799f60b21d13514f32d5c5676a94fa985b501377ff

SHA512
0c19153c37e4fbeda74b0e32786a6fe99b2fab6c9691843a569f8613095e72b9d8c5a1128dcdfbc6c236dce4e5a514dce3c96ec17f22d4643120c7e00723fd1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
42ef850edbc139a84e7e3b20653f072a

SHA1
8f4865cac36ba29890d1d0bbec93d36393d545c4

SHA256
4770d7a9a2fb83641bca7ba915eadd15fd6349d4a0fe3e37627550453feb08e5

SHA512
aceaca216366d624744005c55acc2c11c065bdf54c309358973d9cec1fca7f9cd9b12573c2be7487dba3e5147ef8b01ccf9237492bf8086deb3799eceab217f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
8db6eecfaf9661856ebed756d00355c6

SHA1
0625b01224492d316b286ba887c38c1622b8c7f4

SHA256
be65dbc995ba2232f3d2d634a661dbca8cea5c1e14f18aad04e903d81c1ff006

SHA512
3099c07afa2cd0a0600da082d40352c9185d581d0742be38571401e6db9a8edef132ceb4f95cca46272c2d2349c86acc63200bd0dda675ba38d26b33ab466f82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
dcbcaea4070b3c2598c18b044e80355f

SHA1
150bdfa7ed1683296c8d3fa57ad8713c99e568d3

SHA256
f01bc591fb037235f1dc5bbdc909eaa3f10bf3a0b3eaf8e37e5067f6ee90c432

SHA512
f0bd9095e18e8ea926d6eaef8b0c383ad2e4ca53d33e09119d08664ef1e03cc5fa6fac346275feecfb10b11bc96e533f4eca42c6daf80d6e2bce0f3d968ce2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
20KB

MD5
24bddd58a12c01f135fd1bfc11ce95e2

SHA1
19d561bfee53f78de7ff53e88e42484089a0ae68

SHA256
748feeb0bee9d56f016a7ce3eaf9d8953d1488e74d4ccee0b0888adba6965c5e

SHA512
d7dc638fb350b46c77efa01d22defa532f6a14674387cb9549cfd7d06f96d5535764127f2dcdd3718dd0548e361597189fc01522de807553feb532226513713b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
6KB

MD5
0d24f3161e33667deac35d20e0aa5b67

SHA1
ced7356a7a65f6fa3f08719aaf4bb115b0c49c2f

SHA256
0cbb7bca9d3258d4806577b6f7865752b26ff26fdd3ad965677932c6a3f33e86

SHA512
021fb1c734025d717b3f2e7b1369c2ea9001c943b0e289c3163d3092221bfa0605723f141b18e9e4e5ac52acfc01cc79067bfcca25ded5882b65aa8e94836bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
12KB

MD5
45ec0b69ecd09982331568611a84e4cf

SHA1
b47378130aef66e39b8132e8d7cd5cde8e1b13f1

SHA256
4650afe25498a15c72603bb75dabaf9ca5740612f4ed638a32520a907e48688e

SHA512
9aec3157ab4b53c59aa20c3b707c5a24f78b29e738fbdf87253a252f3088e5a29e0adba5e5be932169837436fd69790a0193f7d5fc0ef87ba120375d5eef1dcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
f2e3bf483c219c96e8b541c311446c07

SHA1
43d5a6e12b2489a28ed9b1ce2fa37ebf5ebceecf

SHA256
a34d2377a962448dd949f46a26d67d9656da6e12d62445d49bb96b7663cba084

SHA512
a8abb3d2a98ed721cc08127bfdb151292a41c0bf188ea1d4a5366e58f8883b7025cda2ca8b159f59678b93abebb73d15276aa48017432f780ab2c33ee736b852

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cert9.db

Filesize
224KB

MD5
d6ae9528702fdda4f9e55b2f2ef9c42e

SHA1
1b4438c48b1cb4432eec529fed86124798a5662c

SHA256
a8e5c7ca05bcd66fab1465e44f0be472741f9fd0c9e8576fb283af1f36018e50

SHA512
cb7605adfbe535f1675192af9ff27d0e95d6a48e4e4342c9be242471cf94c2b84aee83d81daf44c44dac0fbfeab7b4820d2527d3a62b22e7c30fe7fe0a5cd73b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cookies.sqlite

