Overview

overview

10

Static

static

FileZilla_...up.exe

windows7_x64

10

FileZilla_...up.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    23-09-2020 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FileZilla_3.50.0_win64_sponsored-setup.exe

  • Size

    12.9MB

  • MD5

    90f560ce71cc77fc2e121761eeef265c

  • SHA1

    85ff0ad4728e31539e1d3757a543d47e9cd42f74

  • SHA256

    d04bbcd2855d3bba4627cbb1da3a0e5fa79fe0b27b371024605ff1382ea94c58

  • SHA512

    c5a6b3890743ff0f1ea3f6fc9c2f28cf70e9f47c4067830ca63b38c3a1b10d386dc0d889c3041a553876b4a14fafd094f4a7d41279273b85148d6a8f9b9d54e1

Score
10/10
spywarepersistencestealeradwarediscovery

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs
    persistence
  • Creates new service(s) 1 TTPs
    persistence
  • Executes dropped EXE 8 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 43 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks for any installed AV software in registry 1 TTPs 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • JavaScript code in executable 7 IoCs
  • Drops file in Program Files directory 1857 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 47 IoCs
  • Modifies registry class 70 IoCs
  • Modifies system certificate store 2 TTPs 16 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 204 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 158 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FileZilla_3.50.0_win64_sponsored-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\FileZilla_3.50.0_win64_sponsored-setup.exe"
    1⤵
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:408
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:3944
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /d /c cmd /d /c C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe /covr:XTBfVA98Yjx7CBJPQSc9LC1ISEgDJiE8Zk5EEQg7MHR8Xh4XEzMxGlFyYl8ONi0ST39jTRotL3B0RFsVHCF2e2lVEw8Me3BgYXYxIyI5ZG12ZiosOyMXalJPcjA7Ix5RZG17JmkkNXU9e3s0cD5GchlSIyhwPk9JL3AqPiIjbmofEV5YLyFnahwQUVokImRrFRFpOVBWNnIVD2kiVFshfQAUfjlBQD8ELCgLCWFnT1wtIhwDbm1YRjE9GRJ5AClRA3gYCDMtKUoCfRgJMz8pUAN+GAEyNilNA3EYFDMwKVECdRkVMyErTwJ1GhYyJytQA3MaGDI/K18DcRoGMj4rQQBkGhd0JypZAGQaEHQnKlYAZBoFdCcqUQBkGhh0ICpVAGMaE3QgKkIAYhobdCEqUgBiGgJ0ISpAAGUaA3QmKkUAZRoUdCYqRABgGB4yNipEP3FmC30wKlQrcXgHFkMrc0RzbUMIQyJzX3J0QwxCN3NEcnJDCUI3cl9yeUIeQjRyWzZmCCNCNDhlcG0JJ0EhOGFwZggnQSo5bnB6CTRBNjh9cH8JKQQ9fXtwdQkpQDQ5enFiCTJANjh1cWcJPEA3OH80ZUIHBjY2VTZlBh4GLDZON3oGGAc3N043dAcGBzE3RTd6QxdNAjdTf1NDGwsBc147V0MbCxlzTzpPQxwKGHJKOlVCCwocckU7SkIDCwVyUTtIQwcLC3NLO0RDGAsBc1x/UwkkCwE4ZjlWCTAIHjhkOVIJIwgEOGw5QgkvCAo4eTlYCTAIHjhyOU4JI00cfWs5Tk0uCRh9azlWTT8IAH1sOFdMOggafHs4U0w1CQV8czlKTCEJB313OURNOwkLfWg5Tk0sCBh9eDhRTTUIFH16OEFNLkwTN1Y4QQYeCRU3UjhSBgQJHTdCOF4GCgkIN1g4QQYeCQM3TjhSBhgKCDdUO0AGBAoGNF04XEAPTBQ0XXxRBAtMFDRFfEAFE0wTNUR9RQUJTQQ1QH1KBBZNDDRZfV4EFEwINFd8RAQYTBc0XXxTBQtMHDVZfUoFDU0DNUB9RgUPTRM1WzlBTyNNE35rfEdPJ00AfnF8T083TQx+f3xaTy1NE35rfFFPO00Afm18Rk8uTRB9dHxcTDxNDH16f1VPIAsHO2h/VQogTgE7bH9GCzxOBTp6f1cLKk4VOmh+XAosCg5wVHNLBBAJMXBYfWNBDEwhc1h+eEILTj9zTX92QhwLJDhkOmsJMAsiOHI6ckw6TiB9bn9iTzpNO35ufHhPK0w/fm19dk88CSQ1RDh+BxdMLDZQfXgHGEwoc0o2UAcYBx42XjZXBw8HATZNNVlCH0ERNk1zSQcZQgA1QHNQQRIJKDVAO3BBAgkic1p9YAccCSFzWnBjQQhCNjhKO3UIGwkgOFc4dkwRTDV8RH5vThxMNn9bfXpPFU0zflN9d04GTyF8XH5tTgVPOTR/NnsFK08+NXp/fAQsCy42fX9mBC4LNDVpOmAEIQswcHNxSAQhQAY1Z3FPBDZAGTV0ckAEOEMRcGo3WQQ4BQE1bDRIBzUFGHNnf2AHNU4vc3Q0VgcwTRJ+czlRTyJNFjtgNFRCJQUHNmJ8QkImCAM2ZXxEBzZNEDZ5NFVCPgUBc2p8RUI7BQFzazRQCRJAEzhAcUJMAQUQflBxWEwDBQp9RDReTAwFDjhef3ZMDE44fUp/cUwbTid9WDp1CRBOJztIf3MKAU0qO1E5eEEpTSo1e397QTNNKDVhfG8ENU0nNWU5dU8dTSd+U3xhTxpNMH5MfH8KHgg3fkw6b08YCyZ9QTp2CRNADn1BNFxPEEAUfUM0RkwEBRJ9TDRCCR5OOn1Mf3RMCk49fVt/a0wZTiQ4SzpsTBkINH1NOX1PFAgtO0ZyVU8CQAQ7SnJXTxhDEH5MclhPHAYKNWRyWAQqQx41Y3JPBDVDDTV2N19BPkMNc2ZyWUIvQABzfzRSCQdAFjtWNF4JBUAMOEJxWAkKQAh9WDpwCQoLPjhMOncJHQshOE86Y0wdTis4T3xzCRtNOjtCfGpPEAYSO0JyQAkTBgg7QHJaCgdDDjtPcl5PHQgmO085aAoJCCE7WDl3CgoINTtIfGdPAAg1fVg5YUwRCzh9QX9qBzkLLjVof2YHOws0Nnw6YAc0CzBzZnFIBzRABjZycU8HI0AZNmtxXwc6QA9zaDRHBzoGHzZuN1YENwYGcGV8fgQ3CDpwZTprQT1OIzVvfmAFK04uNW5+ewQ4Tig0fX56BCtOPzR5Om1OAU4/f0x8ZU0WTSB8VDdYCBFDHTpGcUoIEQUIfFc0T00bBhV8SzdYTRtDH3xccUZOBkAWfFxxRggaQBQ5XHFcTRkFDjlRcVwJEkEYOVxxTQkPQBs5XHBeCQ5ACDlLcFpNGQoiOUs7bwsRCTU6VDh3QCxMMjRpfWYFLEwjcWp9ZEAmTz5xdn5zQCYKNHFhOG1DOwk9cWE4bQUnCT80YTh3QCRMJTRsOHcEIwgxNHE5ZwQiCSI0cDl0BDUJJnBnc14ENUITNm9wSQcqCjFzb350ByBOOzdmfmlDKQovcm47Y0A0CjNxeTtjBT4KJDdnOH4GNwokN2d+YgY1TyQ3fTthQy9PKTd9f2cHOE8wNm5/dAYhTzk2YH9wBi5PI3J8NVtDMwQPcno1TUMqBxxOeVBRGDwCbCoSMkIbIj8XSW4Cfz0aPxFv /mnl
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3796
      • C:\Windows\SysWOW64\cmd.exe
        cmd /d /c C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe /covr:XTBfVA98Yjx7CBJPQSc9LC1ISEgDJiE8Zk5EEQg7MHR8Xh4XEzMxGlFyYl8ONi0ST39jTRotL3B0RFsVHCF2e2lVEw8Me3BgYXYxIyI5ZG12ZiosOyMXalJPcjA7Ix5RZG17JmkkNXU9e3s0cD5GchlSIyhwPk9JL3AqPiIjbmofEV5YLyFnahwQUVokImRrFRFpOVBWNnIVD2kiVFshfQAUfjlBQD8ELCgLCWFnT1wtIhwDbm1YRjE9GRJ5AClRA3gYCDMtKUoCfRgJMz8pUAN+GAEyNilNA3EYFDMwKVECdRkVMyErTwJ1GhYyJytQA3MaGDI/K18DcRoGMj4rQQBkGhd0JypZAGQaEHQnKlYAZBoFdCcqUQBkGhh0ICpVAGMaE3QgKkIAYhobdCEqUgBiGgJ0ISpAAGUaA3QmKkUAZRoUdCYqRABgGB4yNipEP3FmC30wKlQrcXgHFkMrc0RzbUMIQyJzX3J0QwxCN3NEcnJDCUI3cl9yeUIeQjRyWzZmCCNCNDhlcG0JJ0EhOGFwZggnQSo5bnB6CTRBNjh9cH8JKQQ9fXtwdQkpQDQ5enFiCTJANjh1cWcJPEA3OH80ZUIHBjY2VTZlBh4GLDZON3oGGAc3N043dAcGBzE3RTd6QxdNAjdTf1NDGwsBc147V0MbCxlzTzpPQxwKGHJKOlVCCwocckU7SkIDCwVyUTtIQwcLC3NLO0RDGAsBc1x/UwkkCwE4ZjlWCTAIHjhkOVIJIwgEOGw5QgkvCAo4eTlYCTAIHjhyOU4JI00cfWs5Tk0uCRh9azlWTT8IAH1sOFdMOggafHs4U0w1CQV8czlKTCEJB313OURNOwkLfWg5Tk0sCBh9eDhRTTUIFH16OEFNLkwTN1Y4QQYeCRU3UjhSBgQJHTdCOF4GCgkIN1g4QQYeCQM3TjhSBhgKCDdUO0AGBAoGNF04XEAPTBQ0XXxRBAtMFDRFfEAFE0wTNUR9RQUJTQQ1QH1KBBZNDDRZfV4EFEwINFd8RAQYTBc0XXxTBQtMHDVZfUoFDU0DNUB9RgUPTRM1WzlBTyNNE35rfEdPJ00AfnF8T083TQx+f3xaTy1NE35rfFFPO00Afm18Rk8uTRB9dHxcTDxNDH16f1VPIAsHO2h/VQogTgE7bH9GCzxOBTp6f1cLKk4VOmh+XAosCg5wVHNLBBAJMXBYfWNBDEwhc1h+eEILTj9zTX92QhwLJDhkOmsJMAsiOHI6ckw6TiB9bn9iTzpNO35ufHhPK0w/fm19dk88CSQ1RDh+BxdMLDZQfXgHGEwoc0o2UAcYBx42XjZXBw8HATZNNVlCH0ERNk1zSQcZQgA1QHNQQRIJKDVAO3BBAgkic1p9YAccCSFzWnBjQQhCNjhKO3UIGwkgOFc4dkwRTDV8RH5vThxMNn9bfXpPFU0zflN9d04GTyF8XH5tTgVPOTR/NnsFK08+NXp/fAQsCy42fX9mBC4LNDVpOmAEIQswcHNxSAQhQAY1Z3FPBDZAGTV0ckAEOEMRcGo3WQQ4BQE1bDRIBzUFGHNnf2AHNU4vc3Q0VgcwTRJ+czlRTyJNFjtgNFRCJQUHNmJ8QkImCAM2ZXxEBzZNEDZ5NFVCPgUBc2p8RUI7BQFzazRQCRJAEzhAcUJMAQUQflBxWEwDBQp9RDReTAwFDjhef3ZMDE44fUp/cUwbTid9WDp1CRBOJztIf3MKAU0qO1E5eEEpTSo1e397QTNNKDVhfG8ENU0nNWU5dU8dTSd+U3xhTxpNMH5MfH8KHgg3fkw6b08YCyZ9QTp2CRNADn1BNFxPEEAUfUM0RkwEBRJ9TDRCCR5OOn1Mf3RMCk49fVt/a0wZTiQ4SzpsTBkINH1NOX1PFAgtO0ZyVU8CQAQ7SnJXTxhDEH5MclhPHAYKNWRyWAQqQx41Y3JPBDVDDTV2N19BPkMNc2ZyWUIvQABzfzRSCQdAFjtWNF4JBUAMOEJxWAkKQAh9WDpwCQoLPjhMOncJHQshOE86Y0wdTis4T3xzCRtNOjtCfGpPEAYSO0JyQAkTBgg7QHJaCgdDDjtPcl5PHQgmO085aAoJCCE7WDl3CgoINTtIfGdPAAg1fVg5YUwRCzh9QX9qBzkLLjVof2YHOws0Nnw6YAc0CzBzZnFIBzRABjZycU8HI0AZNmtxXwc6QA9zaDRHBzoGHzZuN1YENwYGcGV8fgQ3CDpwZTprQT1OIzVvfmAFK04uNW5+ewQ4Tig0fX56BCtOPzR5Om1OAU4/f0x8ZU0WTSB8VDdYCBFDHTpGcUoIEQUIfFc0T00bBhV8SzdYTRtDH3xccUZOBkAWfFxxRggaQBQ5XHFcTRkFDjlRcVwJEkEYOVxxTQkPQBs5XHBeCQ5ACDlLcFpNGQoiOUs7bwsRCTU6VDh3QCxMMjRpfWYFLEwjcWp9ZEAmTz5xdn5zQCYKNHFhOG1DOwk9cWE4bQUnCT80YTh3QCRMJTRsOHcEIwgxNHE5ZwQiCSI0cDl0BDUJJnBnc14ENUITNm9wSQcqCjFzb350ByBOOzdmfmlDKQovcm47Y0A0CjNxeTtjBT4KJDdnOH4GNwokN2d+YgY1TyQ3fTthQy9PKTd9f2cHOE8wNm5/dAYhTzk2YH9wBi5PI3J8NVtDMwQPcno1TUMqBxxOeVBRGDwCbCoSMkIbIj8XSW4Cfz0aPxFv /mnl
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2032
        • C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe
          C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe /covr:XTBfVA98Yjx7CBJPQSc9LC1ISEgDJiE8Zk5EEQg7MHR8Xh4XEzMxGlFyYl8ONi0ST39jTRotL3B0RFsVHCF2e2lVEw8Me3BgYXYxIyI5ZG12ZiosOyMXalJPcjA7Ix5RZG17JmkkNXU9e3s0cD5GchlSIyhwPk9JL3AqPiIjbmofEV5YLyFnahwQUVokImRrFRFpOVBWNnIVD2kiVFshfQAUfjlBQD8ELCgLCWFnT1wtIhwDbm1YRjE9GRJ5AClRA3gYCDMtKUoCfRgJMz8pUAN+GAEyNilNA3EYFDMwKVECdRkVMyErTwJ1GhYyJytQA3MaGDI/K18DcRoGMj4rQQBkGhd0JypZAGQaEHQnKlYAZBoFdCcqUQBkGhh0ICpVAGMaE3QgKkIAYhobdCEqUgBiGgJ0ISpAAGUaA3QmKkUAZRoUdCYqRABgGB4yNipEP3FmC30wKlQrcXgHFkMrc0RzbUMIQyJzX3J0QwxCN3NEcnJDCUI3cl9yeUIeQjRyWzZmCCNCNDhlcG0JJ0EhOGFwZggnQSo5bnB6CTRBNjh9cH8JKQQ9fXtwdQkpQDQ5enFiCTJANjh1cWcJPEA3OH80ZUIHBjY2VTZlBh4GLDZON3oGGAc3N043dAcGBzE3RTd6QxdNAjdTf1NDGwsBc147V0MbCxlzTzpPQxwKGHJKOlVCCwocckU7SkIDCwVyUTtIQwcLC3NLO0RDGAsBc1x/UwkkCwE4ZjlWCTAIHjhkOVIJIwgEOGw5QgkvCAo4eTlYCTAIHjhyOU4JI00cfWs5Tk0uCRh9azlWTT8IAH1sOFdMOggafHs4U0w1CQV8czlKTCEJB313OURNOwkLfWg5Tk0sCBh9eDhRTTUIFH16OEFNLkwTN1Y4QQYeCRU3UjhSBgQJHTdCOF4GCgkIN1g4QQYeCQM3TjhSBhgKCDdUO0AGBAoGNF04XEAPTBQ0XXxRBAtMFDRFfEAFE0wTNUR9RQUJTQQ1QH1KBBZNDDRZfV4EFEwINFd8RAQYTBc0XXxTBQtMHDVZfUoFDU0DNUB9RgUPTRM1WzlBTyNNE35rfEdPJ00AfnF8T083TQx+f3xaTy1NE35rfFFPO00Afm18Rk8uTRB9dHxcTDxNDH16f1VPIAsHO2h/VQogTgE7bH9GCzxOBTp6f1cLKk4VOmh+XAosCg5wVHNLBBAJMXBYfWNBDEwhc1h+eEILTj9zTX92QhwLJDhkOmsJMAsiOHI6ckw6TiB9bn9iTzpNO35ufHhPK0w/fm19dk88CSQ1RDh+BxdMLDZQfXgHGEwoc0o2UAcYBx42XjZXBw8HATZNNVlCH0ERNk1zSQcZQgA1QHNQQRIJKDVAO3BBAgkic1p9YAccCSFzWnBjQQhCNjhKO3UIGwkgOFc4dkwRTDV8RH5vThxMNn9bfXpPFU0zflN9d04GTyF8XH5tTgVPOTR/NnsFK08+NXp/fAQsCy42fX9mBC4LNDVpOmAEIQswcHNxSAQhQAY1Z3FPBDZAGTV0ckAEOEMRcGo3WQQ4BQE1bDRIBzUFGHNnf2AHNU4vc3Q0VgcwTRJ+czlRTyJNFjtgNFRCJQUHNmJ8QkImCAM2ZXxEBzZNEDZ5NFVCPgUBc2p8RUI7BQFzazRQCRJAEzhAcUJMAQUQflBxWEwDBQp9RDReTAwFDjhef3ZMDE44fUp/cUwbTid9WDp1CRBOJztIf3MKAU0qO1E5eEEpTSo1e397QTNNKDVhfG8ENU0nNWU5dU8dTSd+U3xhTxpNMH5MfH8KHgg3fkw6b08YCyZ9QTp2CRNADn1BNFxPEEAUfUM0RkwEBRJ9TDRCCR5OOn1Mf3RMCk49fVt/a0wZTiQ4SzpsTBkINH1NOX1PFAgtO0ZyVU8CQAQ7SnJXTxhDEH5MclhPHAYKNWRyWAQqQx41Y3JPBDVDDTV2N19BPkMNc2ZyWUIvQABzfzRSCQdAFjtWNF4JBUAMOEJxWAkKQAh9WDpwCQoLPjhMOncJHQshOE86Y0wdTis4T3xzCRtNOjtCfGpPEAYSO0JyQAkTBgg7QHJaCgdDDjtPcl5PHQgmO085aAoJCCE7WDl3CgoINTtIfGdPAAg1fVg5YUwRCzh9QX9qBzkLLjVof2YHOws0Nnw6YAc0CzBzZnFIBzRABjZycU8HI0AZNmtxXwc6QA9zaDRHBzoGHzZuN1YENwYGcGV8fgQ3CDpwZTprQT1OIzVvfmAFK04uNW5+ewQ4Tig0fX56BCtOPzR5Om1OAU4/f0x8ZU0WTSB8VDdYCBFDHTpGcUoIEQUIfFc0T00bBhV8SzdYTRtDH3xccUZOBkAWfFxxRggaQBQ5XHFcTRkFDjlRcVwJEkEYOVxxTQkPQBs5XHBeCQ5ACDlLcFpNGQoiOUs7bwsRCTU6VDh3QCxMMjRpfWYFLEwjcWp9ZEAmTz5xdn5zQCYKNHFhOG1DOwk9cWE4bQUnCT80YTh3QCRMJTRsOHcEIwgxNHE5ZwQiCSI0cDl0BDUJJnBnc14ENUITNm9wSQcqCjFzb350ByBOOzdmfmlDKQovcm47Y0A0CjNxeTtjBT4KJDdnOH4GNwokN2d+YgY1TyQ3fTthQy9PKTd9f2cHOE8wNm5/dAYhTzk2YH9wBi5PI3J8NVtDMwQPcno1TUMqBxxOeVBRGDwCbCoSMkIbIj8XSW4Cfz0aPxFv /mnl
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:3444
    • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
      "C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe" /affid 91088 PaidDistribution=true InstallID=yDyCzzzztD0DyE0E0A0C0B0EyBtC0CyE2RtBtDtBtDtDzytBtAtCyCtDzztByDtCtCtA Pixel=29Q8RpuLYEOe+Ww+7/4aPpmMG0+IzjwPk49oSZ6NYUmdjG5Llo9tSp+OfhTI2z0Jk+o9Ge/ZLhLd0ipdzc87SJyAak+Xi2FJnoprS/5MAAAArr1Yew==
