Overview

overview

10

Static

static

3

a97581cc24...2N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a97581cc2433121663ca1b3ba13e820edfa7c36f763f3145cc7738c83d8896e2N.exe

  • Size

    3.5MB

  • MD5

    7f0eced785fed8bfb883aebaded53ce0

  • SHA1

    266445edbc56b1c0883d0781e2d0a8612af6f5c1

  • SHA256

    a97581cc2433121663ca1b3ba13e820edfa7c36f763f3145cc7738c83d8896e2

  • SHA512

    881de72166323f595a797eaa4167f2ecd767d38e329e4ff56ffa429beaf6be3abc9cd38a13b09de527dfbbf5cbba7c8233010a280042c1448c590c3a1ace585b

  • SSDEEP

    49152:iynXD6tVLVbhqRm3toeSbmYgt2AN20+q6eaAszjigcKtg5hJ:6jdqRm3+eSwN20X6CszjiDv

Score
10/10
amadeycryptbotlummastealcxmrig9c9aa5stokcredential_accessdiscoveryevasionexecutionminerpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

https://tacitglibbr.biz/api

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

cryptbot

C2

http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734

Extracted

Family

lumma

C2

https://tacitglibbr.biz/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • CryptBot

    CryptBot is a C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Cryptbot family
    cryptbot
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Enumerates VirtualBox registry keys 2 TTPs 2 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 16 IoCs
    evasion
  • XMRig Miner payload 2 IoCs
    miner
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 32 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 28 IoCs
  • Identifies Wine through registry keys 2 TTPs 16 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 17 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2556
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Windows\System32\svchost.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:828
    • C:\Users\Admin\AppData\Local\Temp\a97581cc2433121663ca1b3ba13e820edfa7c36f763f3145cc7738c83d8896e2N.exe
      "C:\Users\Admin\AppData\Local\Temp\a97581cc2433121663ca1b3ba13e820edfa7c36f763f3145cc7738c83d8896e2N.exe"
      1⤵
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4940
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1T31J4.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1T31J4.exe
        2⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3608
        • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
          "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
          3⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1808
          • C:\Users\Admin\AppData\Local\Temp\1017403001\5fc4aaa8e6.exe
            "C:\Users\Admin\AppData\Local\Temp\1017403001\5fc4aaa8e6.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:3388
            • C:\Users\Admin\AppData\Local\Temp\1017403001\5fc4aaa8e6.exe
              "C:\Users\Admin\AppData\Local\Temp\1017403001\5fc4aaa8e6.exe"
              5⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:3608
          • C:\Users\Admin\AppData\Local\Temp\1017405001\8057fbee5b.exe
            "C:\Users\Admin\AppData\Local\Temp\1017405001\8057fbee5b.exe"
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1760
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" Add-MpPreference -ExclusionPath "C:\fyzhsqwk"
              5⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4908
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
              5⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:4172
            • C:\fyzhsqwk\0d40c877818b4d87b13241f5e7831b5f.exe
              "C:\fyzhsqwk\0d40c877818b4d87b13241f5e7831b5f.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:3632
          • C:\Users\Admin\AppData\Local\Temp\1017406001\2cc599d96b.exe
            "C:\Users\Admin\AppData\Local\Temp\1017406001\2cc599d96b.exe"
            4⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1504
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 780
              5⤵
              • Program crash
              PID:4360
          • C:\Users\Admin\AppData\Local\Temp\1017407001\5482eb017a.exe
            "C:\Users\Admin\AppData\Local\Temp\1017407001\5482eb017a.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            PID:404
            • C:\Users\Admin\AppData\Local\Temp\1017407001\5482eb017a.exe
              "C:\Users\Admin\AppData\Local\Temp\1017407001\5482eb017a.exe"
              5⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:3020
          • C:\Users\Admin\AppData\Local\Temp\1017408001\ff51c96c19.exe
            "C:\Users\Admin\AppData\Local\Temp\1017408001\ff51c96c19.exe"
            4⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            PID:3888
            • C:\Users\Admin\AppData\Local\Temp\1017408001\ff51c96c19.exe
              "C:\Users\Admin\AppData\Local\Temp\1017408001\ff51c96c19.exe"
              5⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:1580
          • C:\Users\Admin\AppData\Local\Temp\1017409001\2a15e18a86.exe
            "C:\Users\Admin\AppData\Local\Temp\1017409001\2a15e18a86.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:6012
          • C:\Users\Admin\AppData\Local\Temp\1017410001\e11b0ec8a5.exe
            "C:\Users\Admin\AppData\Local\Temp\1017410001\e11b0ec8a5.exe"
            4⤵
            • Enumerates VirtualBox registry keys
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:832
          • C:\Users\Admin\AppData\Local\Temp\1017411001\499a34d4a8.exe
            "C:\Users\Admin\AppData\Local\Temp\1017411001\499a34d4a8.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            PID:3080
          • C:\Users\Admin\AppData\Local\Temp\1017412001\821fc9746c.exe
            "C:\Users\Admin\AppData\Local\Temp\1017412001\821fc9746c.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            PID:1892
          • C:\Users\Admin\AppData\Local\Temp\1017413001\a6bf9e8b2d.exe
            "C:\Users\Admin\AppData\Local\Temp\1017413001\a6bf9e8b2d.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:5172
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM firefox.exe /T
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:4448
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM chrome.exe /T
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:3120
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM msedge.exe /T
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:1460
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM opera.exe /T
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:3812
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM brave.exe /T
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:4520
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
              5⤵
                PID:5424
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                  6⤵
                  • Checks processor information in registry
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  PID:5496
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe2e269-39ff-474d-812e-b9c82fccec95} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" gpu
                    7⤵
                      PID:5476
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2448 -prefMapHandle 2444 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03c32b7f-9356-4a18-9098-5eac02dbb42e} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" socket
                      7⤵
                        PID:5684
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3408 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39f67cd2-83e5-4ab6-92bc-a8396f4991fd} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" tab
                        7⤵
                          PID:5232
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3952 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78eacfc9-bab9-4bbb-96b4-8235c7e74997} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" tab
                          7⤵
                            PID:5316
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4544 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4576 -prefMapHandle 4564 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d3d0bf-2109-4c1d-b77e-8b19c3c2feeb} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" utility
                            7⤵
                            • Checks processor information in registry
                            PID:6104
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 3 -isForBrowser -prefsHandle 5588 -prefMapHandle 5468 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3f1b308-3eb1-4ada-9836-1f059de5d39e} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" tab
                            7⤵
                              PID:1584
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 4 -isForBrowser -prefsHandle 5756 -prefMapHandle 5672 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2350d17-28ce-4654-8e3b-1c396381bc47} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" tab
                              7⤵
                                PID:4416
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5972 -childID 5 -isForBrowser -prefsHandle 5980 -prefMapHandle 5788 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be9f029e-d6b9-46d9-95a9-68afa1a14c1d} 5496 "\\.\pipe\gecko-crash-server-pipe.5496" tab
                                7⤵
                                  PID:3048
                          • C:\Users\Admin\AppData\Local\Temp\1017414001\c467631584.exe
                            "C:\Users\Admin\AppData\Local\Temp\1017414001\c467631584.exe"
                            4⤵
                            • Modifies Windows Defender Real-time Protection settings
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Windows security modification
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5340
                          • C:\Users\Admin\AppData\Local\Temp\1017415001\764a9264f1.exe
                            "C:\Users\Admin\AppData\Local\Temp\1017415001\764a9264f1.exe"
                            4⤵
                            • Checks computer location settings
                            • Executes dropped EXE
                            • System Location Discovery: System Language Discovery
                            PID:3544
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
                              5⤵
                                PID:5248
                                • C:\Windows\system32\mode.com
                                  mode 65,10
                                  6⤵
                                    PID:3696
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4232
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_7.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2940
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_6.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5360
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_5.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1160
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_4.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5440
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_3.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5792
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_2.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3532
                                  • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                                    7z.exe e extracted/file_1.zip -oextracted
                                    6⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3204
                                  • C:\Windows\system32\attrib.exe
                                    attrib +H "in.exe"
                                    6⤵
                                    • Views/modifies file attributes
                                    PID:6096
                                  • C:\Users\Admin\AppData\Local\Temp\main\in.exe
                                    "in.exe"
                                    6⤵
                                    • Executes dropped EXE
                                    PID:6092
                                    • C:\Windows\SYSTEM32\attrib.exe
                                      attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                      7⤵
                                      • Views/modifies file attributes
                                      PID:6088
                                    • C:\Windows\SYSTEM32\attrib.exe
                                      attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                      7⤵
                                      • Views/modifies file attributes
                                      PID:1268
                                    • C:\Windows\SYSTEM32\schtasks.exe
                                      schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                                      7⤵
                                      • Scheduled Task/Job: Scheduled Task
                                      PID:4164
                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                      powershell ping 127.0.0.1; del in.exe
