blackguard | hxxps://disk[.]yandex[.]ru/d/BC5TS0aFTHvDGQ

Analysis

max time kernel
718s
max time network
719s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2025, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://disk.yandex.ru/d/BC5TS0aFTHvDGQ

Score

10^/10

blackguard discovery spyware stealer

Malware Config

Extracted

Family

blackguard

https://api.telegram.org/bot6540906397:AAG08fPgT-V7I17vtz49STaZEuwqXqKshuM/sendMessage?chat_id=5445185021

Signatures

BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard
Blackguard family
blackguard

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000\Control Panel\International\Geo\Nation	VegaHack_v2.exe

Executes dropped EXE 2 IoCs

pid	Process
2344	VegaHack_v2.exe
4076	v2.exe

Loads dropped DLL 5 IoCs

pid	Process
4076	v2.exe
4076	v2.exe
4076	v2.exe
4076	v2.exe
4076	v2.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
542	pastebin.com
537	pastebin.com
540	pastebin.com
541	pastebin.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
168	freegeoip.app
169	freegeoip.app
174	ip-api.com

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VegaHack_v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	v2.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	v2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	v2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-100612193-3312047696-905266872-1000_Classes\Local Settings	mspaint.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\VegaHack_v2.rar:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
5812	NOTEPAD.EXE
632	NOTEPAD.EXE
6032	NOTEPAD.EXE
1420	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4076	v2.exe
4076	v2.exe
4076	v2.exe
4076	v2.exe
4076	v2.exe
2080	mspaint.exe
2080	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4176	7zFM.exe
6076	7zFM.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeDebugPrivilege	8	firefox.exe
Token: SeDebugPrivilege	8	firefox.exe
Token: SeDebugPrivilege	8	firefox.exe
Token: SeRestorePrivilege	4176	7zFM.exe
Token: 35	4176	7zFM.exe
Token: SeSecurityPrivilege	4176	7zFM.exe
Token: SeSecurityPrivilege	4176	7zFM.exe
Token: SeSecurityPrivilege	4176	7zFM.exe
Token: SeDebugPrivilege	4076	v2.exe
Token: SeRestorePrivilege	2328	7zFM.exe
Token: 35	2328	7zFM.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeRestorePrivilege	6076	7zFM.exe
Token: 35	6076	7zFM.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
4176	7zFM.exe
4176	7zFM.exe
4176	7zFM.exe
4176	7zFM.exe
2328	7zFM.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
6076	7zFM.exe
2292	firefox.exe
2292	firefox.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
8	firefox.exe
2292	firefox.exe
2080	mspaint.exe
5156	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 4628 wrote to memory of 8	4628	firefox.exe	87
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5044	8	firefox.exe	88
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89
PID 8 wrote to memory of 5028	8	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://disk.yandex.ru/d/BC5TS0aFTHvDGQ"
1⤵
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://disk.yandex.ru/d/BC5TS0aFTHvDGQ
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1688 -prefsLen 27356 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b7be63e-8632-4086-953c-9946825726d4} 8 "\\.\pipe\gecko-crash-server-pipe.8" gpu
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 28276 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5e50100-7f73-46be-952a-de1975c002a3} 8 "\\.\pipe\gecko-crash-server-pipe.8" socket
    3⤵
    - Checks processor information in registry
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 1632 -prefMapHandle 1436 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa0d34d-a465-4021-a43f-1e9f7e0aa5ef} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1084 -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 1372 -prefsLen 32766 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {779bf537-c330-4b78-bd83-edafd51dfc51} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 32766 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e99a29-b1e0-46b8-acd8-2045b026e1a0} 8 "\\.\pipe\gecko-crash-server-pipe.8" utility
    3⤵
    - Checks processor information in registry
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 3 -isForBrowser -prefsHandle 5564 -prefMapHandle 5552 -prefsLen 27125 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f47692-382a-48e3-8474-3d8c5b9e8d52} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 4 -isForBrowser -prefsHandle 5780 -prefMapHandle 5760 -prefsLen 27125 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afcad683-45c8-42c6-8097-9bd1be6c6837} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5984 -childID 5 -isForBrowser -prefsHandle 5992 -prefMapHandle 5772 -prefsLen 27125 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe38c0d9-e4cb-4305-913d-49d9054620ca} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 6 -isForBrowser -prefsHandle 6100 -prefMapHandle 6104 -prefsLen 27125 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc4ececf-97ff-4706-b2a8-df41ba401d1a} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6288 -childID 7 -isForBrowser -prefsHandle 6296 -prefMapHandle 6300 -prefsLen 27125 -prefMapSize 244628 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db5ef45-ca79-4e48-900c-2312aa960d95} 8 "\\.\pipe\gecko-crash-server-pipe.8" tab
    3⤵
    PID:2496

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4992

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VegaHack_v2.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4176

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\не читай!.txt
1⤵
PID:2940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Чит.txt
1⤵
PID:5512

C:\Users\Admin\Desktop\VegaHack_v2.exe
"C:\Users\Admin\Desktop\VegaHack_v2.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2344
- C:\Users\Admin\AppData\Local\Temp\v2.exe
  "C:\Users\Admin\AppData\Local\Temp\v2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4076

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\VegaHack_v2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1844 -prefsLen 27341 -prefMapSize 244708 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fa0c2ad-b989-4ad4-ad01-bec3d544ec05} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" gpu
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 27341 -prefMapSize 244708 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c0a5d57-0221-44b6-acfc-6071ff8fdb44} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" socket
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3108 -prefsLen 22958 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4b5609-81dd-4ddc-9fec-d1592cd57790} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4000 -childID 2 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 32915 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae046edc-a5ad-4758-97d4-99a85c87c331} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 32915 -prefMapSize 244708 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a14104-c45c-46a4-8317-2a5331841ed2} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" utility
    3⤵
    - Checks processor information in registry
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5396 -prefsLen 27304 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eea21b46-c0f8-4c6b-8085-fe21dc33e85b} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5276 -prefsLen 27304 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4cfc61a-953e-48c9-ac14-c7ddd146061c} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5676 -prefsLen 27304 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dc401ea-0c86-4a5e-975b-5a71e64f77e5} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 6 -isForBrowser -prefsHandle 5644 -prefMapHandle 5996 -prefsLen 28313 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72aa4e28-2a4f-4d86-8dd0-315bd26496e4} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:1988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 7 -isForBrowser -prefsHandle 6232 -prefMapHandle 5128 -prefsLen 34382 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdaac338-8160-41e7-b054-b04a231d32cf} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2612 -childID 8 -isForBrowser -prefsHandle 6720 -prefMapHandle 6648 -prefsLen 28313 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {702817f2-3416-44f8-9539-6a799b2d9edc} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6428 -childID 9 -isForBrowser -prefsHandle 6440 -prefMapHandle 6184 -prefsLen 28313 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75fb2f0e-9356-4af6-ac4c-6d755f595a5b} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6544 -childID 10 -isForBrowser -prefsHandle 6188 -prefMapHandle 6684 -prefsLen 28557 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {015988e0-382a-4f40-bb48-3a5e6da2e93a} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6760 -childID 11 -isForBrowser -prefsHandle 6892 -prefMapHandle 6888 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f590c5fe-1979-4089-9573-4026b7bd6810} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7224 -childID 12 -isForBrowser -prefsHandle 7232 -prefMapHandle 7236 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f524848-ebc2-42f8-b2c3-1e60c12a1b93} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7512 -childID 13 -isForBrowser -prefsHandle 7284 -prefMapHandle 7288 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3263a245-0a80-474f-8aa0-2bc356f5abb6} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 14 -isForBrowser -prefsHandle 5136 -prefMapHandle 4200 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3276465-e884-4e9e-be1c-728973c40708} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6900 -parentBuildID 20240401114208 -prefsHandle 6440 -prefMapHandle 6724 -prefsLen 34813 -prefMapSize 244708 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3c769ba-d251-4295-9e25-b594ead9cd2f} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" rdd
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8364 -childID 15 -isForBrowser -prefsHandle 8356 -prefMapHandle 8144 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f8dbcf-8fe2-413d-b171-ef0266870dea} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:2156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8508 -childID 16 -isForBrowser -prefsHandle 6624 -prefMapHandle 3608 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03b6251-8c86-4388-a921-b28db706f467} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8640 -childID 17 -isForBrowser -prefsHandle 8648 -prefMapHandle 8652 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c89bdc8-2800-434e-b9ac-1a8b9f2e3fbc} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7404 -childID 18 -isForBrowser -prefsHandle 7532 -prefMapHandle 1404 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d896567-63c7-4ae0-a5ee-b76faa11be21} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6888 -childID 19 -isForBrowser -prefsHandle 7288 -prefMapHandle 7260 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86e1e405-5d5b-4f0d-93ba-d75cc6f28967} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9156 -childID 20 -isForBrowser -prefsHandle 9168 -prefMapHandle 8704 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a34ab0-0572-4d17-8ba6-2ec58041e45b} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8804 -childID 21 -isForBrowser -prefsHandle 8796 -prefMapHandle 8792 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {394cd5a9-1f60-43d5-b124-fe193f410473} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:3168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8928 -childID 22 -isForBrowser -prefsHandle 8608 -prefMapHandle 8584 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0acd85d-964f-4727-b662-ae3eef26c9c7} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7280 -childID 23 -isForBrowser -prefsHandle 7300 -prefMapHandle 7560 -prefsLen 28610 -prefMapSize 244708 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0cdeb9c-bfde-4dcc-b7b4-bf2e47c3cd10} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5020

