7aebd8303daca5d96c4704b8ec51d829ee0fe09f9e86838ddb6a8b2d29cca291

Analysis

max time kernel
1043s
max time network
832s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
22-12-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

source_prepared.exe
Size

80.7MB
MD5

2fe639bef473eb64c87216d8b12d3fc0
SHA1

0d0729764a1ce103a61dec0176da662e3e2102fe
SHA256

7aebd8303daca5d96c4704b8ec51d829ee0fe09f9e86838ddb6a8b2d29cca291
SHA512

06928c9af49c5d251d931bf90494b1f0d83355040570a547559b375ad9f7ea225ff911151038ba09cef93bfee7a67e002b61417afe65edb7183ac5212402dde7
SSDEEP

1572864:1GKlgWjCsmwSk8IpG7V+VPhqHJE7Bbli08iYgj+h58sMwgD/ZB:UKi7smwSkB05awHSw025ED

Score

9^/10

discovery evasion execution persistence upx

Malware Config

Signatures

Enumerates VirtualBox DLL files 2 TTPs 4 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\windows\system32\vboxhook.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	source_prepared.exe
File opened (read-only)	C:\windows\system32\vboxhook.dll	PrudnahTeshko.exe
File opened (read-only)	C:\windows\system32\vboxmrxnp.dll	PrudnahTeshko.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4752	powershell.exe
3996	powershell.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
2216	attrib.exe

Executes dropped EXE 2 IoCs

pid	Process
4008	PrudnahTeshko.exe
4752	PrudnahTeshko.exe

Loads dropped DLL 64 IoCs

pid	Process
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sgmaboy = "C:\\Users\\Admin\\azsumzarko\\PrudnahTeshko.exe"	source_prepared.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	discord.com
24	discord.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0022000000046642-1264.dat	upx
behavioral1/memory/3748-1268-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp	upx
behavioral1/files/0x0028000000046160-1270.dat	upx
behavioral1/memory/3748-1276-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp	upx
behavioral1/files/0x00120000000465ec-1277.dat	upx
behavioral1/memory/3748-1278-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp	upx
behavioral1/files/0x002800000004615e-1280.dat	upx
behavioral1/memory/3748-1282-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp	upx
behavioral1/files/0x0028000000046164-1281.dat	upx
behavioral1/memory/3748-1284-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp	upx
behavioral1/files/0x00250000000465e3-1286.dat	upx
behavioral1/files/0x00250000000465bf-1323.dat	upx
behavioral1/files/0x0028000000046163-1324.dat	upx
behavioral1/memory/3748-1325-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp	upx
behavioral1/files/0x00250000000465eb-1326.dat	upx
behavioral1/memory/3748-1327-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp	upx
behavioral1/files/0x00250000000465be-1322.dat	upx
behavioral1/files/0x002800000004616f-1321.dat	upx
behavioral1/files/0x002800000004616e-1320.dat	upx
behavioral1/files/0x0028000000046168-1319.dat	upx
behavioral1/files/0x0028000000046167-1318.dat	upx
behavioral1/files/0x0028000000046166-1317.dat	upx
behavioral1/files/0x0028000000046165-1316.dat	upx
behavioral1/files/0x0028000000046162-1314.dat	upx
behavioral1/files/0x0028000000046161-1313.dat	upx
behavioral1/files/0x002800000004615f-1312.dat	upx
behavioral1/files/0x002800000004615d-1311.dat	upx
behavioral1/files/0x00200000000466ef-1310.dat	upx
behavioral1/files/0x00200000000466e0-1308.dat	upx
behavioral1/files/0x00200000000466df-1307.dat	upx
behavioral1/files/0x00200000000466d4-1306.dat	upx
behavioral1/files/0x00200000000466d3-1305.dat	upx
behavioral1/files/0x00200000000466c9-1304.dat	upx
behavioral1/files/0x002800000004615a-1303.dat	upx
behavioral1/files/0x004f000000046159-1302.dat	upx
behavioral1/files/0x004f000000046158-1301.dat	upx
behavioral1/files/0x004f000000046157-1300.dat	upx
behavioral1/files/0x0023000000046617-1299.dat	upx
behavioral1/files/0x0023000000046610-1298.dat	upx
behavioral1/files/0x00240000000465f6-1297.dat	upx
behavioral1/files/0x00240000000465f5-1296.dat	upx
behavioral1/files/0x00240000000465f4-1295.dat	upx
behavioral1/files/0x00240000000465f3-1294.dat	upx
behavioral1/files/0x00240000000465f2-1293.dat	upx
behavioral1/files/0x00240000000465f1-1292.dat	upx
behavioral1/files/0x00240000000465f0-1291.dat	upx
behavioral1/files/0x00240000000465ef-1290.dat	upx
behavioral1/files/0x00240000000465ee-1289.dat	upx
behavioral1/files/0x00110000000465ed-1288.dat	upx
behavioral1/memory/3748-1333-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp	upx
behavioral1/files/0x00250000000465d2-1338.dat	upx
behavioral1/memory/3748-1355-0x00007FFBD8F70000-0x00007FFBD8F7C000-memory.dmp	upx
behavioral1/memory/3748-1359-0x00007FFBE1250000-0x00007FFBE125C000-memory.dmp	upx
behavioral1/memory/3748-1358-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp	upx
behavioral1/memory/3748-1357-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp	upx
behavioral1/memory/3748-1356-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp	upx
behavioral1/memory/3748-1354-0x00007FFBD8F80000-0x00007FFBD8F8B000-memory.dmp	upx
behavioral1/memory/3748-1353-0x00007FFBD8F90000-0x00007FFBD8F9B000-memory.dmp	upx
behavioral1/memory/3748-1352-0x00007FFBD95E0000-0x00007FFBD95EC000-memory.dmp	upx
behavioral1/memory/3748-1351-0x00007FFBDB5F0000-0x00007FFBDB5FE000-memory.dmp	upx
behavioral1/memory/3748-1350-0x00007FFBDDAF0000-0x00007FFBDDAFD000-memory.dmp	upx
behavioral1/memory/3748-1349-0x00007FFBE05B0000-0x00007FFBE05BC000-memory.dmp	upx
behavioral1/memory/3748-1348-0x00007FFBE05C0000-0x00007FFBE05CB000-memory.dmp	upx
behavioral1/memory/3748-1347-0x00007FFBE1260000-0x00007FFBE126B000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6601526c-9c12-41f3-a7d4-b3b020dd13ef.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241222221743.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Kills process with taskkill 1 IoCs

