83a77312cd2d5807538c6bc6055bd9533040d6ca8ed21aa4ff40e276c453f9d6

Analysis

max time kernel
1793s
max time network
1593s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05-12-2024 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

75.9MB
MD5

7bf1004db0e9aebc6d7a87f5623b873d
SHA1

e9ac1e9cef961b259d5dd1ccaf3d10757a3fda48
SHA256

83a77312cd2d5807538c6bc6055bd9533040d6ca8ed21aa4ff40e276c453f9d6
SHA512

abcc47540c1da0febfae5c02e24e9c912e76e1eb3be33c232d8b4798e1ef377ff19ac8907291d13cd548aff14c1d35fdb60ec0f9603003e81b9ea0b0698da92f
SSDEEP

1572864:B3mlIWgwm9Sk8IpG7V+VPhqSUE7WxzlK9piY4MHHLeqPNLtDNHz/3Zzeej:B2OPwm9SkB05awSAxzMAMHVLtZHL3Qej

Score

9^/10

defense_evasion evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	PySilon.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	PySilon.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
1176	powershell.exe
1936	powershell.exe

Downloads MZ/PE file

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
4544	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
2432	PySilon.exe
1408	PySilon.exe

Loads dropped DLL 64 IoCs

pid	Process
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PySilonRegistry = "C:\\Users\\Admin\\PySilonRegistry\\PySilon.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
16	discord.com
17	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0020000000045671-1264.dat	upx
behavioral1/memory/2840-1268-0x00007FFBF5AC0000-0x00007FFBF5F2E000-memory.dmp	upx
behavioral1/files/0x0028000000045227-1270.dat	upx
behavioral1/files/0x001400000004561b-1275.dat	upx
behavioral1/memory/2840-1276-0x00007FFBFAAD0000-0x00007FFBFAAF4000-memory.dmp	upx
behavioral1/memory/2840-1278-0x00007FFC00530000-0x00007FFC0053F000-memory.dmp	upx
behavioral1/files/0x0028000000045225-1279.dat	upx
behavioral1/memory/2840-1281-0x00007FFC00290000-0x00007FFC002A9000-memory.dmp	upx
behavioral1/files/0x002800000004522b-1282.dat	upx
behavioral1/memory/2840-1284-0x00007FFBFA660000-0x00007FFBFA68D000-memory.dmp	upx
behavioral1/files/0x00210000000455ee-1323.dat	upx
behavioral1/files/0x00210000000455ed-1322.dat	upx
behavioral1/files/0x0028000000045236-1321.dat	upx
behavioral1/files/0x0028000000045235-1320.dat	upx
behavioral1/files/0x002800000004522f-1319.dat	upx
behavioral1/files/0x002800000004522e-1318.dat	upx
behavioral1/files/0x002800000004522d-1317.dat	upx
behavioral1/files/0x002800000004522c-1316.dat	upx
behavioral1/files/0x002800000004522a-1315.dat	upx
behavioral1/files/0x0028000000045229-1314.dat	upx
behavioral1/files/0x0028000000045228-1313.dat	upx
behavioral1/files/0x0028000000045226-1312.dat	upx
behavioral1/files/0x0028000000045224-1311.dat	upx
behavioral1/files/0x001c000000045738-1310.dat	upx
behavioral1/files/0x000e000000045716-1308.dat	upx
behavioral1/files/0x000f000000045715-1307.dat	upx
behavioral1/files/0x001f000000045703-1306.dat	upx
behavioral1/files/0x001f000000045702-1305.dat	upx
behavioral1/files/0x001f0000000456f8-1304.dat	upx
behavioral1/files/0x0028000000045221-1303.dat	upx
behavioral1/files/0x0028000000045220-1302.dat	upx
behavioral1/files/0x002800000004521f-1301.dat	upx
behavioral1/files/0x002800000004521e-1300.dat	upx
behavioral1/files/0x0020000000045646-1299.dat	upx
behavioral1/files/0x002000000004563f-1298.dat	upx
behavioral1/files/0x0020000000045625-1297.dat	upx
behavioral1/files/0x0020000000045624-1296.dat	upx
behavioral1/files/0x0020000000045623-1295.dat	upx
behavioral1/files/0x0020000000045622-1294.dat	upx
behavioral1/files/0x0020000000045621-1293.dat	upx
behavioral1/files/0x0020000000045620-1292.dat	upx
behavioral1/files/0x002000000004561f-1291.dat	upx
behavioral1/files/0x002000000004561e-1290.dat	upx
behavioral1/files/0x002000000004561d-1289.dat	upx
behavioral1/files/0x002000000004561c-1288.dat	upx
behavioral1/files/0x001500000004561a-1287.dat	upx
behavioral1/files/0x0021000000045612-1286.dat	upx
behavioral1/memory/2840-1327-0x00007FFBE78D0000-0x00007FFBE7C45000-memory.dmp	upx
behavioral1/memory/2840-1325-0x00007FFBFE1C0000-0x00007FFBFE1D4000-memory.dmp	upx
behavioral1/memory/2840-1329-0x00007FFBF6A30000-0x00007FFBF6A49000-memory.dmp	upx
behavioral1/memory/2840-1331-0x00007FFBF8770000-0x00007FFBF877D000-memory.dmp	upx
behavioral1/memory/2840-1333-0x00007FFBF6A00000-0x00007FFBF6A2E000-memory.dmp	upx
behavioral1/memory/2840-1339-0x00007FFBFAAD0000-0x00007FFBFAAF4000-memory.dmp	upx
behavioral1/memory/2840-1338-0x00007FFBF7B00000-0x00007FFBF7B0D000-memory.dmp	upx
behavioral1/memory/2840-1337-0x00007FFBE75F0000-0x00007FFBE76A8000-memory.dmp	upx
behavioral1/memory/2840-1336-0x00007FFBF5AC0000-0x00007FFBF5F2E000-memory.dmp	upx
behavioral1/files/0x0021000000045601-1340.dat	upx
behavioral1/memory/2840-1342-0x00007FFBF6C70000-0x00007FFBF6C7B000-memory.dmp	upx
behavioral1/memory/2840-1343-0x00007FFBF2F30000-0x00007FFBF2F57000-memory.dmp	upx
behavioral1/memory/2840-1344-0x00007FFBFA660000-0x00007FFBFA68D000-memory.dmp	upx
behavioral1/memory/2840-1345-0x00007FFBE74D0000-0x00007FFBE75E8000-memory.dmp	upx
behavioral1/memory/2840-1353-0x00007FFBF54C0000-0x00007FFBF54CB000-memory.dmp	upx
behavioral1/memory/2840-1354-0x00007FFBF2F20000-0x00007FFBF2F2C000-memory.dmp	upx
behavioral1/memory/2840-1352-0x00007FFBF6A30000-0x00007FFBF6A49000-memory.dmp	upx