Filesize
512KB

MD5
131b14f827f08fcef2ae22fa8136fb15

SHA1
4dc1c3ca4bb1b4dbd9657bb08efadcd0b650b7d9

SHA256
46e65a59a1de947b7b88123e009b467bae53131858f668a2e0f4a12e1ccbfc97

SHA512
068d6436e1599cd4c2c11f6cfacd8c0eb51078b96803001523a6ae189389ab7b205270be450c8ab58102126b117d8d55068743b782ae2b173137c10fdd68d95b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin

Filesize
51KB

MD5
27dda09a4bd8a2e8ff29b5373983a94d

SHA1
f7d88d471b29d96c1357b80ec6f4281c62f91236

SHA256
833f260b7be61bb3f1867756edc1fbb23bafaafb9820ea4d2b0e03e7bbcab680

SHA512
743237a440d8ac6d8d3389442854f10b51b91ff7f55fef21ef28834f57b772e1c0ab9878fdb911d6f44d9a6f11996baa4b9503a9f4df1d3870dbfd259140bf77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cd6ee3809e243b2de048f6e50c0e98ac

SHA1
def1fb6545040a106d66912b360d85373b0033be

SHA256
6579537fe50176a0052ce00a14d89f7242da9a573749d8ffb35514089d5dd7de

SHA512
4ae80f4e867221f377f35a9af2afc3fe05872e289c9045af771dd03702ce8e0f7e07d46ac2d237a073ebf72d63dcea9d37feb18f4430365bc3baf3d5e5a0b791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
39KB

MD5
388d79d875bf3f000c6657af5233d4c5

SHA1
05cd17abfb5c61242b155dad27d7a24cdb1f8661

SHA256
89df05eec89734ecb3656a38fc75620f047805029d53230da0259c561b419063

SHA512
1022000ca5509e6cf5f2e003a5ecab3337feed208fac03f1b8cddd9585dad00492c5c0d8fedfc503f320cfde8faf9b3a978e7bdf4e667c970926444726bbc01b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
50KB

MD5
fe9d0f598bd3cb57de3bbfe15ed61d9b

SHA1
fd99ef278ba555ac1998ebb4d9086d413f13c8f0

SHA256
01f848df099bbe439140e73e5d05f8f2aac17e6277266616246e1cb4a66a49e3

SHA512
470a0d4415bdaa493e94199cfbf32bc79f8ff3ee9d254756e1a7423f37b3aead08c066e2f6496956ff856bd1c4df78c5ed377e6f0b78c61b2e92ab424c3660d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
3be5a80c236744e975bb318654425496

SHA1
70145c5e0dce7bf843f2982c2656a3c7fae0c60a

SHA256
8a69b2ec04e44ce27af1a059c8bf1e8295c3a188c5fbf4180ef1842b9f7d3b11

SHA512
f54f3569ace4c99be8dc378276df665a30f3370a75735033364e0f59db706235b6e5bb0bd0519918e4a119147d3915b25a12626a972af3a5877bd8fa2f91a038

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
51KB

MD5
7adfd852f0f46350f706804a73b82ff0

SHA1
3870e259af580536b218287b2604e5a85626dbe4

SHA256
81eebf778fb2b77001e96d9319936c06f0eda4f8fefc9ed737635353c3385e91

SHA512
26114e945f506cc234a1dbb40e705060e96d1afdd4ed9b2de4e7e457862688825b1fab658dad9e8271f435ef75a053e9f8f5f1804b415bc0c32c60a9d7a32d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
51KB

MD5
d027950b3a15b70d2a4fcc43ef77bef8

SHA1
4743e2c9d3feecd5d5828be59b0f3d2b57885fd0

SHA256
13cf7e3c970022071835a27467c3076f21cd63af401a8b3dae31043b69709e86

SHA512
51ebd738fa0bbdf090c96d462de56c23ced33608287695cb8a84e62bf591c4256b7c6f06f0ee8020edd966ad4fdfad1797286cdfa3c2686848b8afc34118d162

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
747a621a12169dbb6b5ac9ad1b995760

SHA1
e6a3900ea966e13a87063bd9c2c0c572d4c67931

SHA256
b308c3b4c96fe75364ac1c5352cd68dfb4093fbc096df1a6ef1b90c884b2a034

SHA512
b1e2018cbb00633a622c043f93170ab357fd4da719c1b7c7fd5c82b8f91f5d2d7b23b4c3e03735d9594bc2d04efd437a8937c9ff815aa826606439d193f7c1c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
b3ea549614e4230fb77c19b26fbeca29