evasion

pid	Process
2976	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084745894-3294430273-2212167662-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4724	EXCEL.EXE
4596	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
3748	source_prepared.exe
4752	powershell.exe
4752	powershell.exe
4752	PrudnahTeshko.exe
4752	PrudnahTeshko.exe
4752	PrudnahTeshko.exe
4752	PrudnahTeshko.exe
3996	powershell.exe
3996	powershell.exe
2524	msedge.exe
2524	msedge.exe
1192	msedge.exe
1192	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4752	PrudnahTeshko.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeDebugPrivilege	3748	source_prepared.exe
Token: SeDebugPrivilege	4752	powershell.exe
Token: SeIncreaseQuotaPrivilege	4752	powershell.exe
Token: SeSecurityPrivilege	4752	powershell.exe
Token: SeTakeOwnershipPrivilege	4752	powershell.exe
Token: SeLoadDriverPrivilege	4752	powershell.exe
Token: SeSystemProfilePrivilege	4752	powershell.exe
Token: SeSystemtimePrivilege	4752	powershell.exe
Token: SeProfSingleProcessPrivilege	4752	powershell.exe
Token: SeIncBasePriorityPrivilege	4752	powershell.exe
Token: SeCreatePagefilePrivilege	4752	powershell.exe
Token: SeBackupPrivilege	4752	powershell.exe
Token: SeRestorePrivilege	4752	powershell.exe
Token: SeShutdownPrivilege	4752	powershell.exe
Token: SeDebugPrivilege	4752	powershell.exe
Token: SeSystemEnvironmentPrivilege	4752	powershell.exe
Token: SeRemoteShutdownPrivilege	4752	powershell.exe
Token: SeUndockPrivilege	4752	powershell.exe
Token: SeManageVolumePrivilege	4752	powershell.exe
Token: 33	4752	powershell.exe
Token: 34	4752	powershell.exe
Token: 35	4752	powershell.exe
Token: 36	4752	powershell.exe
Token: SeDebugPrivilege	2976	taskkill.exe
Token: SeDebugPrivilege	4752	PrudnahTeshko.exe
Token: SeDebugPrivilege	3996	powershell.exe
Token: SeIncreaseQuotaPrivilege	3996	powershell.exe
Token: SeSecurityPrivilege	3996	powershell.exe
Token: SeTakeOwnershipPrivilege	3996	powershell.exe
Token: SeLoadDriverPrivilege	3996	powershell.exe
Token: SeSystemProfilePrivilege	3996	powershell.exe
Token: SeSystemtimePrivilege	3996	powershell.exe
Token: SeProfSingleProcessPrivilege	3996	powershell.exe
Token: SeIncBasePriorityPrivilege	3996	powershell.exe
Token: SeCreatePagefilePrivilege	3996	powershell.exe
Token: SeBackupPrivilege	3996	powershell.exe
Token: SeRestorePrivilege	3996	powershell.exe
Token: SeShutdownPrivilege	3996	powershell.exe
Token: SeDebugPrivilege	3996	powershell.exe
Token: SeSystemEnvironmentPrivilege	3996	powershell.exe
Token: SeRemoteShutdownPrivilege	3996	powershell.exe
Token: SeUndockPrivilege	3996	powershell.exe
Token: SeManageVolumePrivilege	3996	powershell.exe
Token: 33	3996	powershell.exe
Token: 34	3996	powershell.exe
Token: 35	3996	powershell.exe
Token: 36	3996	powershell.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe
Token: SeDebugPrivilege	1520	firefox.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe
1520	firefox.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
4752	PrudnahTeshko.exe
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4724	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
4596	EXCEL.EXE
1520	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 3748	3508	source_prepared.exe	85
PID 3508 wrote to memory of 3748	3508	source_prepared.exe	85
PID 3748 wrote to memory of 1804	3748	source_prepared.exe	87
PID 3748 wrote to memory of 1804	3748	source_prepared.exe	87
PID 3748 wrote to memory of 4752	3748	source_prepared.exe	92
PID 3748 wrote to memory of 4752	3748	source_prepared.exe	92
PID 3748 wrote to memory of 3184	3748	source_prepared.exe	95
PID 3748 wrote to memory of 3184	3748	source_prepared.exe	95
PID 3184 wrote to memory of 2216	3184	cmd.exe	97
PID 3184 wrote to memory of 2216	3184	cmd.exe	97
PID 3184 wrote to memory of 4008	3184	cmd.exe	98
PID 3184 wrote to memory of 4008	3184	cmd.exe	98
PID 3184 wrote to memory of 2976	3184	cmd.exe	100
PID 3184 wrote to memory of 2976	3184	cmd.exe	100
PID 4008 wrote to memory of 4752	4008	PrudnahTeshko.exe	101
PID 4008 wrote to memory of 4752	4008	PrudnahTeshko.exe	101
PID 4752 wrote to memory of 5024	4752	PrudnahTeshko.exe	102
PID 4752 wrote to memory of 5024	4752	PrudnahTeshko.exe	102
PID 4752 wrote to memory of 3996	4752	PrudnahTeshko.exe	105
PID 4752 wrote to memory of 3996	4752	PrudnahTeshko.exe	105
PID 1192 wrote to memory of 4400	1192	msedge.exe	111
PID 1192 wrote to memory of 4400	1192	msedge.exe	111
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 3364	1192	msedge.exe	112
PID 1192 wrote to memory of 2524	1192	msedge.exe	113
PID 1192 wrote to memory of 2524	1192	msedge.exe	113

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2216	attrib.exe

C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
"C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Users\Admin\AppData\Local\Temp\source_prepared.exe
  "C:\Users\Admin\AppData\Local\Temp\source_prepared.exe"
  2⤵
  - Enumerates VirtualBox DLL files
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1804
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\azsumzarko\""
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\azsumzarko\activate.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3184
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:2216
  - - C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
      "PrudnahTeshko.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4008
    - - C:\Users\Admin\azsumzarko\PrudnahTeshko.exe
        
        "PrudnahTeshko.exe"
        5⤵
        Enumerates VirtualBox DLL files
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4752
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:5024
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\azsumzarko\""
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3996
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "source_prepared.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x294 0xbc
1⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnpublishOut.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbd34a46f8,0x7ffbd34a4708,0x7ffbd34a4718
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3320
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x16c,0x270,0x7ff6e4f75460,0x7ff6e4f75470,0x7ff6e4f75480
    3⤵
    PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,6479492872987019231,2562717209403304954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4724

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\UnprotectSubmit.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {159fa456-1a39-4c92-8ece-eeb358242400} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" gpu
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f8a1861-ae2f-4011-918b-98e7449dabc2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" socket
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2576 -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3040 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1fe1100-475a-4677-9420-87ba9e73fcbe} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4116 -childID 2 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9412fe1-0678-4ada-a26e-55bd57572888} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67133cc8-a14e-4e2b-b6c2-df57b9abce30} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" utility
    3⤵
    - Checks processor information in registry
    PID:5548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5160 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {285a3daf-0dab-4ce9-b338-4000715c7b05} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff52097-29b5-4250-b490-69579879ca0f} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aaaed97-a401-40b7-acee-8f913ae5e722} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:2852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5824 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b77ad138-5db5-4f15-9f1d-7cca76e7fd09} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 7 -isForBrowser -prefsHandle 6360 -prefMapHandle 6356 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f035f97f-1a15-459d-a89c-f0f5d86c2efa} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:3284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6644 -childID 8 -isForBrowser -prefsHandle 4672 -prefMapHandle 4300 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8985f2-51c0-4193-b17b-a209bb4d4e19} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:1200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7044 -childID 9 -isForBrowser -prefsHandle 7012 -prefMapHandle 6992 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ebb6fb-3fc3-478e-9f85-df62ef8df548} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7252 -childID 10 -isForBrowser -prefsHandle 7288 -prefMapHandle 7296 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79aebfa-16af-4a72-9b05-eacb7f0a5ccb} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:5560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6512 -childID 11 -isForBrowser -prefsHandle 7316 -prefMapHandle 7312 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9474a2ec-7394-4027-9924-1d31fc4ca077} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7664 -childID 12 -isForBrowser -prefsHandle 7656 -prefMapHandle 7652 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac0aebc-c688-42d1-8ae1-0537fe61bc1b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:3820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7796 -childID 13 -isForBrowser -prefsHandle 7784 -prefMapHandle 7780 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57177794-a7bc-44df-8706-113a72126de2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 14 -isForBrowser -prefsHandle 6444 -prefMapHandle 7776 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85f2c0fd-762c-4c36-a9d7-cc4b0e47a9b0} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7812 -childID 15 -isForBrowser -prefsHandle 6356 -prefMapHandle 5976 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cacb747e-0781-4591-a6fc-dde61c6bd982} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" tab
    3⤵
    PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
821b1728a915eae981ab4a4a3e4ce0d1

SHA1
8ba13520c913e33462c653614aece1b6e3c660a2

SHA256
36c38bde1e74c5ee75878f275a411e528c00eaa3091e7c4adfa65b8b7d28fb3b

SHA512
b8fd54808711878ed567f474f174db662e2457b6c246f625e148944532c70d94d87e96ef6febfb657895dd0eadc25906c9106fa75c6b2d3bd37ca6786f03a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aee441ff140ecb5de1df316f0a7338cd

SHA1
82f998907a111d858c67644e9f61d3b32b4cd009

SHA256
5944b21c8bdfb7c6cb0da452f8904a164cc951c6a4bb3a306eaebcad2d611d67

SHA512
54a2c1d4c8791ebc6324c1be052b7b73cbd74057d0ea46400cfd8e60f9a884ade60d838777eba7001cf44c924f63cba1a9708a6c71bf966f63f988c49ca70d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
fc63e31d2b8685e141497eb2d3200293

SHA1
361cd64316a78dc9f649b44cc1d1ab99e7f727c7

SHA256
0f89d7184647080a5321c6ae05809c4653fa836489af39b6be8a659d616ace41

SHA512
551353ad2c48d0c5d24ece84262a314ccac3e68dda4e12b8d4bcde72c9129d099720844b1054bceb19e83507efb703e58c0f13a0da9ee6cc0fababd1f078c142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
777d1179e3c007647c294aa9a82f1619

SHA1
812d5daae860d95759214e9447d8ce3f08b8497d

SHA256
68459126a56458d26195122842f98553edb8fb5faf9a6032ec2f8e16e2d2440f

SHA512
6842012600a6423dcfcc99dbab34d3a427fb1bfefbfba999bcd42a1199fcd4feaa38b5f2589c42de42ec0ef45cfbfa7723b4a5d858260d2dd73c0ea0097f6d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
40054cb73dd68fcf513186a36e7b28b1

