Overview

overview

10

Static

static

3

b125132b0f...89.exe

windows10-2004-x64

10

Resubmissions

21-12-2024 09:34

241221-ljsnrsxneq 10

21-12-2024 09:30

241221-lgna9sxncm 10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b125132b0fc81b350c50b4e2eeaddace075ae7e1525014c6705378708afa6489.exe

  • Size

    6.7MB

  • MD5

    f71aeb46220fd7e8ed24bf419a92359f

  • SHA1

    f5c098d32f53c27aa81d64813a50bb6f3f18e337

  • SHA256

    b125132b0fc81b350c50b4e2eeaddace075ae7e1525014c6705378708afa6489

  • SHA512

    0e17ca9264ffa514fee3be497656fe1273b46aa2f50a0738542ff42547dbb29236d29f9d90043be5b94cecbfd1f845d3d7c0dd154c8109a412a4e567a9ce8dcf

  • SSDEEP

    196608:kyMnJU9VMu1k+Qf+Lm78cz+PthllEu/LhcbTLn/R6LK/:k1sVxu2Lm78czSl/L+fTR6LK/

Score
10/10
amadeygcleanerlummastealcvidar9c9aa5stokcredential_accessdiscoveryevasionexecutionloaderpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Vidar Stealer 5 IoCs
    stealer
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Enumerates VirtualBox registry keys 2 TTPs 2 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 14 IoCs
    evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 28 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 39 IoCs
  • Identifies Wine through registry keys 2 TTPs 14 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 8 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 48 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 3 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Views/modifies file attributes 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b125132b0fc81b350c50b4e2eeaddace075ae7e1525014c6705378708afa6489.exe
    "C:\Users\Admin\AppData\Local\Temp\b125132b0fc81b350c50b4e2eeaddace075ae7e1525014c6705378708afa6489.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\O9I15.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\O9I15.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3336
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h6r40.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h6r40.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4704
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1k76k5.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1k76k5.exe
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1796
          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
            "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Checks computer location settings
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Adds Run key to start application
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1428
            • C:\Users\Admin\AppData\Local\Temp\1019261001\8704fe9e32.exe
              "C:\Users\Admin\AppData\Local\Temp\1019261001\8704fe9e32.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:1712
            • C:\Users\Admin\AppData\Local\Temp\1019262001\4eeab29b4f.exe
              "C:\Users\Admin\AppData\Local\Temp\1019262001\4eeab29b4f.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4556
              • C:\Users\Admin\AppData\Local\Temp\1019262001\4eeab29b4f.exe
                "C:\Users\Admin\AppData\Local\Temp\1019262001\4eeab29b4f.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3104
            • C:\Users\Admin\AppData\Local\Temp\1019263001\55fe202777.exe
              "C:\Users\Admin\AppData\Local\Temp\1019263001\55fe202777.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:5016
              • C:\Users\Admin\AppData\Local\Temp\1019263001\55fe202777.exe
                "C:\Users\Admin\AppData\Local\Temp\1019263001\55fe202777.exe"
                7⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:5840
            • C:\Users\Admin\AppData\Local\Temp\1019264001\7c2fd5ed0c.exe
              "C:\Users\Admin\AppData\Local\Temp\1019264001\7c2fd5ed0c.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Drops file in Windows directory
              • System Location Discovery: System Language Discovery
              PID:8
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /c move App App.cmd & App.cmd
                7⤵
                • System Location Discovery: System Language Discovery
                PID:1712
                • C:\Windows\SysWOW64\tasklist.exe
                  tasklist
                  8⤵
                  • Enumerates processes with tasklist
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5252
                • C:\Windows\SysWOW64\findstr.exe
                  findstr /I "opssvc wrsa"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5260
                • C:\Windows\SysWOW64\tasklist.exe
                  tasklist
                  8⤵
                  • Enumerates processes with tasklist
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5308
                • C:\Windows\SysWOW64\findstr.exe
                  findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5320
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c md 245347
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5360
                • C:\Windows\SysWOW64\findstr.exe
                  findstr /V "profiles" Organizing
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5372
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c copy /b ..\Judy + ..\Sheets + ..\Another + ..\Wanting b
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5448
                • C:\Users\Admin\AppData\Local\Temp\245347\Dry.com
                  Dry.com b
                  8⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Checks processor information in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:5476
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\245347\Dry.com" & rd /s /q "C:\ProgramData\9000ZCJ5XBIE" & exit
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:5332
                    • C:\Windows\SysWOW64\timeout.exe
                      timeout /t 10
                      10⤵
                      • System Location Discovery: System Language Discovery
                      • Delays execution with timeout.exe
                      PID:1976
                • C:\Windows\SysWOW64\choice.exe
                  choice /d y /t 5
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:5516
            • C:\Users\Admin\AppData\Local\Temp\1019265001\80a096a6d2.exe
              "C:\Users\Admin\AppData\Local\Temp\1019265001\80a096a6d2.exe"
              6⤵
              • Enumerates VirtualBox registry keys
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:5660
            • C:\Users\Admin\AppData\Local\Temp\1019266001\f4d210be8e.exe
              "C:\Users\Admin\AppData\Local\Temp\1019266001\f4d210be8e.exe"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:6088
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
                7⤵
                  PID:3184
                  • C:\Windows\system32\mode.com
                    mode 65,10
                    8⤵
                      PID:868
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e file.zip -p24291711423417250691697322505 -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4064
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_7.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:5224
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_6.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:668
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_5.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3404
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_4.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3216
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_3.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2484
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_2.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:5292
                    • C:\Users\Admin\AppData\Local\Temp\main\7z.exe
                      7z.exe e extracted/file_1.zip -oextracted
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2812
                    • C:\Windows\system32\attrib.exe
                      attrib +H "in.exe"
                      8⤵
                      • Views/modifies file attributes
                      PID:4392
                    • C:\Users\Admin\AppData\Local\Temp\main\in.exe
                      "in.exe"
                      8⤵
                      • Executes dropped EXE
                      PID:4368
                      • C:\Windows\SYSTEM32\attrib.exe
                        attrib +H +S C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        9⤵
                        • Views/modifies file attributes
                        PID:2396
                      • C:\Windows\SYSTEM32\attrib.exe
                        attrib +H C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                        9⤵
                        • Views/modifies file attributes
                        PID:4388
                      • C:\Windows\SYSTEM32\schtasks.exe
                        schtasks /f /CREATE /TN "Intel_PTT_EK_Recertification" /TR "C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe" /SC MINUTE
                        9⤵
                        • Scheduled Task/Job: Scheduled Task
                        PID:5328
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        powershell ping 127.0.0.1; del in.exe
                        9⤵
                        • System Network Configuration Discovery: Internet Connection Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:5308
                        • C:\Windows\system32\PING.EXE
                          "C:\Windows\system32\PING.EXE" 127.0.0.1
                          10⤵
                          • System Network Configuration Discovery: Internet Connection Discovery
                          • Runs ping.exe
                          PID:5704
                • C:\Users\Admin\AppData\Local\Temp\1019267001\cad0eb174e.exe
                  "C:\Users\Admin\AppData\Local\Temp\1019267001\cad0eb174e.exe"
                  6⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:632
                • C:\Users\Admin\AppData\Local\Temp\1019268001\6fb43892f1.exe
                  "C:\Users\Admin\AppData\Local\Temp\1019268001\6fb43892f1.exe"
                  6⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2620
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" Add-MpPreference -ExclusionPath "C:\jjsbaync"
                    7⤵
                    • Command and Scripting Interpreter: PowerShell
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1396
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                    7⤵
                    • Command and Scripting Interpreter: PowerShell
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:6064
                  • C:\jjsbaync\582b58d0861c4d11bac309351c583907.exe
                    "C:\jjsbaync\582b58d0861c4d11bac309351c583907.exe"
                    7⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Checks processor information in registry
                    PID:668
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\jjsbaync\582b58d0861c4d11bac309351c583907.exe" & rd /s /q "C:\ProgramData\GV3W4E37YCBA" & exit
                      8⤵
                      • System Location Discovery: System Language Discovery
                      PID:1796
                      • C:\Windows\SysWOW64\timeout.exe
                        timeout /t 10
                        9⤵
                        • System Location Discovery: System Language Discovery
                        • Delays execution with timeout.exe
                        PID:5708
                  • C:\jjsbaync\626b51df92c34eb6bbaf076ebf5bb320.exe
                    "C:\jjsbaync\626b51df92c34eb6bbaf076ebf5bb320.exe"
                    7⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    PID:5896
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9MSZ40SLW145?ocid=&referrer=psi
                      8⤵
                      • Enumerates system info in registry
                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:5920
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff66ae46f8,0x7fff66ae4708,0x7fff66ae4718
                        9⤵
                          PID:5396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,6159604443891364958,17645101975611216429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
                          9⤵
                            PID:6084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,6159604443891364958,17645101975611216429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
                            9⤵
                              PID:2936
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,6159604443891364958,17645101975611216429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
                              9⤵
                                PID:5588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6159604443891364958,17645101975611216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                                9⤵
                                  PID:3948
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6159604443891364958,17645101975611216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                  9⤵
                                    PID:5636
                            • C:\Users\Admin\AppData\Local\Temp\1019269001\36463a3e1a.exe
                              "C:\Users\Admin\AppData\Local\Temp\1019269001\36463a3e1a.exe"
                              6⤵
                              • Enumerates VirtualBox registry keys
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:6100
                            • C:\Users\Admin\AppData\Local\Temp\1019270001\484dd38bcf.exe
                              "C:\Users\Admin\AppData\Local\Temp\1019270001\484dd38bcf.exe"
                              6⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5256
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 756
                                7⤵
                                • Program crash
                                PID:6704
                            • C:\Users\Admin\AppData\Local\Temp\1019271001\99876de6f9.exe
                              "C:\Users\Admin\AppData\Local\Temp\1019271001\99876de6f9.exe"
                              6⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              PID:5832
                            • C:\Users\Admin\AppData\Local\Temp\1019272001\1475b4aeb8.exe
                              "C:\Users\Admin\AppData\Local\Temp\1019272001\1475b4aeb8.exe"
                              6⤵
                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                              • Checks BIOS information in registry
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                              • System Location Discovery: System Language Discovery
                              PID:5276
                            • C:\Users\Admin\AppData\Local\Temp\1019273001\357e639fec.exe
                              "C:\Users\Admin\AppData\Local\Temp\1019273001\357e639fec.exe"
                              6⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4524
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /F /IM firefox.exe /T
                                7⤵
                                • System Location Discovery: System Language Discovery
                                • Kills process with taskkill
                                PID:5844
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /F /IM chrome.exe /T
                                7⤵
                                • System Location Discovery: System Language Discovery
                                • Kills process with taskkill
                                PID:1968
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /F /IM msedge.exe /T
                                7⤵
                                • System Location Discovery: System Language Discovery
                                • Kills process with taskkill
                                PID:392
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /F /IM opera.exe /T
                                7⤵
                                • System Location Discovery: System Language Discovery
                                • Kills process with taskkill
                                PID:5268
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /F /IM brave.exe /T
                                7⤵
                                • System Location Discovery: System Language Discovery
                                • Kills process with taskkill
                                PID:4304
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                7⤵
                                  PID:5712
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                    8⤵
                                    • Checks processor information in registry
                                    • Modifies registry class
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5280
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2040 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52d997ec-41af-4c87-b884-aa432856a45a} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" gpu
                                      9⤵
                                        PID:3676
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2476 -parentBuildID 20240401114208 -prefsHandle 2468 -prefMapHandle 2464 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {319f7d6d-4a9f-4ce7-866d-197524e04154} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" socket
                                        9⤵
                                          PID:4548
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45809421-8ba6-4f7c-9016-414b361a80f1} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                          9⤵
                                            PID:332
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead1f8c5-b107-48cf-befa-1a41a4afc8a5} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                            9⤵
                                              PID:4080
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4660 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4652 -prefMapHandle 4516 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d987ada-a741-4cf1-80af-5871549cd4ed} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" utility
                                              9⤵
                                              • Checks processor information in registry
                                              PID:6800
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 3 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a93414c6-72ff-471c-82f3-60ab5322254e} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                              9⤵
                                                PID:2180
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 4 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c0bcb51-947d-4c82-9683-c822e2468e55} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                                9⤵
                                                  PID:5696
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 5 -isForBrowser -prefsHandle 6040 -prefMapHandle 6044 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {482e46bb-e430-4725-82d7-aefcff5b3b16} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                                  9⤵
                                                    PID:3564
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 6 -isForBrowser -prefsHandle 6320 -prefMapHandle 6316 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bdd5153-d474-49c3-b441-7a077d852581} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                                    9⤵
                                                      PID:6256
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6516 -childID 7 -isForBrowser -prefsHandle 6508 -prefMapHandle 6456 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e42606f-52b4-4ac1-ba1e-d6c704d3b146} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                                      9⤵
                                                        PID:6432
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6496 -parentBuildID 20240401114208 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 29407 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af74e3a6-b71e-4e9b-94de-ec36bf0b1fe1} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" rdd
                                                        9⤵
                                                          PID:7040
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 2872 -prefMapHandle 2828 -prefsLen 29407 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb46b42d-e68c-43ef-bd37-07ba5b12c215} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" utility
                                                          9⤵
                                                          • Checks processor information in registry
                                                          PID:7072
                                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 8 -isForBrowser -prefsHandle 4248 -prefMapHandle 6892 -prefsLen 28048 -prefMapSize 244658 -jsInitHandle 1004 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c03d1c30-4d14-4df4-8978-c0bf0606763d} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
                                                          9⤵
                                                            PID:3520
                                                    • C:\Users\Admin\AppData\Local\Temp\1019274001\5352fc046e.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\1019274001\5352fc046e.exe"
                                                      6⤵
                                                      • Modifies Windows Defender Real-time Protection settings
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Windows security modification
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • System Location Discovery: System Language Discovery
                                                      PID:4632
                                                • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2a2441.exe
                                                  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2a2441.exe
                                                  4⤵
                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                  • Checks BIOS information in registry
                                                  • Executes dropped EXE
                                                  • Identifies Wine through registry keys
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1640
                                              • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3K68Y.exe
                                                C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3K68Y.exe
                                                3⤵
                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                • Checks BIOS information in registry
                                                • Executes dropped EXE
                                                • Identifies Wine through registry keys
                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1496
                                            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4Z214F.exe
                                              C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4Z214F.exe
                                              2⤵
                                              • Modifies Windows Defender Real-time Protection settings
                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                              • Checks BIOS information in registry
                                              • Executes dropped EXE
                                              • Identifies Wine through registry keys
                                              • Windows security modification
                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:3668
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                            1⤵
                                            • Enumerates system info in registry
                                            • Modifies data under HKEY_USERS
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                            • Suspicious use of AdjustPrivilegeToken
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of SendNotifyMessage
                                            • Suspicious use of WriteProcessMemory
                                            PID:1552
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff664bcc40,0x7fff664bcc4c,0x7fff664bcc58
                                              2⤵
                                                PID:2400
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
                                                2⤵
                                                  PID:720
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
                                                  2⤵
                                                    PID:2068
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
                                                    2⤵
                                                      PID:1644
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
                                                      2⤵
                                                        PID:1040
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
                                                        2⤵
                                                          PID:1640
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4608,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
                                                          2⤵
                                                            PID:1728
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
                                                            2⤵
                                                              PID:3024
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8
                                                              2⤵
                                                                PID:1576
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4160 /prefetch:8
                                                                2⤵
                                                                  PID:3100
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:8
                                                                  2⤵
                                                                    PID:4664
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5160,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
                                                                    2⤵
                                                                      PID:1008
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
                                                                      2⤵
                                                                        PID:4176
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5412,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:2
                                                                        2⤵
                                                                          PID:3100
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4768,i,12842320443465455239,12880082682212904982,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
                                                                          2⤵
                                                                            PID:5532
                                                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                          1⤵
                                                                            PID:2600
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                            1⤵
                                                                              PID:3136
                                                                            • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                              C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                              1⤵
                                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                              • Checks BIOS information in registry
                                                                              • Executes dropped EXE
                                                                              • Identifies Wine through registry keys
                                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:3668
                                                                            • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                              C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              • Suspicious use of SetThreadContext
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:2884
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                2⤵
                                                                                  PID:3664
                                                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                  powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                                                                                  2⤵
                                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                                  PID:2020
                                                                                  • C:\Windows\system32\PING.EXE
                                                                                    "C:\Windows\system32\PING.EXE" 127.1.10.1
                                                                                    3⤵
                                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                                    • Runs ping.exe
                                                                                    PID:4164
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:5876
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:5128
                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5256 -ip 5256
                                                                                    1⤵
                                                                                      PID:6680
                                                                                    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                      C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                      1⤵
                                                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                      • Checks BIOS information in registry
                                                                                      • Executes dropped EXE
                                                                                      • Identifies Wine through registry keys
                                                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                      PID:5276
                                                                                    • C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                      C:\Users\Admin\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of SetThreadContext
                                                                                      PID:3284
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        2⤵
                                                                                          PID:6996
                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          powershell ping 127.1.10.1; del Intel_PTT_EK_Recertification.exe
                                                                                          2⤵
                                                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                                                          PID:6984
                                                                                          • C:\Windows\system32\PING.EXE
                                                                                            "C:\Windows\system32\PING.EXE" 127.1.10.1
                                                                                            3⤵
                                                                                            • System Network Configuration Discovery: Internet Connection Discovery
                                                                                            • Runs ping.exe
                                                                                            PID:6200

