Overview

overview

10

Static

static

FileZilla_...up.exe

windows7_x64

10

FileZilla_...up.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    23-09-2020 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FileZilla_3.50.0_win64_sponsored-setup.exe

  • Size

    12.9MB

  • MD5

    90f560ce71cc77fc2e121761eeef265c

  • SHA1

    85ff0ad4728e31539e1d3757a543d47e9cd42f74

  • SHA256

    d04bbcd2855d3bba4627cbb1da3a0e5fa79fe0b27b371024605ff1382ea94c58

  • SHA512

    c5a6b3890743ff0f1ea3f6fc9c2f28cf70e9f47c4067830ca63b38c3a1b10d386dc0d889c3041a553876b4a14fafd094f4a7d41279273b85148d6a8f9b9d54e1

Score
10/10
ransomwaremacropersistencestealeradwarespywarediscovery

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\String1033.txt

Ransom Note
DN_AlwaysInstall=Always Install IDPROP_EXPRESS_LAUNCH_CONDITION_COLOR=The color settings of your system are not adequate for running [ProductName]. IDPROP_EXPRESS_LAUNCH_CONDITION_OS=The operating system is not adequate for running [ProductName]. IDPROP_EXPRESS_LAUNCH_CONDITION_PROCESSOR=The processor is not adequate for running [ProductName]. IDPROP_EXPRESS_LAUNCH_CONDITION_RAM=The amount of RAM is not adequate for running [ProductName]. IDPROP_EXPRESS_LAUNCH_CONDITION_SCREEN=The screen resolution is not adequate for running [ProductName]. IDPROP_SETUPTYPE_COMPACT=Compact IDPROP_SETUPTYPE_COMPACT_DESC=Compact Description IDPROP_SETUPTYPE_COMPLETE=Complete IDPROP_SETUPTYPE_COMPLETE_DESC=Complete IDPROP_SETUPTYPE_CUSTOM=Custom IDPROP_SETUPTYPE_CUSTOM_DESC=Custom Description IDPROP_SETUPTYPE_CUSTOM_DESC_PRO=Custom IDPROP_SETUPTYPE_TYPICAL=Typical IDPROP_SETUPTYPE_TYPICAL_DESC=Typical Description IDS_ACTIONTEXT_Advertising=Advertising application IDS_ACTIONTEXT_AllocatingRegistry=Allocating registry space IDS_ACTIONTEXT_AppCommandLine=Application: [1], Command line: [2] IDS_ACTIONTEXT_AppId=AppId: [1]{{, AppType: [2]}} IDS_ACTIONTEXT_AppIdAppTypeRSN=AppId: [1]{{, AppType: [2], Users: [3], RSN: [4]}} IDS_ACTIONTEXT_Application=Application: [1] IDS_ACTIONTEXT_BindingExes=Binding executables IDS_ACTIONTEXT_ClassId=Class ID: [1] IDS_ACTIONTEXT_ClsID=Class ID: [1] IDS_ACTIONTEXT_ComponentIDQualifier=Component ID: [1], Qualifier: [2] IDS_ACTIONTEXT_ComponentIdQualifier2=Component ID: [1], Qualifier: [2] IDS_ACTIONTEXT_ComputingSpace=Computing space requirements IDS_ACTIONTEXT_ComputingSpace2=Computing space requirements IDS_ACTIONTEXT_ComputingSpace3=Computing space requirements IDS_ACTIONTEXT_ContentTypeExtension=MIME Content Type: [1], Extension: [2] IDS_ACTIONTEXT_ContentTypeExtension2=MIME Content Type: [1], Extension: [2] IDS_ACTIONTEXT_CopyingNetworkFiles=Copying files to the network IDS_ACTIONTEXT_CopyingNewFiles=Copying new files IDS_ACTIONTEXT_CreatingDuplicate=Creating duplicate files IDS_ACTIONTEXT_CreatingFolders=Creating folders IDS_ACTIONTEXT_CreatingIISRoots=Creating IIS Virtual Roots... IDS_ACTIONTEXT_CreatingShortcuts=Creating shortcuts IDS_ACTIONTEXT_DeletingServices=Deleting services IDS_ACTIONTEXT_EnvironmentStrings=Updating environment strings IDS_ACTIONTEXT_EvaluateLaunchConditions=Evaluating launch conditions IDS_ACTIONTEXT_Extension=Extension: [1] IDS_ACTIONTEXT_Extension2=Extension: [1] IDS_ACTIONTEXT_Feature=Feature: [1] IDS_ACTIONTEXT_FeatureColon=Feature: [1] IDS_ACTIONTEXT_File=File: [1] IDS_ACTIONTEXT_File2=File: [1] IDS_ACTIONTEXT_FileDependencies=File: [1], Dependencies: [2] IDS_ACTIONTEXT_FileDir=File: [1], Directory: [9] IDS_ACTIONTEXT_FileDir2=File: [1], Directory: [9] IDS_ACTIONTEXT_FileDir3=File: [1], Directory: [9] IDS_ACTIONTEXT_FileDirSize=File: [1], Directory: [9], Size: [6] IDS_ACTIONTEXT_FileDirSize2=File: [1], Directory: [9], Size: [6] IDS_ACTIONTEXT_FileDirSize3=File: [1], Directory: [9], Size: [6] IDS_ACTIONTEXT_FileDirSize4=File: [1], Directory: [2], Size: [3] IDS_ACTIONTEXT_FileDirectorySize=File: [1], Directory: [9], Size: [6] IDS_ACTIONTEXT_FileFolder=File: [1], Folder: [2] IDS_ACTIONTEXT_FileFolder2=File: [1], Folder: [2] IDS_ACTIONTEXT_FileSectionKeyValue=File: [1], Section: [2], Key: [3], Value: [4] IDS_ACTIONTEXT_FileSectionKeyValue2=File: [1], Section: [2], Key: [3], Value: [4] IDS_ACTIONTEXT_Folder=Folder: [1] IDS_ACTIONTEXT_Folder1=Folder: [1] IDS_ACTIONTEXT_Font=Font: [1] IDS_ACTIONTEXT_Font2=Font: [1] IDS_ACTIONTEXT_FoundApp=Found application: [1] IDS_ACTIONTEXT_FreeSpace=Free space: [1] IDS_ACTIONTEXT_GeneratingScript=Generating script operations for action: IDS_ACTIONTEXT_ISLockPermissionsCost=Gathering permissions information for objects... IDS_ACTIONTEXT_ISLockPermissionsInstall=Applying permissions information for objects... IDS_ACTIONTEXT_InitializeODBCDirs=Initializing ODBC directories IDS_ACTIONTEXT_InstallODBC=Installing ODBC components IDS_ACTIONTEXT_InstallServices=Installing new services IDS_ACTIONTEXT_InstallingSystemCatalog=Installing system catalog IDS_ACTIONTEXT_KeyName=Key: [1], Name: [2] IDS_ACTIONTEXT_KeyNameValue=Key: [1], Name: [2], Value: [3] IDS_ACTIONTEXT_MigratingFeatureStates=Migrating feature states from related applications IDS_ACTIONTEXT_MovingFiles=Moving files IDS_ACTIONTEXT_NameValueAction=Name: [1], Value: [2], Action [3] IDS_ACTIONTEXT_NameValueAction2=Name: [1], Value: [2], Action [3] IDS_ACTIONTEXT_PatchingFiles=Patching files IDS_ACTIONTEXT_ProgID=ProgID: [1] IDS_ACTIONTEXT_ProgID2=ProgID: [1] IDS_ACTIONTEXT_PropertySignature=Property: [1], Signature: [2] IDS_ACTIONTEXT_PublishProductFeatures=Publishing product features IDS_ACTIONTEXT_PublishProductInfo=Publishing product information IDS_ACTIONTEXT_PublishingQualifiedComponents=Publishing qualified components IDS_ACTIONTEXT_RegUser=Registering user IDS_ACTIONTEXT_RegisterClassServer=Registering class servers IDS_ACTIONTEXT_RegisterExtensionServers=Registering extension servers IDS_ACTIONTEXT_RegisterFonts=Registering fonts IDS_ACTIONTEXT_RegisterMimeInfo=Registering MIME info IDS_ACTIONTEXT_RegisterTypeLibs=Registering type libraries IDS_ACTIONTEXT_RegisteringComPlus=Registering COM+ Applications and Components IDS_ACTIONTEXT_RegisteringModules=Registering modules IDS_ACTIONTEXT_RegisteringProduct=Registering product IDS_ACTIONTEXT_RegisteringProgIdentifiers=Registering program identifiers IDS_ACTIONTEXT_RemoveApps=Removing applications IDS_ACTIONTEXT_RemovingBackup=Removing backup files IDS_ACTIONTEXT_RemovingDuplicates=Removing duplicated files IDS_ACTIONTEXT_RemovingFiles=Removing files IDS_ACTIONTEXT_RemovingFolders=Removing folders IDS_ACTIONTEXT_RemovingIISRoots=Removing IIS Virtual Roots... IDS_ACTIONTEXT_RemovingIni=Removing INI file entries IDS_ACTIONTEXT_RemovingMoved=Removing moved files IDS_ACTIONTEXT_RemovingODBC=Removing ODBC components IDS_ACTIONTEXT_RemovingRegistry=Removing system registry values IDS_ACTIONTEXT_RemovingShortcuts=Removing shortcuts IDS_ACTIONTEXT_RollingBack=Rolling back action: IDS_ACTIONTEXT_SearchForRelated=Searching for related applications IDS_ACTIONTEXT_SearchInstalled=Searching for installed applications IDS_ACTIONTEXT_SearchingQualifyingProducts=Searching for qualifying products IDS_ACTIONTEXT_SearchingQualifyingProducts2=Searching for qualifying products IDS_ACTIONTEXT_Service=Service: [1] IDS_ACTIONTEXT_Service2=Service: [2] IDS_ACTIONTEXT_Service3=Service: [1] IDS_ACTIONTEXT_Service4=Service: [1] IDS_ACTIONTEXT_Shortcut=Shortcut: [1] IDS_ACTIONTEXT_Shortcut1=Shortcut: [1] IDS_ACTIONTEXT_StartingServices=Starting services IDS_ACTIONTEXT_StoppingServices=Stopping services IDS_ACTIONTEXT_UnpublishProductFeatures=Unpublishing product features IDS_ACTIONTEXT_UnpublishQualified=Unpublishing Qualified Components IDS_ACTIONTEXT_UnpublishingProductInfo=Unpublishing product information IDS_ACTIONTEXT_UnregTypeLibs=Unregistering type libraries IDS_ACTIONTEXT_UnregisterClassServers=Unregister class servers IDS_ACTIONTEXT_UnregisterExtensionServers=Unregistering extension servers IDS_ACTIONTEXT_UnregisterModules=Unregistering modules IDS_ACTIONTEXT_UnregisteringComPlus=Unregistering COM+ Applications and Components IDS_ACTIONTEXT_UnregisteringFonts=Unregistering fonts IDS_ACTIONTEXT_UnregisteringMimeInfo=Unregistering MIME info IDS_ACTIONTEXT_UnregisteringProgramIds=Unregistering program identifiers IDS_ACTIONTEXT_UpdateComponentRegistration=Updating component registration IDS_ACTIONTEXT_UpdateEnvironmentStrings=Updating environment strings IDS_ACTIONTEXT_Validating=Validating install IDS_ACTIONTEXT_WritingINI=Writing INI file values IDS_ACTIONTEXT_WritingRegistry=Writing system registry values IDS_BACK=< &Back IDS_CANCEL=Cancel IDS_CANCEL2=&Cancel IDS_CHANGE=&Change... IDS_COMPLUS_PROGRESSTEXT_COST=Costing COM+ application: [1] IDS_COMPLUS_PROGRESSTEXT_INSTALL=Installing COM+ application: [1] IDS_COMPLUS_PROGRESSTEXT_UNINSTALL=Uninstalling COM+ application: [1] IDS_DIALOG_TEXT2_DESCRIPTION=Dialog Normal Description IDS_DIALOG_TEXT_DESCRIPTION_EXTERIOR={&TahomaBold10}Dialog Bold Title IDS_DIALOG_TEXT_DESCRIPTION_INTERIOR={&MSSansBold8}Dialog Bold Title IDS_DIFX_AMD64=[ProductName] requires an X64 processor. Click OK to exit the wizard. IDS_DIFX_IA64=[ProductName] requires an IA64 processor. Click OK to exit the wizard. IDS_DIFX_X86=[ProductName] requires an X86 processor. Click OK to exit the wizard. IDS_DatabaseFolder_InstallDatabaseTo=Install [ProductName] database to: IDS_ERROR_0={{Fatal error: }} IDS_ERROR_1=Error [1]. IDS_ERROR_10==== Logging started: [Date] [Time] === IDS_ERROR_100=Could not remove shortcut [2]. Verify that the shortcut file exists and that you can access it. IDS_ERROR_101=Could not register type library for file [2]. Contact your support personnel. IDS_ERROR_102=Could not unregister type library for file [2]. Contact your support personnel. IDS_ERROR_103=Could not update the INI file [2][3]. Verify that the file exists and that you can access it. IDS_ERROR_104=Could not schedule file [2] to replace file [3] on reboot. Verify that you have write permissions to file [3]. IDS_ERROR_105=Error removing ODBC driver manager, ODBC error [2]: [3]. Contact your support personnel. IDS_ERROR_106=Error installing ODBC driver manager, ODBC error [2]: [3]. Contact your support personnel. IDS_ERROR_107=Error removing ODBC driver [4], ODBC error [2]: [3]. Verify that you have sufficient privileges to remove ODBC drivers. IDS_ERROR_108=Error installing ODBC driver [4], ODBC error [2]: [3]. Verify that the file [4] exists and that you can access it. IDS_ERROR_109=Error configuring ODBC data source [4], ODBC error [2]: [3]. Verify that the file [4] exists and that you can access it. IDS_ERROR_11==== Logging stopped: [Date] [Time] === IDS_ERROR_110=Service [2] ([3]) failed to start. Verify