                                      7⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5268
                                      • C:\Windows\system32\PING.EXE
                                        "C:\Windows\system32\PING.EXE" 127.0.0.1
                                        8⤵
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        • Runs ping.exe
                                        PID:6192
                              • C:\Users\Admin\AppData\Local\Temp\1017416001\5433b1a6aa.exe
                                "C:\Users\Admin\AppData\Local\Temp\1017416001\5433b1a6aa.exe"
                                4⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Identifies Wine through registry keys
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • System Location Discovery: System Language Discovery
                                PID:6164
                              • C:\Users\Admin\AppData\Local\Temp\1017417001\04a8f4422a.exe
                                "C:\Users\Admin\AppData\Local\Temp\1017417001\04a8f4422a.exe"
                                4⤵
                                • Enumerates VirtualBox registry keys
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Identifies Wine through registry keys
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • System Location Discovery: System Language Discovery
                                PID:6540
                          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2Y7445.exe
                            C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2Y7445.exe
                            2⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of WriteProcessMemory
                            PID:1900
                            • C:\Users\Admin\AppData\Local\Temp\BWZRCD36PCNC0RNVEFJWAOJ.exe
                              "C:\Users\Admin\AppData\Local\Temp\BWZRCD36PCNC0RNVEFJWAOJ.exe"
                              3⤵
                              • Modifies Windows Defender Real-time Protection settings
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Windows security modification
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2728
                            • C:\Users\Admin\AppData\Local\Temp\FC8BGKMVXT48CFAJ.exe
                              "C:\Users\Admin\AppData\Local\Temp\FC8BGKMVXT48CFAJ.exe"
                              3⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Loads dropped DLL
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Checks processor information in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of WriteProcessMemory
                              PID:4356
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                4⤵
                                • Uses browser remote debugging
                                • Enumerates system info in registry
                                • Modifies data under HKEY_USERS
                                • Suspicious behavior: EnumeratesProcesses
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of WriteProcessMemory
                                PID:3496
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa45cacc40,0x7ffa45cacc4c,0x7ffa45cacc58
                                  5⤵
                                    PID:5072
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1996 /prefetch:2
                                    5⤵
                                      PID:4168
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2516 /prefetch:3
                                      5⤵
                                        PID:948
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2620 /prefetch:8
                                        5⤵
                                          PID:4588
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
                                          5⤵
                                          • Uses browser remote debugging
                                          PID:4872
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
                                          5⤵
                                          • Uses browser remote debugging
                                          PID:4940
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4300,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
                                          5⤵
                                          • Uses browser remote debugging
                                          PID:232
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
                                          5⤵
                                            PID:5060
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:8
                                            5⤵
                                              PID:2924
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
                                              5⤵
                                                PID:4896
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
                                                5⤵
                                                  PID:4100
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4240,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
                                                  5⤵
                                                    PID:3412
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
                                                    5⤵
                                                      PID:2748
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5292,i,971487999619864761,8771656710784547083,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:2
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      PID:2740
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                    4⤵
                                                    • Uses browser remote debugging
                                                    • Enumerates system info in registry
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of FindShellTrayWindow
                                                    PID:5352
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa460546f8,0x7ffa46054708,0x7ffa46054718
                                                      5⤵
                                                      • Checks processor information in registry
                                                      • Enumerates system info in registry
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5368
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
                                                      5⤵
                                                        PID:5596
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
                                                        5⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5608
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
                                                        5⤵
                                                          PID:5644
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2528 /prefetch:2
                                                          5⤵
                                                            PID:5744
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
                                                            5⤵
                                                            • Uses browser remote debugging
                                                            PID:5800
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                                            5⤵
                                                            • Uses browser remote debugging
                                                            PID:5812
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 /prefetch:2
                                                            5⤵
                                                              PID:5852
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2424 /prefetch:2
                                                              5⤵
                                                                PID:5908
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3244 /prefetch:2
                                                                5⤵
                                                                  PID:5972
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3860 /prefetch:2
                                                                  5⤵
                                                                    PID:6020
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3872 /prefetch:2
                                                                    5⤵
                                                                      PID:6116
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3244 /prefetch:2
                                                                      5⤵
                                                                        PID:1892
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15882664892513627393,1013926606308489210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4108 /prefetch:2
                                                                        5⤵
                                                                          PID:404
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\Documents\FCFBFHIEBK.exe"
                                                                        4⤵
                                                                        • System Location Discovery: System Language Discovery
                                                                        PID:5808
                                                                        • C:\Users\Admin\Documents\FCFBFHIEBK.exe
                                                                          "C:\Users\Admin\Documents\FCFBFHIEBK.exe"
                                                                          5⤵
                                                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                          • Checks BIOS information in registry
                                                                          • Executes dropped EXE
                                                                          • Identifies Wine through registry keys
                                                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                          • System Location Discovery: System Language Discovery
                                                                          PID:5860
                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                  1⤵
                                                                    PID:3796
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1504 -ip 1504
                                                                    1⤵
                                                                      PID:3620
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                      1⤵
                                                                        PID:1492
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        PID:3796
                                                                      • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                        1⤵
                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                        • Checks BIOS information in registry
                                                                        • Executes dropped EXE
                                                                        • Identifies Wine through registry keys
                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                        PID:4892
                                                                      • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                        C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                        1⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        PID:60
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          2⤵
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:6352
                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                                                                          2⤵
                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:5196
                                                                          • C:\Windows\system32\PING.EXE
                                                                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                                                                            3⤵
                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                            • Runs ping.exe
                                                                            PID:3484