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Reconnaissance

                                                                                      Resource Development

                                                                                      Initial Access

                                                                                      Execution

                                                                                      Command and Scripting Interpreter

                                                                                      1
                                                                                      T1059

                                                                                      PowerShell

                                                                                      1
                                                                                      T1059.001

                                                                                      Scheduled Task/Job

                                                                                      1
                                                                                      T1053

                                                                                      Scheduled Task

                                                                                      1
                                                                                      T1053.005

                                                                                      Persistence

                                                                                      Boot or Logon Autostart Execution

                                                                                      1
                                                                                      T1547

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Create or Modify System Process

                                                                                      1
                                                                                      T1543

                                                                                      Windows Service

                                                                                      1
                                                                                      T1543.003

                                                                                      Scheduled Task/Job

                                                                                      1
                                                                                      T1053

                                                                                      Scheduled Task

                                                                                      1
                                                                                      T1053.005

                                                                                      Privilege Escalation

                                                                                      Boot or Logon Autostart Execution

                                                                                      1
                                                                                      T1547

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Create or Modify System Process

                                                                                      1
                                                                                      T1543

                                                                                      Windows Service

                                                                                      1
                                                                                      T1543.003

                                                                                      Scheduled Task/Job

                                                                                      1
                                                                                      T1053

                                                                                      Scheduled Task

                                                                                      1
                                                                                      T1053.005

                                                                                      Defense Evasion

                                                                                      Hide Artifacts

                                                                                      1
                                                                                      T1564

                                                                                      Hidden Files and Directories

                                                                                      1
                                                                                      T1564.001

                                                                                      Impair Defenses

                                                                                      2
                                                                                      T1562

                                                                                      Disable or Modify Tools

                                                                                      2
                                                                                      T1562.001

                                                                                      Modify Registry

                                                                                      3
                                                                                      T1112

                                                                                      Virtualization/Sandbox Evasion

                                                                                      3
                                                                                      T1497

                                                                                      Credential Access

                                                                                      Unsecured Credentials

                                                                                      2
                                                                                      T1552

                                                                                      Credentials In Files

                                                                                      2
                                                                                      T1552.001

                                                                                      Discovery

                                                                                      Browser Information Discovery

                                                                                      1
                                                                                      T1217

                                                                                      Process Discovery

                                                                                      1
                                                                                      T1057

                                                                                      Query Registry

                                                                                      9
                                                                                      T1012

                                                                                      Remote System Discovery

                                                                                      1
                                                                                      T1018

                                                                                      System Information Discovery

                                                                                      5
                                                                                      T1082

                                                                                      System Location Discovery

                                                                                      1
                                                                                      T1614

                                                                                      System Language Discovery

                                                                                      1
                                                                                      T1614.001

                                                                                      System Network Configuration Discovery

                                                                                      1
                                                                                      T1016

                                                                                      Internet Connection Discovery

                                                                                      1
                                                                                      T1016.001

                                                                                      Virtualization/Sandbox Evasion

                                                                                      3
                                                                                      T1497

                                                                                      Lateral Movement

                                                                                      Collection

                                                                                      Data from Local System

                                                                                      1
                                                                                      T1005

                                                                                      Command and Control

                                                                                      Web Service

                                                                                      1
                                                                                      T1102

                                                                                      Exfiltration

                                                                                      Impact

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                        Filesize

                                                                                        649B

                                                                                        MD5

                                                                                        9af4cd4ed258e0f4739c695a59a38f77

                                                                                        SHA1

                                                                                        4f6d8250b613ddaf799750dd1c9421f4a1eabc43

                                                                                        SHA256

                                                                                        6888154c4eac03aab981cb9f1ab67fb440e624f0c912e7beef5c97c34843ef49

                                                                                        SHA512

                                                                                        8ac70d5546d171c87df16cd7ec5a590f5830c78a20835db30f1fdfa98fd813dc49300e53ff04a883e0e72ff8ffddb1eb31c15779eafa6cce00c6895d1936619a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                                                                        Filesize

                                                                                        215KB

                                                                                        MD5

                                                                                        d79b35ccf8e6af6714eb612714349097

                                                                                        SHA1

                                                                                        eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                                                        SHA256

                                                                                        c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                                                        SHA512

                                                                                        f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
                                                                                        Filesize

                                                                                        851B

                                                                                        MD5

                                                                                        07ffbe5f24ca348723ff8c6c488abfb8

                                                                                        SHA1

                                                                                        6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                        SHA256

                                                                                        6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                        SHA512

                                                                                        7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
                                                                                        Filesize

                                                                                        854B

                                                                                        MD5

                                                                                        4ec1df2da46182103d2ffc3b92d20ca5

                                                                                        SHA1

                                                                                        fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                        SHA256

                                                                                        6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                        SHA512

                                                                                        939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                        Filesize