that you have sufficient privileges to start system services. IDS_ERROR_111=Service [2] ([3]) could not be stopped. Verify that you have sufficient privileges to stop system services. IDS_ERROR_112=Service [2] ([3]) could not be deleted. Verify that you have sufficient privileges to remove system services. IDS_ERROR_113=Service [2] ([3]) could not be installed. Verify that you have sufficient privileges to install system services. IDS_ERROR_114=Could not update environment variable [2]. Verify that you have sufficient privileges to modify environment variables. IDS_ERROR_115=You do not have sufficient privileges to complete this installation for all users of the machine. Log on as an administrator and then retry this installation. IDS_ERROR_116=Could not set file security for file [3]. Error: [2]. Verify that you have sufficient privileges to modify the security permissions for this file. IDS_ERROR_117=Component Services (COM+ 1.0) are not installed on this computer. This installation requires Component Services in order to complete successfully. Component Services are available on Windows 2000. IDS_ERROR_118=Error registering COM+ application. Contact your support personnel for more information. IDS_ERROR_119=Error unregistering COM+ application. Contact your support personnel for more information. IDS_ERROR_12=Action start [Time]: [1]. IDS_ERROR_120=Removing older versions of this application IDS_ERROR_121=Preparing to remove older versions of this application IDS_ERROR_122=Error applying patch to file [2]. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. {{System Error: [3]}} IDS_ERROR_123=[2] cannot install one of its required products. Contact your technical support group. {{System Error: [3].}} IDS_ERROR_124=The older version of [2] cannot be removed. Contact your technical support group. {{System Error [3].}} IDS_ERROR_125=The description for service '[2]' ([3]) could not be changed. IDS_ERROR_126=The Windows Installer service cannot update the system file [2] because the file is protected by Windows. You may need to update your operating system for this program to work correctly. {{Package version: [3], OS Protected version: [4]}} IDS_ERROR_127=The Windows Installer service cannot update the protected Windows file [2]. {{Package version: [3], OS Protected version: [4], SFP Error: [5]}} IDS_ERROR_128=The Windows Installer service cannot update one or more protected Windows files. SFP Error: [2]. List of protected files: [3] IDS_ERROR_129=User installations are disabled via policy on the machine. IDS_ERROR_13=Action ended [Time]: [1]. Return value [2]. IDS_ERROR_130=This setup requires Internet Information Server for configuring IIS Virtual Roots. Please make sure that you have IIS installed. IDS_ERROR_131=This setup requires Administrator privileges for configuring IIS Virtual Roots. IDS_ERROR_1329=A file that is required cannot be installed because the cabinet file [2] is not digitally signed. This may indicate that the cabinet file is corrupt. IDS_ERROR_1330=A file that is required cannot be installed because the cabinet file [2] has an invalid digital signature. This may indicate that the cabinet file is corrupt.{ Error [3] was returned by WinVerifyTrust.} IDS_ERROR_1331=Failed to correctly copy [2] file: CRC error. IDS_ERROR_1332=Failed to correctly patch [2] file: CRC error. IDS_ERROR_1333=Failed to correctly patch [2] file: CRC error. IDS_ERROR_1334=The file '[2]' cannot be installed because the file cannot be found in cabinet file '[3]'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. IDS_ERROR_1335=The cabinet file '[2]' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. IDS_ERROR_1336=There was an error creating a temporary file that is needed to complete this installation. Folder: [3]. System error code: [2] IDS_ERROR_14=Time remaining: {[1] minutes }{[2] seconds} IDS_ERROR_15=Out of memory. Shut down other applications before retrying. IDS_ERROR_16=Installer is no longer responding. IDS_ERROR_1609=An error occurred while applying security settings. [2] is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error [3] IDS_ERROR_1651=Admin user failed to apply patch for a per-user managed or a per-machine application which is in advertise state. IDS_ERROR_17=Installer terminated prematurely. IDS_ERROR_1715=Installed [2]. IDS_ERROR_1716=Configured [2]. IDS_ERROR_1717=Removed [2]. IDS_ERROR_1718=File [2] was rejected by digital signature policy. IDS_ERROR_1719=Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled. IDS_ERROR_1720=There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action [2] script error [3], [4]: [5] Line [6], Column [7], [8] IDS_ERROR_1721=There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: [2], location: [3], command: [4] IDS_ERROR_1722=There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action [2], location: [3], command: [4] IDS_ERROR_1723=There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action [2], entry: [3], library: [4] IDS_ERROR_1724=Removal completed successfully. IDS_ERROR_1725=Removal failed. IDS_ERROR_1726=Advertisement completed successfully. IDS_ERROR_1727=Advertisement failed. IDS_ERROR_1728=Configuration completed successfully. IDS_ERROR_1729=Configuration failed. IDS_ERROR_1730=You must be an Administrator to remo