SHA1
0541531eb23c587072b5dcf6369873bb6f20345b

SHA256
4499c4a1a08cb1e8a12f72e06330f17f6bad632633e8bc99247b68e7ec230be6

SHA512
697ed57863a9c8e2b67f8a12b9feb88d5aaca88551337b958e8de1348324e986a649b8d45e145509ede2302c9f3291b71580ec386f142103b75faaafc8e52911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\events\pageload

Filesize
614B

MD5
1a6585611f4fca61ab5a6c4630e0c8c3

SHA1
693289140134858d74086765599df821709fa53f

SHA256
b8204c94d37c644c3bd7088eb993de573b355c33ad2b6f8325c809368509da50

SHA512
f7a39466c02ae266b815fe00706dbe1420d73d9ba25ff1c5505a014fb58c205102d271a04831bc4c003411125e80929e1442ccfcda5f323f84253373e2e6a5c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\05abcd52-71c4-4803-9ee5-e9cb9abec619

Filesize
671B

MD5
0e2c76110eddbea535f60629f81850c6

SHA1
8e79ac5d967a8a7d07ef382aaf0a3c4a991a1ecb

SHA256
0aad097dd11f7c9632ef633e04db5fbbea8ac26742074e362ffbffe73c3d7d7e

SHA512
f3cb97e1f8c17bb2c664eb4ffbb8c16c09d03e32da60b66e923b757d01ea529f4b481a153fa1234f196325028dbee45c62602e49dd64db556503461dc44bf61a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\1a3ead0e-7648-4fa7-a932-50755d6e61d2

Filesize
26KB

MD5
122e52d6a235f94f87195e4459354468

SHA1
f4640dd6695aa83e0d75e3020833845a757c1aff

SHA256
54272fbba34701c8268331e6ddc44249b7c2ff5c415f89d3c9d30e3ea86f5562

SHA512
581d5db78ebd73c927ffca0a2a064e0839fba99ee2197f2d2b813c313ab35eaec72a0b85c71da81f8bccff43a9cb2b85b36496fb4e3452a3d1739d374f8bf483

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\39b9983c-7c12-44f0-b097-8a6755ccf4f8

Filesize
12KB

MD5
6bab24ad4491b89900c9e636073b35f3

SHA1
611ffa912778dde9158b223be30b08e5ce545f4b

SHA256
882e37ada21fb65c5e3db24de18eeeb4340e6ad3fe7df4354fee660bacc35f01

SHA512
d4618ab950c07f257053e5ebea5a02376e732092a5dc9c5b56182be59abbf43d47d80a6e39cb580864bd123b3c980bdfc5b8d6b746dff2b53d037fe34caae14d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\426a7e50-7ec3-45b8-99c6-0903058911ee

Filesize
734B

MD5
27ca6a7f97add9b73d3e9504d140a580

SHA1
2e240c19cdde34bc561ccf88aa786fae241175aa

SHA256
cd711dde36afb535200e2780caf3940bdb47c9de5c431fe5655899541ae14555

SHA512
f6d79766ddb8fc393866b64f3074942b04bc27475ad59cfbd405423352f672f94640ccccef67b23ccb73eba581c2bed839b554fb3214f844861116ace5659db7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\b0be7e34-ba62-45e6-a6f4-1073a56bff3f

Filesize
1004B

MD5
1368f0a03d441fc90a1db7872ab557b8

SHA1
ff6b2defda1de91d9595f31de819761e187aa488

SHA256
eff5be7f76dc66546f1c10460730da16de5a9858f6d55fb8c4fcbfc6b93bb7e7

SHA512
45eccd863b868b9e587df50d8c1a7176eb512a53031a6f86dcb1277e86eaaba156f9e4cb720c86bc617f5f3b9c24699cf4cbb80ebe297942add577df024ad296

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\cf004b42-dbcc-4d42-99ba-98c8ad46e9a0

Filesize
2KB

MD5
aa5afd97bb0291bd78bb95bcc58346e0

SHA1
fb73852a831f671a32512c1be034e2db66c7d2ab

SHA256
8e0d9fc5f8ecab8689f6b76953eb7420c0a6aa771285771f993325c3737c7bba

SHA512
bd1cde4404f82545213000ef2a43f4edd3cc8ed940dcbdce3b23e00a776489f9fe8040f7d1f522d83f1758b55578bac5e0fc6e65cf4602c24bc685f1f4f8306e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\f24f8786-8a35-4192-9aac-b877ec057618