SHA1
782f64c46affe72bd6b334c69aae88aa32216b2d

SHA256
136f61f0d620207ec049ca6889378a9e89d998a6ef15fbd2a8095482d8d88118

SHA512
8689097b5b94b64af0be6b51f176041b25f5464bae229b7344df07a29893d5f13498c3f88f6448b956baa7accb460e31f5ffec6eda35f31b0587b5b0a1e63c76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
78a049c86f502df9dff4f392a47ae9d5

SHA1
00e13560f0aff8f8ea98807bf738c29069c6e2b2

SHA256
1631cf0116d6e624299e855acfcad683d276efd7fbe152c89c5944e3630b10a9

SHA512
64bd581d4a60d40fb00538e80402e0e986ee239f5e15c7bf1085f5a6b91634d3f8a1257e417c0f2185b87e3cc5f503f2274d014e0ee42efb22711bc34cb234ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c02c014cc706c4dab7981d93a53826fd

SHA1
3f34f6c035d3b50b17aa5cfbd04cd65c8f76d36a

SHA256
1c0ea82c76a25007634dcfe2f44cb146f8c47b06f4e50864e98a1910bd4f5762

SHA512
cfda4b9ea687eb0dd0979e8789bcd7c5c5e8166a41ae3b88ed525e920684b7456fc488dbc5b73ab2aa0fe9d37eefec1f1cc100ed235923ad384e4a8015bb5e9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
ac6e52b0bee09ce9d9e785a03811a96a

SHA1
de0f8c63fbc8c058d4b91d28d70bc5fc10b00e0e

SHA256
513b81e8b42435334a2e8a4b7889e81d7841a6c4809f338ce3706d4c7d339e87

SHA512
36362eccf82612b903fb5382ccf38e81b3bbd2b1a26ea3627b686f0e8883dc2637ddfb884a0abbb5b4a2663afffc928a8b18c40a270013db66ee3f21cc052b51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\doomed\11861

Filesize
11.5MB

MD5
46b1187a990a421fc18ea23c7f70bdd2

SHA1
ae9a13c63797340f4e6dbe3c13bf53fce2f33fdf

SHA256
2b0b66c68a298faa7513f587940c6c4d4989f31cce90a94514232467b2ede4cb

SHA512
8fb175936ba4d82cfb4531c4041ef5dea1ce5513e0731762920429d3a74f3538868d03db120221d361d8df1d16e14fea5745316e4ef12264c83b553e84b012b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\2FAC8294461765A1D81BB47B466686C6D67287C3

Filesize
8KB

MD5
26614803ad7d6c153614fbba8fc2fdf3

SHA1
000690aa9dcddbdefb29fb2773ff4078d197cba6

SHA256
1cc137d2611662f9ce63313a674e00ee607c0f0201b602516068c169b22d582a

SHA512
9a5848a602e477e9f84e72fa73ce799988272bff682dfcc7a1a02886ce7cead78bcbf93ba41354ccc7741d9d3a3d04bcacedee77af47866374490fd39f3b890c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\677B80A25A006EDCC273545819E7C8B9A97E5201

Filesize
45KB

MD5
e10565fbd87e2598ca373ca7c3b131d7

SHA1
95f3d32e4ea7f953b2e4f0a47e9c7a2a94d922b4

SHA256
5309880b192b6144c8d97e34a83c369569eaad3402a87bd100ea91b7d69799e9

SHA512
852db0aa985d6652feef0a94bee08674e5470234fae6b89ff77b9e9aa0fb9c122ff42fa66802290452638d9c50df808e23b7c8d5020812bab895446b8efdb555

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\7D3068195A30D049CC263CE0A0641E65E92E39CF

Filesize
1.1MB

MD5
b028dcc621baf8c298cbc60ef5cc76b7

SHA1
ddc3a5b2bd2ca11e48d8055a5b56d24f1b5f5bd3

SHA256
0c7e872d49c9b8099d0eead11b591873887517a8f47a7d0c53ade07a909aa92a

SHA512
dbc876ac31441aeda68838c44da020e943b2a2652f824cc76f1534cd441dff77aa4b31e5beaf600e383ce3be2f4ed37bdc7adf1d39b954eff2080b10af87367b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\B3E209C0A977414244AD29090033C0BF9F4E8BA3

Filesize
23KB

MD5
71d035c8174ad4c72836e554850ceeeb

SHA1
4c90bcdffa8fe3682fed22a8d17c27daa4814036

SHA256
24548061a3a464186fb21578f8b5e41e090262e89578cf6cbc82ded4205fcecc

SHA512
1cf389f30bddcb2824cf9874b715a085da3dc3525f282b6e169c4228ec2fcedc615b998685192c5c00826bebb1a3ae616fe7d7d9beba3718fd84e08a43eff7a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\k0aifmy2.default-release\cache2\entries\F2429E488C0501B11AE94E0CC664752BF083117A

Filesize
121KB

MD5
7771016b1a0c92d8788e7caaccb7e5d2

SHA1
392ce109cdd63641e24d9805834c797591623be4

SHA256
658e16b58a2acf7908d41a26536d4f85b8b239d8e4537e2359c7843435f4c67f

SHA512
79545bfb0c28c488f5d61754f213fe284e29ceef37628af1c19e8e0d8bc0ba0ce87d6c1d44ed7ea133c53fc81f7eaab331c05ba26c757be4b6db948731f1f72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2.dll

Filesize
635KB

MD5
ec3c1d17b379968a4890be9eaab73548

SHA1
7dbc6acee3b9860b46c0290a9b94a344d1927578

SHA256
aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f

SHA512
06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_asyncio.pyd

Filesize
34KB

MD5
e6307d02076151c6fc9b78b1f346068f

SHA1
336cb5b3fc88ff4d9cc021f858ff33b0eb96c881

SHA256
fdb2a227d646b420de9877bb569b96369b6175e322f6ef81bc3f372eed08c10b

SHA512
7a22e2c293a067502a0d1e4ccc9fcb81dd7bd7faf56a1fd4a6cebc56c5ce4e8bf6c7157e19fe779ed70722d559da61ab5ca1f9b1e1b3df8a2b83728fbac2564c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_bz2.pyd

Filesize
46KB

MD5
c33370fc6631725aec3102b955b5e4bf

SHA1
0fce43642e54cd9db1eb48bbfd7661b8a4613e0d

SHA256
6c41a618b4dec812f5cd434375f33052daada9f49c6d472e82bdec27c407cfc5

SHA512
1de939ccb2b6349eaefcf12f37fb00b2b5dafff07930d52bfededcdfe6a234c0da75030596f544adfea09c786dc576fc5a88056ec614d2059a1a9e182925a021

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_cffi_backend.cp311-win_amd64.pyd

Filesize
71KB

MD5
c4a0ceacd79d2c06956d24bf1c028a35

SHA1
1dfc5c777435a46a69c984411d4dfb717b47c537

SHA256
1ec4cd20853191e91e36556c6fe1a8bb14d162ee9904acc897cd8f694089f0e7

SHA512
da57381043a500a5bc826215d9c253e22139dd3e9e28a870b03d2d7d486aa8eb1a78a45ba45ee9c86b3a9bb264f20a9a776e5e3ab1e921ea6d0747275410746d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ctypes.pyd

Filesize
57KB

MD5
e7ec734581f37a065e54b55515222897

SHA1
9205e3030ea43027cba202b4c968447927d3dc0d

SHA256
9e619adf436228c1c87e7909ca58575a02ef069d71045785b102e2a0f833b6a3

SHA512
281a16075a10ab4465ff1ab49c5639e982961b5029dc36f4b9657f32b9c29ff1bd39c2d6a3f793d7f93fd10802f5d1356bee9e54fa6eb67780a6275094e4fef3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_decimal.pyd

Filesize
104KB

MD5
c21d61753b2a62fe70311aaa50e75a64

SHA1
39cc382ae3fbcb6b80974ece0e020cdcbec8f57a

SHA256
0ef0b881c15d88a443a1bfc898d0011dab50500ee4a86e0f35c3076ed70cce49

SHA512
059c7c7f35c939ab615b4dc1d3e9da69a66b0ed4a30931115971898c63f24ff960bb544f2ff9db7ce990c36a4d1e6307864d0f1ec5fbf354983473268c9500e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_elementtree.pyd

Filesize
56KB

MD5
dda8f0cc660c5e8170e37f37394f53ad

SHA1
6fea7006e44d0ee320499034e61f0cd99247abda

SHA256
58fc4868d87f7e05a387fb39646110307b993757b3e23e52d4489e7cea653dcc

SHA512
13cda3936c3b7eace74aed66282a13aa3d63e9da9b761a7fc8d6d0f215b61fc44ef4c4d60bbb0cb8d52689ed1ac05993965f5498da41ee95d6299d4f9a4bf4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_hashlib.pyd