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Reconnaissance

                                                                      Resource Development

                                                                      Initial Access

                                                                      Execution

                                                                      Command and Scripting Interpreter

                                                                      1
                                                                      T1059

                                                                      PowerShell

                                                                      1
                                                                      T1059.001

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Persistence

                                                                      Boot or Logon Autostart Execution

                                                                      1
                                                                      T1547

                                                                      Registry Run Keys / Startup Folder

                                                                      1
                                                                      T1547.001

                                                                      Create or Modify System Process

                                                                      1
                                                                      T1543

                                                                      Windows Service

                                                                      1
                                                                      T1543.003

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Privilege Escalation

                                                                      Boot or Logon Autostart Execution

                                                                      1
                                                                      T1547

                                                                      Registry Run Keys / Startup Folder

                                                                      1
                                                                      T1547.001

                                                                      Create or Modify System Process

                                                                      1
                                                                      T1543

                                                                      Windows Service

                                                                      1
                                                                      T1543.003

                                                                      Scheduled Task/Job

                                                                      1
                                                                      T1053

                                                                      Scheduled Task

                                                                      1
                                                                      T1053.005

                                                                      Defense Evasion

                                                                      Hide Artifacts

                                                                      1
                                                                      T1564

                                                                      Hidden Files and Directories

                                                                      1
                                                                      T1564.001

                                                                      Impair Defenses

                                                                      2
                                                                      T1562

                                                                      Disable or Modify Tools

                                                                      2
                                                                      T1562.001

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Modify Registry

                                                                      3
                                                                      T1112

                                                                      Virtualization/Sandbox Evasion

                                                                      3
                                                                      T1497

                                                                      Credential Access

                                                                      Credentials from Password Stores

                                                                      1
                                                                      T1555

                                                                      Credentials from Web Browsers

                                                                      1
                                                                      T1555.003

                                                                      Modify Authentication Process

                                                                      1
                                                                      T1556

                                                                      Steal Web Session Cookie

                                                                      1
                                                                      T1539

                                                                      Unsecured Credentials

                                                                      5
                                                                      T1552

                                                                      Credentials In Files

                                                                      5
                                                                      T1552.001

                                                                      Discovery

                                                                      Browser Information Discovery

                                                                      1
                                                                      T1217

                                                                      Query Registry

                                                                      9
                                                                      T1012

                                                                      Remote System Discovery

                                                                      1
                                                                      T1018

                                                                      System Information Discovery

                                                                      5
                                                                      T1082

                                                                      System Location Discovery

                                                                      1
                                                                      T1614

                                                                      System Language Discovery

                                                                      1
                                                                      T1614.001

                                                                      System Network Configuration Discovery

                                                                      1
                                                                      T1016

                                                                      Internet Connection Discovery

                                                                      1
                                                                      T1016.001

                                                                      Virtualization/Sandbox Evasion

                                                                      3
                                                                      T1497

                                                                      Lateral Movement

                                                                      Collection

                                                                      Data from Local System

                                                                      4
                                                                      T1005

                                                                      Command and Control

                                                                      Web Service

                                                                      1
                                                                      T1102

                                                                      Exfiltration

                                                                      Impact

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\ProgramData\mozglue.dll
                                                                        Filesize

                                                                        593KB

                                                                        MD5

                                                                        c8fd9be83bc728cc04beffafc2907fe9

                                                                        SHA1

                                                                        95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                        SHA256

                                                                        ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                        SHA512

                                                                        fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                        Download Submit

                                                                      • C:\ProgramData\nss3.dll
                                                                        Filesize

                                                                        2.0MB

                                                                        MD5

                                                                        1cc453cdf74f31e4d913ff9c10acdde2

                                                                        SHA1

                                                                        6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                                        SHA256

                                                                        ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                                        SHA512

                                                                        dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                        Filesize

                                                                        649B

                                                                        MD5

                                                                        7af011cc507304c77b3315c0638e28d0

                                                                        SHA1

                                                                        86a46bb16a5daffcd0aba9b173a99cefc3a02463

                                                                        SHA256

                                                                        231761e0a4819bafc354eacfdf0c2165865f5ec8d231642a68c0015920a6983d

                                                                        SHA512

                                                                        a312c8da51634b153a44f7c8d953e59741f818347f216797fd6e65eb48e9efef82ac2d881643072d3b5f2c9f331c04de914697cacc9942649fcdca676045cadb

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                                                        Filesize

                                                                        851B

                                                                        MD5

                                                                        07ffbe5f24ca348723ff8c6c488abfb8

                                                                        SHA1

                                                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                        SHA256

                                                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                        SHA512

                                                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                                                        Filesize

                                                                        854B

                                                                        MD5

                                                                        4ec1df2da46182103d2ffc3b92d20ca5

                                                                        SHA1

                                                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                        SHA256

                                                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                        SHA512

                                                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        d751713988987e9331980363e24189ce

                                                                        SHA1

                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                        SHA256

                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                        SHA512

                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                        Filesize

                                                                        14B

                                                                        MD5

                                                                        ef48733031b712ca7027624fff3ab208

                                                                        SHA1

                                                                        da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                        SHA256

                                                                        c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                        SHA512

                                                                        ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        968cb9309758126772781b83adb8a28f

                                                                        SHA1

                                                                        8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                        SHA256

                                                                        92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                        SHA512

                                                                        4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5e07aeab-f33d-4100-9762-047521666336.dmp
                                                                        Filesize

                                                                        10.5MB

                                                                        MD5

                                                                        75f2ed976232953645a15718c3a36442

                                                                        SHA1

                                                                        bac356c859b5e9d9f81469506fe9eeab6647e2a8

                                                                        SHA256

                                                                        745e8eb5dfbbdf93103712e5690dfd8709ef8c1b5f7a49858da0ea279e19b015

                                                                        SHA512

                                                                        e3ec8afb984505050bc02c74b4dde796bb07148dec47597d4c993e75b39d8740454c848e1667168aefcea93e156a1b074296f8306a16b205cecc90dd755e5b1c

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        a0486d6f8406d852dd805b66ff467692

                                                                        SHA1

                                                                        77ba1f63142e86b21c951b808f4bc5d8ed89b571

                                                                        SHA256

                                                                        c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                                                                        SHA512

                                                                        065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        dc058ebc0f8181946a312f0be99ed79c

                                                                        SHA1

                                                                        0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                                                                        SHA256

                                                                        378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                                                                        SHA512

                                                                        36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        3793073b3f40d9c4a3a9df313f7fe096

                                                                        SHA1

                                                                        96467cc665ccf436c7e830b1dde17452ba97fc1e

                                                                        SHA256

                                                                        48abac7b4f2c299b87fbae3005cd5e8efdf67b86f97ce4c35215c22938e92283

                                                                        SHA512

                                                                        6f52d2619f05aac256af99223197fe625d57560a02a1d483763229568a59415fd596a464a9992620356f353a93bf073fea3253c2305ad6f521770042d206478f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df23e56e-12bf-48e0-9f4e-2b28c6a153ab.tmp
                                                                        Filesize

                                                                        1B

                                                                        MD5

                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                        SHA1

                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                        SHA256

                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                        SHA512

                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                        Filesize

                                                                        11B

                                                                        MD5

                                                                        838a7b32aefb618130392bc7d006aa2e

                                                                        SHA1

                                                                        5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                        SHA256

                                                                        ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                        SHA512

                                                                        9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                        Filesize

                                                                        264KB

                                                                        MD5

                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                        SHA1

                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                        SHA256

                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                        SHA512

                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                        Filesize

                                                                        18KB

                                                                        MD5

                                                                        654e1f59b5c8c245b59ac7521c662298

                                                                        SHA1

                                                                        4e08b44caca398b74832ed1662cbe37d512ea7e3

                                                                        SHA256

                                                                        eb8eef0768c3f232dc82aa997f2a86e00d694b9decda77d46bc1876a9f64ac03

                                                                        SHA512

                                                                        e01a83210b27bbbb5ffb9c2282c756940498e5736a91ce97b46f6bf917f69f37701d77ec42e423298002b4e16cf75a40be52de19e54854a527ca1be10dec1b3e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json
                                                                        Filesize

                                                                        26KB

                                                                        MD5

                                                                        caed933133dcc0767996dfd158ae97d0

                                                                        SHA1

                                                                        a010376f55a5be6c8f825967b3d0444609874285

                                                                        SHA256

                                                                        7aada45b80ec25b7e7d20bcf9ee19f8bdab110579fb21c0476ff534d0bbe059d

                                                                        SHA512

                                                                        83847029fa7b85af6d7540312914c79617fc409b79bbf78ae6a096a24a73bcd7495e4b5128eabc788a6ccd72a413d80744307d9c6841e38ba2268e5b21455b0c