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	firefox.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4488	taskkill.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
2840	source_prepared.exe
1176	powershell.exe
1176	powershell.exe
1408	PySilon.exe
1408	PySilon.exe
1408	PySilon.exe
1408	PySilon.exe
1936	powershell.exe
1936	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1408	PySilon.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	source_prepared.exe
Token: SeDebugPrivilege	1176	powershell.exe
Token: SeIncreaseQuotaPrivilege	1176	powershell.exe
Token: SeSecurityPrivilege	1176	powershell.exe
Token: SeTakeOwnershipPrivilege	1176	powershell.exe
Token: SeLoadDriverPrivilege	1176	powershell.exe
Token: SeSystemProfilePrivilege	1176	powershell.exe
Token: SeSystemtimePrivilege	1176	powershell.exe
Token: SeProfSingleProcessPrivilege	1176	powershell.exe
Token: SeIncBasePriorityPrivilege	1176	powershell.exe
Token: SeCreatePagefilePrivilege	1176	powershell.exe
Token: SeBackupPrivilege	1176	powershell.exe
Token: SeRestorePrivilege	1176	powershell.exe
Token: SeShutdownPrivilege	1176	powershell.exe
Token: SeDebugPrivilege	1176	powershell.exe
Token: SeSystemEnvironmentPrivilege	1176	powershell.exe
Token: SeRemoteShutdownPrivilege	1176	powershell.exe
Token: SeUndockPrivilege	1176	powershell.exe
Token: SeManageVolumePrivilege	1176	powershell.exe
Token: 33	1176	powershell.exe
Token: 34	1176	powershell.exe
Token: 35	1176	powershell.exe
Token: 36	1176	powershell.exe
Token: SeDebugPrivilege	4488	taskkill.exe
Token: SeDebugPrivilege	1408	PySilon.exe
Token: SeDebugPrivilege	1936	powershell.exe
Token: SeIncreaseQuotaPrivilege	1936	powershell.exe
Token: SeSecurityPrivilege	1936	powershell.exe
Token: SeTakeOwnershipPrivilege	1936	powershell.exe
Token: SeLoadDriverPrivilege	1936	powershell.exe
Token: SeSystemProfilePrivilege	1936	powershell.exe
Token: SeSystemtimePrivilege	1936	powershell.exe
Token: SeProfSingleProcessPrivilege	1936	powershell.exe
Token: SeIncBasePriorityPrivilege	1936	powershell.exe
Token: SeCreatePagefilePrivilege	1936	powershell.exe
Token: SeBackupPrivilege	1936	powershell.exe
Token: SeRestorePrivilege	1936	powershell.exe
Token: SeShutdownPrivilege	1936	powershell.exe
Token: SeDebugPrivilege	1936	powershell.exe
Token: SeSystemEnvironmentPrivilege	1936	powershell.exe
Token: SeRemoteShutdownPrivilege	1936	powershell.exe
Token: SeUndockPrivilege	1936	powershell.exe
Token: SeManageVolumePrivilege	1936	powershell.exe
Token: 33	1936	powershell.exe
Token: 34	1936	powershell.exe
Token: 35	1936	powershell.exe
Token: 36	1936	powershell.exe
Token: SeDebugPrivilege	4400	firefox.exe
Token: SeDebugPrivilege	4400	firefox.exe
Token: SeDebugPrivilege	4400	firefox.exe
Token: SeDebugPrivilege	4400	firefox.exe
Token: SeDebugPrivilege	4400	firefox.exe
Token: SeDebugPrivilege	4400	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
1408	PySilon.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe
4400	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 2840	3472	source_prepared.exe	81
PID 3472 wrote to memory of 2840	3472	source_prepared.exe	81
PID 2840 wrote to memory of 2836	2840	source_prepared.exe	82
PID 2840 wrote to memory of 2836	2840	source_prepared.exe	82
PID 2840 wrote to memory of 1176	2840	source_prepared.exe	85
PID 2840 wrote to memory of 1176	2840	source_prepared.exe	85
PID 2840 wrote to memory of 4576	2840	source_prepared.exe	88
PID 2840 wrote to memory of 4576	2840	source_prepared.exe	88
PID 4576 wrote to memory of 4544	4576	cmd.exe	90
PID 4576 wrote to memory of 4544	4576	cmd.exe	90
PID 4576 wrote to memory of 2432	4576	cmd.exe	91
PID 4576 wrote to memory of 2432	4576	cmd.exe	91
PID 4576 wrote to memory of 4488	4576	cmd.exe	92
PID 4576 wrote to memory of 4488	4576	cmd.exe	92
PID 2432 wrote to memory of 1408	2432	PySilon.exe	97
PID 2432 wrote to memory of 1408	2432	PySilon.exe	97
PID 1408 wrote to memory of 1756	1408	PySilon.exe	98
PID 1408 wrote to memory of 1756	1408	PySilon.exe	98
PID 1408 wrote to memory of 1936	1408	PySilon.exe	105
PID 1408 wrote to memory of 1936	1408	PySilon.exe	105
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 5048 wrote to memory of 4400	5048	firefox.exe	115
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116
PID 4400 wrote to memory of 2032	4400	firefox.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4544	attrib.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2836
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\PySilonRegistry\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\PySilonRegistry\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:4544
  - - C:\Users\Admin\PySilonRegistry\PySilon.exe
      "PySilon.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2432
    - - C:\Users\Admin\PySilonRegistry\PySilon.exe
        
        "PySilon.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:1756
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\PySilonRegistry\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1936
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4ac
1⤵
PID:324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c097d06-30af-4999-9f2b-46ce465cc3b2} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" gpu
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {736b27ce-843d-4fc6-81d3-40198836bf6e} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" socket
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1604 -childID 1 -isForBrowser -prefsHandle 1592 -prefMapHandle 2892 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca4ef85e-9d61-4123-ad33-9ddcf87d0c8f} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:2756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4304 -childID 2 -isForBrowser -prefsHandle 4296 -prefMapHandle 4292 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {570eac64-9e06-4f94-aa82-6563162a7aee} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:1188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4956 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7db573-6c6d-4648-8fce-0dcbe491b5f4} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" utility
    3⤵
    - Checks processor information in registry
    PID:5420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 3188 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79444b8a-15b8-4062-8ea7-53362f499560} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2466e8ad-1a92-430a-966d-c1d12ea5fe26} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90c5eb8-d838-4dbc-af6d-ffc06fc6d29e} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6280 -childID 6 -isForBrowser -prefsHandle 6256 -prefMapHandle 6276 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a230e0f-0897-4974-b33c-487f56345ac9} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6520 -childID 7 -isForBrowser -prefsHandle 6588 -prefMapHandle 6584 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4dddfec-6a1c-4ab5-960c-923804dd7a2e} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6712 -childID 8 -isForBrowser -prefsHandle 6720 -prefMapHandle 6724 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {706a445a-8e21-4213-909b-b5d325fb867f} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 9 -isForBrowser -prefsHandle 6488 -prefMapHandle 6460 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e1b1610-5ddb-48fc-bb9b-6c2999f8200b} 4400 "\\.\pipe\gecko-crash-server-pipe.4400" tab
    3⤵
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
18d7afaba3f91a22e7396614dd02e3e9

SHA1
0a522363398afe457aa262fe855011e2c80c9641

SHA256
e180686392cf8cf1134b2d3886e29e7dbcdca4d1e4ee7f9617f28a5408726119

SHA512
ecf3178bb4e7f4a7deae794715d590d09b23f853450e3302b9384d65716ee617a44d56fa13101c42d928c94e5c1fd63c33f4823cf0e9b9e064c697825e32fce3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\EC8D490A267D626344B2FBE6DAF6C6477DC815EA

Filesize
48KB

MD5
16ea9b8c236134f45a820affa28996f9

SHA1
dc7791781fe8cf47d96a6397d2c45b315fb4c83a

SHA256
34dfe36868b7d6133634e2dad9023ff8d39ffa38b4fcbedd4c23bde61da63fc1

SHA512
0058f76cbe3985ca8d90f0f332a0235099a9794e179ba1ab7e8101748b9eb38b72b96646184be951ec6332c3d1c868486e1a752d71a93c8ed938a6819f1206b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24322\cryptography-44.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_asyncio.pyd

Filesize
34KB

MD5
6f7e93a4a41fb719dcc2eec804e48049

SHA1
4ea2b6d20fac377cedd76b648664aec59ac9a384

SHA256
3939fa93efb35bbdead8ed294605a764a08828cdf1d88b7bc835edf8409e835b

SHA512
fd4a566d248915da049ceed3f8bfa49590e62401d05e94b06eac84227ea9473519629e7679e68d36b47054ca8526655b792d74bf66bb9350494ff8178855d212