Signatures

  • Registers COM server for autorun 1 TTPs
    persistence
  • Blacklisted process makes network request 3 IoCs
  • Creates new service(s) 1 TTPs
    persistence
  • Executes dropped EXE 18 IoCs
  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macro
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 99 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks for any installed AV software in registry 1 TTPs 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 49 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • JavaScript code in executable 13 IoCs
  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 1857 IoCs
  • Drops file in Windows directory 30 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 87 IoCs
  • Modifies registry class 70 IoCs
  • Modifies system certificate store 2 TTPs 18 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 195 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 135 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 171 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FileZilla_3.50.0_win64_sponsored-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\FileZilla_3.50.0_win64_sponsored-setup.exe"
    1⤵
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:432
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /c cmd /d /c C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe /covr:WbBfWgv8YjJ/iBJBRac9IinISEYHpiEyYs5EHwy7MHp43h4ZF7MxFFXyYlEKti0cS/9jQx6tL35wxFsbGKF2dW3VEwEI+3BuZfYxLSa5ZGNy5ioiP6MXZFbPcj4/ox5fYO17KG2kNXs5+3s6dL5GfB3SIyZ0vk9HK/AqMCajbmQbkV5WK6FnZBiQU1QgoWpsEZNnPlTUOHURjWclUNkvegSWcD5FwjEDKrBLDmf/D1srulwEaPUYQTelWRV/mGlWBeBYDzW1aU0E5VgONadpVwXmWAY0rmlKBelYEzWoaVYE7VkSNblrSATtWhE0v2tXBetaHzSna1gF6VoBNKAjQgXjEhRxoCJaBeMSE3GgIlUF4xIGcaAiUgXjEhtxpyJWBeQSEHGnIkEF5RIYcaYiUQXlEgFxpiJDBeISAHGhIkYF4hIXcaEiRwXnEB03sSJHOvZuCHi3Ilcu9nAEE8QjcEH0ZUANxCpwWvV8QAnFP3BB9XpADMU/cVr1cUEbxTxxXrFuCybFPDtg92UKIsYpO2T3bgsixiI6a/dyCjHGPjt493cKLIM1fn73fQosxzw6f/ZqCjfHPjtw9m8KOcc/O3qzbUECgT41ULFtBRuBJDVLsHIFHYA/NEuwfAQDgDk0QLByQBLKCjRW+FtAHowJcFu8X0AejBFwSr1HQBmNEHFPvV1BDo0UcUC8QkEGjA1xVLxAQAKMA3BOvExAHYwJcFn4WwohjAk7Y75eCjWPFjthvloKJo8MO2m+SgoqjwI7fL5QCjWPFjt3vkYKJsoUfm6+Rk4rjhB+br5eTjqPCH5pv19PP48Sf36/W08wjg1/dr5CTySOD35yvkxOPo4Dfm2+Rk4pjxB+fb9ZTjCPHH5/v0lOK8sbNFO/SQUbjh00V79aBQGOFTRHv1YFD44ANF2/SQUbjgs0S79aBR2NADRRvEgFAY0ON1i/VEMKyxw3WPtZBw7LHDdA+0gGFssbNkH6TQYMygw2RfpCBxPKBDdc+lYHEcsAN1L7TAcdyx83WPtbBg7LFDZc+kIGCMoLNkX6TgYKyhs2Xr5JTCbKG31u+09MIsoIfXT7R0wyygR9evtSTCjKG31u+1lMPsoIfWj7Tkwryhh+cftUTznKBH5/+F1MJYwPOG34XQklyQk4afhOCDnJDTl/+F8IL8kdOW35VAkpjQZzUflFChSDPHNX93QHBcYgNkf0dAQexSc0WfRhBRDFMHFCv0hADY4ccUS/XkAUyxY0RvpCBQTIFjdd+UIGHsgHNln5QQcQyBBzQrJoQhiAOzZKsXwHHoA0Nk70Zkw2gDR9eLFyTDGAI31nsWFPP8UzO3exYQkvgDU4ZrJsCTbGPnNOsmxBFsYuc0T0dgcGgDBzR/R2CgXGJDhQv2ZBE483c0a/e0IQyz02U/toBAnJMDZQ+HcHHMg5N1X5fwcRySo1R/twBAvJKTVfs1NMHYIHNViyVgUagwBxSLFRBQCDAnFSskVABoMNcVb3Xwsugw06YLJLCymDGjp/slgIJoMUOXf3Rk0/gxR/Z7JATi6AGX9+9EsFBoAZNFf0W0ATgB85UPlbQyqAHzdt+VwGPY0df3/5WgY6gyNye7JwBjyDJDdosnBOK8Y3Omm/cgs5jiFyfPdkQzODJnJnsnILIoMmf3Cxdws4gyR/arJjTj6DK39u93kFFoMrNFiybQURgzw0R7J/QBXGNzRH9G8FE8UmN0r0dkMYjg43SvpcBRuOFDdI+kYGD8sSN0f6QkMVgDo3R7F0BgGAPTdQsWsGH8U5clexa0APgD9xRrJmQBbGNDpusmZOPIA3OnSyZE4mgyN/crJrTiLGOTRasmsFFIMtNF2yfAULgz40RPdsQAyDPnJUsmpDHYAzck30YQg1gCU6ZPRtCDeAPzlwsWsIOIA7fGr6Qwg4yw05fvpECC/LEjlt+lFNP44ZOW28QQg5jQg6YLxYTjLGIDp29HFOPsYiOmz3ZQs4xi06aLJ/QBDGLXFe92tAF8Y6cUH3aEADgzo0S/doBhPGPDda9GUGCoA3fHL0ZQggxjR8aPRnCDrFIDlu9GgIPoA6ckb0aEMIxS5yQfR/QxfFLXJV9G8GB4AnclWyf0MBgzZxWLJmBQrIHnFO+k8FBsgccVT5W0AAyBNxULxBCyjIEzpm+VULL8gEOnn5TAs/yB06b7xPTifIHXx/+UlNNssQfGa/QgYeyxByWr9CQAuOGjRD+kgEAMoMNE76SQQbyx80SPtaBBrLDDRf+15ADYEmNF+wawYFgjE3QLNzTTjHNjl99WELKsc2f2izcE4vgjx8dbNsTTiCPDl/s3sLJoEhOnazewsmxz06dPZ7CzyCPn9u9nYLPMY1O3j2ewstxig6e/Z7Cj7GKTpo9mwKOoI+cEL2bEEPxDZzVfVzQhePCzZS+04HBsoLNkO+TQcEjwE1Xr5RBBOPAXBUvkZCDYwcc12+RkINygBzX/tGQhePAzZF+0tCF8sEclH7VkMHywVzQvtXQxTLEnNGv0AJPssSOHP5SAopyA1wUbxIBBTIBzRb+EEECYwOcE+9SUEDjxNwU75eQQPKGXBE+EBCHskQcET4QAQCyRI1RPhaQQGMCDVJ+FoFB8gfNVD5SQUUyQY1WflHBRDJCTVDvVtPO4wUfm+9XU8tjA19fIFeKjHXG3gM5TVIItQFRXKLUBc+tjhjSokP6w /mnl
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1308
      • C:\Windows\SysWOW64\cmd.exe
        cmd /d /c C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe /covr:WbBfWgv8YjJ/iBJBRac9IinISEYHpiEyYs5EHwy7MHp43h4ZF7MxFFXyYlEKti0cS/9jQx6tL35wxFsbGKF2dW3VEwEI+3BuZfYxLSa5ZGNy5ioiP6MXZFbPcj4/ox5fYO17KG2kNXs5+3s6dL5GfB3SIyZ0vk9HK/AqMCajbmQbkV5WK6FnZBiQU1QgoWpsEZNnPlTUOHURjWclUNkvegSWcD5FwjEDKrBLDmf/D1srulwEaPUYQTelWRV/mGlWBeBYDzW1aU0E5VgONadpVwXmWAY0rmlKBelYEzWoaVYE7VkSNblrSATtWhE0v2tXBetaHzSna1gF6VoBNKAjQgXjEhRxoCJaBeMSE3GgIlUF4xIGcaAiUgXjEhtxpyJWBeQSEHGnIkEF5RIYcaYiUQXlEgFxpiJDBeISAHGhIkYF4hIXcaEiRwXnEB03sSJHOvZuCHi3Ilcu9nAEE8QjcEH0ZUANxCpwWvV8QAnFP3BB9XpADMU/cVr1cUEbxTxxXrFuCybFPDtg92UKIsYpO2T3bgsixiI6a/dyCjHGPjt493cKLIM1fn73fQosxzw6f/ZqCjfHPjtw9m8KOcc/O3qzbUECgT41ULFtBRuBJDVLsHIFHYA/NEuwfAQDgDk0QLByQBLKCjRW+FtAHowJcFu8X0AejBFwSr1HQBmNEHFPvV1BDo0UcUC8QkEGjA1xVLxAQAKMA3BOvExAHYwJcFn4WwohjAk7Y75eCjWPFjthvloKJo8MO2m+SgoqjwI7fL5QCjWPFjt3vkYKJsoUfm6+Rk4rjhB+br5eTjqPCH5pv19PP48Sf36/W08wjg1/dr5CTySOD35yvkxOPo4Dfm2+Rk4pjxB+fb9ZTjCPHH5/v0lOK8sbNFO/SQUbjh00V79aBQGOFTRHv1YFD44ANF2/SQUbjgs0S79aBR2NADRRvEgFAY0ON1i/VEMKyxw3WPtZBw7LHDdA+0gGFssbNkH6TQYMygw2RfpCBxPKBDdc+lYHEcsAN1L7TAcdyx83WPtbBg7LFDZc+kIGCMoLNkX6TgYKyhs2Xr5JTCbKG31u+09MIsoIfXT7R0wyygR9evtSTCjKG31u+1lMPsoIfWj7Tkwryhh+cftUTznKBH5/+F1MJYwPOG34XQklyQk4afhOCDnJDTl/+F8IL8kdOW35VAkpjQZzUflFChSDPHNX93QHBcYgNkf0dAQexSc0WfRhBRDFMHFCv0hADY4ccUS/XkAUyxY0RvpCBQTIFjdd+UIGHsgHNln5QQcQyBBzQrJoQhiAOzZKsXwHHoA0Nk70Zkw2gDR9eLFyTDGAI31nsWFPP8UzO3exYQkvgDU4ZrJsCTbGPnNOsmxBFsYuc0T0dgcGgDBzR/R2CgXGJDhQv2ZBE483c0a/e0IQyz02U/toBAnJMDZQ+HcHHMg5N1X5fwcRySo1R/twBAvJKTVfs1NMHYIHNViyVgUagwBxSLFRBQCDAnFSskVABoMNcVb3Xwsugw06YLJLCymDGjp/slgIJoMUOXf3Rk0/gxR/Z7JATi6AGX9+9EsFBoAZNFf0W0ATgB85UPlbQyqAHzdt+VwGPY0df3/5WgY6gyNye7JwBjyDJDdosnBOK8Y3Omm/cgs5jiFyfPdkQzODJnJnsnILIoMmf3Cxdws4gyR/arJjTj6DK39u93kFFoMrNFiybQURgzw0R7J/QBXGNzRH9G8FE8UmN0r0dkMYjg43SvpcBRuOFDdI+kYGD8sSN0f6QkMVgDo3R7F0BgGAPTdQsWsGH8U5clexa0APgD9xRrJmQBbGNDpusmZOPIA3OnSyZE4mgyN/crJrTiLGOTRasmsFFIMtNF2yfAULgz40RPdsQAyDPnJUsmpDHYAzck30YQg1gCU6ZPRtCDeAPzlwsWsIOIA7fGr6Qwg4yw05fvpECC/LEjlt+lFNP44ZOW28QQg5jQg6YLxYTjLGIDp29HFOPsYiOmz3ZQs4xi06aLJ/QBDGLXFe92tAF8Y6cUH3aEADgzo0S/doBhPGPDda9GUGCoA3fHL0ZQggxjR8aPRnCDrFIDlu9GgIPoA6ckb0aEMIxS5yQfR/QxfFLXJV9G8GB4AnclWyf0MBgzZxWLJmBQrIHnFO+k8FBsgccVT5W0AAyBNxULxBCyjIEzpm+VULL8gEOnn5TAs/yB06b7xPTifIHXx/+UlNNssQfGa/QgYeyxByWr9CQAuOGjRD+kgEAMoMNE76SQQbyx80SPtaBBrLDDRf+15ADYEmNF+wawYFgjE3QLNzTTjHNjl99WELKsc2f2izcE4vgjx8dbNsTTiCPDl/s3sLJoEhOnazewsmxz06dPZ7CzyCPn9u9nYLPMY1O3j2ewstxig6e/Z7Cj7GKTpo9mwKOoI+cEL2bEEPxDZzVfVzQhePCzZS+04HBsoLNkO+TQcEjwE1Xr5RBBOPAXBUvkZCDYwcc12+RkINygBzX/tGQhePAzZF+0tCF8sEclH7VkMHywVzQvtXQxTLEnNGv0AJPssSOHP5SAopyA1wUbxIBBTIBzRb+EEECYwOcE+9SUEDjxNwU75eQQPKGXBE+EBCHskQcET4QAQCyRI1RPhaQQGMCDVJ+FoFB8gfNVD5SQUUyQY1WflHBRDJCTVDvVtPO4wUfm+9XU8tjA19fIFeKjHXG3gM5TVIItQFRXKLUBc+tjhjSokP6w /mnl
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1564
        • C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe
          C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe /covr:WbBfWgv8YjJ/iBJBRac9IinISEYHpiEyYs5EHwy7MHp43h4ZF7MxFFXyYlEKti0cS/9jQx6tL35wxFsbGKF2dW3VEwEI+3BuZfYxLSa5ZGNy5ioiP6MXZFbPcj4/ox5fYO17KG2kNXs5+3s6dL5GfB3SIyZ0vk9HK/AqMCajbmQbkV5WK6FnZBiQU1QgoWpsEZNnPlTUOHURjWclUNkvegSWcD5FwjEDKrBLDmf/D1srulwEaPUYQTelWRV/mGlWBeBYDzW1aU0E5VgONadpVwXmWAY0rmlKBelYEzWoaVYE7VkSNblrSATtWhE0v2tXBetaHzSna1gF6VoBNKAjQgXjEhRxoCJaBeMSE3GgIlUF4xIGcaAiUgXjEhtxpyJWBeQSEHGnIkEF5RIYcaYiUQXlEgFxpiJDBeISAHGhIkYF4hIXcaEiRwXnEB03sSJHOvZuCHi3Ilcu9nAEE8QjcEH0ZUANxCpwWvV8QAnFP3BB9XpADMU/cVr1cUEbxTxxXrFuCybFPDtg92UKIsYpO2T3bgsixiI6a/dyCjHGPjt493cKLIM1fn73fQosxzw6f/ZqCjfHPjtw9m8KOcc/O3qzbUECgT41ULFtBRuBJDVLsHIFHYA/NEuwfAQDgDk0QLByQBLKCjRW+FtAHowJcFu8X0AejBFwSr1HQBmNEHFPvV1BDo0UcUC8QkEGjA1xVLxAQAKMA3BOvExAHYwJcFn4WwohjAk7Y75eCjWPFjthvloKJo8MO2m+SgoqjwI7fL5QCjWPFjt3vkYKJsoUfm6+Rk4rjhB+br5eTjqPCH5pv19PP48Sf36/W08wjg1/dr5CTySOD35yvkxOPo4Dfm2+Rk4pjxB+fb9ZTjCPHH5/v0lOK8sbNFO/SQUbjh00V79aBQGOFTRHv1YFD44ANF2/SQUbjgs0S79aBR2NADRRvEgFAY0ON1i/VEMKyxw3WPtZBw7LHDdA+0gGFssbNkH6TQYMygw2RfpCBxPKBDdc+lYHEcsAN1L7TAcdyx83WPtbBg7LFDZc+kIGCMoLNkX6TgYKyhs2Xr5JTCbKG31u+09MIsoIfXT7R0wyygR9evtSTCjKG31u+1lMPsoIfWj7Tkwryhh+cftUTznKBH5/+F1MJYwPOG34XQklyQk4afhOCDnJDTl/+F8IL8kdOW35VAkpjQZzUflFChSDPHNX93QHBcYgNkf0dAQexSc0WfRhBRDFMHFCv0hADY4ccUS/XkAUyxY0RvpCBQTIFjdd+UIGHsgHNln5QQcQyBBzQrJoQhiAOzZKsXwHHoA0Nk70Zkw2gDR9eLFyTDGAI31nsWFPP8UzO3exYQkvgDU4ZrJsCTbGPnNOsmxBFsYuc0T0dgcGgDBzR/R2CgXGJDhQv2ZBE483c0a/e0IQyz02U/toBAnJMDZQ+HcHHMg5N1X5fwcRySo1R/twBAvJKTVfs1NMHYIHNViyVgUagwBxSLFRBQCDAnFSskVABoMNcVb3Xwsugw06YLJLCymDGjp/slgIJoMUOXf3Rk0/gxR/Z7JATi6AGX9+9EsFBoAZNFf0W0ATgB85UPlbQyqAHzdt+VwGPY0df3/5WgY6gyNye7JwBjyDJDdosnBOK8Y3Omm/cgs5jiFyfPdkQzODJnJnsnILIoMmf3Cxdws4gyR/arJjTj6DK39u93kFFoMrNFiybQURgzw0R7J/QBXGNzRH9G8FE8UmN0r0dkMYjg43SvpcBRuOFDdI+kYGD8sSN0f6QkMVgDo3R7F0BgGAPTdQsWsGH8U5clexa0APgD9xRrJmQBbGNDpusmZOPIA3OnSyZE4mgyN/crJrTiLGOTRasmsFFIMtNF2yfAULgz40RPdsQAyDPnJUsmpDHYAzck30YQg1gCU6ZPRtCDeAPzlwsWsIOIA7fGr6Qwg4yw05fvpECC/LEjlt+lFNP44ZOW28QQg5jQg6YLxYTjLGIDp29HFOPsYiOmz3ZQs4xi06aLJ/QBDGLXFe92tAF8Y6cUH3aEADgzo0S/doBhPGPDda9GUGCoA3fHL0ZQggxjR8aPRnCDrFIDlu9GgIPoA6ckb0aEMIxS5yQfR/QxfFLXJV9G8GB4AnclWyf0MBgzZxWLJmBQrIHnFO+k8FBsgccVT5W0AAyBNxULxBCyjIEzpm+VULL8gEOnn5TAs/yB06b7xPTifIHXx/+UlNNssQfGa/QgYeyxByWr9CQAuOGjRD+kgEAMoMNE76SQQbyx80SPtaBBrLDDRf+15ADYEmNF+wawYFgjE3QLNzTTjHNjl99WELKsc2f2izcE4vgjx8dbNsTTiCPDl/s3sLJoEhOnazewsmxz06dPZ7CzyCPn9u9nYLPMY1O3j2ewstxig6e/Z7Cj7GKTpo9mwKOoI+cEL2bEEPxDZzVfVzQhePCzZS+04HBsoLNkO+TQcEjwE1Xr5RBBOPAXBUvkZCDYwcc12+RkINygBzX/tGQhePAzZF+0tCF8sEclH7VkMHywVzQvtXQxTLEnNGv0AJPssSOHP5SAopyA1wUbxIBBTIBzRb+EEECYwOcE+9SUEDjxNwU75eQQPKGXBE+EBCHskQcET4QAQCyRI1RPhaQQGMCDVJ+FoFB8gfNVD5SQUUyQY1WflHBRDJCTVDvVtPO4wUfm+9XU8tjA19fIFeKjHXG3gM5TVIItQFRXKLUBc+tjhjSokP6w /mnl
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:1404
          • C:\Windows\SysWOW64\msiexec.exe
            "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\in71125248\3AE23A7A_stp\winzip64.msi" /qn XAT=dci5
            5⤵
            • Enumerates connected drives
            • Suspicious use of AdjustPrivilegeToken
            PID:772
    • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
      "C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe" /affid 91088 PaidDistribution=true InstallID=yE0Azy0EtCtCyEyD0E0ByD0F0AtD0FyC2RtBtDtBtDtDzytBtAtCyEtDzztCzyzztCtB Pixel=SyDDEQoInmkPeJMZewuSan954RoYOsNYA3uXHg55nh4NeJMcBnieFA97gUNYL8JeAx7CTn8t0UVNJtUKXTvEHwx0lBUHf5EdDHGQHv5MAAAAPkmnLA==
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:948
      • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
        "C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2156
        • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\installer.exe
          "C:\Program Files\McAfee\WebAdvisor\Temp1801804985\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:2176
          • C:\Windows\system32\sc.exe
            sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
            5⤵
              PID:2400
            • C:\Windows\system32\regsvr32.exe
              regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:2424
              • C:\Windows\SysWOW64\regsvr32.exe
                /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                6⤵
                • Loads dropped DLL
                • Modifies registry class
                PID:2468
            • C:\Windows\system32\sc.exe
              sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
              5⤵
                PID:2532
              • C:\Windows\system32\regsvr32.exe
                regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
                5⤵
                • Loads dropped DLL