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984
                                                                        Filesize

                                                                        13KB

                                                                        MD5

                                                                        bca2d3bb97858238a7065f1d42af97f7

                                                                        SHA1

                                                                        f3bacebc5b4728a84fee3fa963e0d24024e72e89

                                                                        SHA256

                                                                        2cf9d58d09bd6f43fdb3116e4265f4e74b2e6f9032adc2b778f5efff4c2e8c0d

                                                                        SHA512

                                                                        51280f98d24240aaffba363f9b66127edbe7e933e2e415665e6127c80449d2550fd5574d4ea649c1f825d58b576afc1c503fdba790a5bfd5364a30b704a80637

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        96c542dec016d9ec1ecc4dddfcbaac66

                                                                        SHA1

                                                                        6199f7648bb744efa58acf7b96fee85d938389e4

                                                                        SHA256

                                                                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                                                        SHA512

                                                                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017403001\5fc4aaa8e6.exe
                                                                        Filesize

                                                                        3.1MB

                                                                        MD5

                                                                        c00a67d527ef38dc6f49d0ad7f13b393

                                                                        SHA1

                                                                        7b8f2de130ab5e4e59c3c2f4a071bda831ac219d

                                                                        SHA256

                                                                        12226ccae8c807641241ba5178d853aad38984eefb0c0c4d65abc4da3f9787c3

                                                                        SHA512

                                                                        9286d267b167cba01e55e68c8c5582f903bed0dd8bc4135eb528ef6814e60e7d4dda2b3611e13efb56aa993635fbab218b0885daf5daea6043061d8384af40ca

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017405001\8057fbee5b.exe
                                                                        Filesize

                                                                        21KB

                                                                        MD5

                                                                        14becdf1e2402e9aa6c2be0e6167041e

                                                                        SHA1

                                                                        72cbbae6878f5e06060a0038b25ede93b445f0df

                                                                        SHA256

                                                                        7a769963165063758f15f6e0cece25c9d13072f67fa0d3c25a03a5104fe0783a

                                                                        SHA512

                                                                        16b837615505f352e134afd9d8655c9cabfa5bfcfbee2c0c34f2d7d9588aa71f875e4e5feb8cdf0f7bacc00f7c1ca8dabd3b3d92afc99abf705c05c78e298b4a

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017406001\2cc599d96b.exe
                                                                        Filesize

                                                                        1.9MB

                                                                        MD5

                                                                        3af5b465c234142a3334ae804164117d

                                                                        SHA1

                                                                        6837dc3d8c7cec5edb502e439a8e33b4fb5836e1

                                                                        SHA256

                                                                        56048bf62bf9e56448e8afb4f684cb87edb55e0ac628d3a87b92c4de8463ff26

                                                                        SHA512

                                                                        14183225d93f036f55415050434669899ae527c56d8748ac7c9b135d464069dffa91d368473e023ca78cee98161cc29e7a923639d3c35e795f9143b80e1d48ea

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017407001\5482eb017a.exe
                                                                        Filesize

                                                                        747KB

                                                                        MD5

                                                                        8a9cb17c0224a01bd34b46495983c50a

                                                                        SHA1

                                                                        00296ea6a56f6e10a0f1450a20c5fb329b8856c1

                                                                        SHA256

                                                                        3d51b9523b387859bc0d94246dfb216cfa82f9d650c8d11be11ed67f70e7440b

                                                                        SHA512

                                                                        1472e4670f469c43227b965984ecc223a526f6284363d8e08a3b5b55e602ccce62df4bc49939ee5bd7df7b0c26e20da896b084eccab767f8728e6bf14d71c840

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017408001\ff51c96c19.exe
                                                                        Filesize

                                                                        758KB

                                                                        MD5

                                                                        afd936e441bf5cbdb858e96833cc6ed3

                                                                        SHA1

                                                                        3491edd8c7caf9ae169e21fb58bccd29d95aefef

                                                                        SHA256

                                                                        c6491d7a6d70c7c51baca7436464667b4894e4989fa7c5e05068dde4699e1cbf

                                                                        SHA512

                                                                        928c15a1eda602b2a66a53734f3f563ab9626882104e30ee2bf5106cfd6e08ec54f96e3063f1ab89bf13be2c8822a8419f5d8ee0a3583a4c479785226051a325

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017409001\2a15e18a86.exe
                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        25fb9c54265bbacc7a055174479f0b70

                                                                        SHA1

                                                                        4af069a2ec874703a7e29023d23a1ada491b584e

                                                                        SHA256

                                                                        552f8be2c6b2208a89c728f68488930c661b3a06c35a20d133ef7d3c63a86b9c

                                                                        SHA512

                                                                        7dfd9e0f3fa2d68a6ce8c952e3b755559db73bb7a06c95ad6ed8ac16dedb49be8b8337afc07c9c682f0c4be9db291a551286353e2e2b624223487dc1c8b54668

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017410001\e11b0ec8a5.exe
                                                                        Filesize

                                                                        4.2MB

                                                                        MD5

                                                                        a0d6c9d4d75289ffa8f7dbda90e3fce6

                                                                        SHA1

                                                                        3e3b99a9b625fbd216908a07754adab568dbef4d

                                                                        SHA256

                                                                        ca737deb8d7b8dc261e6dd95dd42d7316e670d886023a7e4369df4a518c972ce

                                                                        SHA512

                                                                        e77bf7e82acdc1bf647a5a4761db39cdf591d45d9ef57457aafbb9a087bbca9988c79be7376a7268d4642db2cbef2a41ff723c907bf04cf00f1fdc06e1982858

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017411001\499a34d4a8.exe
                                                                        Filesize

                                                                        1.7MB

                                                                        MD5

                                                                        157a5af38553ccb117f6d278b2b046f0

                                                                        SHA1

                                                                        9793935e64772bb6fa3665d090fb7e9d448ad438

                                                                        SHA256

                                                                        a0d75064673f21a234d5556762f77ee96daad893e015824d7526cb965df0dd44

                                                                        SHA512

                                                                        0798f89180e91f76c357683f05cfe1103db048fdb4428f25417e141530275bb753aaf96cc5d16b5d9497878434cf05047b8e515a5a155d57e3e3b0005b7b66b6

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017413001\a6bf9e8b2d.exe
                                                                        Filesize

                                                                        946KB

                                                                        MD5

                                                                        19728d7401e58f10467bddc361c502ad

                                                                        SHA1

                                                                        94c7faafb2f9aea6002e60f789c408cafca201c2

                                                                        SHA256

                                                                        927d03e5639521f6086477aab384d9f7a9dd82c2247ada6d802bbff5eb61d65e

                                                                        SHA512

                                                                        0a1ff74a851ad45c6ed49ff62366ac0ed4da754aa0ae077c5166e51bac2abfef06c3e836e860c8834ab7e988255592191fb8f23c51b3a9d37923fdb24358f05b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017415001\764a9264f1.exe
                                                                        Filesize

                                                                        4.2MB

                                                                        MD5

                                                                        3a425626cbd40345f5b8dddd6b2b9efa

                                                                        SHA1

                                                                        7b50e108e293e54c15dce816552356f424eea97a

                                                                        SHA256

                                                                        ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                                                                        SHA512

                                                                        a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017416001\5433b1a6aa.exe
                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        ff279f4e5b1c6fbda804d2437c2dbdc8