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_bz2.pyd

Filesize
46KB

MD5
5f1fcfa6577ed6ecf4099650873ee9d0

SHA1
7f65d93c52f7bbddcad0420822700c3e43881f78

SHA256
f68775b81e881f2bddeda06442e44d2c6820db2dbab37fa1852dc411d8e28a85

SHA512
590d7961656e52b7979deb6b20a344bcac184041ba0f22f58d6422b8f60877260eab57032e41b6375360ff62879f336a7b453494dc435f332198965107857575

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
796a3e2ecf2e31669defc1b3e07df327

SHA1
39c896e7217f9c2beaac7a831a5c24e1fff94714

SHA256
803969a018b78e0ca670c0cf2c7b8ff62efd7dcbdc049070f0109d1147453cea

SHA512
429dbbde27e65cc66754c3436153e04f9cde4800553caa678f8aebd55adb2490e93b7822650067eaa51094b47b5db1003af8c4d06aa1acb5d8531666cc308381

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_ctypes.pyd

Filesize
56KB

MD5
c8b1e1f994b23a47ebae0a1f3a2f314c

SHA1
5636ed108b67958988586fdb7bf7aa9bc841960c

SHA256
4ad24645396dee635c6900b48704df0ba3f9d728331d207b73d1efa67c8564c6

SHA512
b584b0cbaa10c7eeb5c292fc2c9cd52831592acdb79afa239ee516f1914c7d50db0fa78616780be2fdcf6a6b3caab7971d794cf6956699b5e9c79145c52f334a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_decimal.pyd

Filesize
103KB

MD5
c369a14a7020a3603182a4f5cd22e53a

SHA1
372cea2b33218f57281dcd0613b617ccb3908963

SHA256
04769e2f8182c32c780f0bc9324f30a1a2a904b5395e2fcffabbc0cc4fcbff5c

SHA512
371584f1835485a4acbf77d621cd90c74bf6d870f239ee72b65116f4b7909a6344de09a79615b096789d83bd708af0fd3dcb2220c5cccf76661bdcabdf5f8026

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_elementtree.pyd

Filesize
56KB

MD5
4b970889b765eaa1b730126b1b93cd42

SHA1
8346d0d3e3c68d686353b4fb3778d9905b502f58

SHA256
a88333a1b210bfb5f60676bbce6b98ae5ae051834a21a12e51db5027daf5ba1c

SHA512
83ad23614e70b5d002a0b4fb3c6d27b0e8bb1b1d1aba32ceb825237b802546ff92a1ba7c08474bdd9d9d07af0c0b8dd4b2d2417f05fb4c599b6ec1fa825d15d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_hashlib.pyd

Filesize
33KB

MD5
12c1703b7464bd94098ee976fbf8672c

SHA1
e73dfb0e9c78ad209fa1a6decd863658d706eba6

SHA256
228f1f78216051c90e5a9cd5aadce01f5c100fe4e60cccd8bcb92fdcbcdda145

SHA512
5b17bcb7e05f0efe15e5362c56d81691f01cdac2737f87486d6cfdfd137d94129b497b6e958a2de6e3f437f4d768da23117d4ad88d22149c9ca4feb474623092

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_lzma.pyd

Filesize
84KB

MD5
b45eca52c04371b2812c9104c7698738

SHA1
4da64729787e58d24ca7dda23c50aedbffe2fc22

SHA256
c31b390ad7834ec10dec2ea2af9d110ffd0483df920046c74236ef736b10fbd7

SHA512
0404effb490fda47f1899c931b7de137038ae7afbfad9aa0155e49066f0b7cd74ba3a92628022197d657114a7d84451521bf0a47037252c158b5c83d0ea1d15f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_multiprocessing.pyd

Filesize
25KB

MD5
f4db581d86747315baffc7a8e049d4c0

SHA1
f70b84cb641e3f837f44e42c3dfcc91e7e835b32

SHA256
3098b2380f875700f2e3c2b8a61b9f49f91d8d1b0e76a520eaaf4c53d6d9166e

SHA512
b17d3c8d1fa0a9335f9d71be893ac140248f523c8569a65365b0df63a11e8682d750b44c9c0396c0431033d6b6f1dd9eb2692bdc6d4cfdad7544f27c900b6b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_overlapped.pyd

Filesize
30KB

MD5
f1569470ac25543f29e565a756bddc0c

SHA1
a95e4e22c139aa18da289edb1152842b14ead373

SHA256
f0690bf7cfbe91a29b4f820ed943211bafd40426c7cd325841259973c1badf10

SHA512
c712887b73d593b349222bf181d8b0ca3bac8ec3290453ef24eb2d6572f8dbefe64eaa9023e0a0eae6dfebcd6d2c8f7aa594c5ec0d73ee1d21eedc1f22e48b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_queue.pyd

Filesize
24KB

MD5
20268609ecebf39a029a6f912222a112

SHA1
1bf5d03a451040d99ce8556e5ab731c73b27f268

SHA256
8120ef496869391ea2625009d8151e9989267912ea398f5fe2fba10b0476b8bf

SHA512
321cb5d5f52e41940030b935fda3b7f184928071f7645c87c5509d2c58c37ccb320fb73527d26aa0f2624b96a15015f9dbb608b5f8e291f2c4af9c4dd08cb923

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_socket.pyd

Filesize
41KB

MD5
7c65a201e922e8be1f176a4c2db7e377

SHA1
78183e083ecb283de6be50bbecca83c93bdceafb

SHA256
bd3edf2966e386649aa773a86d4aaf6c9d858bcc794d23953ad1abca2c3c9b3e

SHA512
f5ce05753a233f7ae3c7404011ede284c2ee2c3e51d5fa19b10be372c4e6e518cb9ff8a707295d750951e04a828c438e8be0611ef3476fc8fc60473174f6071b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_sqlite3.pyd

Filesize
48KB

MD5
80a1c6be1f23bdd55e6248f92d18677e

SHA1
8c48d2d1bd45d8f478e752fc0beb189be5928a65

SHA256
3212adb3f154cfa01cc366183e631726f3dc22aa4cfb7cdf2ee1a313e53656ba

SHA512
dadfa9f1dfe86ff9295d2016801ae161413ffe858ce7d99dc49dcd0bc167a8fcd16066de76e20e2de50e8b8a1222482bbbd4d548587c5543701d26ff4e410133

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_ssl.pyd

Filesize
60KB

MD5
42469b54eb9a10b20c3ce8007864584d

SHA1
db42e159286406f5092366ca2307af74ed77e488

SHA256
773ab4c98a927ae385ee220a3d59240e2cb86eabc9f3e923e27539b340ca3cf3

SHA512
34c214bdaab507bb091ecff516af2ac1ce1dbc6e0dbf77da6c698e186600bc8236f99e2bb102d2b65ac42a6e4e40a14df6946f3ac97c02bbd0b7ef10aba056dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_tkinter.pyd

Filesize
37KB

MD5
28522a9d0fbcfd414d9c41d853b15665

SHA1
801a62e40b573bccf14ac362520cd8e23c48d4a4

SHA256
3898b004d31aec23cf12c61f27215a14a838d6c11d2bc7738b15730518154bb5

SHA512
e7e715c61db3c420cdee4425d67e05973616e60e23308ef2a24e4a25deeeb8d4802de1cd5cf6a997cec2e9ebad29a4c197b885f8d43e9f7b2b015e9c026782e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\_uuid.pyd