                                                                                        2B

                                                                                        MD5

                                                                                        d751713988987e9331980363e24189ce

                                                                                        SHA1

                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                        SHA256

                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                        SHA512

                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        356B

                                                                                        MD5

                                                                                        85835aa4a1ec5b683024c53a9709884e

                                                                                        SHA1

                                                                                        058d3db9b0ea7963552116d287088a0623f96429

                                                                                        SHA256

                                                                                        1910a4fbe84d30c6331a1472564e46a922120febc7783db10e9073900a7ed6b5

                                                                                        SHA512

                                                                                        ec3f4b802123b4cf29e67b6a0fa6bbf238081000db9d094592dfa1f03ce8ab3b6c42dccc2c5cba0103ec60ead9eea72016dfebc5c223a02c27a3ed1befac37c4

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        356B

                                                                                        MD5

                                                                                        ea41862245b3027531df49b2a6f538f4

                                                                                        SHA1

                                                                                        5022f26100e2d1ca122436ef33e05fa0555ca981

                                                                                        SHA256

                                                                                        1f0e0a6d859ab791ce59e161b2e3917cfc91659f7471b4f53a32df415fab3a40

                                                                                        SHA512

                                                                                        f00c87b1b20e275470d6a3dd9ff7689d8ac8f70519f51230e96da0d3c1301e6ea98701b565b52585a0e885ab8886389edbd75e7ba418c104bdcc368b09270496

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                        Filesize

                                                                                        356B

                                                                                        MD5

                                                                                        566b5fe6e80c32a5323e147d3ca847cf

                                                                                        SHA1

                                                                                        0debadbe5458a5fb12eb4a97d823e3a2aa6c2d06

                                                                                        SHA256

                                                                                        9c8e3c192022d4c6c60481c349ecd233be7e6c3b9e06f108223ced7f1036fbf1

                                                                                        SHA512

                                                                                        2d9813a3bc761d55e723b26c49ddadd2920aee58ce501735ca87f17c35600b1fba4c9ded7d8900675c88c75b6e4b0241d241c635b5af96b8cc43a736d994020d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        260219464300bfbccabc0a75251f23c8

                                                                                        SHA1

                                                                                        7d4025bb9ce7416bfbcf4423cd1f7b1bd9444e83

                                                                                        SHA256

                                                                                        8ce00d9f418103f0001483ff90238e264a92a2991e2bbaf5ae994b9f40210a24

                                                                                        SHA512

                                                                                        ec2b84f9bf0bdd04d61afab38c44466f1b48f436e43153b5d1ee6c8486184789fd82cd1526b09dfd3de06eb05331580e0fc8d50f3da0d3b3634070bd2c2789f8

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        6cd2ac52853e6e402cea52b13d717ae7

                                                                                        SHA1

                                                                                        c0aab1b8af561d9707e28ce059e626d3b1b1780f

                                                                                        SHA256

                                                                                        c0cf7a4938795524965070ee5c49ab12e163da05b8df7f43f05e23d50af2f1d3

                                                                                        SHA512

                                                                                        c17401d8f2f0318116e4e27f8462828a480e90f230d466ee9f5f8b87c58c047caeed628621f23cfb287fd8186e21fb2191ee4569542568cee47f0c9445bfed6e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        1dc0213544e54fbc27210e6ac3cd2cd6

                                                                                        SHA1

                                                                                        e1014f507d6beb7c75af46b58bebad97b5e98a32

                                                                                        SHA256

                                                                                        e49a29ede2b60d6017c8a18d9aa949c350c695d647e031c23e82be834537deac

                                                                                        SHA512

                                                                                        ba83fed716fc30fe4707271dad3b021c8905f72e77846a198d500ec1b6f64a589282905503a030914bc9e74d72db1c3c85320e207f36e1c07794b43a89feba36

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                        Filesize

                                                                                        15KB

                                                                                        MD5

                                                                                        c7f4ce0be3c755ca74ab5a86aa859405

                                                                                        SHA1

                                                                                        e5df09f8e7fdd91726299409f8ab39ae8f89e1ed

                                                                                        SHA256

                                                                                        9cca049f7ec739b8a1f9acec2fde3d70038f041276c63a29a047143b4936ad9e

                                                                                        SHA512

                                                                                        808e923782e516bb1aacb8b043e5251ee9fd874a9f987fc7f68288e032f3d27a200862dff8466b9ecffd82a8acc7e8eb17470e5830f26edf936a56b45fe5db5f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                        Filesize

                                                                                        72B

                                                                                        MD5

                                                                                        ef804b36857f5e9e8271492e9695b0e8

                                                                                        SHA1

                                                                                        d8a0cc452a1a54d6ebb0f49e46c70333ce61f3be

                                                                                        SHA256

                                                                                        0aa207a848f0e282f8baa6a60ea9131c90e7ddff1e22cd08025c526b2b3019c8

                                                                                        SHA512

                                                                                        2cc30af26361356a86513d483d2f9129e4d04f4461ddea335ab8c4fe426e60ae11e54389e34618f297a42e9694ae2aac2d78a1b61bd21173522380b9b05a88aa

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        231KB

                                                                                        MD5

                                                                                        282986d68da389d2e2580ca7d7cd7704

                                                                                        SHA1

                                                                                        6d785019c3d4872ffc1e32fd497e5832c7b80d40

                                                                                        SHA256

                                                                                        36ebac3dccc9608a759f0ebe37ebda6a75fece6437f359e928d317ab36ad27ac

                                                                                        SHA512

                                                                                        f48dbe1e627fe1c5286baae1237c3b0ad637da97d7691be5863bd1638b4d46ca1bf90794b9691a7faf5cfc44c6c2c0dacba1d613594e1e630a4ac7d3059b862d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                        Filesize

                                                                                        231KB

                                                                                        MD5

                                                                                        f17e290914799ae32b424a57101d1187

                                                                                        SHA1

                                                                                        5baa2328aae0275bb548d0214f6a91f59855016a

                                                                                        SHA256

                                                                                        32bca101b3e4df3047b18e32f4d8839e8c8c147a52ffb575cd02f23cd930a858

                                                                                        SHA512

                                                                                        4d48825323047658407b26e6ee165d35c0155adc3ae7ccb039a384264072249ba48fdb757f0583f5be678d08ddc8618bae9112c5561a7b306cedf571649657bd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        f426165d1e5f7df1b7a3758c306cd4ae

                                                                                        SHA1

                                                                                        59ef728fbbb5c4197600f61daec48556fec651c1

                                                                                        SHA256

                                                                                        b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

                                                                                        SHA512

                                                                                        8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        6960857d16aadfa79d36df8ebbf0e423

                                                                                        SHA1

                                                                                        e1db43bd478274366621a8c6497e270d46c6ed4f

                                                                                        SHA256

                                                                                        f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

                                                                                        SHA512

                                                                                        6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        997f4a933132f627d29e0876fa310030

                                                                                        SHA1

                                                                                        c67619b86977a6c64666a6632d03c658a63ff0dc

                                                                                        SHA256

                                                                                        6610aad6d067959b267530d3b0773043ea7815b9c2dfba5fbf8b5d65633e5388

                                                                                        SHA512

                                                                                        da3284a5dcff9f9e79e7bab093e7c6cb4633a1315ca220a6e04e612e81d71928a0e5c83de4138b011e200170b70df7502105ecd1b9c846aef83c9aa8dd479898

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
                                                                                        Filesize

                                                                                        109B

                                                                                        MD5

                                                                                        4a5ca6553e535a0448aad89c545cbb0b

                                                                                        SHA1

                                                                                        a293780ce4d192a091d4fc797c64ec3ee5fba395

                                                                                        SHA256

                                                                                        915eeb67c87f7a7711a29622b4cdc8315bc2295243712f4feb12b69955f7ab87

                                                                                        SHA512

                                                                                        19e76e695f86d520fef4dbaa2dc704a7e77c5e379d27eb9b27f771aaaee01e5d54c464bc94c44caa6eae8ab0a9a1ca8516467b727e15387eb6287de622e25674

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
                                                                                        Filesize

                                                                                        204B

                                                                                        MD5

                                                                                        ea77345aef01841b3d439327bfc82fde

                                                                                        SHA1

                                                                                        79097748dab66adb98def2306b61acb6a391a123

                                                                                        SHA256

                                                                                        afc71b8d077d78d279902a0316736382226c88834968b0e193f9c48717849f83

                                                                                        SHA512

                                                                                        6c3a8f2a00b9627911dd300dfb48d1e2a0eade359a2f573ed6cefe7c5f709e82b9aa93b99d7967b41548852b50b67add0fbe20ae9bd4fb94d8fdea06a89612dd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        46295cac801e5d4857d09837238a6394

                                                                                        SHA1

                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                        SHA256

                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                        SHA512

                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aaa49f69-a189-4c7f-b66d-fcb542fa48d6.tmp
                                                                                        Filesize

                                                                                        1B

                                                                                        MD5

                                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                                        SHA1

                                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                        SHA256

                                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                        SHA512

                                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TRPPE7V2\download[1].htm
                                                                                        Filesize

                                                                                        1B

                                                                                        MD5

                                                                                        cfcd208495d565ef66e7dff9f98764da

                                                                                        SHA1

                                                                                        b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                                        SHA256

                                                                                        5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                                        SHA512

                                                                                        31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json
                                                                                        Filesize

                                                                                        21KB

                                                                                        MD5

                                                                                        f0cb4b53d6cb5a92f8ea6e4efac6e8aa

                                                                                        SHA1

                                                                                        383953a6f42e6dd2c3acbd17e58729ebcfb91cca

                                                                                        SHA256

                                                                                        ba032728047279fee7dd9861724183e91d111a96d8418e97ea042db49c3dffcd

                                                                                        SHA512

                                                                                        25b8e0132d669e70c7d904d91e5757a57242a874b5e537413810ed7cf5738cdd1a0132d0f6b4d0e7b093afd04fb464705831af685cb2d7011f601927eb1e979b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\1028C0594A2905A51C9BE4B9198A912DA5F01823
                                                                                        Filesize

                                                                                        49KB

                                                                                        MD5

                                                                                        2562830f9dc26db0cff08ea3c2ee1c32

                                                                                        SHA1

                                                                                        5230bdb950f82dce45e254b23024ccd2dc48598a

                                                                                        SHA256

                                                                                        6edb6341b15a33d188fc76875fcc62e0bd68d088fb7597c78889f3de60d9e160

                                                                                        SHA512

                                                                                        cfcb40268269f4c24dc4b3fcae427f3b7a786d23829628f801dd9f002c9715534305847e26335f4dde7f8216245d1bc306b98270ba1a8dbcb390598a0faf9b4d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                                                                                        Filesize

                                                                                        15KB

                                                                                        MD5

                                                                                        96c542dec016d9ec1ecc4dddfcbaac66

                                                                                        SHA1

                                                                                        6199f7648bb744efa58acf7b96fee85d938389e4

                                                                                        SHA256

                                                                                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                                                                                        SHA512

                                                                                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019261001\8704fe9e32.exe
                                                                                        Filesize