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Screen.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5156

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Browsers\Cookies_Firefox(51).txt
1⤵
- Opens file in notepad (likely ransom note)
PID:632

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\J67S.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:6032

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Files\не читай!.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1420

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\J67S_.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5812

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\v2.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
200075394e0d3db22765dce5efbc1b94

SHA1
1cd57bf3b78a401946617907e74524fbdf2dc6b4

SHA256
66b74c41cd4d82f377493e9672811aaa7858c2e53c466a23063d0cf0ad89d9a1

SHA512
3b0884863ccc9e78c484b5796f095c648bf8e83849d43f507945b01e4d65e01921d699aa9250b0d485d424651b07f36f61d733430244cc28d1154dff067f9b4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\doomed\12656

Filesize
12KB

MD5
1be2f0b1b379e167a5655eaa18cf9e07

SHA1
78544f94c69fdecf4fff10df31855893b85b8758

SHA256
e4e167614e782a0f3e29f1da575195e360cbaa09f5f7eb91a890e8eac0e7b3ce

SHA512
17dadca5d1465e238a9c334d41baeb4908ee2522b2470ca276b20fc5de812fd77ad85d6c5bb2e8f522ed9cdecab4a0b09b95375dcd541d3d0c7f54fe61da4544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\00E10B9165D70BBBB2E806A69D9ABB6253FA69E9

Filesize
18KB

MD5
857b14962635b2d23168bf3c83d563b7

SHA1
6e5a5b8a36fe22383570e176cd17bf7e6477924a

SHA256
d4e501cdaefeae905b561d4695d401006d3e3f70b59dcc04678c1fe93990c52b

SHA512
8e5542cbbc61d4b3b7f6b5c4b8b02528afa8f60e95632e8a92efe2a331272361a3a3a67e90265992ec1d94157562b77282a2245e3bd2c148728c23f0e981a9ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\0149F92D32FE844B27D962939100A7287BE169D6

Filesize
7KB

MD5
c8a5a59fa1db773f07f97f992997a14d

SHA1
918bc272b6d2dd5b0829620ef13e3c6b837ca27f

SHA256
1712a58722651c2129a77586cee20fde3d4897e4c32750f1422d9eca661a920b

SHA512
c6ff1e429f5b153b19bc64fdc7e0156c838d6b73be1c94c64478e610eae5f23de9f04dda188cf2d45d8a17221d2f24483cb4697187c742c9164c899b992744a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\04223EE65E3EE298967D859C15B911FF27425B71

Filesize
52KB

MD5
7df21f7fed8583af0122d5338bdeeb53

SHA1
14b5443e575d5f63ae746a29d30556c4f9c3b94f

SHA256
1f521b4229761bc0c94e597aa6f966bb1ba5960fa43c2b075644d6ff56fe5dc8

SHA512
e05799376ba88a6bdab34ba67c826702ff832852fa562a884cdcb9c91ca5138a78cb48c793f2fe0bcad79b61766c100973e7689c646bfc809f759b2aa5293d22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\0E8F452BCC9E0074189460180ACF8F9C64D7F331

Filesize
129KB

MD5
34f3e775cbb9023b4035be37353a253e

SHA1
ef375e60c3fba24ba5d27b73ef4742a3b07ad7ad

SHA256
fadea5e612b5e5d5382595e03197771b33b2987a40682c560d5893e0ccbb4a31

SHA512
270f2ebbf08bfd9bb0d1f5e61fc4b1b3764e80f7e09834d1f59a60b91ae01a61420a03bd121a9f89fa2acd3e1cbcdc80a5b3edc642e50caacc4d475e5858467e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\12254C22333097DAAB74C24E9AB7D67166A89C56

Filesize
1.4MB

MD5
2417a9ca1d35e29154c04a03addb0e6a

SHA1
5bd8eecd672c88cb40ba5190174b225f23c16f16

SHA256
eb92edff107010ec0b9928ece7ee72f25f4e0596679993da97c3cdc7e1d357c2

SHA512
6bfcc407d3d5e75a1a62c6eb0ca1a9c9ed2c2c57aa85e2cc1752c41f89e64d8bef6c347c92ca721366b0de439851189dad54f02d8010782e2cef9cd2855b4b37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\13514AEE6CADDE5B3D5551297037C31CDFA4CA4F

Filesize
8KB

MD5
503c53c23fe3581d936e30a34ff83783

SHA1
47990edd684516d7729a542131b98fb7756db8ca

SHA256
9c941c0c8bfeccdc1b2c0c66f508ed629a5cc8829e89598b597e13bc97e4c513

SHA512
20a0b4092c31b1b90abdf706a8a31def477986576b23403f193246f7d76d3038beb74c73f22664c94b7bf96daee2a9c69e0fcc41b700c51d85c83fea1deb03f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\14DF6E8EED12E14EDC7036C41204B7B150A4ED21

Filesize
11KB

MD5
534458a4883e296246444f08e54cbf81

SHA1
4fac9e85f61b3bf4043185614963d93306e81627

SHA256
f6ec6a2c53284280d21fb2e9ab852877a3d25f39528ab22a190fdc9298f10976

SHA512
ff968e75b783a5ae73ef61f4085feac110974e023fea7b715b892c8ad20ede2d7d617976dfecf5ce14b3ec22800e22d771b5adc42f43448170caad0b92bb0c91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\24D63220C631D36607864FBD6FB44FCBA26185D4

Filesize
1.1MB

MD5
95c212aa26eb79116b0c6f02e79236ee

SHA1
880a2d09c9d353d65fa583d4de83a8e105c9ed8a

SHA256
8964f1a824d12e43bd72db994bb1774c9207b820c8b2f66c733012970886efaa

SHA512
b11b4c62c17eed05fffb54eb5a676111b463194986c0a46a1909504dc866addce2c55ff044e222db39216a3036cab97435a5dafb4414afb75e3ff055244ef7aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
135cf37698706e68204a76b492439f97

SHA1
40b25bb9a146a7d2ea160b7b283b6336fcfca8c2

SHA256
a038d179f0829ccdca8b20346c7394f6a27d51325e759b7be9f8f60583f503d1

SHA512
f91fba12567f18960a2fbbfcf2ff99cd3a49f74892e59437474193f07f073209b7fbb72b0d308f3fdf879a76a157a291c22b29423f74ce8555c9050cd518f127

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\2921283D582B91B07AE63401EE8589CA688EE17C