                • Modifies registry class
                PID:2572
              • C:\Windows\system32\sc.exe
                sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
                5⤵
                  PID:2628
                • C:\Windows\system32\regsvr32.exe
                  regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                  5⤵
                    PID:2972
                    • C:\Windows\SysWOW64\regsvr32.exe
                      /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                      6⤵
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:3068
                  • C:\Windows\system32\sc.exe
                    sc.exe start "McAfee WebAdvisor"
                    5⤵
                      PID:3028
                    • C:\Windows\system32\regsvr32.exe
                      regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                      5⤵
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:2268
              • C:\Program Files\FileZilla FTP Client\filezilla.exe
                "C:\Program Files\FileZilla FTP Client\filezilla.exe"
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of SetWindowsHookEx
                PID:1144
            • C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
              "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
              1⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              • Modifies system certificate store
              PID:1032
              • C:\Program Files\McAfee\WebAdvisor\UIHost.exe
                "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
                2⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Loads dropped DLL
                PID:2172
              • C:\Windows\system32\regsvr32.exe
                "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll"
                2⤵
                  PID:2676
                  • C:\Windows\SysWOW64\regsvr32.exe
                    /s "C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll"
                    3⤵
                    • Loads dropped DLL
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    PID:1632
                • C:\Windows\system32\regsvr32.exe
                  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll"
                  2⤵
                  • Loads dropped DLL
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  PID:2900
                • C:\Program Files\McAfee\WebAdvisor\updater.exe
                  "C:\Program Files\McAfee\WebAdvisor\updater.exe"
                  2⤵
                  • Executes dropped EXE
                  • Modifies data under HKEY_USERS
                  PID:2364
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
                    3⤵
                      PID:572
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
                      3⤵
                        PID:2896
                  • C:\Windows\system32\msiexec.exe
                    C:\Windows\system32\msiexec.exe /V
                    1⤵
                    • Blacklisted process makes network request
                    • Enumerates connected drives
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3040
                    • C:\Windows\syswow64\MsiExec.exe
                      C:\Windows\syswow64\MsiExec.exe -Embedding 57D09FA5DF86F3C1D08512D9F169DF1C
                      2⤵
                      • Loads dropped DLL
                      PID:2552
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D6B9152C-11F1-4C90-8692-00DB891DD284}
                        3⤵
                        • Executes dropped EXE
                        PID:1160
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78899ADA-95B6-4948-9895-0AFCE10A90D4}
                        3⤵
                        • Executes dropped EXE
                        PID:580
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A002AC29-C740-4983-BA76-0102A8C7AC24}
                        3⤵
                        • Executes dropped EXE
                        PID:2384
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0444DF9D-11F8-4BD7-8C4A-8ADA211EDC90}
                        3⤵
                        • Executes dropped EXE
                        PID:3064
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E73C086A-1F72-4033-82E5-56D86AA1439F}
                        3⤵
                        • Executes dropped EXE
                        PID:1484
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BC18FB1C-73E4-41F8-871E-E649B32EFE20}
                        3⤵
                        • Executes dropped EXE
                        PID:2320
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2475F331-00BF-4182-B948-9AFD60128E64}
                        3⤵
                        • Executes dropped EXE
                        PID:300
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EAC57EFB-EAD6-4173-A781-49FFE23CBC62}
                        3⤵
                        • Executes dropped EXE
                        PID:1960
                      • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                        C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4DAED5F9-5092-481A-854E-808EA1A01920}
                        3⤵
                        • Executes dropped EXE
                        PID:2852
                    • C:\Windows\system32\MsiExec.exe
                      C:\Windows\system32\MsiExec.exe -Embedding 5CE1B281B6C499CA1724A091B696A733
                      2⤵
                      • Loads dropped DLL
                      PID:1548
                      • C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe
                        "C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe"
                        3⤵
                        • Executes dropped EXE
                        PID:2948