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3388
      • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
        "C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:3264
        • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\installer.exe
          "C:\Program Files\McAfee\WebAdvisor\Temp1156428362\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • Suspicious use of WriteProcessMemory
          PID:3332
          • C:\Windows\SYSTEM32\sc.exe
            sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
            5⤵
              PID:4012
            • C:\Windows\SYSTEM32\regsvr32.exe
              regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:3500
              • C:\Windows\SysWOW64\regsvr32.exe
                /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                6⤵
                • Loads dropped DLL
                • Modifies registry class
                PID:4152
            • C:\Windows\SYSTEM32\regsvr32.exe
              regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
              5⤵
              • Loads dropped DLL
              • Modifies registry class
              PID:4188
            • C:\Windows\SYSTEM32\sc.exe
              sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
              5⤵
                PID:4224
              • C:\Windows\SYSTEM32\sc.exe
                sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
                5⤵
                  PID:4272
                • C:\Windows\SYSTEM32\regsvr32.exe
                  regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                  5⤵
                  • Suspicious use of WriteProcessMemory
                  PID:4640
                  • C:\Windows\SysWOW64\regsvr32.exe
                    /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                    6⤵
                    • Loads dropped DLL
                    • Modifies registry class
                    PID:4696
                • C:\Windows\SYSTEM32\sc.exe
                  sc.exe start "McAfee WebAdvisor"
                  5⤵
                    PID:4652
                  • C:\Windows\SYSTEM32\regsvr32.exe
                    regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                    5⤵
                    • Loads dropped DLL
                    • Modifies registry class
                    PID:4796
            • C:\Program Files\FileZilla FTP Client\filezilla.exe
              "C:\Program Files\FileZilla FTP Client\filezilla.exe"
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of SetWindowsHookEx