Filesize
33KB

MD5
914e99ecbd10953ce9ea3661815a3f6e

SHA1
049bbef519d902590ae9b6a9a820891e562f3902

SHA256
6827ecfa4ad9f9960bda7c0c3e15d9d5c3c90e697bc0e462bc2dd2fb3847b0df

SHA512
856ccd99dfac3a31fd9a2cc1f32997d6c9d4f3a951a8e2c281bd6e2f8a538fa1785ae4f55311eae03ef5ef4123c7f7beedfbefcbaf6e86a17bb4bc377ecd8862

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\360B8C807267451CF27756F20C16A98A1C25634C

Filesize
9KB

MD5
3a4286509a5799b32002ad1ef73c2e74

SHA1
94f8e6be03f983e3b675a0518bb2698043822d48

SHA256
fb98d127afd6a357fd30e4ef1d831993e377a16d125a7399cefc617856a26da8

SHA512
46d9936a98a1047f04bbb7d4efcb3c69f0435eed48003a953aedb12f60284983f344eb1a5406f1dfa2ca0ceaa53df9b74dc5142d6ff78706208f56607c717c54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\3CAAF642482E082A151823F2788E4B25B20F58B8

Filesize
11KB

MD5
80538f76557c6cc088385d37a8eb4dd6

SHA1
42c8ce7d92c239c7045d6835a78d6fddf2aff4ad

SHA256
48175387052fd34c3e99895063f3627a387e002b4143b2ce5f0ae240f8456ee0

SHA512
4ff37cbebb64eb9b4f50ed817139198cd107f8edca4f02caac05d3e159b16b8f9854f2284c63ef4e05d358b8c0b991bde36e4717f3ab5dba63855c19bb34857a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\4223A8D42DB29F3D9CB0DD0B8C8B9A00475F28E3

Filesize
10KB

MD5
6d036816de3cdf97b37b3bef76c7f2e1

SHA1
e62dcc44dc00bc6daff8a9bb72e82bc896f27796

SHA256
dcd609da81e518e777bc02b0ef44295464d0e17a8f28fa93132cb6c808ca39c8

SHA512
c8b36f143a5320959d1960c25d4280200885d7e07d2b38d031c8f8d7aa969537f96d364f15f0e0160421f16dfcdb7610141ffb4c32e175f53d465b1a34f3be6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\45FD1B9BF8AB539F6B2301C11642C989BB4D2027

Filesize
8KB

MD5
31aae7dc9d1f5c695bc7736ca4b21fec

SHA1
5b6e27b154ca101d2b4e35381c246e43760375e7

SHA256
e5a01ff2707750f7d21622019c54c55ac7921d945679bb307e62f3baecfa5e76

SHA512
7e73dfbae272e71873f54a42d23e4d7369f76ef8ea8ca102b0c31857c8b333d242380e11bde75863d28b481a87fe9f905597e1bc6a6a02476ce148311ad2465c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\467A6EB980B5BE7D9B5F9BEE9537153A17EE1CD8

Filesize
132KB

MD5
d63e82ea2a9334272e3306be393ecb62

SHA1
ab691eca635b486dcb1459dfc459d1b6c0844595

SHA256
8dcf2dd17d8c8f9f540445abe552cc23b6e1410e545d0c20726d9db21fee99f9

SHA512
b7dfab7ef90448537301a3146c534173b494d51ca2a4a62313ed410e8469dc0de3096d7545593a6834ceae633660fc5ae4608ebe701adc1c98f328a633e17919

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\47CC11F7013C46C75751B74E943EF1D4AB7D66F8

Filesize
49KB

MD5
38f8f134f915c1c9270943cc13e0c67c

SHA1
b49744d844e78177e2afe80356999f4f273db185

SHA256
2748d6ee90d35f6450b8eccb525138a6d8adccc2f3d867b5976a9e70976decf9

SHA512
489bf39d076b04cc24e76a9783d3089ba909107853db962d1492dde1416feb9a157c695604db79b04ad3d74f1f5b8f51eb53cd4bc32daaceb9995b1f6a439302

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\47F62F8C39EDAAFF5A423EB94D0F7EA5D1F5CB47

Filesize
14KB

MD5
8473a30af4facfafd69f05ffd062ad18

SHA1
a1cfbf76372e6278e077b883edcfd91342dd86af

SHA256
327e9292a3a1cab96d8c0482dbdac33d5babff22dbeb8ffd64cf568e4e0bcd13

SHA512
a58761af4906522e6f3e303d109a792a14968a3559c172340dc1905e5486c623b249be4f5131fc03613ea7bdae1fd7bcd71d0099eb370318989a36d6b6517eb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
ddd7b087c3595c7c959a1e5135fdb11f

SHA1
b8eb0e5cd05d57d4379d34a5ae2f037cc6bdf853

SHA256
5c43814d3a38990b5c7531486188719cd1bce05709533402523c231601a7066e

SHA512
36bb7f817e9f2436ac001d29470a28a386dc0d1f5e6caeb9d014fc111301f44c04e124ffd74cdb1a2c555076712f1d6f0d9b742855b7bd1418d74c3551c04785

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89

Filesize
13KB

MD5
eb1194d2fed9d1453ea886b9ca1b7efb

SHA1
896777da4ae3589023bfcb9a157ed6d7cc90616f

SHA256
074b76beeeac99c25eeb08240b5ffa97b83fdfd4bfdb25f33b19ce13e3ee3d75

SHA512
53ee345e80486b0c53836446c5bf86f9099966820bf30d2a921adee9b9a7b26a9658fd0fd4ec429cd244321ad6ceb3f56a60e6a74fd1afca01f3fa4f44b5c64f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cache2\entries\EDAC60CE5AFC0A67828C69C14FC74887EB0DD653

Filesize
253KB

MD5
b0c6e49955913cebf299788a6d183584

SHA1
cb9b93e8d59f2438608f0e42f6ca7b80f7a803d2

SHA256
6e907bd101da3050402cca675594ab29215d8fa4af1951d48d740ae019b4beee

SHA512
57c200f691679f7221bbbccbc933745fe96d4f5d6e5efb56e64a8516d8734082bf712e4977b023977fe06a76f30d8ce4decfa8495d220bec9047961626737504

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\jumpListCache\+7wQ5RZ66ok6FImQe2mlpuU1Q1SzHQtx9lPXI5jeNtQ=.ico

Filesize
127B

MD5
6a1bd5e133a1c9961b5a72ad4787a4e5

SHA1
bc960894cf1af64a61df25d0ccc829227fd7c98c

SHA256
6942c07e1038f34fd00e52e606b2d5f0446ebce7984693e0556666f53ea2c1fb

SHA512
69ffcaff4bffe7f8a1c9aa9e02b1a0fafb48075138e09d942bc979cebeb3d130312bb9f55cdfc887f788ce61317794b12bae34eb8f9494ea7b91b0ba4d4e9567

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
9abe253ee7489216ca255a483e44d36b

SHA1
c2642b839bdfc11440b2978d8bcda611bc2fd7ef

SHA256
9965624622d60e11775e8078e6065e432a254949053d652b1ad56b7883ed8ccd

SHA512
6a9b26ae9e8762cef7c8098dbad4455caf33940a61ab2c9d3cdc72f09bc7219607c19c2bcfe7e3e58c2959efe74d912ebeeadfd92e3cb24c93b6598cbd4e0a8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
3c5ea13b655538a50027a5acd18eaa0a

SHA1
4aa18c6cf71a86db887872c630cc469716a5abf7

SHA256
da57f9def2e3a5e9983799df3e0a240ad60d8d3116adf16bba5019d5e021d59f

SHA512
60610a7e1bbb4475cca45544fb405c35ed15be291fef0d6a48ecc7497369ceb39163f611def860345cbd3fa6b5f89779c17d20f3c9e1393b3f6e3fe797fa4a31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
c181e15a0e63536ca62cf9360931f1e0

SHA1
343df19531cd52ee4169d6ae258970e13aa69c9a

SHA256
3beb6dad0bd6fd01c929889f8a0ba0c20a9635c508ece7ab907cef4bf8a3bd96

SHA512
29cdf4f31d8bc38f14f77190af9c083ff41d593bed315311fbb687ddfbc04a837abfdf4da1d10656de0bf2bfda366a5db80fba7acaa427d3b3ab7bb709d84e0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\thumbnails\eb6799e3ef9fa88c87e14cff84878989.png