Filesize
33KB

MD5
d27d3f54914b9b3b4dbf947a216b0e11

SHA1
36a4905e2ca457f241d6f2fc61d11c2a7986e802

SHA256
ed5433134675839cf0ac3d55006e87c3e8b74bb622168d83fa7e00c9dec1b844

SHA512
e3bf3df3c0202eb19830985ae5e9f6d4d03bedbc0b8371dcefa6d08bf2ce47dce211957c9c36bee8c57889d29084a08ff3d3fe2cd643e3420ca0c030585adef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_lzma.pyd

Filesize
84KB

MD5
49a6a6127ad0a70a2d60f193254ba710

SHA1
eb9f1f5a0b264d6c2c477562b9331a798b9a1909

SHA256
4ad51dac78f9192831ee9c6959ad3d67e0f66869bded3a91688b08c4ff2103f7

SHA512
e5064d0536361fd193b1855fcb4173cace51094d8c8827dfca893d49734200156847987124ded14d75aa0c61f1204cc00eaf4ee81d84406e17ad216bf17003ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd

Filesize
25KB

MD5
b5979368da73ffe9213dd49c0e5d6270

SHA1
5cf6ab2e801899cde24f3b356f8c1bff9d935528

SHA256
020602164b9891cb1c304d9f70dd8083c7e1a9a42caa9cfd67a5bbc0728029b9

SHA512
191823e56c4a3ea8bd211745111861d140899263ebed9b1988d2be37e1ba073195b55548266d6c536793edf49ef82b19064be96992b7bea9171424e789c83352

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_overlapped.pyd

Filesize
30KB

MD5
96d75944d280f39eb0f8e435511f3222

SHA1
0d74eefaf62c80c969bfe2f5e32fc269073527f3

SHA256
bfac2d1b1c5b948f6cd70de2e2edbe85f535ace879dbbaa04a71065ea11ef280

SHA512
724be702596604d173a542526b2049f268f611c204f03ef642ccf5e946441973704dca6e601bc5fd6dc3cc9a35b8cfd392571fe3228c59e277259097f53b2bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_queue.pyd

Filesize
24KB

MD5
3b901ff0137dc2460d2f90b0a43a9482

SHA1
bd89b85b8ca525b9370fc105b5009e45ab95131a

SHA256
9982fad71df27eaeaac9521e25a300dfe5810aa723fafd56667b09a9bef26594

SHA512
c1fa7d0b4af3421f288cb2773fa35bbe6efe86160de48787da998f155f6880df535f075bbec531a5c5a9c210c239d4e926d86b486bc68f41a7e1ef97ac095dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_socket.pyd

Filesize
41KB

MD5
38c567e91d5bd0ea66f57528319e6487

SHA1
98029c6c35886b9ab94c5bbaa4fbb54de9f45dc2

SHA256
502212dbed204b73f8b18b9b13c0ea158c9dd2cfffae2d7cafedf7b042264fbb

SHA512
d2f03faf7faaa1b82dd14130a85b203e86de96777209d47ec459c5a1efbbbd0ac6754d53ff9618744ad57c3b800b6fa6f8850c716dacce3828264eef265543b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_sqlite3.pyd

Filesize
54KB

MD5
0b71fb4c0dba8beca2b950b5d0df24e9

SHA1
af710f7604da0777b35fde62115214f029e0db26

SHA256
8ecf7eabe204218b672660e52b539040183cf346ca630ff3de552a22111ecb3d

SHA512
784ff22dd62b398378bba276b386280d7e0930bf5611a5ca7fcdf894c352be5aaeabec2f419092cfa17791f61b725f37b44bb6e861dba2e5322b87078952c660

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ssl.pyd

Filesize
60KB

MD5
e77ee0cd7cab90dabbaea0f8abd7e1c8

SHA1
8b7f712eac536e9932c2bfde828624c34870e4d5

SHA256
c8359a4e0991f6604666004bac39b9c290195d64af47b263a85f663d89822b11

SHA512
4f0461b803d214e798be061829103fe20d12a14d88e365c186b3081b695138ae68b64083626431c9105d5609f36193fd8891f6e8968392b42709e6c198bd9c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_tkinter.pyd

Filesize
36KB

MD5
a7d7c6f515f5b49b1204d1376f7621cc

SHA1
42000eee9d23ac678103ad3067edfccd5043219f

SHA256
3b816042f0c47279b39a2d04347e115404fffbb01de35134fd7db279f55296bc

SHA512
f54a3d79ac6a1f0bf88562c7cd004055d29f6bc05beb408e856fc5305f59f061b7a17556e008a549dd12aa9399c99e7fe2321cd5ec7324ab7ce3151b0454e9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_uuid.pyd

Filesize
21KB

MD5
4c8ffc5c3b8bb6e969e8c80a132a1cf7

SHA1
fef1d1a9b17571fb885aa7f224cc9473b0b9adfe

SHA256
b73fd8206c709f352dd26850d181a8ba8b14bad3b3494f61038f45044a3a2d85

SHA512
6eca26f968f124f0bac60dd2a184be56cee4f8e74e4fef20c5f3e920d50651f7772d49ed43d4024da6aed11b25be0018ccdb87506ac96e3346ce2d72c4cb223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\base_library.zip

Filesize
1.4MB

MD5
2a138e2ee499d3ba2fc4afaef93b7caa

SHA1
508c733341845e94fce7c24b901fc683108df2a8

SHA256
130e506ead01b91b60d6d56072c468aeb5457dd0f2ecd6ce17dfcbb7d51a1f8c

SHA512
1f61a0fda5676e8ed8d10dfee78267f6d785f9c131f5caf2dd984e18ca9e5866b7658ab7edb2ffd74920a40ffea5cd55c0419f5e9ee57a043105e729e10d820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
9KB

MD5
ecfbd9b49ae51f8e3374e17aff3aec1e

SHA1
3e66e0f757d0f18afd546d158a96fd1707b35a5f

SHA256
1237b21174cd4aee97aa4d80ee953dd4ce91b2e1beb4788a55cb25a0213521aa

SHA512
9c9f682b55a589f1c10c99b89cc2620ce3d89d96c17096feb7e0ddfd6ac2f2b279885084b131080a57a6a324a9bce928e618348545c2b0af06c0ec4c267362c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libcrypto-1_1.dll

Filesize
1.1MB

MD5
8e7025186c1c6f3f61198c027ff38627

SHA1
79c6f11358c38bda0c12ee1e3ab90a21f4651fa1

SHA256
f393f54886674e42bb7667087c92af67bd46e542c44ddff11c5061481261c90e

SHA512
4bbbf7d0a51aec361779d7735c6a91f1bdd468da0aaa3626c3cb52128c998d6454be8c473c8743172ffcea9dc66403a5a81ff5535d9baf87fa6ab990a35add41

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libffi-8.dll

Filesize
24KB

MD5
77199701fe2d585080e44c70ea5aed4c

SHA1
34c8b0ce03a945351e30fb704a00d5257e2a6132

SHA256
4eb41bcf5e54017c4d8c6a7184f4633d9e6c10ca8f52ad21e3b752edd745d4ee

SHA512
d325f517a3eb831f3f5853c5471295244716a666507aa4e4b262e0842f1bfad0c9648a6711fbce514193e411cfcdbb9afe86764e740355cd06895dfcc623fe34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libssl-1_1.dll

Filesize
203KB

MD5
0bfdc638fbe4135514de3aebf59fa410

SHA1
963addfdadf918339dfcab33e07bb6c48c86099e

SHA256
77affb7e88ab70fa04e382e29bf04a94ddf36c5cbd88b29ff33e15912d83ed01

SHA512
768abcc391eea4a3b34b0aade99932cd9befb922dcf9e720edf4c4719938214236e8668eca67026bd07567fbd10bbba98d63f47d63a81c7be1adce3bdd1973e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\pyexpat.pyd

Filesize
86KB

MD5
a655fa42e31e30cf60f452b70c01a1a4

SHA1
e38b435347a65d39dd2ff8518b75070e6038fb47

SHA256
83feb05e74d002110bf8d032c3ad2ffb636ae0ba4300e1ba84ce4add8f0554ec

SHA512
e54b38011ea94565ddf88120b8a3718b9cfcb79ca4b4900da1f9338b59795162534dbd2d5bfd67a81d9a29a6675ffdb2dc8772f583ee5bf2de547136334c8831

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\python3.DLL

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\python311.dll

Filesize
1.6MB

MD5
87b5d21226d74f069b5ae8fb74743236

SHA1
153651a542db095d0f9088a97351b90d02b307ac

SHA256
3cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194

SHA512
788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\select.pyd

Filesize
24KB

MD5
5159aab3342e8e811454849c5543d0fe

SHA1
992b1aa55aa3a9ddc12857ec576c3d85ba5176d8

SHA256
2051c44e5704b8800145905058425b9fd829c1be6106ef632ef78fd574f513c1

SHA512
36437f1f4b6431c35074c13f9c791be5e041a8c4861878c254115398f5f3249afef1548a554eb7b06fc9de5271d6a98a0c026b951fa04ad312aa3f56b20774d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\sqlite3.dll

Filesize
608KB

MD5
aa2a7bd0e84498719405008b996a38ec

SHA1
0cb0962b02324067a715559c64fcbe3c1e798d03

SHA256
cacbebf5a19a14d3aaf59fd71a79ed38638c61f80994a292f16193d52d91832a

SHA512
d39f093eb5ad7ed489e10f6db405eaf0d0844a5e3eed1deff4202f1cf316293535e46d87d5aff1d210bacf53a65a08c397eacc919787da8133614951d77d85e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\tcl86t.dll

Filesize
673KB

MD5
755bec8838059147b46f8e297d05fba2

SHA1
9ff0665cddcf1eb7ff8de015b10cc9fcceb49753

SHA256
744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130

SHA512
e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\tk86t.dll

Filesize
620KB

MD5
7d85f7480f2d8389f562723090be1370

SHA1
edfa05dc669a8486977e983173ec61cc5097bbb0

SHA256
aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5

SHA512
a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\unicodedata.pyd

Filesize
293KB

MD5
5c05df2afd90a54d6378ff869d774b33

SHA1
38e2d685cd131ef1fff235ed180016c083bf2965

SHA256
0f631b1f12c8b0aded13ee5a50ff11eb2bcf9c47b535270a8a88fdfee4709ac6

SHA512
7d4712cdf0d27f66f33070ec4d1b4e6c51d3857edf01c4db94ce71eb8ed5b7780f5e3e05593e53d1dd51bc00d14dacdb234f02d391569b5e7ec136c00c10b145

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI40082\cryptography-44.0.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oxeyuvkw.3ao.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
315B

MD5
428972259d73ea1bd613e3ead0443cad

SHA1
04b6f496688e62001c95ede6939f6c57a7877476

SHA256
9dc99a84034b6c70f1d7e197e09221b3288928eaecedb0921c78aa7d8b2e032c

SHA512
bf207d3a9c0c37855c3dfac9b2e610e25022114d426786edcf09c4d0d18dcdf34212c186a5c1cc910a080d21b500f3be30960558767c07114aaa313fb518ea28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JL83CFABEKBAKS9LIY06.temp

Filesize
16KB

MD5
6b0b75adedc67d8581821b8d35390f4e

SHA1
f54351d3404af95ae3e1868478de37e75084786d

SHA256
9230347b0ac199ce4b4f74578d7d2477cd50433e61187602dfd10acdd939baa6

SHA512
c4e430124b89766bab6736673569aa1dc8793019588f055faf91f4fe856c3829e47000f62ff12116009cbedec5623cf0d822f0a05245eeb83edffbf12c82ad84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
c0a1881ae749ed7b4b9c778fe1e73474

SHA1
84c89bd9a9615d6a7c80b330a8f798193080d4e1

SHA256
04a16a4b9a93b7c42a55e518b724c156546b783c08a978ba984aeb5472374c7f

SHA512
fd8da4bad862c3f8f1ae6be9f80fb12d61295921ed321494d757da728d6fb7729e3f27321a252f431f59de776f2f77e86c1b1166a745d16a5bcd97d6c0580911

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
9929c6f68711a286db7758b03c2f945f

SHA1
de8b9fa7acdfb9ad0456f8336bb47aea72f18281

SHA256
72bca315342f97c695db80d0392173d29ded07b2d28fcf9ab6876fa098f719ea

SHA512
374df730935860b170528ac496d33ae483b153e8926c91631164b1c959ab1a955963a5c64a3f44e8021470ce19e7292391c64dc8726f9c70dab3178f5afeb22e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fb361603fc5f0d0744d0ab8c0a14808e

SHA1
8923ecea853047f3bef985cda8ec7e1d49eb340d

SHA256
94f4a35d32e3d0b102996be302a8e001605b01fa6b64a67c9d3065b5952caf37

SHA512
f30df6ecb43f3299a741f7e86910f4dc5141961fbed4fa5c1ec769437033a1598942b3f5f13824caac3831e942fd1cd9f253e59f31ab0226514d1fde4f8fcaca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
be31cdf1eebc065bcb624ca96ae09220

SHA1
090899da286c2e48d9e4fe45258b524894bf1fcb

SHA256
6618d22e069aa5b0aef8c48362250fba972e288113ea0e04b7f126a87ec06325

SHA512
a086611e0c1c33d66c429f4753f5ca4ef6d0995ffe214de4e9455c5b9931e70b54df3addb0331b0bf75b3c473e0be7490f9f6783faabb3e8beba676545d49dc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin

Filesize
7KB

MD5
0910ba0211bcd838e9e62c1ad2228afa

SHA1
f1949d56141cd315698dd391b200808ba03e5d0e

SHA256
d2709827981d378a5dfb4e72e88c26f29419849b0c29b7c0154e9e55c2951b91

SHA512
e6c65c6f70e0122c1fbe6fa93dbfcf7864b49cc92e74f9daad3fcbfc23b444144ae79617272febd8921d5da7df654c55a73d4947366f840426efc7875ab6cf3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\AlternateServices.bin

Filesize
12KB

MD5
ab672be86abfc028d76e2f16c16f5563

SHA1
62b7167972f4aadcf366de00c6e5937546742add

SHA256
eb18cb6ac9b10e925f79963ab8a0e3ae6d3c8a3ce983911b69192e72e7a57f63

SHA512
48d2b3898ffef7fe48526aa3c763d0a0439cbafa87cd8b15579a7d9fddb0604e9358c239c17daa6c7359e24c766efa16a21043a4288e5101d074faa578b35b32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\bookmarkbackups\bookmarks-2024-12-22_11_lyxg1hw4T5jXURaRXgX5wQ==.jsonlz4

Filesize
1002B

MD5
2e7447b0bbbd6748865b8f7ae490107f

SHA1
e8078861912e9cb3de68989ec14365e61cc514a0

SHA256
e2284d8562675accf56af50a74d81b00e2cd9b6ed932a3401157c33b43b8eb26

SHA512
7093a29ebb1bb5b44dceca71f96f6a5d5a4f359facb1a1cd4d8dbcfab4f7ed8773189cf44bf892d50b29fe0796c127c7f35095f556e3e45893dbbdf1809f117b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
11eedb3c4de31d62323a2dbaa385234b

SHA1
1c1aad13862df61047e4e85005e02f25dd35ea1e

SHA256
0c19fa856f5f2eeee622633847dd0b15bec1daf134b3fb74665eefbd816dc993

SHA512
22b8880fab3f6ba1fafa8334e280e8e8ef415a13a1bfd5d9daab51f220be248a10c8d81773c2d9d0db1945c0ee60a830cadf55c0d47968c41dff31212f7d6f0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e555dbc4d45a2624f6285beb54ba6a09

SHA1
e67d563d652746bfae6662a77330dc2cbdb252e7

SHA256
d43928ff3834927bf97c43626a012c9644471440106f38324ab9aa6d9564f880

SHA512
cb2a6b3f0c870b8e5c52e85a35ddc5c8acc186c5c6eec11bc887a5fc9c54f55db6198309ecad7f256eeaa16d54aa04362105be7e2fad6e1d079fdac9c1edc5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
41ec20f536c273cd1136004476d21615

SHA1
478f1e3338600dd5ad04f307c219426add7e6a2e

SHA256
b5d5c594feac5e4395af9ca4da8099287a825f60df6e738846a9af3f0ce14bbd

SHA512
fef2f7e0be7f7df4c24fc80d09108c0a8dc1ffd40d7effe14b86b8fd12dd5bb08b896f8bcf1b1a10ffba35fe1dee223218e91761541337cdcab06c3966420593

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4bddb020aa685be544f3ee471548ded3

SHA1
d72ba00aeb3308e098816784abf0062bcae98941

SHA256
819c775617322451933838c596aa3f4d649f86177e59817a73796641725534ed

SHA512
7b581e645c3ad083fff91b910f4752ce4e1356e6ed0ab9ff2cd410d32312f6772de296fe22eea201177b8dd258dcae8b42c1624cd215bc05d868aa467e73c4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
45KB