                                                                                        1.8MB

                                                                                        MD5

                                                                                        27c1f96d7e1b72b6817b6efeff037f90

                                                                                        SHA1

                                                                                        2972cc112fc7e20cbf5952abe07407b8c1fbb2a2

                                                                                        SHA256

                                                                                        aec3ec473de321d123e939985579227ee62b53b3b3edb7ab96e2a66c17e9696d

                                                                                        SHA512

                                                                                        9a31dc9945889d35aea8710df2f42806c72c422b7b5f4aa8acba6986cbd9ea6a49181a41a50ee21ccbed86cbff87c98a742e681ac3f6a87e2bd4436c9112eb32

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019262001\4eeab29b4f.exe
                                                                                        Filesize

                                                                                        758KB

                                                                                        MD5

                                                                                        afd936e441bf5cbdb858e96833cc6ed3

                                                                                        SHA1

                                                                                        3491edd8c7caf9ae169e21fb58bccd29d95aefef

                                                                                        SHA256

                                                                                        c6491d7a6d70c7c51baca7436464667b4894e4989fa7c5e05068dde4699e1cbf

                                                                                        SHA512

                                                                                        928c15a1eda602b2a66a53734f3f563ab9626882104e30ee2bf5106cfd6e08ec54f96e3063f1ab89bf13be2c8822a8419f5d8ee0a3583a4c479785226051a325

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019263001\55fe202777.exe
                                                                                        Filesize

                                                                                        1.1MB

                                                                                        MD5

                                                                                        ef08a45833a7d881c90ded1952f96cb4

                                                                                        SHA1

                                                                                        f04aeeb63a1409bd916558d2c40fab8a5ed8168b

                                                                                        SHA256

                                                                                        33c236dc81af2a47d595731d6fa47269b2874b281152530fdffdda9cbeb3b501

                                                                                        SHA512

                                                                                        74e84f710c90121527f06d453e9286910f2e8b6ac09d2aeb4ab1f0ead23ea9b410c5d1074d8bc759bc3e766b5bc77d156756c7df093ba94093107393290ced97

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019264001\7c2fd5ed0c.exe
                                                                                        Filesize

                                                                                        842KB

                                                                                        MD5

                                                                                        8eb4f92605e35c57a42b0917c221d65c

                                                                                        SHA1

                                                                                        0e64d77ef1b917b3afe512b49710250c71369175

                                                                                        SHA256

                                                                                        b57d78d93f74f7ae840ab03d3fda4f22a24ad35afcf9a53128cf82a92a67a085

                                                                                        SHA512

                                                                                        4cc5db426c8de3d7afdcfa26440d5bd9a885f5148e4307b8d04c5d56c96672d5c82ed9989bf346ce7aecea07d980735c46a930b885f824ba53738ac76dbb05bf

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019265001\80a096a6d2.exe
                                                                                        Filesize

                                                                                        4.2MB

                                                                                        MD5

                                                                                        de977c9c79ceebdf86d4cb38408d7ce4

                                                                                        SHA1

                                                                                        2ffb19e7bc8109bb8033c1d6e25f4ae2fe49b3c6

                                                                                        SHA256

                                                                                        ad3fb64aaa0680e21de914b77e3502a6c82860f333fa3d2415cb9a7a93b9b893

                                                                                        SHA512

                                                                                        19067b298995a405ac3768b6586cd456598af7a9703551eccb1caf8c30c1e126abf9d4f80001f1fcd1c201dd0cf30f99cdd77ef5b5e2feffbcdd7887e29932b0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019266001\f4d210be8e.exe
                                                                                        Filesize

                                                                                        4.2MB

                                                                                        MD5

                                                                                        3a425626cbd40345f5b8dddd6b2b9efa

                                                                                        SHA1

                                                                                        7b50e108e293e54c15dce816552356f424eea97a

                                                                                        SHA256

                                                                                        ba9212d2d5cd6df5eb7933fb37c1b72a648974c1730bf5c32439987558f8e8b1

                                                                                        SHA512

                                                                                        a7538c6b7e17c35f053721308b8d6dc53a90e79930ff4ed5cffecaa97f4d0fbc5f9e8b59f1383d8f0699c8d4f1331f226af71d40325022d10b885606a72fe668

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019267001\cad0eb174e.exe
                                                                                        Filesize

                                                                                        1.3MB

                                                                                        MD5

                                                                                        669ed3665495a4a52029ff680ec8eba9

                                                                                        SHA1

                                                                                        7785e285365a141e307931ca4c4ef00b7ecc8986

                                                                                        SHA256

                                                                                        2d2d405409b128eea72a496ccff0ed56f9ed87ee2564ae4815b4b116d4fb74d6

                                                                                        SHA512

                                                                                        bedc8f7c1894fc64cdd00ebc58b434b7d931e52c198a0fa55f16f4e3d44a7dc4643eaa78ec55a43cc360571345cd71d91a64037a135663e72eed334fe77a21e6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019268001\6fb43892f1.exe
                                                                                        Filesize

                                                                                        21KB

                                                                                        MD5

                                                                                        04f57c6fb2b2cd8dcc4b38e4a93d4366

                                                                                        SHA1

                                                                                        61770495aa18d480f70b654d1f57998e5bd8c885

                                                                                        SHA256

                                                                                        51e4d0cbc184b8abfa6d84e219317cf81bd542286a7cc602c87eb703a39627c2

                                                                                        SHA512

                                                                                        53f95e98a5eca472ed6b1dfd6fecd1e28ea66967a1b3aa109fe911dbb935f1abf327438d4b2fe72cf7a0201281e9f56f4548f965b96e3916b9142257627e6ccd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019269001\36463a3e1a.exe
                                                                                        Filesize

                                                                                        4.2MB

                                                                                        MD5

                                                                                        2b39bc094a36c474dea04d0bb8e22356

                                                                                        SHA1

                                                                                        115e4f12506c0fdf4db9b19c94e526040c94cf02

                                                                                        SHA256

                                                                                        6bc9ae5b97c21197dbec153f9d9420d7c5976ecf5ad1a40449474c019006db98

                                                                                        SHA512

                                                                                        d466bf292e13795fe636b39c77a58a03c3ddda5ca4dd26a00db7268f2c12eefb9874b8e3342c31aa2066c017b02f1b86c5a984e5327d5487c2eda4cfa3d98871

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019270001\484dd38bcf.exe
                                                                                        Filesize

                                                                                        1.8MB

                                                                                        MD5

                                                                                        8f99d6a86bb1b60441b2d0824b2f8a16

                                                                                        SHA1

                                                                                        bdba27ca8ac199579268260535b2a90a88c63b3b

                                                                                        SHA256

                                                                                        4360fbed2a0cfcaaecab2a478478a2266fe8df65bfb9fc2876bbdb91ff1add46

                                                                                        SHA512

                                                                                        30a2f0a07521e61877a8a05a17daf9c378435caa17b42993827d1421a8c57d94e75f97bd3daa582207b1b2874d4f5e70a4cf476f556f39c66bcd6eefc7ad8430

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019271001\99876de6f9.exe
                                                                                        Filesize

                                                                                        1.8MB

                                                                                        MD5

                                                                                        d96503971b338f5b4db28e9f306a1fad

                                                                                        SHA1

                                                                                        2b75e6f5537b01ae1fdc43fbc666b4cb300e50cc

                                                                                        SHA256

                                                                                        c1ddf685bda82f05dd6c3730103fcd0c7bba4d2ef14fcca5e57c622db31873b5

                                                                                        SHA512

                                                                                        adaa96475e3a4e1392c51f18c86ee296e665fd07c2ab0d55290c3ee9782c326271ce8e8a58f6e15805edae23e03142d12d212aba2179b2ce8be9d41cb23ad87f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019272001\1475b4aeb8.exe
                                                                                        Filesize

                                                                                        2.7MB

                                                                                        MD5

                                                                                        39a1cde446dbdfbee85fb538b6a2fecf

                                                                                        SHA1

                                                                                        e0cba0a970e93d8c4e2febe70a33c2c5b93c50d4

                                                                                        SHA256

                                                                                        627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0

                                                                                        SHA512

                                                                                        f5d1927b22011a20dd62c304fd568ede6d19a2e3b41a937d56352d5795a7667989e351c7464c1a909982c4deb0ea3cf586d441b1fdad96c3d6bdeb22d491932a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019273001\357e639fec.exe
                                                                                        Filesize

                                                                                        949KB

                                                                                        MD5

                                                                                        7bd4baf09d12c7cbb2343bec04e564d7

                                                                                        SHA1

                                                                                        2f82266778edece71ec095020f46d484c66a663f

                                                                                        SHA256

                                                                                        bc01280d1f4afc112127217a92f448fb3622bc7e70e1456073c1b8a38af5faa3

                                                                                        SHA512

                                                                                        418f559ec0968b30ec0b6ccf59dcbeda84bd4342d879fbaeaa6fa20fa6dbd2f49d5d574ae38ed420ce343e01d5677294d3ffb777ac88192b0b91da323911f7fb

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\1019274001\5352fc046e.exe
                                                                                        Filesize

                                                                                        2.7MB

                                                                                        MD5

                                                                                        2ea6bb0dfc1348b335b60bef49cc3883

                                                                                        SHA1

                                                                                        009c05653f84888d18990b94702b9ca981fc8472

                                                                                        SHA256

                                                                                        7f570756983d6dce656b5b6f710c569c7ec1a01b30189d2671f5d1a11fbc6cdf

                                                                                        SHA512

                                                                                        a3bd9fb48ece1041b837168d0174833bb5f44204d0a7d17c850bb6b0c1ce0f6fb96fcf6e3d5c6680fb5d7ca23a394d0c5dd2b42fceaa791a847f8725f6432be3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\245347\Dry.com
                                                                                        Filesize

                                                                                        925KB

                                                                                        MD5

                                                                                        62d09f076e6e0240548c2f837536a46a

                                                                                        SHA1

                                                                                        26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

                                                                                        SHA256

                                                                                        1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

                                                                                        SHA512

                                                                                        32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\245347\b
                                                                                        Filesize

                                                                                        267KB

                                                                                        MD5

                                                                                        0c7d5f0db7d1be49fc2285c64d3c45aa

                                                                                        SHA1

                                                                                        942803613a17b0735f80d32dab9be6b87a0e472f

                                                                                        SHA256

                                                                                        d49d834cb452343c64c7b9716f5b6d6032ce8b81e04995ccd1af130ff863143d

                                                                                        SHA512

                                                                                        52c3cacdd5a798243bdf191d0f673c63befd5297284e2841de8ef0588b103b1192e60d50e22e5572fa160834be7d052aa328556ed182a1cc56c9be55ab76ccc8

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Another
                                                                                        Filesize

                                                                                        96KB

                                                                                        MD5

                                                                                        5535aa11bb8a32622dadb4cb7d45071c

                                                                                        SHA1

                                                                                        76b4b6221174f1b11370d7aa2a89a5996624c7f8

                                                                                        SHA256

                                                                                        ead59f9d65f7830e35a9c213b07938b7bc57513692ecbcf66b4be4ac82350eba

                                                                                        SHA512

                                                                                        b14a53ea33b6f44ef4fffb76060955f9ae85bfed79ca206359ffcdf80aa33d21abff41d526e43ba55bc33048fd8a237a2c854e92856f292cb4825304acfbe3bd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\App
                                                                                        Filesize