Filesize
40KB

MD5
ce68ff644d650c0b16bd61195c5500e7

SHA1
8315692b52f689141a60fd4e608219f48b91f381

SHA256
2814416597c6ab14f87db26e604785edd2557678d3680f353aabc1c18ed299b9

SHA512
09c6167f438d5c17441ac2dc82b27965879264cdb80b27929eb733ed86443cd157d6d1878cc4d5aae7daea30e02e5f14db5a6c8319343ccd0318e9b95ce50b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
571KB

MD5
169b6d383b7c650ab3ae2129397a6cf3

SHA1
fcaef7defb04301fd55fb1421bb15ef96d7040d6

SHA256
b896083feb2bdedc1568b62805dbd354c55e57f2d2469a52aec6c98f4ec2dedf

SHA512
7a7a7bdb508b8bf177249251c83b65a2ef4a5d8b29397cab130cb8444b23888678673a9a2e4b1c74cc095b358f923b9e7e5a91bfa8c240412d95765851f1dd87

Download Submit
C:\Users\Admin\AppData\Local\Temp\SQLite.Interop.dll

Filesize
1.3MB

MD5
0a1e95b0b1535203a1b8479dff2c03ff

SHA1
20c4b4406e8a3b1b35ca739ed59aa07ba867043d

SHA256
788d748b4d35dfd091626529457d91e9ebc8225746211086b14fb4a25785a51e

SHA512
854abcca8d807a98a9ad0ca5d2e55716c3ce26fae7ee4642796baf415c3cfad522b658963eafe504ecaed6c2ecdcdf332c9b01e43dfa342fcc5ca0fbedfe600e

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
410KB

MD5
056d3fcaf3b1d32ff25f513621e2a372

SHA1
851740bca46bab71d0b1d47e47f3eb8358cbee03

SHA256
66b64362664030bff1596cda2ec5bd5df48cc7c8313c32f771db4aa30a3f86f9

SHA512
ce47c581538f48a46d70279a62c702195beacbfafb48a5a862b3922625fe56f6887d1679c6d9366f946d3d2124cb31c2a3eacbbd14d601ea56e66575cdf46180

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\v2.exe

Filesize
271KB

MD5
3f62213d184b639a0a62bcb1e65370a8

SHA1
bbf50b3c683550684cdb345d348e98fbe2fcafe0

SHA256
c692dfc29e70a17cabc19561e8e2662e1fe32fdba998a09fe1a8dc2b7e045b34

SHA512
0cd40d714e6a6ebd60cc0c8b0e339905a5f1198a474a531b1794fb562f27053f118718cc68b9652fef3411906f9d8ad22d0253af256fa1922133e9907298e803

Download Submit
C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Browsers\Cookies_Firefox(51).txt

Filesize
1KB

MD5
e48d556925e2092002736a830a85c68e

SHA1
5131a119d120036952fff8e1a54b009f778dd0b8

SHA256
ba39f1a9f7f3e327b5f863607ced101cd334c9602cae39052ed0056415e685ea

SHA512
d7b984ca20c4b1fa5fd6a848996622c9deb81a3e9a460207c521b94bc43db60f9a1cacd4f013475dbb7a69cb196be7801b02951fb450c8e11561227c9a06beb0

Download Submit
C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Process.txt

Filesize
413B

MD5
b0461042e723abf757204932f5d47b71

SHA1
8cd5dfc76743284260d3c2843d5a7a984e6b9f11

SHA256
f35c43c4a7a202fd6c4db279b8e589650e0ea8c0e94e282ae62445a4fb23a2f5

SHA512
ca08eb201c72cbb00a0aefc20b99d37085c7466bd7156e374dd8ab5649e4ff12b96025229bea4de0a8173edd8096dacebe72fbf9f11f8befaa9d06f8d8f3ae1a

Download Submit
C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Process.txt

Filesize
1KB

MD5
5eb56d6ce7b82d15b40122ae18ced00a

SHA1
756775b62fc3b4aa9b73143c2ae0557915efd7bb

SHA256
481bfd42af33c6050c386cfcceda4aad39a7c4085a43d8d9118757b3544cf09a

SHA512
357eb89dafe0afbaef42284f547e0cb38328603ec6ef8507809070e5711f99c412b964e69cba72eb6e6e4d9563e689db9b17e4fac8cced4f5afada41de7f5b06

Download Submit
C:\Users\Admin\AppData\Roaming\HCRYWLUVT.Admin\Screen.png

Filesize
417KB

MD5
887229dd0b656eea5206003cf547e61c

SHA1
1551ae8427cd3d63e9aee66ccab1fbabb01c880e

SHA256
7ebe5d567705e8fdd22bd80ea364893841ed50696564cfd127277b48d558f5ec

SHA512
d76e747b83ca39a428fc5ab725163c17a6ac9d54089caa2c1f8014ad99ed1e910b469349c66047081d2cba6ec777f88c81d6b39524893eef453e77679d7e5165

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
36e622b8e2f2f9073b585656b4af160c

SHA1
badffd7035a1039a02c6858f3a09c8f3cd379c55

SHA256
7cbe4a4f7e05c6ec70b97bcd6f83297bda7b9a0e4dad6c01a456e7dd816b959a

SHA512
4dc4689868615a49e729d5f85b8aa716bfe4131fac5631226fad116b7e001c99c8fbdf0feb09c3c4cc4e746c30be63f3f12e26c5074f76385b36dc8adc621c07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
d4d11f2f96ee0eea817776f92023e43b

SHA1
48b6c0fe40966eeca0d51b5cd3848d9ace1f15d6

SHA256
f7488e952ebaa4bce35aef6fa9cfe23384d8e2a898ad1fcea8c1afc70257fee0

SHA512
223f3eec1d1df332c7f4a70e8c67d6cdfc51d06f1067543e19fcd51cd9686f41f665c60a1d1181573d40815c1ddf5f504ba7c9a5224ed03fe098ae7b62ce8154

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
02088863ed428f7c82da31eb9eb29f1f

SHA1
85e076efa0109daefc2eb4ef8c74fa820f8de39b

SHA256
2e6aa0861ec8b85b5ef0b82dae66c6b42bf52f2f471fd3e783dc25c0b8075fad

SHA512
090831fa5d22682ccab1dd2e0fa4f4782fc91eb1a9fe59a0e673325d1d236eae95991624935e9d5a5ae7ebb5b25853f0b13437a74b8c3d6081cb6722db4df5bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\AlternateServices.bin

Filesize
6KB

MD5
6c66a72dae4078e8822d1857a011f46f

SHA1
5b3609ba8375c7b4a31b3935a44ed91427d13b44

SHA256
672d86e435de6c139dd6d57c8aa9503d00ce34790f57dfce01442af29d73f2af

SHA512
88d7cf628b62e413f600165bc000890391b5f311ae2108c140f13c29c677256c2b973963d5ba7c9b74848bde2a43fff99c20cf8198ab682460168820545b639b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\AlternateServices.bin

Filesize
8KB

MD5
b24e9bd0d51e33af511e73a5a23fe18c

SHA1
618a21b2fec599bdac3ec19be78d4b434de2a0f7

SHA256
b1144a87a5098b44c9e9c392f09bf48551d35521b4427c6b01e948351b9548b6

SHA512
8ef5fb1deca6e1c09ed9ba950e3c9fc0af96d9763dc0a4c8e78b138d02605a77aa96765f4c762933615e7d65ecd0e5cd3948398bf19056cdfd857b79d54a140f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\AlternateServices.bin

Filesize
23KB

MD5
e8c28adad1c52ad0c7215fe4a7fb4439

SHA1
f7aae362dd3bd4dea1ccdd46dc454cde064f9b1a

SHA256
3b039bea2439310c856f55b55d08918779e52cb1652e98363d5fa535e5e28bd5

SHA512
90c0b8d2bf24cec13b4ac1a3f45abe469b1622c02c4e700af06f8284b42abd624ca313ce1f6cf724a57b7ceeb4702b3a28d7ad83aefffab6c74b27a4581c811d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\AlternateServices.bin