MD5
137d53485f043b1e2f65b68515e794c1

SHA1
e047f822a1c8d64a727228e6d93fbaec724a5b4e

SHA256
ef154b83a6c226f7b2f531a90e981af8f207745df231795eede149a40813ef98

SHA512
820f0d140e4731f89f31f37c7528d76e9a86ecb09de302f82659be2eef298a5832de997df0d402d8260dd0ae90ec684018457aa5af90e67fb120b52b7383b638

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
45KB

MD5
2a994cdf2f1c988b0911668fe01ca58f

SHA1
94c30fa670173c409ee7d92824b6f4ce6a2ff1ca

SHA256
02fbe0a62df3176bcaa380298887ffc3ff53ab8ce4943ba1bae733322861d8a3

SHA512
3f83fb5a706d5ed3fde1de247cb5ef956ed5d213f05f9594167bfe54c421784be418a49f83b82a6f9c382e3f0222f3374b5bd586b104f5715aae5910133ebc5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\8cb432d6-4f3d-4eb7-b62a-6f6834db1610

Filesize
27KB

MD5
0a491ac99ddaa58b8eb1e851077653b3

SHA1
cb2dedf28b3dc9af1c0b27b77a49805848645a4b

SHA256
f5896722c3ababe1baf0fdc50cdbdbca99a9f9f1fa4c069d4cb5cdbd5421c609

SHA512
bf52f56f53f8bc1d34d5fd00e82b7a79913a54ea1cbd6fc165058484dad8bbbb3c757d70db0ed3e68f1f36e09f46051aa66002db6690e5f7c67852ca69149ad4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\abdb42b4-ecd1-4a6f-bdf4-76ab5b9b6cde

Filesize
671B

MD5
53049b7241cd711c380deed75b7ec327

SHA1
4b592b88ce124faf0137751daff00f87fdac5117

SHA256
16a48c52886b7864887a28e9c40a4134040e5c621df5cec5604601e4fe49eb89

SHA512
f95f49a3aaec05e57eabfcca9e5e8425891866f7c414450f0b09ac63d368331c5cd4132a8a51e13b42cd3f4ef983c0950e7bd387c878148bfc4519988e7a18ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\datareporting\glean\pending_pings\bf15f234-e552-4240-b3fa-cdfec069cb28

Filesize
982B

MD5
13bd07e90e9ad343c77a134232a06e21

SHA1
9238a552fa28c5f862d058e2500192de4048e652

SHA256
0dfa57efac9f1e8be527aa1fb4dc9a5904907005bcb573826950375e266a85e2

SHA512
f5d552b81de6ae7c8c638d35eb4b544ffb4a673182b7076879fa9415d02a3bd1984899fd67472056d188d80a4f0a6ffe818156682d4447891c6ed812adbc21f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

Filesize
11KB

MD5
aee13dc5c3a2a03d68da32ca7011413a

SHA1
dd9c64fe9406d486ed0d081f9115ac16cd3ab9f5

SHA256
aca9cb08fee265e4a8637e25b5230fab28b60d6777b8ef495d2f95a9eafda097

SHA512
e18586d69600534842e7c3d79f263182baa1eb37f18f8c524ae7412cd29ff7b92dd3fb854a56a7fc2d4349a36c2035c99730d4d47e7ff98b0d46a93cb25661db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

Filesize
12KB

MD5
99830730f580b4317f7967f8991660c9

SHA1
dfd87b2a34e5e5ed811466d0cb5a396b2fd5f48c

SHA256
dacf56722acdac11c72b75433109c57e309191fa866b00dd37c66f0d9d08f545

SHA512
cee46cf2b7b284e5a2dd4d5022a7b55d324eee320a4e5f6043e10539595fee61f454fca181a9fb05bd8885c557c77d4e5758a884195cfa89bf1061b6e7a4180f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs-1.js

Filesize
10KB

MD5
26151ea1d19b54914c0d5e873224faec

SHA1
30b8a86b20ab585951b6456672cf4dfd44f2f889

SHA256
3ac875dd7988bd2377f7768f9647c9ba4dd6d3d8e41b570cc2d2762f6246f910

SHA512
fa1d57c288e00449f422c4b09ada56956f72fe9e131cc6532a391844b3abb42e2f53c017a30e0e74cb2a451ab5259e44e5c8bfd68814246672d4b7c985b48237

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\prefs.js

Filesize
10KB

MD5
91e9c731be2742ece704a55443186194

SHA1
5b3f0b7afeebfa890fb056fd2094d4a99750c38f

SHA256
47cd8851f903de8f65decf828c1ce4d6f8abfca033e9a07a3204d44e664e562d

SHA512
0dc2f5bda8e73b073e1bc4294db9be073d9ae7b5defc00e5ad5a0423a042111a0f621f99cc3f6a2862a6bc8bf8e2a04422c0212617c0cc31d63a2d89fd8ae23e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
de22ba8732cc2ae103b1849ebfea3107

SHA1
ec3588697704868de829761942f6b22cf16d1d7c

SHA256
54a9fa1742a489056ebc835dfa0d67bb0c755e82d47e1e3ce4b6f88421fe8d50

SHA512
4312ce9665ba324db5689cff0c74ec0d3ec05043bf10e99981642c2ff8eeeb41b48a49ad830035e974b57a41582f70f2a5893ba48f8cc91fb37e31ba653b61b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
e2d04afa877c52de5db2f42da02d919b

SHA1
1eacef29000315f4a282f88f64b407e4f4fb0da5

SHA256
7fb789369037716b805188852dbbd633ca7084426ef6f6fd6cccc043eae183c2

SHA512
143e1156a28c41ed6966524ffd74950b7b62a558016dece625ad7b7ab4cd8c17d09256ccf18d326f18e34e430055a7d98f3f8fda53edf1529c137f3caeb3b1e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
f0b075ec463693a1624ee0c0091934af

SHA1
4f77c97bb396ea59842b3f13f99e8f88cfc328c2

SHA256
26a3c04adee6e0b59b536aa0bb6e3ce2ea68ec6e1b12465e667ecbeeccb29cd3

SHA512
20bdda8979df662891c303768170b41c4b6c222d4dc691d7bf3668628a7f564277e095aa823a5111a5a72609e8ac8311d53ac8c1d4039d69dd69ad85a9559389

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
3975842e442d82fc6885710fd2839ceb

SHA1
4e5dbbef714d211769fa0efbd66b894a254c7dc9

SHA256
08fb54c610af9c08f448ce860ec34ed83e2d77df89c6025bf14fbe2ef31e41fe

SHA512
d47c2a1ecf1540ee1e35c82667fe78cd9ba01fbd39cc48bba984ce43a7750efe40055d5caf112a40a90757d9c52993bb170eddbe93ef3e1cad4effd30b818a2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
92b7510919acc23149d55f175af3f3b5

SHA1
a832eda91cda5bec015914df5ddae733c508beba

SHA256
e85048397a2ed15084f8166aa89bdaeee518fee798c004b770c499c12983a45e

SHA512
90a68e0cb7893fd5b8ba52c4b52de95d5fa0463f5739e7c2d032a05e1d4fdc00e2317b7dc9f58833593dfa241f25df4340fa7031f12073353ead51eda285cf40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
568cc84070702476ff1326b499fcecb9

SHA1
71050b888687661fe293b49bcbfc122a0bc5b04b

SHA256
687fda4f1c809574f35e0f19155edd84851acfc28e6c1db17ad2d354eca88984

SHA512
3a7c262daa1e5dc9eca747e8ae79abe4297c86553b7dee60c7179573cac8379d7d1fcc466e13bb1f0ab8ddcc7a76f1fe29e81dc3e49ffb509607552891ab4fae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k0aifmy2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
616KB

MD5
d376b9242ed6f320699c9dc01e64c0df

SHA1
aaae880b13816ddad698d208d382d86a02c1cb8c

SHA256
97fef5e860f1b1bffae6b6fff18b577c1a7a29b8694bcef600b59fe39497e298

SHA512
479f64f4c6dec82ab0a6f876112f1a4666fa29082dfdd3b042ddd2eaa20dd7448d128795a88162e5bb642473b083af8b45a749a510e99c8ba113cf9a75a8bef2

Download Submit
C:\Users\Admin\Desktop\F97A5E00

Filesize
8KB

MD5
375b69d08f5dcbae0b665b05894d8bdb

SHA1
ee64bb8f4ea26c25e6ae502790085ec29ae4e601

SHA256
9ea055659ae19afe84d3da1c15c0db0f6195b47444e84cc99fe422f9f7be8e7f

SHA512
3d55ea490f6d5b683b8404fd9561fb77ee3787a69b43e1cb5fad02e6eb063edcf6b4421a5815e5b6efb6227dcf7a29ae9b89d7aea6dda1fc512bf095b972aa32