                                                                        SHA1

                                                                        2feb3762c877a5ae3ca60eeebc37003ad0844245

                                                                        SHA256

                                                                        e115298ab160da9c7a998e4ae0b72333f64b207da165134ca45eb997a000d378

                                                                        SHA512

                                                                        c7a8bbcb122b2c7b57c8b678c5eed075ee5e7c355afbf86238282d2d3458019da1a8523520e1a1c631cd01b555f7df340545fd1e44ad678dc97c40b23428f967

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\1017417001\04a8f4422a.exe
                                                                        Filesize

                                                                        4.3MB

                                                                        MD5

                                                                        f4d4066fee7e7e63dd914f564202af5b

                                                                        SHA1

                                                                        bf2330d98dc66911f0078539ee48e6ad8dbb4686

                                                                        SHA256

                                                                        a6f94c1717ad8bb2d8a2db5d3b286e1e5bbe6b5086216661250579e654826e73

                                                                        SHA512

                                                                        468d6cbcfbebf5a1140a161fe742188df14d942a3681f1931ae7c0c840c24f9c3b2e55745478c1472e2f6cfec96df27265da93917c390c6ad0c51d6d9062fba1

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\BWZRCD36PCNC0RNVEFJWAOJ.exe
                                                                        Filesize

                                                                        1.7MB

                                                                        MD5

                                                                        9dfbaebce6e517991f34b94c67a038e2

                                                                        SHA1

                                                                        82fc1e85fe38a59248fc43837a6f0d32f3f0c0be

                                                                        SHA256

                                                                        1b625c9923c41449ed1fdce417c57890367204340c2236b4b2f44ca864ae14ad

                                                                        SHA512

                                                                        dd88abb1f9d0b0fd441e9333b64a88c5f66fb40c8f1ca8c98e4d04299e970410ddc49b60eadfbe7b76a74ef0a4d39cca270d4364d9d83ab66e777ca44257d4d4

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\FC8BGKMVXT48CFAJ.exe
                                                                        Filesize

                                                                        2.7MB

                                                                        MD5

                                                                        696ee1c9d08773339efe314269dcf7f5

                                                                        SHA1

                                                                        21bfb4fcb39ccc3969a0d07cf743b113d64a1c63

                                                                        SHA256

                                                                        57014fe84559fa166db76f925753b65e9b18fc6e175e7c6900b67b4487e6c519

                                                                        SHA512

                                                                        eb7b0ca0510d332c123c2cdd998e7c8af22f1922ff5f1f8075c8774a93e46268e7965d9ec763f45ad8cd70a0e649dd3041338c2638792a9552590f3922463e14

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1T31J4.exe
                                                                        Filesize

                                                                        2.8MB

                                                                        MD5

                                                                        d066fa57fe45e81e1718b9626b469209

                                                                        SHA1

                                                                        cffa0cb764cf71bfae214a68f5dfb799a0a4c614

                                                                        SHA256

                                                                        96e780dc197438053737878154b2f1bc4c7476f3ec487c88a5ebd7d91a0570fb

                                                                        SHA512

                                                                        07b3a818c8efa477dc000ec1acf9b4b7a882993da58d02cdc59901cfa55a00a9f727b554c34173cfb1bd924d0f85d4ec1fff7527e0f02b3750bd24af4c81899d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2Y7445.exe
                                                                        Filesize

                                                                        1.8MB

                                                                        MD5

                                                                        df0dce83067b009b5190d62f241fb4fe

                                                                        SHA1

                                                                        648df52d7f8f675df4b752d146103a63447c6ea9

                                                                        SHA256

                                                                        2bc198b56d532a372c320219e02d1041f0cbd41872ee886f43e9ca8a9124dee6

                                                                        SHA512

                                                                        cae71eae242590094f58697240f3aa0461ff15e92dae8d5e6eaca053c7a7d54a824272c46b93a110f9981b25d8757b06717214e5b2b35453766ed5fbfa94dc5f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_du0pokxc.bdn.ps1
                                                                        Filesize

                                                                        60B

                                                                        MD5

                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                        SHA1

                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                        SHA256

                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                        SHA512

                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir3496_445429527\7d8eacce-defc-4ab7-b15d-9d3b37660d7b.tmp
                                                                        Filesize

                                                                        150KB

                                                                        MD5

                                                                        14937b985303ecce4196154a24fc369a

                                                                        SHA1

                                                                        ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                        SHA256

                                                                        71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                        SHA512

                                                                        1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir3496_445429527\CRX_INSTALL\_locales\en\messages.json
                                                                        Filesize

                                                                        711B

                                                                        MD5

                                                                        558659936250e03cc14b60ebf648aa09

                                                                        SHA1

                                                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                        SHA256

                                                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                        SHA512

                                                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                        Filesize

                                                                        479KB

                                                                        MD5

                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                        SHA1

                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                        SHA256

                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                        SHA512

                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                        Filesize

                                                                        13.8MB

                                                                        MD5

                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                        SHA1

                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                        SHA256

                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                        SHA512

                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        683458dd20a43fb45532a50b7f10db4b

                                                                        SHA1

                                                                        11a417b152c1dc85fab04ae8e55a353cbed9be2a

                                                                        SHA256

                                                                        3fcbbc9135249854600c6e2667b17aa2bce8d066772dfd99b24e1020dea900c4

                                                                        SHA512

                                                                        ed7b39689f0cfe1f52fb5ecbbe9296b0224cf335f6be66ae3d6d8ca723e6b6dfb820649a971085889e77e62d2bcd66855a5a1c7ef4fffe8d31a4aa89f930fa5e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        8099026bd01ec45a38482044e6977432

                                                                        SHA1

                                                                        06b1cf3f6302783d536999de58853d7a1ce38f90

                                                                        SHA256

                                                                        adfaa8bc99c7753bd68f60fe7a9202a9a53d4196fead3ddc37034e8357250392

                                                                        SHA512

                                                                        7abc069d17e6928953ef8a53966dce26b48e11b3439c30708b67c276bef89f629d41d67e7aa91c194eb816795dda4a1fc3b9dc4587f269f34a5d5460b63e7095

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        9e6a792cd9501389759566f672df598f

                                                                        SHA1

                                                                        7b5328fc3aac8c050148b94ab41efbbf201cbc9e

                                                                        SHA256

                                                                        e1fe058c225e84ef5d6ca1f60b69da976687c08967019ffc83b9ebba456c0adc

                                                                        SHA512

                                                                        9fe3fba9cfd2fda92d82e6eff89c4c96d1ce7d3622243b85f240547a187b4f2cd0691e21c88c32013968f65eeb48536cfd3c2cdbf3da06f8c95e57ad253365c6

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        96157b853a9e187cf146ade99c402343

                                                                        SHA1

                                                                        c82913cabea0af64ff7de5964e7710c062113ec9

                                                                        SHA256

                                                                        055913ab0ec9b353f354b7513a7197c90b6fbcfb03fea7feb9156b49cacefd18

                                                                        SHA512

                                                                        42c09b2f50629089b781f78197c2c2c2a9ed125299ad5b721551b0a4f8a1c9c6ff844215d5498f69bc03f69165b125a7f289b3c79c5686286e701f738df8ff58

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        0ffe0ff8513ccc44cb2a7232e1c709ff

                                                                        SHA1

                                                                        8373c930eadda9649ac80769b2040230ed80dbe4

                                                                        SHA256

                                                                        2a54658a1901195e2869f6f05b2a83838b616850cb833b6ada94c06e99e56586

                                                                        SHA512

                                                                        a0a24363326795effe465cebad76e4b0ef05c9f6d1ecafc176705a20c2c674303384e9aa910ecdf67bcc6046e7c1b247d7b91c498ae424038864fe08a022e561