Filesize
982B

MD5
ec95b4343c779cad91eeeb218c7b407b

SHA1
140072957c58c6ee96b66043557e4a7ddd37c4bc

SHA256
5bdb47ea16bab38641928259e07d7703f10f224132bdd3933d0bf90abd41f224

SHA512
206776d78c135b0f2b4294091ee6ef3583626567b42bb4558c68204102081c372477c16abc7b8f350b3d6e63f049f851acf5e81096142f68713f53878a235ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\extensions.json

Filesize
37KB

MD5
49278e0cb58125704d809dd15e352c39

SHA1
ac7894eca1a787282390561df8702251293ea4df

SHA256
b1fb41cd09293df188dc3fad914876c869e1b7e215dcbf5146edd59ee930bbf2

SHA512
b7d07a3d2c54ea61fd9fba85584cdc22af4b556b3fd2360e5e0c79f46fccbb9b0b9273e3e45b0fc2e82480dea8641c6ffa535347b57fddfe16c5458799c5196f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\favicons.sqlite

Filesize
5.0MB

MD5
6c280be24d62733b13a608f001dd4d39

SHA1
a279c0364ba2c62b39d2c0f1fe33acdfb98c583a

SHA256
e1debbabd987617625ec41522fb18143f56517788448341173b83b11860d896b

SHA512
d37e3426d37d7c2e034eaa0a223e2ebb0205449dc8f3099077089103e8d9c2ac4d04bc34581ac5769e8acc31c21d2a266ee45a020b5c03a64a884cf56a6076ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\permissions.sqlite

Filesize
96KB

MD5
fac7e67134a6696053cc20434ce07f28

SHA1
1a1848ccafe2bfb5cf12a80c761246d8cd091dff

SHA256
e8e964d5b3c3e552cf75c12613538a047fabe9cf08ce62230f866176c77bdcee

SHA512
7e5fe842692fd7d2ba9fae4b8e7b00118f24e15032c65af3f2a858c66022c79f6db84de70e94bc9ac6a025038c029050fb4b985f6f93c4a8b35cf83e4653fe68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\places.sqlite

Filesize
5.0MB

MD5
500e20d7ebb422b3f6119b8b37d5c516

SHA1
5eca5aa9c7382947b611a435de1e04137855fa13

SHA256
80d7571e879957f425a9be4701b248c1c0454f3fd2d42bb191970fa3eb13df6d

SHA512
08dba2024a8811bc7815f8e9aa2cfa0a5ebbb950d915ec07a75e6a81961fb8f67f2e98ede1659cb2a3085043082d3eb32d1fc0832c313d82b05d6b86fd302583

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
10KB

MD5
56da7c06f403181f405a0a0ee9e01665

SHA1
1bdc9606d601cb9edb482cb454279ca2ede8f304

SHA256
24de8632f119d15fbd8f734f8af36c711cd7d300be8ae23584853a5c854038e2

SHA512
d1c46365df999429b35e4c5263934828fa23ea101a2e1d5eea337c03895c7c4d15a98a24f7d33ef9ae69685cf8c0f4461d193e55fa2a7b11b7422d774429b92c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
12KB

MD5
854cd639408a62334af9a99c4b2181ca

SHA1
386129c41c9f21918511c37e8dafb30be66c42fd

SHA256
558e0b35f2f8f6ef547a76db0e25b6f6ecf9002e99a1888ba1ab95d58ce11544

SHA512
5f40116a92f9fb8f0f9c70f8d6c1d71545d41ce34273fe15e46fd277f6788d4a1c09a0241c1599bc146d35fc620027f834645150c52355d8fda0bd52022a64e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
11KB

MD5
e73ddf250ffb6b7cd41fcf13c3d4181d

SHA1
ad362fdc2b8ea5fa3c9c003792f0ca45e594bcd7

SHA256
1008c7ba1fb2f2beecaf48210ecd7a4f35e03ffa1fe44d6603a96d97004e899e

SHA512
288b30956f9eb294757e068e91fcfd1136d262957d7ed05638268a6ba05d863654971e5200aeb4abcb3d36f49a7920ee3dfb716c6acc882b460c72b690fd1f65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
12KB

MD5
f71215936f3149c94d0467990d2bc648

SHA1
e3b09637dc175bb0a4a7915280f9a69e0cc2780e

SHA256
428b86d4eee7a79b5fdb46613053b8ebcbe2f4149a70fe133742de3ddba715e3

SHA512
934c7a9dc443ad86da412e7c18225c58631e1b1160a89aec0539f60398bfb232d230691dbe902fe65ea8212e16a8a7b2dce7134a51bc1d822ffcb8369c6197ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
f9d5e454b7e06d9c895be6062897a8e1