Filesize
21KB

MD5
4759a0790439d7b10a190d4a91751f04

SHA1
d7a5cc04131711003db97135e29db2753f3a252d

SHA256
ee2f712585d63ee001de052bc9229d3d0e7cb759b1894e166d9672caee8b13b6

SHA512
5275bb2c8f96719932e0fc933a530c933634579c1b53cc6ca8664a9a40e06ec47ffbc78dd538c8c19760ce8b7efef214ee6ab6338b7bc0c9f9fee50659068fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\base_library.zip

Filesize
859KB

MD5
5bf257cce4b4a29fa20ddc5bc6889973

SHA1
2c9a24a961b5c475a77a1460e48bdc2b0c3e79ad

SHA256
f55752b907702ff162760809519315c278b013f84ff8f4b001268b84fedd70ae

SHA512
2e188c87cca4c398c9144aa9330a6420f14c2b45c12f49dfe378240c51143f9f0c115dec307420f94bb1aad0f91b1775b8102e78899f13cf36f076626c9f3216

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
9KB

MD5
89e6524df314db55a4da22e59502dd24

SHA1
3da6e6929827c5a32bca43809baa86c1c892313a

SHA256
5b0f625c70d35c11c379af78b0bdb2ae3de84ab9e2b7ee7f398b0d08e04a5e6b

SHA512
e08dcfa99e146083cec3de297f3e6160b745e1c1d11a7d38bb47ebfaec9551f7cdb4c7c8e37116caf70fe99a9768fdf048e037162c449c37481e377a3b2d727d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libcrypto-1_1.dll

Filesize
1.1MB

MD5
571796599d616a0d12aa34be09242c22

SHA1
0e0004ab828966f0c8a67b2f10311bb89b6b74ac

SHA256
6242d2e13aef871c4b8cfd75fc0f8530e8dccfeaba8f1b66280e9345f52b833b

SHA512
7362a6c887600fafc1a45413823f006589bb95a76ac052b6c7022356a7a9a6e8cd3e76f59cecf152e189323791d9626a6fdb7a98bf3a5250d517b746c3e84e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libffi-7.dll

Filesize
23KB

MD5
4e261cbb8247260ea91860986110f805

SHA1
1563d67c2aabcb5e00e25ef293456c6481a2adc3

SHA256
ddfd0755e011ea0df26d77cf3628e2cc59653aee02bf241b54b6b08561520453

SHA512
076cdc8759f9cbbf7f8dc7b1eaba3c51f6c40ae6043b1fb55aa2fb83f81e86933d0f885a61d83300173b9bd7c589ff126e2a5d858a3f4036390d02eb1e73d229

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libssl-1_1.dll

Filesize
203KB

MD5
aabafc5d0e409123ae5e4523d9b3dee2

SHA1
4d0a1834ed4e4ceecb04206e203d916eb22e981b

SHA256
84e4c37fb28b6cf79e2386163fe6bb094a50c1e8825a4bcdb4cb216f4236d831

SHA512
163f29ad05e830367af3f2107e460a587f4710b8d9d909a01e04cd8cfee115d8f453515e089a727a6466ce0e2248a56f14815588f7df6d42fe1580e1b25369cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\pyexpat.pyd

Filesize
86KB

MD5
feed0b6088212af68c9a9d5839aaad82

SHA1
fe7684e423c3e05b1740e8e0d986566051ed16fb

SHA256
29759d0d3e02b0d8f4882f91f1bc7e8f2c43f5d8ac3c3a5c3b24f5f7c341ca8a

SHA512
aed1134fafec64610847cb8545ef97eb92fb0a114f9a715e7894991489b4db50a963c81587da6097c01c76c39b438e9079151507b2106c7be16679d04ef2c12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\python3.dll

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\python310.dll

Filesize
1.4MB

MD5
701e2e5d0826f378a53dc5c83164c741

SHA1
62725dbee8546a7c9751679669c4aeb829bcb5a7

SHA256
9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2

SHA512
df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\select.pyd

Filesize
24KB

MD5
7a1b8a953671d61e2ef79b55876c91a5

SHA1
701476f9f4890326acc1390d4b5939c1a63875b6

SHA256
f02fa3749ba56e11b8e55d7b426cdab61186b7d8e7b3590add9b37fa2ec2c061

SHA512
bd900c5e45e89557fef64ba008e414f0a25571fc06dcd7ebd532d66856618c56e0be73e2e5e03c74160c2fd0b7a7c356cdc9ba4bb559d88d6f8813a19a75260a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\sqlite3.dll

Filesize
608KB

MD5
f890b2bffe1a49c34db19fad541d1fed

SHA1
8a978b18fe3d35c46908a9a0d163e56da3cf8ec7

SHA256
afd37cf21f0e8ac613bd6ebfbcf97215f416466fdf34b98207bded5d67f667d7

SHA512
96e97dba2443639958ebf6a85fe9e378811b4876cc824638a15c54707d5f9fe27469ec304b7db6a2e7c916b3c7663b043e624ff13a57b75445de992fd92a06d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\tcl86t.dll

Filesize
672KB

MD5
2ac611c106c5271a3789c043bf36bf76

SHA1
1f549bff37baf84c458fc798a8152cc147aadf6e

SHA256
7410e4e74a3f5941bb161fc6fc8675227de2ad28a1cec9b627631faa0ed330e6

SHA512
3763a63f45fc48f0c76874704911bcefe0ace8d034f9af3ea1401e60aa993fda6174ae61b951188bec009a14d7d33070b064e1293020b6fd4748bee5c35bbd08

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\tk86t.dll

Filesize
620KB

MD5
19adc6ec8b32110665dffe46c828c09f

SHA1
964eca5250e728ea2a0d57dda95b0626f5b7bf09

SHA256
6d134200c9955497c5829860f7373d99eec8cbe4936c8e777b996da5c3546ba7

SHA512
4baa632c45a97dc2ca0f0b52fd3882d083b9d83a88e0fa2f29b269e16ad7387029423839756ee052348589b216509a85f5d6ee05a1e8a1850ce5d673ae859c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\unicodedata.pyd

Filesize
287KB

MD5
3cc7f1037a741695b6d3cbb4dfb02a5e

SHA1
03731fafd37b9c8e4da287299d3b09ea6482e1e3

SHA256
0c723804b1f1800d273157684771ff22035db92f83146a1a8d0d4b4d0774bb2f

SHA512
612ff0d4fe423bd4e9c6dc0bd5ef3904ffc7c5595671fc9480ebcb8947759030bd96d8a65c49401f99eaa417264922a9e1026955e29f93186571f2a89151e2d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34722\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rjvsne0t.vtx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JQ8EXYOUINV03BSSY8ZF.temp

Filesize
11KB

MD5
5cfe94ebe6afee7d1d7f0daef8476f3e

SHA1
eefcbdbfe9357e042eb940ef57bdc030803bfa4d

SHA256
b81f84998579db316166b8c6af5bb9e377a1554807796cecef506612510ad4ce

SHA512
e46883c41f8df6d66682a492c7d9858197384976c5da1ece898c8f021239148c240388da66bd9c92d92465549626c495cf682546448e282c43f8649cea48def4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
6KB

MD5
d1be00ab2141ec1460646ad8d70f1239

SHA1
3d5a90bbf5eb28348515e23c84b85d1c3a6caed1

SHA256
b4f5bb306da447effdcee36c89308cb3218ab7a845525c2b95f3e8d945fd1530

SHA512
8a08c7b1fa6fb4483b09c4a7880069d65c82ad081febe284501e4c5df40992315d7fd7c1a57826dc56294a8ca4433de3391bb0662c704d64aced94905eb0072b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
8KB