                  Network

                  MITRE ATT&CK Matrix ATT&CK v6

                  Initial Access

                  Execution

                  Persistence

                  Registry Run Keys / Startup Folder

                  1
                  T1060

                  New Service

                  1
                  T1050

                  Browser Extensions

                  1
                  T1176

                  Privilege Escalation

                  New Service

                  1
                  T1050

                  Defense Evasion

                  Modify Registry

                  3
                  T1112

                  Install Root Certificate

                  1
                  T1130

                  Credential Access

                  Credentials in Files

                  1
                  T1081

                  Discovery

                  Query Registry

                  5
                  T1012

                  System Information Discovery

                  4
                  T1082

                  Security Software Discovery

                  1
                  T1063

                  Peripheral Device Discovery

                  1
                  T1120

                  Lateral Movement

                  Collection

                  Data from Local System

                  1
                  T1005

                  Exfiltration

                  Command and Control

                  Impact

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libfilezilla-9.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libgmp-10.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libgnutls-30.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libhogweed-6.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libnettle-8.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libpng16-16.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libsqlite3-0.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\16x16\unknown.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\48x48\filezilla.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\cancel.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\close.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\compare.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\disconnect.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\dropdown.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\file.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\filter.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\find.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\folder.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\leds.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\localtreeview.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\logview.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\processqueue.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\queueview.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\reconnect.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\refresh.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\remotetreeview.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\server.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sitemanager.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sort_down_dark.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sort_up_dark.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\speedlimits.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\480x480\synchronize.png
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\default\theme.xml
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\resources\defaultfilters.xml
                    Download Submit
                  • C:\Program Files\FileZilla FTP Client\zlib1.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\EventManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\LogicModule.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\LookupManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Resource.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\SettingManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\TaskManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\browserhost.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\browserplugin.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\downloadscan.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\eventmanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\ieplugin.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\installer.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\l10n.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\logicmodule.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\logicscripts.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\lookupmanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\mfw-mwb.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\mfw-nps.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\mfw-webadvisor.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\mfw.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\resourcedll.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\servicehost.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\settingmanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\taskmanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\telemetry.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\uihost.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\uimanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\uninstaller.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\updater.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\wataskmanager.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\webadvisor.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\Temp1801804985\wssdep.cab
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\UIHost.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\UIManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\WATaskManager.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\MiscUtils.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\providers\duckduckgo.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\providers\yandex.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\PostInit.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\PriorityQueue.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiArbitratorHelper.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiThreadExitHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\Win32Helper.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\class.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\dkjson.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\handlers.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\init.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\json.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\logger.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\triggeracceptor.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\BrowserUtils.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\PackageUtils.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\SettingsDB.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\StringUtils.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\Telemetry.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\common_utils.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\mwb\mwbhandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\nps\npshandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\atp_upsell_toast_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\av_scan_upsell_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\checklisthandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\chrome_extension_push_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\ext_install_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\overlay_ui_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\productupselltoast.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\securesearchhandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\upsell_checklist.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\upsell_toast_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\wacsecuresearchl10n.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionConfig.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionProcessor.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\BaseAffidLookup.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\BingPartnerCode.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ChromeBasedBrowserVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\CurrentBrowserVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\DaysSinceSettingsDBLookup.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\DefaultBrowser.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\EventSupplied.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ExternalUtilityFunction.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\FeatureTrackingFeature.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\FirefoxVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ISBIsSecureSearch.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\InstallDate.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\LastBrowserUsed.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\LastOEMCheck.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\Locale.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\OSFlavour.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\PercentageHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\PostUpdateRebootTimeLookup.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProfilesCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProxySubTypeHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProxyTypeHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\RegistryLookup.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SearchAnnotations.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SequenceNumber.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SettingsDBLookup.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\StaticValue.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SuiteStatus.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\TelemetryVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\UpdatePending.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\UpdatePendingVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSAffid.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSCSPID.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSEulaDate.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSPackageType.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSSetting.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSSettingExpiry.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSVersion.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventFormatter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventTransmitter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\HandleOnNavigate.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\SendOnPing.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\TelemetryConfig.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\TelemetryHandler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\EventFormatter_JSON.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\AdblockCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\BlockPage.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\BrowserNavigate.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\CommonLogicLoader.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DailyCounters.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DailyPing.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DomainNavigatedCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DownloadScan.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\LogicScriptError.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\MetricCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\NavigatedToday.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\NewTabCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SMAReputationCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SearchSuggestCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SearchTerm.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SecureSearchHit.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SendImmediately.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WABadgeNotificationCounter.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WSSAnalytics.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WSSAnalyticsRaw.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browser_host_launchers_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\Transmit_Azure.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\events\version.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\SecureSearchStateChange.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\ToastCheckCompleted.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\ToastCheckTriggered.luc
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\uihost.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\updater.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\updater.exe
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
                    Download Submit
                  • C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\MSI60c40.LOG
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\a3v\byy.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\in71125248\3AE23A7A_stp\winzip64.msi
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • C:\Users\Admin\AppData\Roaming\l6r_0F1L1I1P0Z1L1I1I1T1V0N1P2WtJ1V0W1L1G2T1L1EtCzy.txt
                    Download Submit
                  • C:\Users\Admin\AppData\Roaming\l6r_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
                    Download Submit
                  • C:\Windows\Installer\MSI3176.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI31F4.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI330E.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3418.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3477.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI34C6.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3524.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI35F0.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI364F.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI38B0.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI390F.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI39DB.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3A2A.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3AF5.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3BD1.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3CBC.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3D2A.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3D89.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3DD8.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3E65.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3F31.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI3F9F.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI407A.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI4165.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI4250.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI432C.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI45BC.tmp
                    Download Submit
                  • C:\Windows\Installer\MSI46D6.tmp
                    Download Submit
                  • \??\pipe\{1B8D7CD0-CF6F-4B7A-84A7-BC5C3FF0D963}
                    Download Submit
                  • \Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\filezilla.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\fzshellext.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\fzshellext_64.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libfilezilla-9.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libgmp-10.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libgnutls-30.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libhogweed-6.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libnettle-8.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libpng16-16.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libsqlite3-0.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\libstdc++-6.dll
                    Download Submit
                  • \Program Files\FileZilla FTP Client\uninstall.exe
                    Download Submit
                  • \Program Files\FileZilla FTP Client\zlib1.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\Temp1801804985\installer.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\Temp1801804985\installer.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\eventmanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\logicmodule.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\lookupmanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\servicehost.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\servicehost.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\settingmanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\taskmanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\uihost.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\uihost.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\uimanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\updater.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\updater.exe
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\wataskmanager.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\win32\downloadscan.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\win32\ieplugin.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\win32\wssdep.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\x64\ieplugin.dll
                    Download Submit
                  • \Program Files\McAfee\WebAdvisor\x64\wssdep.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\a3v\byy.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\inH2593013201005\libeay32.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\inH2593013201005\ssleay32.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsd25927061964825\libeay32.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsd25927061964825\ssleay32.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\INetC.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\Math.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\StartMenu.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\System.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\System.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\UAC.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\UserInfo.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\nsDialogs.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\nsi2034.tmp
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\nsx6F5.tmp\nsis_appid.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISBEW64.exe
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\ISRT.dll
                    Download Submit
                  • \Users\Admin\AppData\Local\Temp\{4DA8EC67-B574-438A-8C80-DAE8320E18CB}\_isres_0x0409.dll
                    Download Submit
                  • \Windows\Installer\MSI3176.tmp
                    Download Submit
                  • \Windows\Installer\MSI31F4.tmp
                    Download Submit
                  • \Windows\Installer\MSI330E.tmp
                    Download Submit
                  • \Windows\Installer\MSI3418.tmp
                    Download Submit
                  • \Windows\Installer\MSI3477.tmp
                    Download Submit
                  • \Windows\Installer\MSI34C6.tmp
                    Download Submit
                  • \Windows\Installer\MSI3524.tmp
                    Download Submit
                  • \Windows\Installer\MSI35F0.tmp
                    Download Submit
                  • \Windows\Installer\MSI364F.tmp
                    Download Submit
                  • \Windows\Installer\MSI38B0.tmp
                    Download Submit
                  • \Windows\Installer\MSI390F.tmp
                    Download Submit
                  • \Windows\Installer\MSI39DB.tmp
                    Download Submit
                  • \Windows\Installer\MSI3A2A.tmp
                    Download Submit
                  • \Windows\Installer\MSI3AF5.tmp
                    Download Submit
                  • \Windows\Installer\MSI3BD1.tmp
                    Download Submit
                  • \Windows\Installer\MSI3CBC.tmp
                    Download Submit
                  • \Windows\Installer\MSI3D2A.tmp
                    Download Submit
                  • \Windows\Installer\MSI3D89.tmp
                    Download Submit
                  • \Windows\Installer\MSI3DD8.tmp
                    Download Submit
                  • \Windows\Installer\MSI3E65.tmp
                    Download Submit
                  • \Windows\Installer\MSI3F31.tmp
                    Download Submit
                  • \Windows\Installer\MSI3F9F.tmp
                    Download Submit
                  • \Windows\Installer\MSI407A.tmp
                    Download Submit
                  • \Windows\Installer\MSI4165.tmp
                    Download Submit
                  • \Windows\Installer\MSI4250.tmp
                    Download Submit
                  • \Windows\Installer\MSI432C.tmp
                    Download Submit
                  • \Windows\Installer\MSI45BC.tmp
                    Download Submit
                  • \Windows\Installer\MSI46D6.tmp
                    Download Submit
                  • memory/300-1743-0x0000000000000000-mapping.dmp
                    Download
                  • memory/432-523-0x0000000000000000-mapping.dmp
                    Download
                  • memory/572-1626-0x0000000000000000-mapping.dmp
                    Download
                  • memory/580-1726-0x0000000000000000-mapping.dmp
                    Download
                  • memory/772-1657-0x0000000000000000-mapping.dmp
                    Download
                  • memory/948-542-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1032-1620-0x000007FF1FD10000-0x000007FF1FD20000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/1032-1646-0x000007FF1FD10000-0x000007FF1FD20000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/1032-1642-0x000007FF1FD10000-0x000007FF1FD20000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/1032-1631-0x000007FF1FD10000-0x000007FF1FD20000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/1144-1435-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1144-1501-0x0000000006C80000-0x0000000006C81000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/1160-1722-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1308-526-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1404-1304-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1261-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1295-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-530-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1404-536-0x00000000022A0000-0x00000000024E1000-memory.dmp
                    Filesize