Filesize
6KB

MD5
ac4db27d6fe4d545131f0681881eb5cc

SHA1
58b703abfdd7b55b2e4167218296cac3af730949

SHA256
8d936d1a142c2ffa6145207a783ffc6943bbeab9c9e4db04747493e019eef223

SHA512
97494afe184d000135b027f468c8fc4730988ff7b9b387d890386ab616d26d3552d47efb0646b03f1e59bab6c9b761fff9dda2655e3d519693fcf47c82f8d7d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
add6206a4e6690d1d09d053cae6a8479

SHA1
f47caf6e10505c4e4cfeb060641af6238c5cd2fe

SHA256
79b76fda69d96ef3bd5e7ef44d95d76e22b32b0e94d0f4954b3c91382eef7398

SHA512
bfeb9d8911f68398d6a2de31f1fad62a82c06249a401d1a68029edd3e6accbb8ee5fa50062d385adcc252b7d0f9eb71d173333e2abf81f698844326c52a1fb9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cert9.db

Filesize
224KB

MD5
7600d2da30f71a886519ece3786d0860

SHA1
87ad7abfe85344697d83a6333d509acb7cd64c5b

SHA256
32577327c248a91c1b33b71705ca62a9bfe229a049d134d375bd805f72a87b0d

SHA512
cc207964fbfe94f5309bf480ee573fcc4814d93cc4da4329450b973ee19323ed4b94e5a80bc9f585365ffbdcc9132ccb594d469493348ebcced32d2bd77a7b84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\cookies.sqlite

Filesize
512KB

MD5
dc1e2b411fd2498de6882b785902d34d

SHA1
01a13d17247cbfc9dda711447ea00aab79635df3

SHA256
20d3ab557059175072a2334d912e130fc510dfb4d1f9040035385af5f285b488

SHA512
787292a7c56ba95b554822e1622c4a33d47364be4639f1327683b5eeb0f460d7bc1593ba7122abda3fd0498122a98c2679bd7e598cf8d80b7bb934ca05597ad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.bin

Filesize
55KB

MD5
854d09cb9773b3c91bcb038fd041e6d2

SHA1
b9c1d9dd3aed7e6ac6b356121f1511825b5f4708

SHA256
9d5b07866a20c6adc34a3ef1eacb5cf9dd156263d9add769540c806f159070c4

SHA512
7c34a088b5db955a87acd83178c8faed9957fa318c203b28b11bedad151c447b87926fcb8529734e3dfd558c5db11d7aa2ac84093798595e84da90e8a49bbf5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
54KB

MD5
c6cb2274ae183fe01c2346bce544e6a1

SHA1
36be6abcb8387e288a9231fbc9f2d478865f990d

SHA256
c76cc7a98440c38b704cbec67de5bdadf5ad63b51255caa3e75e36769e4852cb

SHA512
67d72abe13521e083a690f1b2c0586d2d0dbb8f17256c26aaed37ca690713499b5dae5d2fea0a75d776878f270abe9de710d2c2045aff30b798f38153d711f2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
0da1d9e552a5a29ee4fca4573e877022

SHA1
1ae6cd719c85e0b06aa36338ca52ecab53824ce6

SHA256
4407af1ab05acdff6ddf32aba7038e744024575f498749e0ce6872c22a920042

SHA512
328262ecb9e868580d024660336b0884c7915d926cadb18aae87ed8426dd901fa1938ba3453bf6686c1d11d5f10932a2dea3c5fa2cc601a38d97482ca8cd4b16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
423cbb0b4489a264dc11ae0e168c50ae

SHA1
046770bd0ee6976a90033e0399f2fc35db926a5a

SHA256
e39c0bccb67c5a2400d1072ee5c39150a82e87ff45fc2ae93092246da5d16b37

SHA512
12eb57f83b31549318224ee1b3f89ea5d072134a8fd46a5c087cb00e6cdcef3aeaea770e6adeec0039b0a5afdcca1519a05781a4ccb3199ac2eed6712a27bdc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
56KB

MD5
36d2b3547ad93dcf358a8ee89214e16e

SHA1
883e35540f7ff1d596507fd7cac9dee97d6326a5

SHA256
9ebf2837c4d8990f03b5d9d9319ccf105da40f9d909ab93cd57ea36f3ff7fa82

SHA512
f1c4b04a3fae31c59622ad4cdccc11b06486ba13a75094c38a943c9600224012a308c8422a9d6bda53733fdc67de0fb815356460de4812b0085378099059627c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b95ce2498e8d38a49f3ee086bed5d0bd

SHA1
a930467acfa655079d4118dc8c5e64298af8b2a6

SHA256
53e65659186103511135fea4aaf4f5440e8845ff728503f74f69d6e19f0b0981

SHA512
b19cae9bb013136c34593f0a808319d674f3ec03c204d28aa05b07163484446051c684b26a6e527d27d7819f9ee8ae10927e41128db347ee18b8511b0c189f06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
85KB

MD5
dee0fbaee58400a3350880767592ea35

SHA1
b88dfc1f1042f88552bc38a9220f97a0b111587b

SHA256
e1ec9870ba629158c6a7bb91142c4b7db733afe0a76a856e2177046a3bca878e

SHA512
6eeea7959f08805b364a86d5f2a42964cf06c071cd65f7fb2b9b768bedcea5cecb0912a062e916d85abbd36d53e4ca25b5014f39569dc228550eabda42b2f15e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e291ec188c50013d856bb7ddad0524de

SHA1
4cbc342f67671ea004e29bf25e4335e8fd4576ad

SHA256
5373d915317a8986702fd3d5e581b62f466ed3a330ea9f9bd7fed28b19c2c0e7

SHA512
97442fb1863c0a42ba8e1c77dbf1a2886eef02323503face24a8c8c654534986b4d9080d66f5b7a965244ee028e26fd0d42adb0d451bbd4123dd896dbbf32cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\events\events

Filesize
512B

MD5
e739a417fc2574debd86851547048eec

SHA1
6664e728df6bf0d515e554583caab6b2791bad31

SHA256
61526fa82d6b406f3f473624115d2b0d4fb3897fbd22652d32036afce731d980

SHA512
10b36bd9419347294b4ad1fa16b62feb24c1dedfdf7a06e1f0df95e9da24a6c189c79e3ba0b1cf7eaee0fa705d2f330a304017061eeb4ddccf6c9614b0c2d6f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\events\pageload

Filesize
354B

MD5
ed4afac7ef19ab79a4a4a392aaaa9c8f

SHA1
872a0611c80cd2c8a9d440767ed8389be5de217f

SHA256
ce14c8380d11dd955afe453954a55fee48d54443c0cc4653dbd1ab385f3a566d

SHA512
19ac8e475a513e894aa7c8d44fa2b0eea548ce358c67ecabb150d5292b8e00f15c48bc37e9d015524087e646ef1031b4731cf9830a97e06818fa091789d7faea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\353d7442-9a22-4801-a202-8c8786d18e91

Filesize
744B

MD5
882ab00b07742fe1868b28b080d4a497

SHA1
e71d73788826104ab6e9778caaf62485d95948b1

SHA256
1c78b4a68f034e7600121ffa6636dc00311f9167abaa2820e0372fc6e35e7443

SHA512
42fe9e13830cba7e028893e29ab27def586b63728fb238ce402fb7d932764dfd64a84b65ad33b4452958c0a9ee2f3858ae589410b13006c986e3505d45169712

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\5619974d-1c68-4490-9ed4-213fc4e87b89

Filesize
671B

MD5
c808d9c8365646d8f2173dc0525998a3

SHA1
6fd2cc942b6e057757743305a7aabe1652dc2498

SHA256
d5f1da2ee9d6713df9bef9fff8acf2962981ae828a0c099c5ed48cac2869bfc1

SHA512
7dda58efbd76afd749b29227d64f117011df3c79b20aaa8b291f49366d937aee35fd0234ff1f96d05f9e7b3048880a4c6e6edb70399abd6668e5b6f1066fa63b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\68b5d734-3c3a-4883-98ac-fd29b363b593