MD5
f0bb45a4d803c0b5c37ce3b45ef42814

SHA1
feb12b1948b47018d51bc1f06aa8d3056bd3fdcc

SHA256
6322b5ee6275732daeb323c399dd6b0309142aa26d925fa5a4f964f50138e3ef

SHA512
469a09ec8c520f45f933b137b3c8e659613e5f0f502c84840a97480a97b5f5043c58585d59145fba46282fe2769061325e93ebaacca75b9455a422d586c394b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\bookmarkbackups\bookmarks-2024-12-05_11_l2gNWxT09yFCI4peCNDqiA==.jsonlz4

Filesize
1013B

MD5
c4152e5fa2a344358aba53efdd6433dc

SHA1
3ad741e9a3b0011b29f76b398070d8a497b4b376

SHA256
54c8e399b8dfefe533956703b595a96485b7d16b1c0f1f4ebcfd18633e240fd2

SHA512
c0626da227d575d85de88ea68dfe065c5683c417bcbf80a0e23eade05a5a0dbb6d8ec1231cfe76347c96a3b4945e53a429a76dbec3bdfbe96e4887d39a5b4953

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5945883135d27c283d7b7e30d748a6ef

SHA1
c7f6559544b77e8c54e3fad694b59d112f17a914

SHA256
15f233caa56a2c3f0e9aeea9e34c2a7c78d785874d2f86024d9d2bc476bc84d3

SHA512
b5db42fa970a00491ba95a3010d45c085cc4ce2e872bcb038e2a5a3eba574fee8bb8d6047d7b13830846d4728c742f36459a8b6c3c2d3316462cf5978a051a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
bf451c3b7d781c21bacac84721fe6bfe

SHA1
bc5090cc528f14fa81a3161b240447bababae550

SHA256
25e89680784cb8726c871f76f0f280fae037b1f6946730ac800a569a39c04889

SHA512
7a94da20148a14860aa027aa1ed4b642b411f170fef4e29fa56cac695a9c25e753079d4c45b3d5fad6f15899cbadb008dd8fae3955c3f4069698853dd55c3305

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
20KB

MD5
c7e8d8af85586a7dee0ca5cbd8fc47d4

SHA1
339cf36bcb5aecf85b7b7edbcbffe1ffc9d24bfe

SHA256
531baebecf135a2d44f9916a88ea676e96c8f0b753cc76c37c52d27989a6acb9

SHA512
3835807e7d6737157c5d52ecde0d28cc0e664de919c2f310149798fcd903efd2b0dbfc637525b4920cb50be971a3a18ed013c61c1b980ace7bdb48b4ab09dd70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
20KB

MD5
26addf3d3578049601082a99b951a30a

SHA1
f6bd128d5c281edb15aaf9f39e2c3bba4c5fc565

SHA256
6984425b14a3886be353aac8b547cad4be9470e94c266cadc293eedbf9c6f98d

SHA512
2a233600cb61ca034d84aca289b827e513cbde556cf49bb1291b0b266f978232facf7fab06a192cb793275806c5c4bfb8207773a12323ad3d836af0a56de8781

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
455e2f37f0bcf1b018f6e68bc2d19bb3

SHA1
b55c554961a0447c1c9a45872deed7e138e7a778

SHA256
af3356f4edfbd2d94451dc6410514e43ad224add618e498941f6c5dfa4c10560

SHA512
69c3f794a4b67c4cdf3405394a09428f32fccbb8448265176e354bc86e56bf30421eeb5a245a1a68f8ee1fa091b13e7080532deb1487067a185465eca3a2655e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\6673d977-9002-40d7-b44c-88eb5d7829c8

Filesize
982B

MD5
23d3efd7ef770d57a3f2aa6f69463b85

SHA1
5d09351b6916f1dfb93ec9fb01a8027006295f9a

SHA256
0026cc15e82e7ce76363ada5f1bb090a6511f3ed02d16045ea3f77530598ea72

SHA512
2004a339f36207a3d418fba50dc869b0a3326d9f408a1330a2ff73d96b7ddbe2382e78e035cfeda53c05c488f27fa87879f4c70769f662b192a17e31295ccd97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\9eaca975-c9a6-4d4e-bdf4-11b6fd2f2cd2

Filesize
26KB

MD5
0463e0e11bbe6d25ba870a42b9d91d5f

SHA1
0cb7d26c27622e7842334fa56b53a3d03c726422

SHA256
bd5c9e9b594a129d1a83ad9664faa8fbe4b8ca132e1b8093c892e11ed5266377

SHA512
233daf4aa9c517ad63f4a3f1b3ae9df602748e54f4a8b04aa6259aaab216c5ad94f12651218c709466005fa525ca4ccd10a701d58635aeee683987ce7220a2c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\f49f4467-9885-4151-babc-cc33ceb40004

Filesize
671B

MD5
84c18c809c6f3a4761c3005a2f61fa62

SHA1
80e251a724ec09f277797fc5056cae4d9b8a9b57

SHA256
2092605ae787d838da9f3d9f875750aae9f64c4f0f3a77dd445e00e8e7fd4c88

SHA512
6d8c75996f19f60d0ff5d5a4b8dbcc7dd1195b5dc88e45da7568d91102e76da2f1d6cc783480db5257bafdf2ecd1d57d852f0bbd31a423c90badf351b2b4321f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
10KB

MD5
98351a1583fe35d55f851410e5e010b7

SHA1
c9f24f18e6d19b211853bb6f4924d1e6ad20668e

SHA256
0fe7dea49e020ebb82c7c38a1d8ef642e6bfa769ad2e5ee04a005f4434d38117

SHA512
da3246c133cc230b98af9144902e1d1ebdd84b434ee5be058f8f12b5e986dfbfa7a5e181964214449ecd52728fd7a8338fb42d712b6a957b92ab57327b3bb3ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
11KB

MD5
ec6e82542cdf60b88e5567836058a39b

SHA1
c87ab4546b2716a43373d291ef9a94410d88be54

SHA256
2a78c1f2158e8e2bb421580fb77503a45ffc43cc9b88a9e1ff7bedf771aa17e4

SHA512
7f4f92158c0b89f93e7b7d601ee6e8539b4ffd716bf02770ffe7afd6c19a0c266dd409374763745a6111a31a0d0d789daab59dc22a5ababc23bae737ed9bacd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
12KB

MD5
b2365fc76085b50f2bdbb21b224d5d24

SHA1
97f9ab03805b2c2258799990181b8ac35a321cf4

SHA256
d4ad1198516c5f01468bc4a2a99ed8af0900b31853db7648435937b511cf86aa

SHA512
83f6d5ab377ba6796082c745a5712baa70c7ce82f158d09def1e6c1e53fa35039368c5a4a35ca0a9b0d54ced1a3c267238471f033505df848ab356db8bf63999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
10KB

MD5
f013af4f312b31eb9a0f7b727781a990

SHA1
9b48bbdd8002cd18e737f0ab5323a74d0fbbf1e0

SHA256
f389d16c58a62a3bfc21853f47b5aaec2af42707c164e4ab7ffbacf578fad63a

SHA512
c01c8b261d5463b284a946a55e5a5b7e18bd47d6584b61398a892f3145203b92da42b7ed2985e83c4094aa3fa99e4d29222eb8a0b13b74088ee8da3d3d88d0af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
63cdc971c5e71f387d576e37653ce677

SHA1
54ebb64be37855a2e3a2e1c2d91164ce70a37bf1

SHA256
0e7a07b2c8a7b28dc60eac0d7432700c7b4ac08190fd84487fa9c636de091761

SHA512
0f36389ef2dcba2c6a59095d59c61a0820e900fe20af22ee1032e2e7acaffa1204d4cca8c5dc879b0cfd536327e3434eb8ebcddc90bc101b9ab0f5832c96ba44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
e7896ba541b124306b01ca9e963cd29c