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        23KB

                                                                        MD5

                                                                        acbbb4535d35effd9a752852df8b31bf

                                                                        SHA1

                                                                        a2eccbaa5411f84862de47cba4bd52727a8bc49f

                                                                        SHA256

                                                                        cbc74e1a65887844937bcd6625d77e591e9fa47d5206ee0b58cd881944262c66

                                                                        SHA512

                                                                        c2dc0053f86bd8bb7e9ca8157e1c9e7e6a0c9b9f8697c924d756b8eb88bfa98db11136a62bdd3d3ff226dea373b120e97e8ceeb89fc5f0f2f572d5bdf874741b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.bin
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        3d99c567c4a788b40aad3eb388128134

                                                                        SHA1

                                                                        ea42dd2c34b0bb5e303b643614108b49ef2de771

                                                                        SHA256

                                                                        942e086c5837430962461244224792448f57799441757691f98f6acc9445254e

                                                                        SHA512

                                                                        ab9643363544792c57f3cff3ccee8b7e2a87ef3276ed41fbb2eded18dd64db916adfd957e50a6855cdd20d428f70bbcf4a5aff8b9b37dd71eb56d6d0fc7cabec

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        667a1e9d0ffec2a9095cc2943c3215fa

                                                                        SHA1

                                                                        8a6d5dd9d1e1afd9c758323fd4e2028944f27317

                                                                        SHA256

                                                                        ff896c699118c2ce7aca30919cfb90bb85ab9cad66beb3d3018f63714765f2e9

                                                                        SHA512

                                                                        cc46c8b607c08ee13b7473dcd6cae0f0ce17d396c924159629eb7eb17641c8c4501b9298275659774645fdb2e0b75aeade11ed9872482f232c6fe3364f936391

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        4d37d55c6274ce034bbd7f78628fb3ed

                                                                        SHA1

                                                                        1981aacda9b86708adc572267ddf9814f09d9514

                                                                        SHA256

                                                                        4176d77a6ff1f0d8b4d3774f6115c888fd7798d158092f7b448aa27a17426cbd

                                                                        SHA512

                                                                        c043c24cd3a1a10954258aa0c2e46c906ed1607eb4b6c649144cd9ec56eca954aada40443717ce7460e61b2b6797744b97b5c2ec8766d1e6e6f5fa5bad143a35

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        d7057c2b6a6674551dda04afe6da97c8

                                                                        SHA1

                                                                        8137633b6d72bff01e035a2802c75bf9f0eaeabf

                                                                        SHA256

                                                                        5d63d3ca0f8bfdf41438ed977a0751617a0f11faacbad91f756104cea0a1e24e

                                                                        SHA512

                                                                        f802a327f08adfe16d80d6bef074259e8cd98251c7cf65acfc4f7e0dc56956afc6a9586fcfebb6aa06749849ac20c84fce07b19c5342ff9066a2a2018e44643c

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        e077f491fe52028771e4beb64e1e2072

                                                                        SHA1

                                                                        900d88b7841cce46d08804d895888e7af52376f2

                                                                        SHA256

                                                                        dbc15fe5989ba6b820b5b587069bf2d24ace1c2dc933f98184b62a4c630d064b

                                                                        SHA512

                                                                        f5debb23997df57d28981a7ffdda43fc9946aa7687bc7c6909e4f97cd89881e39243ff8ead6aed2577aecf0f72d7d321a16556c60d75c5500e278a9d4b9439a6

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        7337e7f9fbee3d75ac379d459aec6956

                                                                        SHA1

                                                                        eb84cf298668c6afee94d88ba31c0c3f34c6e9c9

                                                                        SHA256

                                                                        1992609b3fa87f4f754e4d54dd263ee2825ecc34cc6de99aaae276b553dac62f

                                                                        SHA512

                                                                        2bdb6108b9b8ade12adf26aeaabc476a594c7740fe9b304d4c1a8be5a03ad8e9cc260ea4b3a90c8dd64cba2c7582d293d099cfb140d1670f267fe2c73f2dd699

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\8bb61c41-8340-4952-9853-5e35559ec730
                                                                        Filesize

                                                                        26KB

                                                                        MD5

                                                                        3dfe5d38f34f584b7196e44a32d547ec

                                                                        SHA1

                                                                        53c7e0e46721cb2b3250906ba80d6f02b8fb021d

                                                                        SHA256

                                                                        73d49c9310e135e96aa2d300db61d7f05767f7f79041274ed4e416cd83196cd4

                                                                        SHA512

                                                                        d5468da010a21d4e814ae3e797684cf8509bf61ffc79f12d4fb21dfd0ec089a4c0989aa7e6a0b4472b9ac01c048f9d6b3cf70cc5b22e4fe849986ad5690e52ea

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\8ee27c93-8b1f-4886-9bb3-5bc503761bae
                                                                        Filesize

                                                                        982B

                                                                        MD5

                                                                        224020b01f7132674baceb9195ddf7c3

                                                                        SHA1

                                                                        878e26d1f801b553bd079a66b88845187d5cd5e3

                                                                        SHA256

                                                                        e908ab19187a8175634355a77658685e244cd53f10413a6db2a5e44808675ea9

                                                                        SHA512

                                                                        1477f0212871b9848758c94c7743222c5fc09156f3d4aa93004d208a13cba348ca69bf33b393c25bf45e6c577482b2259c15b717aa280d66b2e99819525c4e8b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\ae52efec-e3f6-4515-88eb-2a7793a5f8b1
                                                                        Filesize

                                                                        671B

                                                                        MD5

                                                                        304377e66293aeddc2ec33acb926390c

                                                                        SHA1

                                                                        891bfd60e0c1316b3dcc4e252171ebe67be9040d

                                                                        SHA256

                                                                        628ea0fe03f4fcf05554e7278d89259c0139d6c1553d00f5f011daa9a39e3745

                                                                        SHA512

                                                                        91bb9a58e8e2c1a6153cae6b82fac62ddc2c9a9df45e10e10d9d7986143d4a5fb395375ff57f51de3794b3166eca448df16979c00e80dcaf345333a81fc61aa5

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                        Filesize

                                                                        1.1MB

                                                                        MD5

                                                                        842039753bf41fa5e11b3a1383061a87

                                                                        SHA1

                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                        SHA256

                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                        SHA512

                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                        Filesize

                                                                        116B

                                                                        MD5

                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                        SHA1

                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                        SHA256

                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                        SHA512

                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                        Filesize

                                                                        372B

                                                                        MD5

                                                                        bf957ad58b55f64219ab3f793e374316

                                                                        SHA1

                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                        SHA256

                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                        SHA512

                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                        Filesize

                                                                        17.8MB

                                                                        MD5

                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                        SHA1

                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                        SHA256

                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                        SHA512

                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js
                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        95d2113973bcb63e7ff786fdde02211f

                                                                        SHA1

                                                                        d2668cd7d61d634d22870f848b053757faf86cab

                                                                        SHA256

                                                                        8d7b818dedd928c5c840e1969fac7941e92dfe4fcb55f2fa3558777fecb46833

                                                                        SHA512

                                                                        e33e46e1c5303fc4c7f3077a1f6a07a23122d140c17905952def89de08a7f25fd9b8095dfdc8f9e17f13d1a942b0e252deb3a58df37dd0e6acb2cb58421108e7

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js
                                                                        Filesize

                                                                        15KB

                                                                        MD5

                                                                        2571e4272fdfe9acd453791b89a26903

                                                                        SHA1

                                                                        b6692b0e11e2779037e68d859c0e772a5774fa9c

                                                                        SHA256

                                                                        42ae9574e6637d639bb58d7450c2d30d085a9de40394f629df055ba7b295bbfd

                                                                        SHA512

                                                                        640ddfd9ae76c8e640b28b58c80b77a6f8c982b7cad344cd02f7128bdcb38fb3d804e65df7040039897853e91bbfa0a262f3ec67dec4818a1b5a1065cfd496b0