                                                                                        17KB

                                                                                        MD5

                                                                                        15687a16a1310bb6dfcb1fb9b8d052b3

                                                                                        SHA1

                                                                                        bda139691a5c3f90f7059d84dbad98354748832f

                                                                                        SHA256

                                                                                        08f36da3d5e25c26d14e49bc46995aa1a5842ad368a9e02244db850f77d4a70f

                                                                                        SHA512

                                                                                        9dfafa0cf6e7a54037cc53c155c7214580a90b4066d3b469a966f53d363ae63a6a4d9bb08a8de64796e8c6b36e6a5e8374069952628a81b13ebfe93abbc51574

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Critics
                                                                                        Filesize

                                                                                        103KB

                                                                                        MD5

                                                                                        8496cef888ee804f2b8a44171481e40a

                                                                                        SHA1

                                                                                        90fcde8c353d79ae02bfc946d708d35fedfea64f

                                                                                        SHA256

                                                                                        0d8671285841832d972ca2576cdb83f412af8433cf33c511f652912e7fd7e29b

                                                                                        SHA512

                                                                                        158c70a8804e73dfb25a1265328fadc26903c5b035a991aaa570f0ef98f89d616c635e4820e926fb8e00e1c20cfcf3fd441dcc0ca5eefa109dd5bc23e0e4c61d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Doug
                                                                                        Filesize

                                                                                        114KB

                                                                                        MD5

                                                                                        37f28bccbcaea4719409c72aa6385586

                                                                                        SHA1

                                                                                        083ad006b92745c976989bc5fb76e7187d81a597

                                                                                        SHA256

                                                                                        7101d14a5fcf7b47a9c6b809155bea70121c61d2df7e2244573204c2190ccf45

                                                                                        SHA512

                                                                                        105de3a0358c0e95b573dd1fc590b27c33f8033158b28a523a5ef9bdbfaa1f488e6b0f7556d6e46d96e23f00392f4eebded0dcea31926a05823ea1b5d4fff22f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Eleven
                                                                                        Filesize

                                                                                        125KB

                                                                                        MD5

                                                                                        3b84985152cd93f2bd04bd909d7c902e

                                                                                        SHA1

                                                                                        4bd3d6af1e4ed7efe357e707ec7e6ab2e3ff4eee

                                                                                        SHA256

                                                                                        9df8e69068b9ce01749fe0a515db1554c05d491c3a5a4f80f8aba060ea89950f

                                                                                        SHA512

                                                                                        051d3b9fa3d463d78d1ac971396dcb00d930a9e9c3f7a1278a7dd8027d1ab159f688f912d65d78ada9f059d73526f987a36cac0d5100cae5491959dd059f89dd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Eligibility
                                                                                        Filesize

                                                                                        88KB

                                                                                        MD5

                                                                                        3efe58b3be584c2afe3d64a453f70dac

                                                                                        SHA1

                                                                                        ba151bdfa43145dc0e3a495ac5382638cfb0a2c1

                                                                                        SHA256

                                                                                        7054a53ce5187d3470517170af3138dc28cec4ed1793574a91cca795fb7e3e10

                                                                                        SHA512

                                                                                        929b0a9af43360af0f820fab936650b211978523b9fdef00ee563930e03f2a9830e5c2246be9ace7f95ab78cfb075e82347cafb02472b8a09dc4859c9a5232f3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4Z214F.exe
                                                                                        Filesize

                                                                                        2.7MB

                                                                                        MD5

                                                                                        880df76d424516c612b54407aeefa341

                                                                                        SHA1

                                                                                        5fc31b30425cf3ac3c8f1b947bf4b279d3da0d71

                                                                                        SHA256

                                                                                        34cda3da6114d02b343d247365e79c33e2fc17409391c42cc187862c21a47321

                                                                                        SHA512

                                                                                        6191287acb49e638fa22f181e219c70f735e8dadcc53c3aa2578dcae44396a13a22d2ea97a13e0d453a6d4f689418b3105da0302ab06d69c0bdc9a7dd5593e31

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\O9I15.exe
                                                                                        Filesize

                                                                                        5.2MB

                                                                                        MD5

                                                                                        844af035db285eb439e7aa70c699b3e9

                                                                                        SHA1

                                                                                        25594b40ce060729a51a284af445c6d94e6ff2e4

                                                                                        SHA256

                                                                                        bebf0cbb03622b2d1d62d2a338b3224ee26076090bd2d45e3234ebdf448dd755

                                                                                        SHA512

                                                                                        97877937a06b446d0eff6dbefa7415acd02af4045825e2bf7512c2d0f5876e068e200c902044f9a3b3c81e3667bbf775772a6f37b2da11d8c3c94e69e3fe12d1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3K68Y.exe
                                                                                        Filesize

                                                                                        2.7MB

                                                                                        MD5

                                                                                        a2e7bea4344fd57b09e917ba50ecd482

                                                                                        SHA1

                                                                                        70d3de6bb6f8f19c4b500c3190b307c21259d2af

                                                                                        SHA256

                                                                                        5008900485671d1e697b9afb70829eaa472b379f94e925394ad7b5ab681bdf3e

                                                                                        SHA512

                                                                                        9f12fd0c2f92be564f27084bb1c765d5c0dc92eb9f929e60e2e19fb8bbe9d44c262515c0bf81d2191f5ebdd94edaba6e9042c08af75281193fd3dbfd7d8859dc

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\h6r40.exe
                                                                                        Filesize

                                                                                        3.5MB

                                                                                        MD5

                                                                                        53870b42c730e3472481e69219fe3b85

                                                                                        SHA1

                                                                                        c38c5d8bfe676aa153a34e2c8da2e8407595ff9a

                                                                                        SHA256

                                                                                        7b849d5797cb58c6c2865dfd4cd46cd156f0d9e6e13811b667c093370781b809

                                                                                        SHA512

                                                                                        c1b169403bd5d318310fdc9e4af02a6d576df4310c1e173845ef06d4be1058f9d9f8eff24f461f05278303e82d897d93d30122248a30f0737857f0067f6cd5bd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1k76k5.exe
                                                                                        Filesize

                                                                                        2.9MB

                                                                                        MD5

                                                                                        9765ac8d5874ba1323875aa901871db6

                                                                                        SHA1

                                                                                        376dcb324421e41140e2ff169c2e3f2c39625fe1

                                                                                        SHA256

                                                                                        d4d873be4406e74df951d8ec2781150c426663904bf44e504fafa7d70b0e7099

                                                                                        SHA512

                                                                                        e3b56ccdb50d10de0bedf9067d2d19e16c01feb0116bfa429f9c027dd1c58261f104fceb64ea1bccb04b3f6cde2089431e6f7a2bf863bae6d7eb0163e761aac3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2a2441.exe
                                                                                        Filesize

                                                                                        1.8MB

                                                                                        MD5

                                                                                        6a9681c4e4484e33a9d20e53ff87c490

                                                                                        SHA1

                                                                                        0bb12b650db680e90659a10decd7a8ec1cd0c12e

                                                                                        SHA256

                                                                                        555680332dd607bb1c50b8de42292a2ab33f23ea7a0a08318083daf5795d291d

                                                                                        SHA512

                                                                                        55438f82b36f372a30c2c455cbb9637072935e01625b15397801e2446258a00b3562b0c615e93b0a0ad48a4cb0c52b40575931ae4a611de02aeeb63293ec12e2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Judy
                                                                                        Filesize

                                                                                        70KB

                                                                                        MD5

                                                                                        f5c4ea189e763c79767bb2f4bc471f08

                                                                                        SHA1

                                                                                        6abe10f27aeb64cb3583ec3549d8f84eb23b05eb

                                                                                        SHA256

                                                                                        49b1a81a6965071db23fe804a6293b87fd2ab96cfda6e28d806c1e76a53e723e

                                                                                        SHA512

                                                                                        31e79f7a7fc0a5eea3c4d70b152f75573c43c324b317667f41a824ebb2913d7bf4bacbf08a85d6281ec33ada2f2babe2a26d251008288cb6a4ce85e38dbe51d7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Organizing
                                                                                        Filesize

                                                                                        239B

                                                                                        MD5

                                                                                        28a97febfc5cd391bec1e2a3d9d938bf

                                                                                        SHA1

                                                                                        adea302b1d73d65c4c2a64f4f10955d5e4d728aa

                                                                                        SHA256

                                                                                        2528cd8d1353e6c4dbcc6d2226b5b50ef14027a962a49c4001d2c8c072904773

                                                                                        SHA512

                                                                                        7bbb7f7781c77740efc6361c5195a01f854c3ca1afd9ec7870c4f87c5a28432af97d61a41e4af0d2d3cea45fa3565e297fc08cd7aca91831792df0a81efe0f82

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Origin
                                                                                        Filesize

                                                                                        63KB

                                                                                        MD5

                                                                                        7bbdcf2829f157f4178ad1a4ea31bfe6

                                                                                        SHA1

                                                                                        afc7c5852f104d94fc2726b3230039b696f17fc2

                                                                                        SHA256

                                                                                        bac794ee8129a6edaa06fed424a8839d24b6b8e6a75c4f23bc8c3e7735498818

                                                                                        SHA512

                                                                                        d2dd73e8f2b965b9bf9bb806c639af654646d76628e5c707f29ede16a1634dd5a699fb239c83c4bcf492b03e2941129affc777c39b9851f948a96f537dc844ff

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Saved
                                                                                        Filesize

                                                                                        66KB

                                                                                        MD5

                                                                                        53ab895bb726a4933dd1dc3f2fa2e5f8

                                                                                        SHA1

                                                                                        3933c015286de1871305ac17679d7244e0c73a07

                                                                                        SHA256

                                                                                        230c6c15bb57bcb9566d03a0940eb2d8cbb52fd2807cb195982c2541ef7ebbc2

                                                                                        SHA512

                                                                                        3ffb82fb40e8ff1d98d395601de10beb59af9f77af6300dba79e2436ea787ee7dce026dd43cdda324515f81ec7b5f48e1df396cfc3568128468c3cc5e663682b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Sensor
                                                                                        Filesize

                                                                                        116KB

                                                                                        MD5

                                                                                        3b125d59ce5a2cf242a621511a0fb164

                                                                                        SHA1

                                                                                        3ccba09f214b941931d6169ca9959ace2a72aba7

                                                                                        SHA256

                                                                                        e4c1fbedc713173bcef5c724f3d64283add852a64f65c87eb3ec8d86c55833aa

                                                                                        SHA512

                                                                                        c026f9aa8e83f2c888e2b8336c7ec8380d34873956407e32fae31fd72bda741b72c649b7162587435e3d13b9b9fae8e0552330d710831c774264724c8589f36c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Sheets
                                                                                        Filesize

                                                                                        61KB

                                                                                        MD5

                                                                                        d947e72346c4ac1aba8bbde8bb791f6f

                                                                                        SHA1

                                                                                        f6dc2cffbc0b29502cba42d9adee2263a7ff4835

                                                                                        SHA256

                                                                                        a6e6fc90d3c04e2461e3017e9f1dbaa27abb9278f5db7bb09a218a3a969feb41

                                                                                        SHA512

                                                                                        61e4a6bfb253d4fcf21781324c6dd7b2dff0750075bfe4ccaffff07a4d2fa552016dfb343bb835bfc7e7d6fd80b2b35b9519f2d6958885502758138bab764e9c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Show
                                                                                        Filesize