SHA1
ceebf92bc63b9322b41207a0aa76ca39e7ba37c5

SHA256
0f268a87ab9050082b53aac57cdf3f637abcb848a70ddf5185fa45578a43e28f

SHA512
f7ad09884017c9f71c5f03731a50a8a20e745b9f733c82e6d0ccafe1e51826627e81cd57fddadbd690080f49ced1ed9732dd0f172a70178f77b428867d334312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\default\https+++megaup.net\cache\morgue\97\{4e5c8f18-bc72-4388-9946-a2ee8ec94d61}.final

Filesize
59KB

MD5
6ea8651be487cf2e155a8299235b7e95

SHA1
1ced43dbb3cb5c5e58ef9549e22a685aac75e4a7

SHA256
ee422bb901594c7f9f4c4dbed74899a4baf98f6cb489dd1dd2619a38e1cfb41a

SHA512
75b594a30fabdd2624e2678f17d954f341af86270d33fb9b39f77694a6eec6565d5b402a36f16510cff268bd393dd45c1994e1827ef0423199307a509ec47ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
913e3d60082114fd50a2c4182fafcc78

SHA1
269477eedc91fc23a6928ef8e26c806d17747892

SHA256
42395737f24a9383f8c16075847ea44c0671e6cf43b4f3ad296b05e63d7834d4

SHA512
f00a63e266a1230ee01fa58a8b58f2ccb12066260fc424592a39f0bce5011a06b46b789616dde46ea9fc7225f4e22052083f46f2f3b2aeed2719060fda20c6ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
58afe96e0cdc93827ff9deb4412860bc

SHA1
0e93522207365e0703bfde9bfe4d3b1ce4c4c7c2

SHA256
2e6d89a21f5fc47602228103ee6fc3d327e1b428ab5878d7111bc7bdc9f7bbeb

SHA512
8da2d348a378c77856db555918758ccfd062d3159cfea668d22952db7534d52ebc2a513d170070b3315d83d09adf14ae9213d1df1d73c36406898ff4776f4e50

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
83a83b68fb41ba45e58d7ca444e6cc2c

SHA1
c77bd7420b912d0d1c7a6c386ebb036b97d4938b

SHA256
34aa25e3a3be1b642f74836e002b63b63a433de659b93913224e901e6d8e4e93

SHA512
0b175b3730a1cd17ec2adf8008740301c94495931e9bdcdc28202ff3f315e242909095c59fe86f4170b24bb138a0da6313df695dab88c16b33d5f223370f5961

Download Submit
memory/1408-2808-0x00007FFBF5D60000-0x00007FFBF5E18000-memory.dmp