SHA1
a5103f2daeb0a825f04defe11230319512d95778

SHA256
eba619e908c0635f227d8df42782962a89fe73a52d78839c7626ec5e7c96c118

SHA512
b357fdce28cfdd7dfa2dbe34786fd3adfcc8baf90320c44658d2e9438eeb45280847f769bbca83647354bc51e2ac7aae724eee21f57cba73207d54cf94304cff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
bdb68f318f45580c3310defa9e57b980

SHA1
b7be2726dfcfe2978c3442177aae3cf6b86f240b

SHA256
a05570f51e78aa67f0b6147f61fdd2a7d6f4f068d49e87bd629cfb4a723f3c3d

SHA512
7ee6182be4819355648c495cb4ae525a6bb018b6d9010a6d3df4bf769108e4b54f7b3808a3c53a6895b794c4e1e6c934f8a4b82025aff32a93174627cee5e502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3733f1a83394b57c40e3665242ed2212

SHA1
d2aba4d7dfc3305d0ca449e431b4f15d2d3e2e50

SHA256
80242280e861cb61b1ca4d3662a3049a72ed2e36413a3867ea47379bbe4fe5a9

SHA512
dee6a13da4d46e5fdae6f4b3da0eade02b5538b0bf0a51097e6c81641a5d8978033f229bbdbd4a48ac4130cf8500a1d0059acd44bb3415337739599349ea20af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
fb52f9313c5320b2ef13939bb82daa19

SHA1
55d0fd7a78fe01f9f1eae29dac2635cdf3fb9f79

SHA256
dc39442796389d94b2f8c5a4020b3a6e96da95e8818397fdd89db038ec71c7dd

SHA512
5d0a06d20af33d821e056f087ff098d1dace92d7bf64710622c11e5bbef211f3ca089868014207c8447f61e1cce248859bcf8e47a0cc45274f0a43afce543894

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\storage.sqlite

Filesize
4KB

MD5
764532495fff8185bb6e8df1b8cac926

SHA1
7aec91c988c6bde4e3ac8cf8e32f4bb70995219c

SHA256
3b80472dfd11afa537a717e9e890340560b43b1e3f41c9ae9b8e2514e602e153

SHA512
ba0b55fd246ff09b98fd33e415f993d25a3636b5b7a3c3c60e1e1a67a6f6ee75f33c9e01ee5a71e89b879cdcf6d5756a305bee43987e9360e746b25f59fba578

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
0298247f53316aa30d19b3d0a5a5c4f6

SHA1
0f048377c32c619f78a3baf9e9b9d1e971d98b5e

SHA256
8c0b88894560d7ea7885c6c50f8dab8ba92bf2a0766a1982dded6a038b2ed41c

SHA512
5398f0b288986818823e7cde169a32ded4d4d83975d3bb2d03d43911bf13933ce90a7acf2c580baea70f3b28ac10535bc07e15c1baddc1b23b5d31989934a507

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
552KB

MD5
be6ddcd70e497a772cf2a8d6a870fa1f

SHA1
ed6950ad844b2bcbf5c6f82077551e99cfc28858

SHA256
57cdb82d964a75a48e73df1dee5dea0d3b822150acd9f13044b6c173b465b24f

SHA512
d2213a1c0435d07ab56a246a9c814d5c113738016ddb90843b47576e987452713af81ae2fa4fa82d2899c63c87b068eed39937aa48b1daec6c312a6bb4e121cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
memory/2360-17-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2360-16-0x00000000026C0000-0x00000000026D9000-memory.dmp

Filesize
100KB

Download
memory/2360-12-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2564-1011-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1002-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1007-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1004-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1003-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1012-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1010-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1009-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2564-1008-0x000002036F510000-0x000002036F511000-memory.dmp

Filesize
4KB

Download
memory/2708-25-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-20-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-18-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-30-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-29-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-28-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-36-0x000001AAB6D20000-0x000001AAB6D30000-memory.dmp

Filesize
64KB

Download
memory/2708-42-0x000001AAB6D80000-0x000001AAB6D90000-memory.dmp

Filesize
64KB

Download
memory/2708-19-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-24-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-26-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/2708-27-0x000001AAB6DF0000-0x000001AAB6DF1000-memory.dmp

Filesize
4KB

Download
memory/3824-124-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-125-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-114-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-116-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-126-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-115-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-123-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-122-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download
memory/3824-121-0x000002A8CC380000-0x000002A8CC381000-memory.dmp

Filesize
4KB

Download