Filesize
1KB

MD5
b2a343c6b9f9cc84589a451a6b675bf5

SHA1
75081351c6956854e8c3141d3026f0499fa8c821

SHA256
895cfe454995057b64934310be35683921c1da74494ce06883855a9b8e29bfc8

SHA512
81679640eab87d0ae7be851ea6c5429f75f7479fd667cd12bb82e29213a175df66d798997712488fde6de4b877e33eb430e88b3ed8e77035228bd139a7ea681e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\73670cc7-bf75-47af-916b-d97c7f5ea03e

Filesize
27KB

MD5
e5e462bf050660b5951b3b00fe63b333

SHA1
4cd763dee0353dce6cb4099bbf91bbd0c47cbc3c

SHA256
568a04127f3f741b86f0b3e9ac22254746927fa44584c58f82ce0a3b2f993cf1

SHA512
dcb343f84c5dabd16a15c647023e19f182f086d3e5c7c159528ce010332c3fb2721dba48834b1444926c06db2cc70444a0092ce324d02c39cc836e762c5d9f58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\9aabaa79-96d8-4397-ac93-623ac4f4e787

Filesize
717B

MD5
cc1fae4cf45d014d1d7031346d6f72be

SHA1
425693b55c0c7e2f7ab29236b6390830ffddf451

SHA256
5f48ee40b83352521ab81df0b2e224620fdd95b964928348bd2381de5e5afb9f

SHA512
7bb9dbbd5453bb464b0d666bb555715a61ecb172d286097307ca5d9f36ce4b5b56dddcfbd6c9c48346ffd805ab9d5422820d292e16c3aa74e6c1e3979bd728c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\datareporting\glean\pending_pings\9c07363b-14e9-4489-99d9-192f413a2317

Filesize
982B

MD5
501d0f7910634508c2e5b7fe41397d6a

SHA1
7fd75d9f128d497448f5a48eaf96061eb5d03a8a

SHA256
a5eb4f8ada6ce74d30b7a1bb4da6885a0040e8298e8b83158c69bbf64694d636

SHA512
93fad301c37c6dd3c618adf048456d40b2bd838e3e9a9160c304b50e59b8ff50299261c5b2ce66b953dd1d530810c381494f339ad56f9503364f38588363527a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\favicons.sqlite

Filesize
5.0MB

MD5
b770723e8d885533d0a78ba91fb43850

SHA1
f4ef351fc00b2330c643460308fbeeed6aca0a18

SHA256
5700e80ac7a32a703f5cff1bcc936cc658476b0c60724e5299887981d70d4588

SHA512
6766e1c3f3c9dc26dc7674b27285d78727f410d4cdf0bd1e8a92009e9272a531ebc7ec88d5149b4f15469a411e66d3c67f0224fc7483e9d31d2afba2e273045a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\permissions.sqlite

Filesize
96KB

MD5
ec92a6c7d522ef48eb13892e83f274b7

SHA1
cfef8c953555f125fd25029675e1101a17636649

SHA256
bd6ff4e40f110e8e6446d5988b39144a4e4ea0c1cc0ecbc6f9e8df30fd9d4b16

SHA512
0fe9fc1e68d05664e2658bb2ea392f54c8b621df9d177d3693ca7b1099fb410d4a756e43d1abb535966c393cbc5183d1ba6516b3fa2026e8c5440725eb29e37b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\places.sqlite

Filesize
5.0MB

MD5
a98f55e9d7fedc593a0a4f15260c1bae

SHA1
79f0f04e07694783c1dad33addde19d3e01805c3

SHA256
e9be8c002347dd5603d6703b5cfdf726e3fbee01a9d9e082b7662ffd0e7dee28

SHA512
98940cfb7cf7679cd4611f06c581430f53777021e3d8248833e1be1eb7c58eb1102d7616e20de8ec6104b9d53fded9119beccba1780d7853324ad1faf4111a25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\prefs-1.js

Filesize
9KB

MD5
5578f9c860528220043a8e495c960d3f

SHA1
ad3902d799bdd1bb090fe9459c5eef7d91da2582

SHA256
9605480663cc28837e3823fa90111386924db233ba804622056bcbc01d209c85

SHA512
d3a183794ce94ece7234f92084a7553a6d1320520a621aede6bdd4912a4d997b3a747942c04ef0fb0a9cfc0f504ad8c555a19b740a8f82d9626e1cafc882f08e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\prefs-1.js

Filesize
10KB

MD5
4bb27cb10272799c8d34031bf93b3dbe

SHA1
3449149a12d9672c56034321e83a871c902365cb

SHA256
b84a533f01f9124d7ec7d1313fffb372e773704ab4842d281cdc79364817fa8f

SHA512
1338ca06e2b696bda347c9e619b1f2864a373ee0de6f162335be5cd0ff524f9514045a56ce6315ca8d8e682c64b58d13676e9921fac2280bcf0c14a159fcb640

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\prefs-1.js

Filesize
9KB

MD5
c3ed99ab0e1f491fc43eb9d257a6c5a6

SHA1
0c817042237a9ab77a1b746795312dc364e22b76

SHA256
826e64a79392073caa08e2ae6e1eb44f7e8809c8400d0050ca5bd992f8309f7f

SHA512
77b6c094ade4b80598ff1384dab110ab1ed7c9c4f857858ef1e9e3cc08e166ea70c57733e7e1253fbe6891e33bf56212747cbccf090bd2913669f8b552765c03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\prefs-1.js

Filesize
10KB

MD5
38dceabe8b977e553a8525031fc802ee

SHA1
1d86fcfe1a727f4d6e3f89727308a0620a9aa599

SHA256
5ff054abd42fb8e659434cc393bd840fec21beacfd8aa9cc48852fd3529cc6db

SHA512
e27f7984fb8a5097932d75951945fa6d0c5736c4e773d9e322a1f191e21014f7b946b6d58e8ae21ed3b5d4a1bf763f21eef0f71d18aac0b3100907797f9b1587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\prefs.js

Filesize
10KB

MD5
84a303be73a1071b9bfaba925a1cd165

SHA1
757eb7c4b17f62498fe27e75a1f53ce974cf9204

SHA256
5814fc4a96cef3bafa242ee31eff6c695d41b0f76e30ccb4b8d0d389d71d44f9

SHA512
a12b98e90e8aad797f6cc2c1efc80b1aa6f3f5b3422d568eb5882fca6b2a991661798b1260f4c358f6f0bddbf5d906c78b8fdceb5a6fb9e05c833b3bb57f8b51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
5ef9b2fdf13a24f3fff38291fa3b3969

SHA1
ec37040d4660dca6eb003b19862b191462922741

SHA256
cebc70dda9639dadd85f66a21c6b9be58188e1cf41255ffb867a058de20c5f45

SHA512
56d71b704f104c3669dfd78f769ac3e253079be5b1dbeeb3a8defd78442d10ce41dbfc45797ff6da7152ca1745109bd5ab5c087e2e641c05f628b472c49d9746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
5287d6ffc69679b04568570af65789ab

SHA1
c18bcf67fe0b6680fb938f28aef1cb1e0913786d

SHA256
579a6c6c1eccbc5d079090d73d63bf66e1747687ab81efdfa45bb796d454fbc9

SHA512
b8c8b05657d2999a20e808c5cc9be78ff8482b1698761923653e495fc5f04d2bd3be20579700aedbfb7fc89617d81e223ca053846c415b975bc30410434e7798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
896904c2614349edb7da1b3ddd7bad21

SHA1
1a92bd37a63e47c87fc35aba77bcd86b2414981f

SHA256
f6e369232152c82d44b06f56cd6d367bfb37d0062141bd0a34772bb75c6fbf74

SHA512
7eee44d665c09ee7806c8be590e1146a8b47093fe4504f6bdc03de0b69f20dbf58ad3505018122801e6ea2cb9aca389b4211c4a8082b0b7178241048ec35c2d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
c4a44e6419162337f950d43a6a99c17e