Filesize
736KB

Download
memory/1408-2828-0x00007FFBF2F30000-0x00007FFBF2F3D000-memory.dmp

Filesize
52KB

Download
memory/1408-2805-0x00007FFBF6CB0000-0x00007FFBF6CC9000-memory.dmp

Filesize
100KB

Download
memory/1408-2806-0x00007FFC00290000-0x00007FFC0029D000-memory.dmp

Filesize
52KB

Download
memory/1408-2803-0x00007FFBFE0F0000-0x00007FFBFE104000-memory.dmp

Filesize
80KB

Download
memory/1408-2809-0x00007FFBF8770000-0x00007FFBF877D000-memory.dmp

Filesize
52KB

Download
memory/1408-2804-0x00007FFBE7580000-0x00007FFBE78F5000-memory.dmp

Filesize
3.5MB

Download
memory/1408-2812-0x00007FFBE6760000-0x00007FFBE6878000-memory.dmp

Filesize
1.1MB

Download
memory/1408-2815-0x00007FFBF69B0000-0x00007FFBF69BB000-memory.dmp

Filesize
44KB

Download
memory/1408-2816-0x00007FFBF6910000-0x00007FFBF691C000-memory.dmp

Filesize
48KB

Download
memory/1408-2817-0x00007FFBF5D50000-0x00007FFBF5D5B000-memory.dmp

Filesize
44KB

Download
memory/1408-2818-0x00007FFBF5D40000-0x00007FFBF5D4C000-memory.dmp

Filesize
48KB

Download
memory/1408-2819-0x00007FFBF59C0000-0x00007FFBF59CB000-memory.dmp

Filesize
44KB

Download
memory/1408-2822-0x00007FFBF3620000-0x00007FFBF362E000-memory.dmp

Filesize
56KB

Download
memory/1408-2823-0x00007FFBF3610000-0x00007FFBF361C000-memory.dmp

Filesize
48KB

Download
memory/1408-2824-0x00007FFBF3600000-0x00007FFBF360B000-memory.dmp

Filesize
44KB

Download
memory/1408-2825-0x00007FFBF35F0000-0x00007FFBF35FB000-memory.dmp

Filesize
44KB

Download
memory/1408-2826-0x00007FFBF2F50000-0x00007FFBF2F5C000-memory.dmp

Filesize
48KB

Download
memory/1408-2827-0x00007FFBF2F40000-0x00007FFBF2F4B000-memory.dmp

Filesize
44KB

Download
memory/1408-2802-0x00007FFBF69C0000-0x00007FFBF69ED000-memory.dmp

Filesize
180KB

Download
memory/1408-2829-0x00007FFBEDD00000-0x00007FFBEDD12000-memory.dmp

Filesize
72KB

Download
memory/1408-2830-0x00007FFBF2F20000-0x00007FFBF2F2C000-memory.dmp

Filesize
48KB

Download
memory/1408-2831-0x00007FFBEDCE0000-0x00007FFBEDCF5000-memory.dmp

Filesize
84KB

Download
memory/1408-2832-0x00007FFBEFE10000-0x00007FFBEFE20000-memory.dmp

Filesize
64KB

Download
memory/1408-2833-0x00007FFBEDCC0000-0x00007FFBEDCD4000-memory.dmp

Filesize
80KB

Download
memory/1408-2834-0x00007FFBED690000-0x00007FFBED6B2000-memory.dmp

Filesize
136KB

Download
memory/1408-2837-0x0000020144A30000-0x0000020144BB6000-memory.dmp

Filesize
1.5MB

Download
memory/1408-2814-0x00007FFBF6C70000-0x00007FFBF6C7B000-memory.dmp

Filesize
44KB

Download
memory/1408-2835-0x00007FFBED670000-0x00007FFBED68B000-memory.dmp

Filesize
108KB

Download
memory/1408-2799-0x00007FFBFA660000-0x00007FFBFA684000-memory.dmp

Filesize
144KB

Download
memory/1408-2800-0x00007FFC002A0000-0x00007FFC002AF000-memory.dmp

Filesize
60KB

Download
memory/1408-2801-0x00007FFBFE1C0000-0x00007FFBFE1D9000-memory.dmp

Filesize
100KB

Download
memory/1408-2807-0x00007FFBF5E20000-0x00007FFBF5E4E000-memory.dmp

Filesize
184KB

Download
memory/1408-2810-0x00007FFBF7B00000-0x00007FFBF7B0B000-memory.dmp

Filesize
44KB

Download
memory/1408-2811-0x00007FFBF5B00000-0x00007FFBF5B27000-memory.dmp

Filesize
156KB

Download
memory/1408-2813-0x00007FFBF5AC0000-0x00007FFBF5AF7000-memory.dmp

Filesize
220KB

Download
memory/1408-2820-0x00007FFBF54D0000-0x00007FFBF54DC000-memory.dmp

Filesize
48KB

Download
memory/1408-2821-0x00007FFBF54C0000-0x00007FFBF54CD000-memory.dmp

Filesize
52KB

Download
memory/1408-2836-0x00007FFBED650000-0x00007FFBED668000-memory.dmp

Filesize
96KB

Download
memory/1408-2798-0x00007FFBE6880000-0x00007FFBE6CEE000-memory.dmp

Filesize
4.4MB

Download
memory/2840-1337-0x00007FFBE75F0000-0x00007FFBE76A8000-memory.dmp

Filesize
736KB

Download
memory/2840-1412-0x00007FFBE7750000-0x00007FFBE78C1000-memory.dmp

Filesize
1.4MB

Download
memory/2840-1411-0x00007FFBF6CB0000-0x00007FFBF6CCF000-memory.dmp

Filesize
124KB

Download
memory/2840-1408-0x00007FFBF6CE0000-0x00007FFBF6D09000-memory.dmp

Filesize
164KB

Download
memory/2840-1407-0x00007FFBE6C50000-0x00007FFBE6C5D000-memory.dmp

Filesize
52KB

Download
memory/2840-1406-0x00007FFBE6C60000-0x00007FFBE6C6B000-memory.dmp

Filesize
44KB

Download
memory/2840-1405-0x00007FFBE6C70000-0x00007FFBE6C7C000-memory.dmp

Filesize
48KB

Download
memory/2840-1404-0x00007FFBE6C80000-0x00007FFBE6C8B000-memory.dmp

Filesize
44KB

Download
memory/2840-1403-0x00007FFBE76B0000-0x00007FFBE76BB000-memory.dmp

Filesize
44KB

Download
memory/2840-1402-0x00007FFBE76C0000-0x00007FFBE76CC000-memory.dmp

Filesize
48KB

Download
memory/2840-1401-0x00007FFBE76D0000-0x00007FFBE76DE000-memory.dmp

Filesize
56KB

Download
memory/2840-1394-0x00007FFBE7720000-0x00007FFBE772B000-memory.dmp

Filesize
44KB

Download
memory/2840-1393-0x00007FFBE7730000-0x00007FFBE773C000-memory.dmp

Filesize
48KB

Download
memory/2840-1392-0x00007FFBE7740000-0x00007FFBE774B000-memory.dmp

Filesize
44KB

Download
memory/2840-1391-0x00007FFBE7E10000-0x00007FFBE7E1B000-memory.dmp

Filesize
44KB

Download
memory/2840-1416-0x00007FFBE6AF0000-0x00007FFBE6B1B000-memory.dmp

Filesize
172KB

Download
memory/2840-1417-0x00007FFBE68A0000-0x00007FFBE6AE9000-memory.dmp

Filesize
2.3MB

Download
memory/2840-1418-0x00007FFBE60A0000-0x00007FFBE689B000-memory.dmp

Filesize
8.0MB

Download
memory/2840-1419-0x00007FFBE6040000-0x00007FFBE6095000-memory.dmp

Filesize
340KB

Download
memory/2840-1420-0x00007FFBE5D60000-0x00007FFBE603F000-memory.dmp

Filesize
2.9MB

Download
memory/2840-1421-0x00007FFBE3C60000-0x00007FFBE5D53000-memory.dmp

Filesize
32.9MB

Download
memory/2840-1423-0x00007FFBE32F0000-0x00007FFBE3311000-memory.dmp

Filesize
132KB

Download
memory/2840-1422-0x00007FFBE3320000-0x00007FFBE3337000-memory.dmp

Filesize
92KB

Download
memory/2840-1413-0x00007FFBE6BE0000-0x00007FFBE6C14000-memory.dmp

Filesize
208KB

Download
memory/2840-1483-0x000001B97E3B0000-0x000001B97E43F000-memory.dmp

Filesize
572KB

Download
memory/2840-1482-0x00007FFBE6DB0000-0x00007FFBE6DC8000-memory.dmp

Filesize
96KB

Download
memory/2840-1481-0x00007FFBE7E20000-0x00007FFBE7E3B000-memory.dmp

Filesize
108KB

Download
memory/2840-1479-0x00007FFBE8290000-0x00007FFBE82A4000-memory.dmp

Filesize
80KB

Download
memory/2840-1475-0x00007FFBE74D0000-0x00007FFBE75E8000-memory.dmp

Filesize
1.1MB

Download
memory/2840-1476-0x00007FFBEDCE0000-0x00007FFBEDD17000-memory.dmp

Filesize
220KB

Download
memory/2840-1474-0x00007FFBF2F30000-0x00007FFBF2F57000-memory.dmp

Filesize
156KB

Download
memory/2840-1473-0x00007FFBF6C70000-0x00007FFBF6C7B000-memory.dmp

Filesize
44KB

Download
memory/2840-1471-0x00007FFBE75F0000-0x00007FFBE76A8000-memory.dmp

Filesize
736KB

Download
memory/2840-1470-0x00007FFBF6A00000-0x00007FFBF6A2E000-memory.dmp

Filesize
184KB

Download
memory/2840-1469-0x00007FFBF8770000-0x00007FFBF877D000-memory.dmp

Filesize
52KB

Download
memory/2840-1468-0x00007FFBF6A30000-0x00007FFBF6A49000-memory.dmp

Filesize
100KB

Download
memory/2840-1467-0x00007FFBE78D0000-0x00007FFBE7C45000-memory.dmp

Filesize
3.5MB

Download
memory/2840-1466-0x00007FFBFE1C0000-0x00007FFBFE1D4000-memory.dmp

Filesize
80KB