Download Submit
memory/3748-1409-0x00007FFBD18F0000-0x00007FFBD18FB000-memory.dmp

Filesize
44KB

Download
memory/3748-1366-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

Filesize
80KB

Download
memory/3748-1389-0x00007FFBD19C0000-0x00007FFBD19CB000-memory.dmp

Filesize
44KB

Download
memory/3748-1390-0x00007FFBD19B0000-0x00007FFBD19BB000-memory.dmp

Filesize
44KB

Download
memory/3748-1392-0x00007FFBD19A0000-0x00007FFBD19AC000-memory.dmp

Filesize
48KB

Download
memory/3748-1391-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

Filesize
200KB

Download
memory/3748-1393-0x00007FFBD1990000-0x00007FFBD199B000-memory.dmp

Filesize
44KB

Download
memory/3748-1397-0x00007FFBD1970000-0x00007FFBD197B000-memory.dmp

Filesize
44KB

Download
memory/3748-1399-0x00007FFBD1960000-0x00007FFBD196C000-memory.dmp

Filesize
48KB

Download
memory/3748-1398-0x00007FFBD1BA0000-0x00007FFBD1BCE000-memory.dmp

Filesize
184KB

Download
memory/3748-1396-0x00007FFBD1BE0000-0x00007FFBD1C09000-memory.dmp

Filesize
164KB

Download
memory/3748-1395-0x00007FFBD1980000-0x00007FFBD198C000-memory.dmp

Filesize
48KB

Download
memory/3748-1394-0x00007FFBD1C10000-0x00007FFBD1C6D000-memory.dmp

Filesize
372KB

Download
memory/3748-1401-0x00007FFBD1950000-0x00007FFBD195D000-memory.dmp

Filesize
52KB

Download
memory/3748-1400-0x00007FFBD1B70000-0x00007FFBD1B93000-memory.dmp

Filesize
140KB

Download
memory/3748-1406-0x00007FFBD19D0000-0x00007FFBD19E8000-memory.dmp

Filesize
96KB

Download
memory/3748-1405-0x00007FFBD1930000-0x00007FFBD193C000-memory.dmp

Filesize
48KB

Download
memory/3748-1404-0x00007FFBD1920000-0x00007FFBD192B000-memory.dmp

Filesize
44KB

Download
memory/3748-1403-0x00007FFBD1940000-0x00007FFBD194E000-memory.dmp

Filesize
56KB

Download
memory/3748-1402-0x00007FFBD19F0000-0x00007FFBD1B63000-memory.dmp

Filesize
1.4MB

Download
memory/3748-1414-0x00007FFBD17B0000-0x00007FFBD186C000-memory.dmp

Filesize
752KB

Download
memory/3748-1413-0x00007FFBD1870000-0x00007FFBD18A5000-memory.dmp

Filesize
212KB

Download
memory/3748-1412-0x00007FFBD18B0000-0x00007FFBD18BC000-memory.dmp

Filesize
48KB

Download
memory/3748-1411-0x00007FFBD18C0000-0x00007FFBD18D2000-memory.dmp

Filesize
72KB

Download
memory/3748-1410-0x00007FFBD18E0000-0x00007FFBD18ED000-memory.dmp

Filesize
52KB

Download
memory/3748-1388-0x00007FFBD19D0000-0x00007FFBD19E8000-memory.dmp

Filesize
96KB

Download
memory/3748-1408-0x00007FFBD1900000-0x00007FFBD190C000-memory.dmp

Filesize
48KB

Download
memory/3748-1407-0x00007FFBD1910000-0x00007FFBD191B000-memory.dmp

Filesize
44KB

Download
memory/3748-1415-0x00007FFBD1780000-0x00007FFBD17AB000-memory.dmp

Filesize
172KB

Download
memory/3748-1416-0x00007FFBD1530000-0x00007FFBD1779000-memory.dmp

Filesize
2.3MB

Download
memory/3748-1417-0x00007FFBD0D30000-0x00007FFBD152B000-memory.dmp

Filesize
8.0MB

Download
memory/3748-1418-0x00007FFBD1950000-0x00007FFBD195D000-memory.dmp

Filesize
52KB

Download
memory/3748-1419-0x00007FFBD0CD0000-0x00007FFBD0D25000-memory.dmp

Filesize
340KB

Download
memory/3748-1420-0x00007FFBD09F0000-0x00007FFBD0CCF000-memory.dmp

Filesize
2.9MB

Download
memory/3748-1421-0x00007FFBCE8F0000-0x00007FFBD09E3000-memory.dmp

Filesize
32.9MB

Download
memory/3748-1423-0x00007FFBCE8A0000-0x00007FFBCE8C1000-memory.dmp

Filesize
132KB

Download
memory/3748-1422-0x00007FFBCE8D0000-0x00007FFBCE8E7000-memory.dmp

Filesize
92KB

Download
memory/3748-1386-0x00007FFBD19F0000-0x00007FFBD1B63000-memory.dmp

Filesize
1.4MB

Download
memory/3748-1477-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

Filesize
84KB

Download
memory/3748-1467-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

Filesize
3.5MB

Download
memory/3748-1485-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

Filesize
200KB

Download
memory/3748-1484-0x00007FFBD1DC0000-0x00007FFBD1DD1000-memory.dmp

Filesize
68KB

Download
memory/3748-1483-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

Filesize
308KB

Download
memory/3748-1482-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

Filesize
100KB

Download
memory/3748-1481-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

Filesize
108KB

Download
memory/3748-1480-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

Filesize
136KB

Download
memory/3748-1479-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

Filesize
80KB

Download
memory/3748-1478-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

Filesize
72KB

Download
memory/3748-1476-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

Filesize
220KB

Download
memory/3748-1475-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

Filesize
1.1MB

Download
memory/3748-1474-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

Filesize
156KB

Download
memory/3748-1473-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

Filesize
44KB

Download
memory/3748-1472-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

Filesize
52KB

Download
memory/3748-1471-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

Filesize
736KB

Download
memory/3748-1470-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

Filesize
184KB

Download
memory/3748-1469-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

Filesize
52KB

Download
memory/3748-1466-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

Filesize
80KB

Download
memory/3748-1465-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

Filesize
180KB

Download
memory/3748-1463-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

Filesize
60KB

Download
memory/3748-1462-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

Filesize
144KB

Download
memory/3748-1461-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

Filesize
5.9MB

Download
memory/3748-1468-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

Filesize
100KB

Download
memory/3748-1464-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

Filesize
100KB

Download
memory/3748-1385-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

Filesize
108KB

Download
memory/3748-1268-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

Filesize
5.9MB

Download
memory/3748-1276-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

Filesize
144KB

Download
memory/3748-1278-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

Filesize
60KB

Download
memory/3748-1282-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

Filesize
100KB

Download
memory/3748-1284-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

Filesize
180KB

Download
memory/3748-1325-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

Filesize
80KB

Download
memory/3748-1327-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

Filesize
3.5MB

Download
memory/3748-1333-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

Filesize
184KB

Download
memory/3748-1355-0x00007FFBD8F70000-0x00007FFBD8F7C000-memory.dmp

Filesize
48KB

Download
memory/3748-1359-0x00007FFBE1250000-0x00007FFBE125C000-memory.dmp

Filesize
48KB

Download
memory/3748-1358-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

Filesize
52KB

Download
memory/3748-1357-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

Filesize
144KB

Download
memory/3748-1356-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

Filesize
44KB

Download
memory/3748-1354-0x00007FFBD8F80000-0x00007FFBD8F8B000-memory.dmp

Filesize
44KB

Download
memory/3748-1353-0x00007FFBD8F90000-0x00007FFBD8F9B000-memory.dmp

Filesize
44KB

Download
memory/3748-1352-0x00007FFBD95E0000-0x00007FFBD95EC000-memory.dmp