SHA1
1147b65156a45a6998495dd53624fcaf29074389

SHA256
4685640a13be131eb0022a5fe330463edb583e61930d283ed4d7f6f32d702c1f

SHA512
2f45f62bb63dffcdb45235a839802d9fc54a99bede10758a7982fbca4d1d614b698d254f3ecda18cdf653193be85c2a35bf98acdcf1565065750644b7a3b0fc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
e787f9538d83bf77b46c07bc16e06e29

SHA1
96636990a70563767f98176c5715c447c0b5ff4a

SHA256
78382d773cc8dd37273f24cf726f0dc6c8f1407088f0f17b9715145fdb366e6d

SHA512
ac8b7871926e6a1078908f16506f088d09995b528bf5f69310a7cae325ca763abb532411c4d8ee22ec5fd7563c2d3c27fa1ad06a307ec5ae11c629a94c3fc8b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
452b9701a4ee2068291e37487e21263e

SHA1
d3e7e52a0ad96233eb26a82f6b6f81eec5fed91b

SHA256
41164a60cc53d52b2fe4c1a9e199383b2eb6e3c7039c1f2c491512ecae7ba5ee

SHA512
4c02f6c8075968124ae6b66a4528caab34883db76822c8d75cb61a618c9040149a2976672db40fd460965ee8023f7e6d2f8dc0517f5da8b8f2f036047685980a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
d6daac206252e519096a219c6e1d7494

SHA1
ebc0b7eb0ada7abf2f416b02dee11907c20c1584

SHA256
a5baaab7e799775141f8f5a9103f1624decb5ee62239c537da643f4904ebed1d

SHA512
c898a67c805de0bba0f4ed9df88167f6d7c5c577d7d05767353aee2adb67a0e198827a8b1391d19c2e8145ac4b330b260b07a932afd3928529d405fbc0a2f752

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
904a7916ebee0bb197b43c6b04c86eae

SHA1
4ad54a3b4f7ecab3fac44b71c3d840c8b9bccc74

SHA256
113b5a3727a9b054b554d5e244be1490b4917d50724324f64f3df4c85ebffb15

SHA512
804e4b6adaeb22c072103045af931c8ac5c1bb0d411c225cca37836999414963500270db64b82cd8cc9ae363b24eaf7411d33336d441b8ff0c35deca1ad0e8ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
5c49d326e18bff7b8083cba97df14e65

SHA1
2e9de875fad76d3570269fe45c1c7576e50763e6

SHA256
78e1cc39f38f10520fd59372e2de59f766b00e233986515543f360976a2e4a98

SHA512
3b720928456a142ac585d9003f664c345aa1ff5eeb0a38205384034d93b16fc2c33a63d8bc8f7ab0b3f068e0d4d4823406ce66036269b101234b2e0ad03959f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
8e9fbe517065bc12d8a0721d0c1b3b39

SHA1
204ca21d99fc3d30dbace485da8b657f331f26f2

SHA256
a52f34d747d6be11a7d17002f211c7db664070a39c0647039622e254622192d9

SHA512
e29a335093996c085501d389ce071a81a2a64c2bcc943e9cd5245e60064ffa7dba394b50e4012f4057e0519273d8dfe0959bbb970d6bba8ff991be56f929d426

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
a0e40e4ac61cd57e97eb5b454efc0700

SHA1
36bdd91704642ef528b638fb9eb7f64f9f2bd249

SHA256
376f1c539db6141dafebd348019f906a532bfe4fb59036d3f5fe285d15e22beb

SHA512
fb7585a3444d3882cc6481e84abf34afbe5edce1e18ba681add26b906d15929f733d1ea1f5313cd57712bbe2ce3955f9fb04c2dbfd909aaf0a9e19ce1fe4f8ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
48cebfbf96d90b1076c114ffed26441d

SHA1
cdc4005ce60e091b185aa012510c185ae5f2aaa8

SHA256
6952c0588bfae9feaf3b64edadb2452054045ea6b62e4159ebab32dfc131f566

SHA512
4422bb5f4208e2e66906b5345876aa626dd44c59963cc9c7fbb21eb46383c851460bd384dd524bb00a02d24439c939558519298e92f6fcf269298b3931c99cd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
f9ae7c12950b586b6cd8b38b40eaf5d7

SHA1
f508d28191e64613fe9dd884e3baadc8aebd9078

SHA256
67db5fed647f80d569d152324cae0e66ad3e2a86ad7e99351916c7789757e048

SHA512
bee474ea023e88236346b19eb0e5603f8d38d302541071a103ec06d96cab3f4390c8e11bcd7fadeaf25e35609771091a62ec0e02e74f65c75b5f3eb8a3d8cfeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
5d566c8db2e9c800a60028e0509daab9

SHA1
e7a793064fb6d8c860574fb78698da031ddff29d

SHA256
7e1013ef004e294719760b8f46ff991f626738abb017692c8ff67071cc0eaaf5

SHA512
54238300aa53af3f81c072a7793aab7d4129861d88d921e0e7e1c11b8cbe2322a25b0ea26b5b4fbcd7a56bf60d56b2b8a9610740304a19c98bb6d63c22f1c020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
9351670c756a74fecf8a52d868f80577

SHA1
f348f933091d5f6147fc6c238dad6fd70ec134cc

SHA256
99edb0252e971766498427b749d03845ceb4872cc4ba2730bed2ff0de8ba2a25

SHA512
e48da8ab19072b9eacde78729cd02e715296490499fec824201e5a13335fe6fd2313db058c57acca231f9e8bcdc35e111ca8fd58c8207256ff9daabab689c591

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
e3dddec3764df20a385113f6becda472

SHA1
00571d77e96d10acf135297493a4538a37f3cf78

SHA256
4892e22817d47b8fc88078c7c3f3f68a9f389be2526ee16717712ad0124188da

SHA512
f5fd0fb1859b7a83ae72b6b5f9a6256ec404f3a51ba214cc8412f4a1e1e13b97e0d17b8cf59ea51c2fa315877bb59e2ad31a9679c7af39b3a96fbd909b30166c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
62e38734d2aa54c70e01730d3f4f67d6

SHA1
6589b4014898bda3807fd89c734bef76cd3b4f8f

SHA256
bc9b88606ca0f886f1755f525157972b7c6e273084327ce31ce020c255742866

SHA512
595b85596314dfef86a60f3739ea3edf230887529fca01b31819198ff012b84f3ca5934175cf9736f0c61f63e3d4cde8d5a9b1ff1ee32be34b80a627cab2b8b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
b17df1c1f6a22bdaf66828c559b4db81

SHA1
7d21f291e76cbfe50eef45e0507d45fae196aa72

SHA256
26e429fba9f7bf9f0279977510ec0c639dd2ec03e8bb14840195025e2ac10a3e

SHA512
41a4390956720648070e0f039c173beaf44a261572639a84cdeb8cab5ea59f1870638450bb898ecc45c750a13c4b171c4bdab154f6e2a2a1c9eec231ea4925e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
19becf3393110783e8c6ff026bd1eb62

SHA1
2740fc36828580711fde83e3ad665a7ec353e467

SHA256
fec3a4471670048830d0b23d8745a111d4ceb79d25e389eba25363245a4af254

SHA512
8051d4c78276495611553d901983d84d122d6a28ae76b97eb7b1f9fbba716cfa6d1683d73af388c02e3cb33459db57275152d9e965d1c56ac3782d17e17d6145

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
19d2b6b20802615718cec9eaac3c22b7

SHA1
2826bf16699d7255dfd88e042cecbc5810bbac54

SHA256
ffd43a19dc84184a695e7e3e1cb8916d8f899b3759149c3e1691d0d7f7d0028b

SHA512
f172ad970a1c7bd4e70e4733c28fff716f0f294e97299903f775ae299a7dbb455570cbe4f2790259b1824824fd8019a3ecaef2e83f83296547acb49cac18173a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
14bf6638662b4dbf4dca30107cf86aa8