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        28bd22d15439cc77c7c0fe7cf08c00be

                                                                        SHA1

                                                                        e2ab393f9b56244fe1a6f74a90d44309c3fdd72c

                                                                        SHA256

                                                                        059272d6cd27138a93b2e057fc0be12fcea0103ad13039bdd96d0e5b45979904

                                                                        SHA512

                                                                        f623cb0bef8ef79b59c751d4f86d49625e096dc96b276f830cba9847294006188b933574148305d2e4da9a9b720ee4dbcc0681f040ea844b4e8ae5685a0d9fb8

                                                                        Download Submit

                                                                      • C:\Users\Admin\Documents\FCFBFHIEBK.exe
                                                                        Filesize

                                                                        2.9MB

                                                                        MD5

                                                                        b48526e3264a9ebf9ae221df76f8511e

                                                                        SHA1

                                                                        51141f95d23355a1891b88e470b2c9a3e44ba92e

                                                                        SHA256

                                                                        42ee113ccf756a8e8950cb81a36558e707f20f59aef11401ca08269cce065c0f

                                                                        SHA512

                                                                        ad26656d29e916e06d26de91f0da8703c1f677bd369196e282f6e1eec3a0baca504a564607b4e6f7d18b8ac350428aaff01e2f39ccc435715526daaae1a0e100

                                                                        Download Submit

                                                                      • C:\fyzhsqwk\0d40c877818b4d87b13241f5e7831b5f.exe
                                                                        Filesize

                                                                        1.2MB

                                                                        MD5

                                                                        577cd52217da6d7163cea46bb01c107f

                                                                        SHA1

                                                                        82b31cc52c538238e63bdfc22d1ea306ea0b852a

                                                                        SHA256

                                                                        139762e396fb930400fab8faab80cb679abbe642144261cba24973fb23bcd728

                                                                        SHA512

                                                                        8abad4eaf2a302dfd9ead058e8c14d996437975730125c46d034a71028921ff36ff5d157ad3671e328ac667ec8095db19fa14a9e8eaaf1a7738aa3d0120b5474

                                                                        Download Submit

                                                                      • memory/60-4317-0x00007FF79C7A0000-0x00007FF79CC30000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/60-4333-0x00007FF79C7A0000-0x00007FF79CC30000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/828-163-0x0000000000890000-0x000000000089A000-memory.dmp

                                                                        Filesize

                                                                        40KB

                                                                        Download

                                                                      • memory/828-165-0x0000000001040000-0x0000000001440000-memory.dmp

                                                                        Filesize

                                                                        4.0MB

                                                                        Download

                                                                      • memory/828-166-0x00007FFA54770000-0x00007FFA54965000-memory.dmp

                                                                        Filesize

                                                                        2.0MB

                                                                        Download

                                                                      • memory/828-169-0x0000000076B50000-0x0000000076D65000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                        Download

                                                                      • memory/832-932-0x0000000000160000-0x0000000000CAE000-memory.dmp

                                                                        Filesize

                                                                        11.3MB

                                                                        Download

                                                                      • memory/832-891-0x0000000000160000-0x0000000000CAE000-memory.dmp

                                                                        Filesize

                                                                        11.3MB

                                                                        Download

                                                                      • memory/832-887-0x0000000000160000-0x0000000000CAE000-memory.dmp

                                                                        Filesize

                                                                        11.3MB

                                                                        Download

                                                                      • memory/832-771-0x0000000000160000-0x0000000000CAE000-memory.dmp

                                                                        Filesize

                                                                        11.3MB

                                                                        Download

                                                                      • memory/1504-157-0x0000000004E10000-0x0000000005210000-memory.dmp

                                                                        Filesize

                                                                        4.0MB

                                                                        Download

                                                                      • memory/1504-158-0x0000000004E10000-0x0000000005210000-memory.dmp

                                                                        Filesize

                                                                        4.0MB

                                                                        Download

                                                                      • memory/1504-159-0x00007FFA54770000-0x00007FFA54965000-memory.dmp

                                                                        Filesize

                                                                        2.0MB

                                                                        Download

                                                                      • memory/1504-120-0x0000000000390000-0x0000000000852000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                        Download

                                                                      • memory/1504-201-0x0000000000390000-0x0000000000852000-memory.dmp

                                                                        Filesize

                                                                        4.8MB

                                                                        Download

                                                                      • memory/1504-162-0x0000000076B50000-0x0000000076D65000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                        Download

                                                                      • memory/1580-540-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/1580-538-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/1580-536-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/1760-75-0x0000000000AE0000-0x0000000000AEC000-memory.dmp

                                                                        Filesize

                                                                        48KB

                                                                        Download

                                                                      • memory/1808-1765-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-1625-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-364-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-76-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-23-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-811-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-4300-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-1895-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-3184-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-84-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1808-911-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/1892-910-0x0000000000790000-0x0000000000C83000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/1892-908-0x0000000000790000-0x0000000000C83000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/1900-80-0x0000000000490000-0x0000000000932000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/1900-29-0x0000000000490000-0x0000000000932000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/1900-82-0x0000000000490000-0x0000000000932000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/2728-56-0x00000000006E0000-0x0000000000B34000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/2728-254-0x00000000006E0000-0x0000000000B34000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/2728-225-0x00000000006E0000-0x0000000000B34000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/2728-55-0x00000000006E0000-0x0000000000B34000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/2728-54-0x00000000006E0000-0x0000000000B34000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/3020-224-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                        Filesize

                                                                        340KB

                                                                        Download

                                                                      • memory/3020-222-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                        Filesize

                                                                        340KB

                                                                        Download

                                                                      • memory/3020-220-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                        Filesize

                                                                        340KB

                                                                        Download

                                                                      • memory/3080-843-0x0000000000FD0000-0x0000000001455000-memory.dmp

                                                                        Filesize

                                                                        4.5MB

                                                                        Download

                                                                      • memory/3080-881-0x0000000000FD0000-0x0000000001455000-memory.dmp

                                                                        Filesize

                                                                        4.5MB

                                                                        Download

                                                                      • memory/3388-873-0x0000000005DB0000-0x0000000006354000-memory.dmp

                                                                        Filesize

                                                                        5.6MB

                                                                        Download

                                                                      • memory/3388-49-0x0000000005320000-0x00000000053BC000-memory.dmp

                                                                        Filesize

                                                                        624KB

                                                                        Download

                                                                      • memory/3388-872-0x00000000056B0000-0x0000000005806000-memory.dmp

                                                                        Filesize

                                                                        1.3MB

                                                                        Download

                                                                      • memory/3388-874-0x0000000005250000-0x0000000005272000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                        Download

                                                                      • memory/3388-48-0x0000000000620000-0x0000000000948000-memory.dmp

                                                                        Filesize

                                                                        3.2MB

                                                                        Download

                                                                      • memory/3608-875-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/3608-7-0x0000000000AE0000-0x0000000000DEF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/3608-9-0x0000000000AE1000-0x0000000000B0F000-memory.dmp

                                                                        Filesize

                                                                        184KB

                                                                        Download

                                                                      • memory/3608-11-0x0000000000AE0000-0x0000000000DEF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/3608-880-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/3608-10-0x0000000000AE0000-0x0000000000DEF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/3608-25-0x0000000000AE0000-0x0000000000DEF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/3608-8-0x0000000077AF4000-0x0000000077AF6000-memory.dmp