Filesize
48KB

Download
memory/3748-1351-0x00007FFBDB5F0000-0x00007FFBDB5FE000-memory.dmp

Filesize
56KB

Download
memory/3748-1350-0x00007FFBDDAF0000-0x00007FFBDDAFD000-memory.dmp

Filesize
52KB

Download
memory/3748-1349-0x00007FFBE05B0000-0x00007FFBE05BC000-memory.dmp

Filesize
48KB

Download
memory/3748-1348-0x00007FFBE05C0000-0x00007FFBE05CB000-memory.dmp

Filesize
44KB

Download
memory/3748-1347-0x00007FFBE1260000-0x00007FFBE126B000-memory.dmp

Filesize
44KB

Download
memory/3748-1346-0x00007FFBE1370000-0x00007FFBE137C000-memory.dmp

Filesize
48KB

Download
memory/3748-1345-0x00007FFBE1640000-0x00007FFBE164B000-memory.dmp

Filesize
44KB

Download
memory/3748-1344-0x00007FFBE1A30000-0x00007FFBE1A3B000-memory.dmp

Filesize
44KB

Download
memory/3748-1343-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

Filesize
220KB

Download
memory/3748-1342-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

Filesize
1.1MB

Download
memory/3748-1341-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

Filesize
156KB

Download
memory/3748-1340-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

Filesize
44KB

Download
memory/3748-1339-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

Filesize
736KB

Download
memory/3748-1335-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

Filesize
5.9MB

Download
memory/3748-1331-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

Filesize
52KB

Download
memory/3748-1329-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

Filesize
100KB

Download
memory/3748-1364-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

Filesize
72KB

Download
memory/3748-1363-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

Filesize
84KB

Download
memory/3748-1362-0x00007FFBD35A0000-0x00007FFBD35AC000-memory.dmp

Filesize
48KB

Download
memory/3748-1361-0x00007FFBD35B0000-0x00007FFBD35C2000-memory.dmp

Filesize
72KB

Download
memory/3748-1360-0x00007FFBD8A10000-0x00007FFBD8A1D000-memory.dmp

Filesize
52KB

Download
memory/3748-1370-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

Filesize
108KB

Download
memory/3748-1369-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

Filesize
3.5MB

Download
memory/3748-1384-0x00007FFBD1B70000-0x00007FFBD1B93000-memory.dmp

Filesize
140KB

Download
memory/3748-1382-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

Filesize
136KB

Download
memory/3748-1383-0x00007FFBD1BA0000-0x00007FFBD1BCE000-memory.dmp

Filesize
184KB

Download
memory/3748-1381-0x00007FFBD1BE0000-0x00007FFBD1C09000-memory.dmp

Filesize
164KB

Download
memory/3748-1380-0x00007FFBD1C10000-0x00007FFBD1C6D000-memory.dmp

Filesize
372KB

Download
memory/3748-1377-0x00007FFBD1D80000-0x00007FFBD1DB2000-memory.dmp

Filesize
200KB

Download
memory/3748-1378-0x00007FFBD1C90000-0x00007FFBD1C9A000-memory.dmp

Filesize
40KB

Download
memory/3748-1379-0x00007FFBD1C70000-0x00007FFBD1C8E000-memory.dmp

Filesize
120KB

Download
memory/3748-1376-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

Filesize
44KB

Download
memory/3748-1374-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

Filesize
184KB

Download
memory/3748-1375-0x00007FFBD1DC0000-0x00007FFBD1DD1000-memory.dmp

Filesize
68KB

Download
memory/3748-1373-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

Filesize
308KB

Download
memory/3748-1371-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

Filesize
100KB

Download
memory/3748-1372-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

Filesize
100KB

Download
memory/3748-1365-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

Filesize
180KB

Download
memory/3748-1387-0x00007FFBD1DE0000-0x00007FFBD1E2D000-memory.dmp

Filesize
308KB

Download
memory/3748-1367-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

Filesize
136KB

Download
memory/3748-1368-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

Filesize
80KB

Download
memory/4752-3058-0x00007FFBE1260000-0x00007FFBE126B000-memory.dmp

Filesize
44KB

Download
memory/4752-3073-0x00007FFBD3560000-0x00007FFBD3572000-memory.dmp

Filesize
72KB

Download
memory/4752-3042-0x00007FFBE1E80000-0x00007FFBE1E99000-memory.dmp

Filesize
100KB

Download
memory/4752-3043-0x00007FFBE1C80000-0x00007FFBE1CAD000-memory.dmp

Filesize
180KB

Download
memory/4752-3046-0x00007FFBE1650000-0x00007FFBE1669000-memory.dmp

Filesize
100KB

Download
memory/4752-3050-0x00007FFBE6770000-0x00007FFBE677D000-memory.dmp

Filesize
52KB

Download
memory/4752-3039-0x00007FFBD2900000-0x00007FFBD2EE8000-memory.dmp

Filesize
5.9MB

Download
memory/4752-3044-0x00007FFBE1670000-0x00007FFBE1684000-memory.dmp

Filesize
80KB

Download
memory/4752-3045-0x00007FFBD2580000-0x00007FFBD28F5000-memory.dmp

Filesize
3.5MB

Download
memory/4752-3047-0x00007FFBE7020000-0x00007FFBE702D000-memory.dmp

Filesize
52KB

Download
memory/4752-3048-0x00007FFBE1380000-0x00007FFBE13AE000-memory.dmp

Filesize
184KB

Download
memory/4752-3049-0x00007FFBD35D0000-0x00007FFBD3688000-memory.dmp

Filesize
736KB

Download
memory/4752-3051-0x00007FFBE1BA0000-0x00007FFBE1BAB000-memory.dmp

Filesize
44KB

Download
memory/4752-3060-0x00007FFBE05C0000-0x00007FFBE05CB000-memory.dmp

Filesize
44KB

Download
memory/4752-3054-0x00007FFBD8FA0000-0x00007FFBD8FD7000-memory.dmp

Filesize
220KB

Download
memory/4752-3055-0x00007FFBE1A30000-0x00007FFBE1A3B000-memory.dmp

Filesize
44KB

Download
memory/4752-3056-0x00007FFBE1640000-0x00007FFBE164B000-memory.dmp

Filesize
44KB

Download
memory/4752-3057-0x00007FFBE1370000-0x00007FFBE137C000-memory.dmp

Filesize
48KB

Download
memory/4752-3077-0x00007FFBD34C0000-0x00007FFBD34D9000-memory.dmp

Filesize
100KB

Download
memory/4752-3041-0x00007FFBEB8B0000-0x00007FFBEB8BF000-memory.dmp

Filesize
60KB

Download
memory/4752-3052-0x00007FFBDDB00000-0x00007FFBDDB27000-memory.dmp

Filesize
156KB

Download
memory/4752-3061-0x00007FFBE05B0000-0x00007FFBE05BC000-memory.dmp

Filesize
48KB

Download
memory/4752-3062-0x00007FFBDDAF0000-0x00007FFBDDAFD000-memory.dmp

Filesize
52KB

Download
memory/4752-3063-0x00007FFBDB5F0000-0x00007FFBDB5FE000-memory.dmp

Filesize
56KB

Download
memory/4752-3064-0x00007FFBD95E0000-0x00007FFBD95EC000-memory.dmp

Filesize
48KB

Download
memory/4752-3065-0x00007FFBD8F90000-0x00007FFBD8F9B000-memory.dmp

Filesize
44KB

Download
memory/4752-3066-0x00007FFBD8F80000-0x00007FFBD8F8B000-memory.dmp

Filesize
44KB

Download
memory/4752-3067-0x00007FFBD8F70000-0x00007FFBD8F7C000-memory.dmp

Filesize
48KB

Download
memory/4752-3068-0x00007FFBD8A20000-0x00007FFBD8A2B000-memory.dmp

Filesize
44KB

Download
memory/4752-3069-0x00007FFBD8A10000-0x00007FFBD8A1D000-memory.dmp

Filesize
52KB

Download
memory/4752-3070-0x00007FFBD35B0000-0x00007FFBD35C2000-memory.dmp

Filesize
72KB

Download
memory/4752-3071-0x00007FFBD35A0000-0x00007FFBD35AC000-memory.dmp

Filesize
48KB

Download
memory/4752-3072-0x00007FFBD3580000-0x00007FFBD3595000-memory.dmp

Filesize
84KB

Download
memory/4752-3059-0x00007FFBE1250000-0x00007FFBE125C000-memory.dmp

Filesize
48KB

Download
memory/4752-3074-0x00007FFBD3540000-0x00007FFBD3554000-memory.dmp

Filesize
80KB

Download
memory/4752-3075-0x00007FFBD3510000-0x00007FFBD3532000-memory.dmp

Filesize
136KB

Download
memory/4752-3076-0x00007FFBD34F0000-0x00007FFBD350B000-memory.dmp

Filesize
108KB

Download
memory/4752-3040-0x00007FFBE1CB0000-0x00007FFBE1CD4000-memory.dmp

Filesize
144KB

Download
memory/4752-3053-0x00007FFBD2460000-0x00007FFBD257C000-memory.dmp

Filesize
1.1MB

Download