Download
memory/2840-1480-0x00007FFBE8260000-0x00007FFBE8282000-memory.dmp

Filesize
136KB

Download
memory/2840-1478-0x00007FFBE82B0000-0x00007FFBE82C0000-memory.dmp

Filesize
64KB

Download
memory/2840-1477-0x00007FFBE83B0000-0x00007FFBE83C5000-memory.dmp

Filesize
84KB

Download
memory/2840-1461-0x00007FFBF5AC0000-0x00007FFBF5F2E000-memory.dmp

Filesize
4.4MB

Download
memory/2840-1465-0x00007FFBFA660000-0x00007FFBFA68D000-memory.dmp

Filesize
180KB

Download
memory/2840-1414-0x00007FFBE6B20000-0x00007FFBE6BDC000-memory.dmp

Filesize
752KB

Download
memory/2840-1415-0x00007FFBF69B0000-0x00007FFBF69C8000-memory.dmp

Filesize
96KB

Download
memory/2840-1409-0x00007FFBE6C30000-0x00007FFBE6C42000-memory.dmp

Filesize
72KB

Download
memory/2840-1410-0x00007FFBE6C20000-0x00007FFBE6C2C000-memory.dmp

Filesize
48KB

Download
memory/2840-1395-0x00007FFBE7710000-0x00007FFBE771C000-memory.dmp

Filesize
48KB

Download
memory/2840-1400-0x00007FFBF6D10000-0x00007FFBF6D6D000-memory.dmp

Filesize
372KB

Download
memory/2840-1396-0x00007FFBE7700000-0x00007FFBE770B000-memory.dmp

Filesize
44KB

Download
memory/2840-1397-0x00007FFBE6C90000-0x00007FFBE6CC2000-memory.dmp

Filesize
200KB

Download
memory/2840-1398-0x00007FFBE76F0000-0x00007FFBE76FC000-memory.dmp

Filesize
48KB

Download
memory/2840-1399-0x00007FFBE76E0000-0x00007FFBE76ED000-memory.dmp

Filesize
52KB

Download
memory/2840-1388-0x00007FFBE6D60000-0x00007FFBE6DAD000-memory.dmp

Filesize
308KB

Download
memory/2840-1389-0x00007FFBE7750000-0x00007FFBE78C1000-memory.dmp

Filesize
1.4MB

Download
memory/2840-1390-0x00007FFBF69B0000-0x00007FFBF69C8000-memory.dmp

Filesize
96KB

Download
memory/2840-1385-0x00007FFBF69D0000-0x00007FFBF69FE000-memory.dmp

Filesize
184KB

Download
memory/2840-1386-0x00007FFBE7E20000-0x00007FFBE7E3B000-memory.dmp

Filesize
108KB

Download
memory/2840-1387-0x00007FFBF6CB0000-0x00007FFBF6CCF000-memory.dmp

Filesize
124KB

Download
memory/2840-1384-0x00007FFBF6CE0000-0x00007FFBF6D09000-memory.dmp

Filesize
164KB

Download
memory/2840-1383-0x00007FFBE8260000-0x00007FFBE8282000-memory.dmp

Filesize
136KB

Download
memory/2840-1382-0x00007FFBF6D10000-0x00007FFBF6D6D000-memory.dmp

Filesize
372KB

Download
memory/2840-1346-0x00007FFBFE1C0000-0x00007FFBFE1D4000-memory.dmp

Filesize
80KB

Download
memory/2840-1347-0x00007FFBEDCE0000-0x00007FFBEDD17000-memory.dmp

Filesize
220KB

Download
memory/2840-1348-0x00007FFBF6910000-0x00007FFBF691B000-memory.dmp

Filesize
44KB

Download
memory/2840-1349-0x00007FFBE78D0000-0x00007FFBE7C45000-memory.dmp

Filesize
3.5MB

Download
memory/2840-1350-0x00007FFBF54D0000-0x00007FFBF54DC000-memory.dmp

Filesize
48KB

Download
memory/2840-1351-0x00007FFBF59C0000-0x00007FFBF59CB000-memory.dmp

Filesize
44KB

Download
memory/2840-1361-0x00007FFBED6A0000-0x00007FFBED6AC000-memory.dmp

Filesize
48KB

Download
memory/2840-1355-0x00007FFBF6A00000-0x00007FFBF6A2E000-memory.dmp

Filesize
184KB

Download
memory/2840-1356-0x00007FFBE75F0000-0x00007FFBE76A8000-memory.dmp

Filesize
736KB

Download
memory/2840-1363-0x00007FFBED680000-0x00007FFBED68B000-memory.dmp

Filesize
44KB

Download
memory/2840-1364-0x00007FFBED670000-0x00007FFBED67C000-memory.dmp

Filesize
48KB

Download
memory/2840-1365-0x00007FFBED660000-0x00007FFBED66B000-memory.dmp

Filesize
44KB

Download
memory/2840-1366-0x00007FFBED650000-0x00007FFBED65D000-memory.dmp

Filesize
52KB

Download
memory/2840-1367-0x00007FFBE83E0000-0x00007FFBE83F2000-memory.dmp

Filesize
72KB

Download
memory/2840-1381-0x00007FFBFE0F0000-0x00007FFBFE10E000-memory.dmp

Filesize
120KB

Download
memory/2840-1380-0x00007FFBE8250000-0x00007FFBE825A000-memory.dmp

Filesize
40KB

Download
memory/2840-1368-0x00007FFBE83D0000-0x00007FFBE83DC000-memory.dmp

Filesize
48KB

Download
memory/2840-1379-0x00007FFBE6C90000-0x00007FFBE6CC2000-memory.dmp

Filesize
200KB

Download
memory/2840-1369-0x00007FFBE83B0000-0x00007FFBE83C5000-memory.dmp

Filesize
84KB

Download
memory/2840-1375-0x00007FFBEDCE0000-0x00007FFBEDD17000-memory.dmp

Filesize
220KB

Download
memory/2840-1378-0x00007FFBE6CD0000-0x00007FFBE6CE1000-memory.dmp

Filesize
68KB

Download
memory/2840-1376-0x00007FFBE6DB0000-0x00007FFBE6DC8000-memory.dmp

Filesize
96KB

Download
memory/2840-1377-0x00007FFBE6D60000-0x00007FFBE6DAD000-memory.dmp

Filesize
308KB

Download
memory/2840-1370-0x00007FFBE82B0000-0x00007FFBE82C0000-memory.dmp

Filesize
64KB

Download
memory/2840-1371-0x00007FFBE8290000-0x00007FFBE82A4000-memory.dmp

Filesize
80KB

Download
memory/2840-1373-0x00007FFBE8260000-0x00007FFBE8282000-memory.dmp

Filesize
136KB

Download
memory/2840-1374-0x00007FFBE7E20000-0x00007FFBE7E3B000-memory.dmp

Filesize
108KB

Download
memory/2840-1372-0x00007FFBF2F30000-0x00007FFBF2F57000-memory.dmp

Filesize
156KB

Download
memory/2840-1357-0x00007FFBEFE10000-0x00007FFBEFE1B000-memory.dmp

Filesize
44KB

Download
memory/2840-1358-0x00007FFBEDCD0000-0x00007FFBEDCDC000-memory.dmp

Filesize
48KB

Download
memory/2840-1359-0x00007FFBEDCC0000-0x00007FFBEDCCD000-memory.dmp

Filesize
52KB

Download
memory/2840-1360-0x00007FFBED6B0000-0x00007FFBED6BE000-memory.dmp

Filesize
56KB

Download
memory/2840-1362-0x00007FFBED690000-0x00007FFBED69B000-memory.dmp

Filesize
44KB

Download
memory/2840-1352-0x00007FFBF6A30000-0x00007FFBF6A49000-memory.dmp

Filesize
100KB

Download
memory/2840-1354-0x00007FFBF2F20000-0x00007FFBF2F2C000-memory.dmp

Filesize
48KB

Download
memory/2840-1353-0x00007FFBF54C0000-0x00007FFBF54CB000-memory.dmp

Filesize
44KB

Download
memory/2840-1345-0x00007FFBE74D0000-0x00007FFBE75E8000-memory.dmp

Filesize
1.1MB

Download
memory/2840-1344-0x00007FFBFA660000-0x00007FFBFA68D000-memory.dmp

Filesize
180KB

Download
memory/2840-1343-0x00007FFBF2F30000-0x00007FFBF2F57000-memory.dmp

Filesize
156KB

Download
memory/2840-1342-0x00007FFBF6C70000-0x00007FFBF6C7B000-memory.dmp

Filesize
44KB

Download
memory/2840-1336-0x00007FFBF5AC0000-0x00007FFBF5F2E000-memory.dmp

Filesize
4.4MB

Download
memory/2840-1338-0x00007FFBF7B00000-0x00007FFBF7B0D000-memory.dmp

Filesize
52KB

Download
memory/2840-1339-0x00007FFBFAAD0000-0x00007FFBFAAF4000-memory.dmp

Filesize
144KB

Download
memory/2840-1333-0x00007FFBF6A00000-0x00007FFBF6A2E000-memory.dmp

Filesize
184KB

Download
memory/2840-1331-0x00007FFBF8770000-0x00007FFBF877D000-memory.dmp

Filesize
52KB

Download
memory/2840-1329-0x00007FFBF6A30000-0x00007FFBF6A49000-memory.dmp

Filesize
100KB

Download
memory/2840-1325-0x00007FFBFE1C0000-0x00007FFBFE1D4000-memory.dmp

Filesize
80KB

Download
memory/2840-1327-0x00007FFBE78D0000-0x00007FFBE7C45000-memory.dmp

Filesize
3.5MB

Download
memory/2840-1284-0x00007FFBFA660000-0x00007FFBFA68D000-memory.dmp

Filesize
180KB

Download
memory/2840-1281-0x00007FFC00290000-0x00007FFC002A9000-memory.dmp

Filesize
100KB

Download
memory/2840-1278-0x00007FFC00530000-0x00007FFC0053F000-memory.dmp

Filesize
60KB

Download
memory/2840-1276-0x00007FFBFAAD0000-0x00007FFBFAAF4000-memory.dmp

Filesize
144KB

Download
memory/2840-1268-0x00007FFBF5AC0000-0x00007FFBF5F2E000-memory.dmp

Filesize
4.4MB

Download