                    2.3MB

                    Download
                  • memory/1404-537-0x00000000022A0000-0x00000000024E1000-memory.dmp
                    Filesize

                    2.3MB

                    Download
                  • memory/1404-538-0x00000000034F0000-0x00000000039C3000-memory.dmp
                    Filesize

                    4.8MB

                    Download
                  • memory/1404-547-0x0000000005380000-0x0000000005391000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-548-0x0000000005790000-0x00000000057A1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-550-0x0000000005380000-0x0000000005391000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-551-0x0000000005380000-0x0000000005391000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1259-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1260-0x0000000005F50000-0x0000000005F61000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1294-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1264-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1274-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1277-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1278-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1282-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1283-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1290-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1292-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1303-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1299-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1293-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1404-1296-0x0000000005B40000-0x0000000005B51000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1484-1735-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1496-12-0x0000000005BA0000-0x0000000005BB1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1496-513-0x0000000005BA0000-0x0000000005BB1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1496-533-0x000000000C200000-0x000000000C220000-memory.dmp
                    Filesize

                    128KB

                    Download
                  • memory/1496-8-0x0000000005190000-0x0000000005674000-memory.dmp
                    Filesize

                    4.9MB

                    Download
                  • memory/1496-13-0x0000000005FB0000-0x0000000005FC1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1496-14-0x0000000005BA0000-0x0000000005BB1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1496-511-0x0000000005BA0000-0x0000000005BB1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1496-512-0x0000000005BA0000-0x0000000005BB1000-memory.dmp
                    Filesize

                    68KB

                    Download
                  • memory/1548-1664-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1564-527-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1632-1572-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1960-1746-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2044-6-0x000007FEF63D0000-0x000007FEF664A000-memory.dmp
                    Filesize

                    2.5MB

                    Download
                  • memory/2156-1314-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2172-1557-0x000007FF1ED60000-0x000007FF1ED70000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2172-1516-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2176-1396-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1402-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1364-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1429-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1428-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1370-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1360-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1371-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1374-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1375-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1376-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1377-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1378-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1379-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1427-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1381-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1382-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1383-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1384-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1385-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1353-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1386-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1354-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1387-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1355-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1388-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1389-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1390-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1350-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1391-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1426-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1392-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1356-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1393-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1394-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1395-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1425-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1367-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1397-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1398-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1424-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1399-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1400-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1423-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1348-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1351-0x00000001065D0000-0x00000001065E0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1422-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1403-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1368-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1404-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1362-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1405-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1347-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1406-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1346-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1407-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1363-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1411-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1359-0x0000000160970000-0x0000000160980000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1412-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1413-0x000000016ABA0000-0x000000016ABB0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1414-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1415-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1416-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1325-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1417-0x0000000169760000-0x0000000169770000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1318-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2176-1419-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1421-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2176-1420-0x00000001530A0000-0x00000001530B0000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2268-1466-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2320-1740-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2364-1580-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2384-1729-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2400-1349-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2424-1352-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2468-1358-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2532-1365-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2552-1661-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2572-1369-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2628-1380-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2676-1570-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2852-1749-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2896-1635-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2900-1574-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2948-1691-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2972-1430-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3028-1431-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3064-1732-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3068-1433-0x0000000000000000-mapping.dmp
                    Download