                                                                                        54KB

                                                                                        MD5

                                                                                        35469ff6842a57bd9788db58a1e1c0cc

                                                                                        SHA1

                                                                                        47b76f8ae04aeff8cde18e15a6ab9d072214a54a

                                                                                        SHA256

                                                                                        7006a277a8b2ab82ae4409df94e227083287b7678b9ffe79e2e19d534f1335ec

                                                                                        SHA512

                                                                                        3b97531e8d41c069dd9a8a6f3fe0fbc498facbb6df823525a726499cf5a4ea40879b7d02138c6d020520df2d59c28efc2f51470bf9aac9f00b6f40101fe51ad0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Silent
                                                                                        Filesize

                                                                                        50KB

                                                                                        MD5

                                                                                        04df53fd74b69c92dba8cd83eafa1180

                                                                                        SHA1

                                                                                        275765d9c7e3300c0b7579ae3de32f658e12945c

                                                                                        SHA256

                                                                                        db246122e92d7c13ae1050c65c1e1f722f4e98375c9875d719f775cfe1478ee9

                                                                                        SHA512

                                                                                        44dfa1ccf0c3b054dac3fadba5a87c7c56f318c74dff83810310e349b80029f19a08133c502dd7b65e543b882e567ac19de54f8a520ff073774894f6f8320ef5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Symptoms
                                                                                        Filesize

                                                                                        52KB

                                                                                        MD5

                                                                                        7847e23cce3770257dd905024cdc5020

                                                                                        SHA1

                                                                                        2d2070cb134ccde38544814a1e1e35a08ab95ea6

                                                                                        SHA256

                                                                                        75f0206860b962d3636015d98c420ec5ebf4023ca7b75b747aeb388aafe9049a

                                                                                        SHA512

                                                                                        97f5b6924c23343f732ab470b8006ef2b25c92fadb3560fd56db6e53b8daf0c65ce66eb416bd03126c3b1ae6fa2cf66178a487c0eabad24263a3de7253c236b0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Tmp3832.tmp
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        a10f31fa140f2608ff150125f3687920

                                                                                        SHA1

                                                                                        ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

                                                                                        SHA256

                                                                                        28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

                                                                                        SHA512

                                                                                        cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Volunteer
                                                                                        Filesize

                                                                                        93KB

                                                                                        MD5

                                                                                        d9ebae5a1b2f513852f89fdc3d31672d

                                                                                        SHA1

                                                                                        dfa418e6fd3c5b16b685ea0e09cc159a5ff6ed14

                                                                                        SHA256

                                                                                        b9a3c8e95d261cc9c6b28b58518554120aa2cfa09c2be81c609c0f01b26b313d

                                                                                        SHA512

                                                                                        d5a9226ea1152566872669c4072bea6498c930e405db45fb6b7b63cd7a807be814c7a71e983851f5d7a66b131319a850ddb10e1d4661d4cacd3082cb5c1caeac

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\Wanting
                                                                                        Filesize

                                                                                        40KB

                                                                                        MD5

                                                                                        6f1a940a0159306f679ff4d03524ae0b

                                                                                        SHA1

                                                                                        2b48523d0bf3828abd8590e13a03b5946b3d442d

                                                                                        SHA256

                                                                                        7e294dd8f93a9a7d79fb118070f548d1e8fda62fa96af973e1a950f150b0331e

                                                                                        SHA512

                                                                                        4ddf0afa24b981bac3ca60cb52af73e39bf7155972f49968c8fc85a17f561208d76158cd117948467176696a0ba87b9ac33658c5e7ef1ef3d4201139e959f932

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2jocl4ss.mhp.ps1
                                                                                        Filesize

                                                                                        60B

                                                                                        MD5

                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                        SHA1

                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                        SHA256

                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                        SHA512

                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\main\file.bin
                                                                                        Filesize

                                                                                        3.3MB

                                                                                        MD5

                                                                                        045b0a3d5be6f10ddf19ae6d92dfdd70

                                                                                        SHA1

                                                                                        0387715b6681d7097d372cd0005b664f76c933c7

                                                                                        SHA256

                                                                                        94b392e94fa47d1b9b7ae6a29527727268cc2e3484e818c23608f8835bc1104d

                                                                                        SHA512

                                                                                        58255a755531791b888ffd9b663cc678c63d5caa932260e9546b1b10a8d54208334725c14529116b067bcf5a5e02da85e015a3bed80092b7698a43dab0168c7b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\main\main.bat
                                                                                        Filesize

                                                                                        440B

                                                                                        MD5

                                                                                        3626532127e3066df98e34c3d56a1869

                                                                                        SHA1

                                                                                        5fa7102f02615afde4efd4ed091744e842c63f78

                                                                                        SHA256

                                                                                        2a0e18ef585db0802269b8c1ddccb95ce4c0bac747e207ee6131dee989788bca

                                                                                        SHA512

                                                                                        dcce66d6e24d5a4a352874144871cd73c327e04c1b50764399457d8d70a9515f5bc0a650232763bf34d4830bab70ee4539646e7625cfe5336a870e311043b2bd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir1552_1756014036\3cb726dc-b7a0-49b2-8a78-dcb673c02b71.tmp
                                                                                        Filesize

                                                                                        150KB

                                                                                        MD5

                                                                                        14937b985303ecce4196154a24fc369a

                                                                                        SHA1

                                                                                        ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                        SHA256

                                                                                        71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                        SHA512

                                                                                        1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir1552_1756014036\CRX_INSTALL\_locales\en\messages.json
                                                                                        Filesize

                                                                                        711B

                                                                                        MD5

                                                                                        558659936250e03cc14b60ebf648aa09

                                                                                        SHA1

                                                                                        32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                        SHA256

                                                                                        2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                        SHA512

                                                                                        1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                        Filesize

                                                                                        479KB

                                                                                        MD5

                                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                                        SHA1

                                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                        SHA256

                                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                        SHA512

                                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                        Filesize

                                                                                        13.8MB

                                                                                        MD5

                                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                                        SHA1

                                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                        SHA256

                                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                        SHA512

                                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        634b30d82d6598de7444e04525b2b734

                                                                                        SHA1

                                                                                        262d35002e94c9e88ad3698c3a09ea6c286930ed

                                                                                        SHA256

                                                                                        5032ddc22add2d109c48a172c2891b8a80399eba27d24ed6adf00c29cd456dc1

                                                                                        SHA512

                                                                                        a9a27aa7330fbd4d521d891fcc3ff86da1562e68ed699a9dfbba6c42b2aaf9ed3c3f4806a697dece7cd9ae303052a465d2b43178508042ce2cfda71e298690e7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        a5ca594dc936a5081087d418e859ab4e

                                                                                        SHA1

                                                                                        7a4872dec07cc494842593bd06b10035d76b09b6

                                                                                        SHA256

                                                                                        43aca7c3a69f09e0630af271b6c8235448bc114fab0eebc563816f7ed3323d9a

                                                                                        SHA512

                                                                                        092a6a5613733de827539732dcbdc18bc34dcbdd3ba441f12417b456c905e66d89906f7742c511ef6cde9f8e81e18fe5b7f53ac92f96703d6f8f22810e03ab5d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        8047aa382cd08d390d72e1fc32e9366f

                                                                                        SHA1

                                                                                        96180ed3a28e0c510cb4c57ddc07500fead0fc22

                                                                                        SHA256

                                                                                        45720c12909954d06c5d7d59364e9d3a8b21121e99c0723d1c6516ca9d53f2ec

                                                                                        SHA512

                                                                                        700759cb2b8aa669f0af01e136a4220a01947296d63eca853d5d042179ae33327836deb3a2a6e3719bdc3f2eee4600e9d0af624aa66383b3006cdd4a62f9af55

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        17KB

                                                                                        MD5

                                                                                        9d4e550ebc2bbe408ade711a6b6bbd84

                                                                                        SHA1

                                                                                        91d97ee4b49850b2564533af38ad7c5c00e1b6f0

                                                                                        SHA256

                                                                                        0f0e3403c9be6e5e844b9e362daa0c68fa85f41b35ae55a4e6e750f0cd77c9f9

                                                                                        SHA512

                                                                                        048aac9e6ccce2774cba916df40968f82f2313c6cc7f7f3ba48f6b1ad2bed084b370b8b00f0d8bee58c47c0b1fe631c0b3f7915211995a3767cca6fbab776e07

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        22KB

                                                                                        MD5

                                                                                        07db490308a5100aa75f174b2d303505

                                                                                        SHA1

                                                                                        17ddcc8349a923134258c4c5a8bfd1820be01ee1

                                                                                        SHA256

                                                                                        f0dcd85723eba05aae55e5dafa0e13b521fe2cb9ef64b8a05b34f63b47173535

                                                                                        SHA512

                                                                                        4de723f4c8e8d9d58d098da1e5758a96672f26c9df5b7115ad1af7e9fb2a7e0fdbcf881442bfbf09c822ab041a43c6225c3d3a2c26516c85579019bd694883a2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                                                                                        Filesize

                                                                                        25KB

                                                                                        MD5

                                                                                        241f9c882646bf07adb55e2c295229de

                                                                                        SHA1

                                                                                        0d671b9f4e173ce307dbee02541737dcdfb23d42

                                                                                        SHA256

                                                                                        3bd0a7f94b1ae2fbc77266f300d992fab163906eb2acdb7365bfd5281f97df8d

                                                                                        SHA512

                                                                                        6857851776586dafb7c851a6367ab53ee42854df4b6e4ecdd7efc975486e4ea7c3aca7e077ffa4414b2239dcb54f6efeaee03af61df9d06ccf6b8a4db03c0119

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.bin
                                                                                        Filesize

                                                                                        23KB

                                                                                        MD5

                                                                                        c3daa0381f29f7d91701a6cee5917175

                                                                                        SHA1

                                                                                        c48db1d2ca575308e7f6c11e4dc053b1e24f6a06

                                                                                        SHA256

                                                                                        c5e90d9a029f490bb4e307b1f980bd85cd6e9a17dd2c75392224d5495addc2b4

                                                                                        SHA512

                                                                                        4448f84041e83ea106ec58d98bbce9a15d756c926cfc3d81c24edf0d4bca79637c474ffd898fe57cdfe13b72e7e279bafccd2a61cf1efcc0de23e77c007adee2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        024196bc094a8f6fefc5eadb4c265a78

                                                                                        SHA1

                                                                                        5dea0c1f0df2afc2bf3c3e5536a09331cca0fe3e

                                                                                        SHA256

                                                                                        094ad9f0b4caa2c8442b56fb3f224c5a7dd0f57cde2c2f69cb205fecfafbe94f

                                                                                        SHA512

                                                                                        579dc62148bdbe345a8bfec2e52b5202fd3c69ad95c340478e41199adc5cc2f341fabab8bb48f6da52d73694e0bdf49633e8cf74a0d062d586b7390731ec8690

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        1f8708a527d87b5f3755ef5c49255657