SHA1
2db251300314e0590a7ff57ae2b4aaef03289c87

SHA256
6e6769ac3b4b0139e1ed7ea99f6c26e26701764065e6c8f4e74844402f2553a0

SHA512
7e38b152d4d4fbe5eea96f2b8eb1ee4cc16e17c95cbba7d361542826f13fd77b64a0c57713558185f6171b66eaa3c85b972702a8b2a07acd6149dbfadfe0e977

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\storage.sqlite

Filesize
4KB

MD5
469152f6b98e40429a7ff0ed132a942f

SHA1
579281a4afbf1b33b4cacd0a9dcbcbe4759815c2

SHA256
975279a88269167edcf973613be33c1b007ab3f2e5a127291ee0b7af34117c7b

SHA512
85a06eb4d9ef9cd53b87da74e936f04b989254bebc5f4cccc56a6c1eacb4901300ab430936ef97f31e54cc0951604aa7e56c6e1341a108fb41555007c79d80e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\storage\default\https+++disk.yandex.ru\.metadata-v2

Filesize
52B

MD5
897dc1ce863e4c56ceb50adfeb954525

SHA1
405f9746ab5893029844cce2f89aeae3c2aaa6a0

SHA256
cf644330ea3b5adc1c855718cea0d3bfa09215cbaa7fd2db4cba8797a39e49db

SHA512
16c6ad95b28f844c37eef569915ddf79a2819a21d0567f59f27e5454b86911506aece76a676b79541c3b5cae04abdc655fe7a0ae246d0e8b233e1114240e2eb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\storage\default\https+++disk.yandex.ru\ls\usage

Filesize
12B

MD5
2275e0e10988d0dc15f62f094a431af1

SHA1
d345513cf0dd668a6a2cb73cc90d1fbc4c2b533b

SHA256
6227013777c79d9b4e8d243ef4077a47b8075801d69449c2048393bfe25781e0

SHA512
f03a6e3d089772fc279246c3a36de61e47ebcee855d235816d13e4e3867811bba14404ebe43e26cb48a5b5f16f6a5d6e0da4b8f86bddd8e5bb78e22d882d6436

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
1c1a126e2f412bfd42e9a2f4328560e5

SHA1
c1eaed8fe2788e7a7d0fa4bfcd89e22fee36dda8

SHA256
6567cfb2ecbe6000999c31f2b41cb0dcde68ab966645e873098c9297052cc31d

SHA512
6c142d299e3a846d00906da19ffc0286e892a00c7c642010f3df4e117e413f2436a5dbd096f449561b82fea8841a3f8a2c623309d84d3496b3e2117e25fa62a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
656KB

MD5
e4d286bc5888681e1d9a9329e92f390f

SHA1
9f7b26878fcd5fb114c5fdc734201ea8be8b88b1

SHA256
8dae41f4a9e018b0f4e3507fc8f92d4d0af53318fca657a0d46fd4ab1feb631b

SHA512
839218c39016fdf4808ff42e7a3797883bbe7ba3956579bbc86d32cd3c9f1dfc49a4c823920789c960bb31165bf9241552bd6611688a08b7c0fd86867d3378a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4pbd8fyu.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Desktop\VegaHack_v2.exe

Filesize
7.7MB

MD5
9f4f298bcf1d208bd3ce3907cfb28480

SHA1
05c1cfde951306f8c6e9d484d3d88698c4419c62

SHA256
bf7057293d871cac087daab42daf22c1737a1df6adc7b7963989658f3b65f4cc

SHA512
4c763c3b6d4884f77083db5ccada59bc57803b3226294eff2ec3db8f2121ac01ee240b0e822cb090f5320ce40df545b477e323efabdbca31722731adc4b46806

Download Submit
C:\Users\Admin\Desktop\Чит.txt

Filesize
572B

MD5
681cdc2c08ecd6b13f2c414f51d97cd4

SHA1
39de33c247affc14f763a88d391d42b93f9f8f4d

SHA256
b9c4a7b9afc5974010c61b23ded868aceb103e1c611b024967b11d316585f4b8

SHA512
1901b3ac7e249aea33d84152e2908c48186f52a933885fc91b31b60aa42f15e294ddd33b78f0cb20272ad0b2cb82d9193d3283faebd939a9dca1989a8ce3a1d4

Download Submit
C:\Users\Admin\Desktop\не читай!.txt

Filesize
30B

MD5
730a9a231f99ef0a4f379f4eaa198ea4

SHA1
e060fec2de08369cd81b8c4c356724307a7e3576

SHA256
151555a963ec0a8279c3fe2b4467b48d5b9782612daf104c509325cec69f478c

SHA512
24207c9043496b2e4b870344d11754cd94c1f127b0698a9025a1663b50e05f21af1b053cbd235d0c8dcbcfc8a72c8444ac55f90ddb08d1adb9a15aab71746b8a

Download Submit
C:\Users\Admin\Downloads\VegaHack_v2.kYMdKqaM.rar.part

Filesize
7.4MB

MD5
3c0527aae800e653d590db37eb95fbc7

SHA1
da5940cac2488b984e3b6f75026aee241fd60e50

SHA256
2457395a1c65ebca2edad3bfbd5ffe45a18ec5a9ddb51d5ff87a737c094cc19a

SHA512
13f022ba2ccdadc2b3defece11a8b85f59c5abc8bf55ba58f683f76b027f5336eea618c2f4aad0ab3ecb6607a2d87a16f7f234671a7e8c64ba0f5b9a0e7defd1

Download Submit
memory/4076-781-0x0000000007380000-0x00000000073E6000-memory.dmp

Filesize
408KB

Download
memory/4076-575-0x00000000001C0000-0x000000000020A000-memory.dmp

Filesize
296KB

Download
memory/4076-655-0x00000000062D0000-0x000000000631C000-memory.dmp

Filesize
304KB

Download
memory/4076-660-0x0000000006510000-0x000000000654C000-memory.dmp

Filesize
240KB

Download
memory/4076-661-0x0000000006590000-0x00000000065B1000-memory.dmp

Filesize
132KB

Download
memory/4076-665-0x0000000007450000-0x0000000007612000-memory.dmp

Filesize
1.8MB

Download
memory/4076-685-0x0000000007BD0000-0x0000000008174000-memory.dmp

Filesize
5.6MB

Download
memory/4076-653-0x0000000005CC0000-0x0000000005D28000-memory.dmp

Filesize
416KB

Download
memory/4076-581-0x00000000055B0000-0x0000000005642000-memory.dmp

Filesize
584KB

Download
memory/4076-782-0x0000000007620000-0x0000000007696000-memory.dmp

Filesize
472KB

Download
memory/4076-783-0x0000000006680000-0x000000000669E000-memory.dmp

Filesize
120KB

Download
memory/4076-654-0x0000000005D30000-0x0000000006084000-memory.dmp

Filesize
3.3MB

Download
memory/4076-612-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/4076-648-0x0000000005180000-0x00000000051D0000-memory.dmp

Filesize
320KB

Download
memory/4076-649-0x0000000005100000-0x0000000005122000-memory.dmp

Filesize
136KB

Download
memory/5908-1191-0x00000174FBD90000-0x00000174FBD91000-memory.dmp

Filesize
4KB

Download
memory/5908-1185-0x00000174FBCF0000-0x00000174FBCF1000-memory.dmp

Filesize
4KB

Download
memory/5908-1183-0x00000174FBC70000-0x00000174FBC71000-memory.dmp

Filesize
4KB

Download
memory/5908-1176-0x00000174F39A0000-0x00000174F39B0000-memory.dmp

Filesize
64KB

Download
memory/5908-1172-0x00000174F3960000-0x00000174F3970000-memory.dmp

Filesize
64KB

Download
memory/5908-1187-0x00000174FBCF0000-0x00000174FBCF1000-memory.dmp

Filesize
4KB

Download
memory/5908-1188-0x00000174FBD80000-0x00000174FBD81000-memory.dmp

Filesize
4KB

Download
memory/5908-1189-0x00000174FBD80000-0x00000174FBD81000-memory.dmp

Filesize
4KB

Download
memory/5908-1190-0x00000174FBD90000-0x00000174FBD91000-memory.dmp

Filesize
4KB

Download