                                                                        Filesize

                                                                        8KB

                                                                        Download

                                                                      • memory/3608-878-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                        Filesize

                                                                        344KB

                                                                        Download

                                                                      • memory/3632-500-0x0000000000690000-0x0000000000A4B000-memory.dmp

                                                                        Filesize

                                                                        3.7MB

                                                                        Download

                                                                      • memory/3632-754-0x0000000000690000-0x0000000000A4B000-memory.dmp

                                                                        Filesize

                                                                        3.7MB

                                                                        Download

                                                                      • memory/3796-871-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/3796-864-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/4172-236-0x0000000006F50000-0x0000000006FF3000-memory.dmp

                                                                        Filesize

                                                                        652KB

                                                                        Download

                                                                      • memory/4172-237-0x00000000071E0000-0x00000000071F1000-memory.dmp

                                                                        Filesize

                                                                        68KB

                                                                        Download

                                                                      • memory/4172-240-0x0000000007220000-0x0000000007234000-memory.dmp

                                                                        Filesize

                                                                        80KB

                                                                        Download

                                                                      • memory/4172-226-0x0000000073F60000-0x0000000073FAC000-memory.dmp

                                                                        Filesize

                                                                        304KB

                                                                        Download

                                                                      • memory/4356-83-0x00000000006D0000-0x0000000000BC3000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/4356-812-0x00000000006D0000-0x0000000000BC3000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/4356-892-0x00000000006D0000-0x0000000000BC3000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/4356-365-0x00000000006D0000-0x0000000000BC3000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/4356-121-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                        Filesize

                                                                        972KB

                                                                        Download

                                                                      • memory/4356-366-0x00000000006D0000-0x0000000000BC3000-memory.dmp

                                                                        Filesize

                                                                        4.9MB

                                                                        Download

                                                                      • memory/4892-4316-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/4892-4314-0x00000000002D0000-0x00000000005DF000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/4908-85-0x00000000048E0000-0x0000000004916000-memory.dmp

                                                                        Filesize

                                                                        216KB

                                                                        Download

                                                                      • memory/4908-204-0x0000000007420000-0x0000000007434000-memory.dmp

                                                                        Filesize

                                                                        80KB

                                                                        Download

                                                                      • memory/4908-99-0x00000000059C0000-0x0000000005D14000-memory.dmp

                                                                        Filesize

                                                                        3.3MB

                                                                        Download

                                                                      • memory/4908-100-0x0000000005EA0000-0x0000000005EBE000-memory.dmp

                                                                        Filesize

                                                                        120KB

                                                                        Download

                                                                      • memory/4908-88-0x0000000005760000-0x00000000057C6000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                        Download

                                                                      • memory/4908-170-0x00000000073E0000-0x00000000073F1000-memory.dmp

                                                                        Filesize

                                                                        68KB

                                                                        Download

                                                                      • memory/4908-89-0x0000000005850000-0x00000000058B6000-memory.dmp

                                                                        Filesize

                                                                        408KB

                                                                        Download

                                                                      • memory/4908-101-0x0000000005ED0000-0x0000000005F1C000-memory.dmp

                                                                        Filesize

                                                                        304KB

                                                                        Download

                                                                      • memory/4908-205-0x0000000007520000-0x000000000753A000-memory.dmp

                                                                        Filesize

                                                                        104KB

                                                                        Download

                                                                      • memory/4908-87-0x0000000005000000-0x0000000005022000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                        Download

                                                                      • memory/4908-203-0x0000000007410000-0x000000000741E000-memory.dmp

                                                                        Filesize

                                                                        56KB

                                                                        Download

                                                                      • memory/4908-149-0x0000000006EC0000-0x0000000006F63000-memory.dmp

                                                                        Filesize

                                                                        652KB

                                                                        Download

                                                                      • memory/4908-155-0x0000000007820000-0x0000000007E9A000-memory.dmp

                                                                        Filesize

                                                                        6.5MB

                                                                        Download

                                                                      • memory/4908-86-0x00000000050C0000-0x00000000056E8000-memory.dmp

                                                                        Filesize

                                                                        6.2MB

                                                                        Download

                                                                      • memory/4908-156-0x00000000071E0000-0x00000000071FA000-memory.dmp

                                                                        Filesize

                                                                        104KB

                                                                        Download

                                                                      • memory/4908-146-0x0000000006440000-0x000000000645E000-memory.dmp

                                                                        Filesize

                                                                        120KB

                                                                        Download

                                                                      • memory/4908-167-0x0000000007460000-0x00000000074F6000-memory.dmp

                                                                        Filesize

                                                                        600KB

                                                                        Download

                                                                      • memory/4908-136-0x0000000073F60000-0x0000000073FAC000-memory.dmp

                                                                        Filesize

                                                                        304KB

                                                                        Download

                                                                      • memory/4908-160-0x0000000007250000-0x000000000725A000-memory.dmp

                                                                        Filesize

                                                                        40KB

                                                                        Download

                                                                      • memory/4908-135-0x00000000064D0000-0x0000000006502000-memory.dmp

                                                                        Filesize

                                                                        200KB

                                                                        Download

                                                                      • memory/4908-206-0x0000000007500000-0x0000000007508000-memory.dmp

                                                                        Filesize

                                                                        32KB

                                                                        Download

                                                                      • memory/5268-1736-0x000002D0DBB70000-0x000002D0DBB92000-memory.dmp

                                                                        Filesize

                                                                        136KB

                                                                        Download

                                                                      • memory/5340-958-0x0000000000410000-0x0000000000864000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/5340-1762-0x0000000000410000-0x0000000000864000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/5340-1465-0x0000000000410000-0x0000000000864000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/5340-1752-0x0000000000410000-0x0000000000864000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/5340-1479-0x0000000000410000-0x0000000000864000-memory.dmp

                                                                        Filesize

                                                                        4.3MB

                                                                        Download

                                                                      • memory/5860-888-0x00000000000C0000-0x00000000003E6000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/5860-890-0x00000000000C0000-0x00000000003E6000-memory.dmp

                                                                        Filesize

                                                                        3.1MB

                                                                        Download

                                                                      • memory/6012-747-0x0000000000060000-0x000000000050B000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/6012-755-0x0000000000060000-0x000000000050B000-memory.dmp

                                                                        Filesize

                                                                        4.7MB

                                                                        Download

                                                                      • memory/6092-1724-0x00007FF797990000-0x00007FF797E20000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/6092-1727-0x00007FF797990000-0x00007FF797E20000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/6164-1751-0x00000000001F0000-0x0000000000696000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/6164-1780-0x00000000001F0000-0x0000000000696000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                        Download

                                                                      • memory/6352-4318-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                        Filesize

                                                                        7.4MB

                                                                        Download

                                                                      • memory/6352-4319-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                        Filesize

                                                                        7.4MB

                                                                        Download

                                                                      • memory/6352-4320-0x0000000140000000-0x0000000140770000-memory.dmp

                                                                        Filesize

                                                                        7.4MB

                                                                        Download

                                                                      • memory/6540-1955-0x0000000000E70000-0x0000000001A5F000-memory.dmp

                                                                        Filesize

                                                                        11.9MB

                                                                        Download

                                                                      • memory/6540-2100-0x0000000000E70000-0x0000000001A5F000-memory.dmp

                                                                        Filesize

                                                                        11.9MB

                                                                        Download

                                                                      • memory/6540-1971-0x0000000000E70000-0x0000000001A5F000-memory.dmp

                                                                        Filesize

                                                                        11.9MB

                                                                        Download

                                                                      • memory/6540-1779-0x0000000000E70000-0x0000000001A5F000-memory.dmp

                                                                        Filesize

                                                                        11.9MB

                                                                        Download