                                                                                        SHA1

                                                                                        8dddf29e9d9e354d30b6184e08fac77e6bcadcc6

                                                                                        SHA256

                                                                                        a74cd6fa997f11f2da8a56ec5c3c4c20f67efa7dd47e0c9fa91338138b54e78b

                                                                                        SHA512

                                                                                        fd23fcf5bd0b876be6b53216dcbac194d579e28ac65ecd73586780ab2f3c95afa85c9ddfde29913fed4228a3c1ef1b27eac6f5e1e230b6c03a60f28ff3733f34

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\21de26af-8623-4b83-93c6-89f508600438
                                                                                        Filesize

                                                                                        982B

                                                                                        MD5

                                                                                        9e8672acde718ceecdde4f5b447038d8

                                                                                        SHA1

                                                                                        4dabbc429bab552ef1beca2d91634e174f2fe26c

                                                                                        SHA256

                                                                                        a58e50d92866895fff409868297a82eb10925b2db118ca25c8df0ed03545368f

                                                                                        SHA512

                                                                                        3194086c1c5087dded9d38001b4a7db265e07c42a18768ca30ad217ddff5b3cb8fe1b57bfdf5099ebd89978e6582612c25c3271f6cbb487ff0f122dd173ce70f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\92457b70-994c-46fe-980e-ceb28c46c9f7
                                                                                        Filesize

                                                                                        26KB

                                                                                        MD5

                                                                                        f0300aff07b9827c262cff3d26b46c5c

                                                                                        SHA1

                                                                                        664b23b3e1d13b54f70da66d6fb521fb45217f3d

                                                                                        SHA256

                                                                                        6cae4b840f9f46f21e6c718fd31909a5e8362bbf1daca7ed438d43d3e2181f6c

                                                                                        SHA512

                                                                                        1f34ad13f6f667bd90b19c89db7700af6f6b1efdb7d4fdd7443e1b98ecd6d1febd201cb2115b98b9d3213a055d8d45fd26d95ce73033c3d5d94ba3dfea654e37

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\dcb9d979-26ab-49fd-94ba-957189a83c22
                                                                                        Filesize

                                                                                        671B

                                                                                        MD5

                                                                                        08e6dfa89773dfc4c1ef461ca1ed9603

                                                                                        SHA1

                                                                                        ab89dedaea197904d1da49bf302f9963edc7b3cc

                                                                                        SHA256

                                                                                        89cf77a52b75c1a3d055f2301a8d2565f4a9245edbc68f7e90eb1696f39ce4a1

                                                                                        SHA512

                                                                                        d8352d546717fa42dcd9689a2aa2caaf5eecfc10a44ac1f1384deac3faa47f2c16f7616d46321233e3e94886eb3448b731c4ba14c3b417fcc98236ed3aac8d46

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                        Filesize

                                                                                        1.1MB

                                                                                        MD5

                                                                                        842039753bf41fa5e11b3a1383061a87

                                                                                        SHA1

                                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                        SHA256

                                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                        SHA512

                                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                        Filesize

                                                                                        116B

                                                                                        MD5

                                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                                        SHA1

                                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                        SHA256

                                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                        SHA512

                                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                        Filesize

                                                                                        372B

                                                                                        MD5

                                                                                        bf957ad58b55f64219ab3f793e374316

                                                                                        SHA1

                                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                        SHA256

                                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                        SHA512

                                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                        Filesize

                                                                                        17.8MB

                                                                                        MD5

                                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                                        SHA1

                                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                        SHA256

                                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                        SHA512

                                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        10KB

                                                                                        MD5

                                                                                        67ab6920a70f25d2cbd3e6e31b644e17

                                                                                        SHA1

                                                                                        dd937effb57a579ab907ffe3ca557f7038abdfd6

                                                                                        SHA256

                                                                                        8815ad1192136d098d8a2c1db6cb0389113adbd1b067af59034da3764fddbfcf

                                                                                        SHA512

                                                                                        cd4fe022fe3bc4f9ec53864663a1b9cacd4f9c09b310a0d4e5322484d5532dbc79c3140020c9883865c4a50e432e4384a810aa824f169b5f7ed90b720b1ee5d9

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        c15bbb6a25445d4eb8ffe2a26d9ca78a

                                                                                        SHA1

                                                                                        c29ce91a9bb0449bfd4193da8480e95d1c7e2778

                                                                                        SHA256

                                                                                        6ad1d64d5b169de405a562f91bbbdebf3050c344d07d8b8e9eaf67b0df608b2a

                                                                                        SHA512

                                                                                        6b401370b72d141ef9b31f80d90004614abecbb74731263547cfe2ee0ee10cb6128628a9d726802de3703baed8203e37143a8bb9b98a7f38d95829d42377c887

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        5ad0f2522061d27dd2ca12a1c9d0c2e4

                                                                                        SHA1

                                                                                        1471d5c12ebc890d6070278bb085679fed6ea8f7

                                                                                        SHA256

                                                                                        601c99222c62a30b7b332b910ddaf38a4314a904be7da27b7df618c5d8799133

                                                                                        SHA512

                                                                                        39fe21a5557bd6290f894926136f1ed99475880b82b4982af4a404ebbf98b7c94cb2c541c2eba41366f0428495185c0574e9de8e1213163e8a9d90bb04c59e75

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4
                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        a75205ddfb5834f868a279b7a83c8514

                                                                                        SHA1

                                                                                        283e23d30f2d23bccf01477bd546f28cba892eec

                                                                                        SHA256

                                                                                        86cdccec9e915e4bfbb00babe1743e3593d7f9a0587e4b3ac78404f2479e3146

                                                                                        SHA512

                                                                                        2c13a7f7203f9e6597dd65d714ee9c6c27512c67bd9634df845544be16724398ec65c99baecab3b83e05dbc7e90d6ac1d53a99e286dba1584d196baa1cbe8d1d

                                                                                        Download Submit

                                                                                      • C:\jjsbaync\582b58d0861c4d11bac309351c583907.exe
                                                                                        Filesize

                                                                                        144KB

                                                                                        MD5

                                                                                        cc36e2a5a3c64941a79c31ca320e9797

                                                                                        SHA1

                                                                                        50c8f5db809cfec84735c9f4dcd6b55d53dfd9f5

                                                                                        SHA256

                                                                                        6fec179c363190199c1dcdf822be4d6b1f5c4895ebc7148a8fc9fa9512eeade8

                                                                                        SHA512

                                                                                        fcea6d62dc047e40182dc4ff1e0522ca935f9aeefdb1517957977bc5d9ac654285a973261401f3b98abf1f6ed62638b9e31306fd7aaeb67214ca42dfc2888af0

                                                                                        Download Submit

                                                                                      • C:\jjsbaync\626b51df92c34eb6bbaf076ebf5bb320.exe
                                                                                        Filesize

                                                                                        1.0MB

                                                                                        MD5

                                                                                        971b0519b1c0461db6700610e5e9ca8e

                                                                                        SHA1

                                                                                        9a262218310f976aaf837e54b4842e53e73be088

                                                                                        SHA256

                                                                                        47cf75570c1eca775b2dd1823233d7c40924d3a8d93e0e78c943219cf391d023

                                                                                        SHA512

                                                                                        d234a9c5a1da8415cd4d2626797197039f2537e98f8f43d155f815a7867876cbc1bf466be58677c79a9199ea47d146a174998d21ef0aebc29a4b0443f8857cb9

                                                                                        Download Submit

                                                                                      • memory/668-3107-0x0000000000400000-0x0000000000639000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/668-3202-0x0000000000400000-0x0000000000639000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/1396-2949-0x0000000006920000-0x000000000693E000-memory.dmp

                                                                                        Filesize

                                                                                        120KB

                                                                                        Download

                                                                                      • memory/1396-2892-0x00000000055A0000-0x0000000005BC8000-memory.dmp

                                                                                        Filesize

                                                                                        6.2MB

                                                                                        Download

                                                                                      • memory/1396-2964-0x00000000079C0000-0x00000000079C8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/1396-2963-0x00000000079E0000-0x00000000079FA000-memory.dmp

                                                                                        Filesize

                                                                                        104KB

                                                                                        Download

                                                                                      • memory/1396-2962-0x00000000078E0000-0x00000000078F4000-memory.dmp

                                                                                        Filesize

                                                                                        80KB

                                                                                        Download

                                                                                      • memory/1396-2961-0x00000000078D0000-0x00000000078DE000-memory.dmp

                                                                                        Filesize

                                                                                        56KB

                                                                                        Download

                                                                                      • memory/1396-2958-0x00000000078A0000-0x00000000078B1000-memory.dmp

                                                                                        Filesize

                                                                                        68KB

                                                                                        Download

                                                                                      • memory/1396-2957-0x0000000007920000-0x00000000079B6000-memory.dmp

                                                                                        Filesize

                                                                                        600KB

                                                                                        Download

                                                                                      • memory/1396-2953-0x0000000007710000-0x000000000771A000-memory.dmp

                                                                                        Filesize

                                                                                        40KB

                                                                                        Download

                                                                                      • memory/1396-2952-0x00000000076A0000-0x00000000076BA000-memory.dmp

                                                                                        Filesize

                                                                                        104KB

                                                                                        Download

                                                                                      • memory/1396-2951-0x0000000007CE0000-0x000000000835A000-memory.dmp

                                                                                        Filesize

                                                                                        6.5MB

                                                                                        Download

                                                                                      • memory/1396-2950-0x0000000007560000-0x0000000007603000-memory.dmp

                                                                                        Filesize

                                                                                        652KB

                                                                                        Download

                                                                                      • memory/1396-2938-0x0000000006960000-0x0000000006992000-memory.dmp

                                                                                        Filesize

                                                                                        200KB

                                                                                        Download

                                                                                      • memory/1396-2939-0x000000006F650000-0x000000006F69C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/1396-2922-0x0000000006360000-0x000000000637E000-memory.dmp

                                                                                        Filesize

                                                                                        120KB

                                                                                        Download

                                                                                      • memory/1396-2923-0x00000000063A0000-0x00000000063EC000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/1396-2908-0x0000000005E90000-0x00000000061E4000-memory.dmp

                                                                                        Filesize

                                                                                        3.3MB

                                                                                        Download

                                                                                      • memory/1396-2897-0x0000000005C10000-0x0000000005C32000-memory.dmp

                                                                                        Filesize

                                                                                        136KB

                                                                                        Download

                                                                                      • memory/1396-2898-0x0000000005CB0000-0x0000000005D16000-memory.dmp

                                                                                        Filesize

                                                                                        408KB

                                                                                        Download

                                                                                      • memory/1396-2889-0x0000000002A70000-0x0000000002AA6000-memory.dmp

                                                                                        Filesize

                                                                                        216KB

                                                                                        Download

                                                                                      • memory/1428-711-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1428-69-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1428-32-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1428-91-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1428-620-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1496-44-0x00000000007F0000-0x0000000000CE3000-memory.dmp

                                                                                        Filesize

                                                                                        4.9MB

                                                                                        Download

                                                                                      • memory/1496-62-0x00000000007F0000-0x0000000000CE3000-memory.dmp

                                                                                        Filesize

                                                                                        4.9MB

                                                                                        Download

                                                                                      • memory/1640-40-0x0000000000980000-0x0000000000E1E000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/1640-39-0x0000000000980000-0x0000000000E1E000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/1712-90-0x0000000000640000-0x0000000000ADA000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/1712-59-0x0000000000640000-0x0000000000ADA000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/1796-20-0x0000000000890000-0x0000000000BAB000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/1796-35-0x0000000000890000-0x0000000000BAB000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/2620-800-0x0000000000600000-0x000000000060C000-memory.dmp

                                                                                        Filesize

                                                                                        48KB

                                                                                        Download

                                                                                      • memory/2884-2976-0x00007FF710510000-0x00007FF7109A0000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/2884-3060-0x00007FF710510000-0x00007FF7109A0000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/3104-85-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                                        Filesize

                                                                                        344KB

                                                                                        Download

                                                                                      • memory/3104-89-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                                        Filesize

                                                                                        344KB

                                                                                        Download

                                                                                      • memory/3104-87-0x0000000000400000-0x0000000000456000-memory.dmp

                                                                                        Filesize

                                                                                        344KB

                                                                                        Download

                                                                                      • memory/3284-4342-0x00007FF710510000-0x00007FF7109A0000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/3284-4357-0x00007FF710510000-0x00007FF7109A0000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/3668-68-0x0000000000C70000-0x0000000000F28000-memory.dmp

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        Download

                                                                                      • memory/3668-2960-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/3668-2956-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/3668-567-0x0000000000C70000-0x0000000000F28000-memory.dmp

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        Download

                                                                                      • memory/3668-67-0x0000000000C70000-0x0000000000F28000-memory.dmp

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        Download

                                                                                      • memory/3668-66-0x0000000000C70000-0x0000000000F28000-memory.dmp

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        Download

                                                                                      • memory/3668-575-0x0000000000C70000-0x0000000000F28000-memory.dmp

                                                                                        Filesize

                                                                                        2.7MB

                                                                                        Download

                                                                                      • memory/4368-778-0x00007FF6780D0000-0x00007FF678560000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/4368-775-0x00007FF6780D0000-0x00007FF678560000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/4632-4110-0x0000000000420000-0x00000000006E4000-memory.dmp

                                                                                        Filesize

                                                                                        2.8MB

                                                                                        Download

                                                                                      • memory/4632-3338-0x0000000000420000-0x00000000006E4000-memory.dmp

                                                                                        Filesize

                                                                                        2.8MB

                                                                                        Download

                                                                                      • memory/4632-4121-0x0000000000420000-0x00000000006E4000-memory.dmp

                                                                                        Filesize

                                                                                        2.8MB

                                                                                        Download

                                                                                      • memory/4632-3849-0x0000000000420000-0x00000000006E4000-memory.dmp

                                                                                        Filesize

                                                                                        2.8MB

                                                                                        Download

                                                                                      • memory/4632-3846-0x0000000000420000-0x00000000006E4000-memory.dmp

                                                                                        Filesize

                                                                                        2.8MB

                                                                                        Download

                                                                                      • memory/5016-124-0x0000000000C00000-0x0000000000D16000-memory.dmp

                                                                                        Filesize

                                                                                        1.1MB

                                                                                        Download

                                                                                      • memory/5016-125-0x0000000007F80000-0x0000000008524000-memory.dmp

                                                                                        Filesize

                                                                                        5.6MB

                                                                                        Download

                                                                                      • memory/5016-126-0x0000000007A70000-0x0000000007B02000-memory.dmp

                                                                                        Filesize

                                                                                        584KB

                                                                                        Download

                                                                                      • memory/5016-138-0x0000000007CD0000-0x0000000007D6C000-memory.dmp

                                                                                        Filesize

                                                                                        624KB

                                                                                        Download

                                                                                      • memory/5016-139-0x0000000009110000-0x0000000009136000-memory.dmp

                                                                                        Filesize

                                                                                        152KB

                                                                                        Download

                                                                                      • memory/5016-683-0x0000000005650000-0x0000000005712000-memory.dmp

                                                                                        Filesize

                                                                                        776KB

                                                                                        Download

                                                                                      • memory/5016-137-0x0000000004F70000-0x0000000004F7A000-memory.dmp

                                                                                        Filesize

                                                                                        40KB

                                                                                        Download

                                                                                      • memory/5256-2988-0x0000000000400000-0x0000000000C5D000-memory.dmp

                                                                                        Filesize

                                                                                        8.4MB

                                                                                        Download

                                                                                      • memory/5256-3200-0x0000000000400000-0x0000000000C5D000-memory.dmp

                                                                                        Filesize

                                                                                        8.4MB

                                                                                        Download

                                                                                      • memory/5256-4147-0x0000000000400000-0x0000000000C5D000-memory.dmp

                                                                                        Filesize

                                                                                        8.4MB

                                                                                        Download

                                                                                      • memory/5276-4341-0x0000000000780000-0x0000000000A9B000-memory.dmp

                                                                                        Filesize

                                                                                        3.1MB

                                                                                        Download

                                                                                      • memory/5276-3195-0x00000000000F0000-0x00000000005D3000-memory.dmp

                                                                                        Filesize

                                                                                        4.9MB

                                                                                        Download

                                                                                      • memory/5276-3193-0x00000000000F0000-0x00000000005D3000-memory.dmp

                                                                                        Filesize

                                                                                        4.9MB

                                                                                        Download

                                                                                      • memory/5308-805-0x000002B6FC440000-0x000002B6FC462000-memory.dmp

                                                                                        Filesize

                                                                                        136KB

                                                                                        Download

                                                                                      • memory/5476-730-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5476-734-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5476-731-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5476-736-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5476-732-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5476-735-0x0000000004130000-0x0000000004369000-memory.dmp

                                                                                        Filesize

                                                                                        2.2MB

                                                                                        Download

                                                                                      • memory/5660-635-0x00000000000C0000-0x0000000000D4B000-memory.dmp

                                                                                        Filesize

                                                                                        12.5MB

                                                                                        Download

                                                                                      • memory/5660-733-0x00000000000C0000-0x0000000000D4B000-memory.dmp

                                                                                        Filesize

                                                                                        12.5MB

                                                                                        Download

                                                                                      • memory/5660-2687-0x00000000000C0000-0x0000000000D4B000-memory.dmp

                                                                                        Filesize

                                                                                        12.5MB

                                                                                        Download

                                                                                      • memory/5660-737-0x00000000000C0000-0x0000000000D4B000-memory.dmp

                                                                                        Filesize

                                                                                        12.5MB

                                                                                        Download

                                                                                      • memory/5832-3169-0x0000000000EF0000-0x0000000001384000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/5832-3094-0x0000000000EF0000-0x0000000001384000-memory.dmp

                                                                                        Filesize

                                                                                        4.6MB

                                                                                        Download

                                                                                      • memory/5840-812-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-836-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-806-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                        Filesize

                                                                                        400KB

                                                                                        Download

                                                                                      • memory/5840-808-0x0000000005260000-0x00000000052F8000-memory.dmp

                                                                                        Filesize

                                                                                        608KB

                                                                                        Download

                                                                                      • memory/5840-814-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-810-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-824-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-852-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-850-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-848-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-846-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-844-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-842-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-840-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-834-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-832-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-830-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-828-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-826-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-822-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-2896-0x00000000055C0000-0x0000000005626000-memory.dmp

                                                                                        Filesize

                                                                                        408KB

                                                                                        Download

                                                                                      • memory/5840-2891-0x0000000005340000-0x000000000538C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/5840-2890-0x0000000002EE0000-0x0000000002F0C000-memory.dmp

                                                                                        Filesize

                                                                                        176KB

                                                                                        Download

                                                                                      • memory/5840-809-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-838-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-816-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-818-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5840-820-0x0000000005260000-0x00000000052F1000-memory.dmp

                                                                                        Filesize

                                                                                        580KB

                                                                                        Download

                                                                                      • memory/5896-3162-0x000002431FAF0000-0x000002431FB28000-memory.dmp

                                                                                        Filesize

                                                                                        224KB

                                                                                        Download

                                                                                      • memory/5896-3201-0x0000024320570000-0x0000024320596000-memory.dmp

                                                                                        Filesize

                                                                                        152KB

                                                                                        Download

                                                                                      • memory/5896-3161-0x000002431F9B0000-0x000002431F9B8000-memory.dmp

                                                                                        Filesize

                                                                                        32KB

                                                                                        Download

                                                                                      • memory/5896-3158-0x000002431CEA0000-0x000002431CEDC000-memory.dmp

                                                                                        Filesize

                                                                                        240KB

                                                                                        Download

                                                                                      • memory/5896-3164-0x00000243203B0000-0x0000024320536000-memory.dmp

                                                                                        Filesize

                                                                                        1.5MB

                                                                                        Download

                                                                                      • memory/5896-3157-0x0000024304440000-0x0000024304452000-memory.dmp

                                                                                        Filesize

                                                                                        72KB

                                                                                        Download

                                                                                      • memory/5896-3163-0x000002431FAB0000-0x000002431FABE000-memory.dmp

                                                                                        Filesize

                                                                                        56KB

                                                                                        Download

                                                                                      • memory/5896-3142-0x000002431D5A0000-0x000002431D65A000-memory.dmp

                                                                                        Filesize

                                                                                        744KB

                                                                                        Download

                                                                                      • memory/5896-3140-0x0000024302B20000-0x0000024302B2A000-memory.dmp

                                                                                        Filesize

                                                                                        40KB

                                                                                        Download

                                                                                      • memory/5896-3132-0x0000024302530000-0x0000024302632000-memory.dmp

                                                                                        Filesize

                                                                                        1.0MB

                                                                                        Download

                                                                                      • memory/6064-3006-0x0000000007460000-0x0000000007503000-memory.dmp

                                                                                        Filesize

                                                                                        652KB

                                                                                        Download

                                                                                      • memory/6064-3014-0x0000000007780000-0x0000000007794000-memory.dmp

                                                                                        Filesize

                                                                                        80KB

                                                                                        Download

                                                                                      • memory/6064-2987-0x0000000005AF0000-0x0000000005E44000-memory.dmp

                                                                                        Filesize

                                                                                        3.3MB

                                                                                        Download

                                                                                      • memory/6064-3007-0x0000000007740000-0x0000000007751000-memory.dmp

                                                                                        Filesize

                                                                                        68KB

                                                                                        Download

                                                                                      • memory/6064-2995-0x000000006FB50000-0x000000006FB9C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/6064-2994-0x0000000006740000-0x000000000678C000-memory.dmp

                                                                                        Filesize

                                                                                        304KB

                                                                                        Download

                                                                                      • memory/6100-3104-0x0000000000100000-0x0000000000D71000-memory.dmp

                                                                                        Filesize

                                                                                        12.4MB

                                                                                        Download

                                                                                      • memory/6100-3259-0x0000000000100000-0x0000000000D71000-memory.dmp

                                                                                        Filesize

                                                                                        12.4MB

                                                                                        Download

                                                                                      • memory/6100-2924-0x0000000000100000-0x0000000000D71000-memory.dmp

                                                                                        Filesize

                                                                                        12.4MB

                                                                                        Download