              PID:3464
          • C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
            "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies data under HKEY_USERS
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:4748
            • C:\Program Files\McAfee\WebAdvisor\UIHost.exe
              "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
              2⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Loads dropped DLL
              PID:1928
            • C:\Windows\system32\regsvr32.exe
              "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:4472
              • C:\Windows\SysWOW64\regsvr32.exe
                /s "C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll"
                3⤵
                • Loads dropped DLL
                • Modifies Internet Explorer settings
                • Modifies registry class
                PID:4428
            • C:\Windows\system32\regsvr32.exe
              "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll"
              2⤵
              • Loads dropped DLL
              • Modifies Internet Explorer settings
              • Modifies registry class
              PID:4496
            • C:\Program Files\McAfee\WebAdvisor\updater.exe
              "C:\Program Files\McAfee\WebAdvisor\updater.exe"
              2⤵
              • Executes dropped EXE
              • Modifies data under HKEY_USERS
              • Suspicious use of WriteProcessMemory
              PID:4780
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
                3⤵
                  PID:728
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
                  3⤵
                    PID:4632

              Network

              MITRE ATT&CK Matrix ATT&CK v6

              Initial Access

              Execution

              Persistence

              Registry Run Keys / Startup Folder

              1
              T1060

              New Service

              1
              T1050

              Browser Extensions

              1
              T1176

              Privilege Escalation

              New Service

              1
              T1050

              Defense Evasion

              Modify Registry

              3
              T1112

              Install Root Certificate

              1
              T1130

              Credential Access

              Credentials in Files

              1
              T1081

              Discovery

              Query Registry

              4
              T1012

              System Information Discovery

              3
              T1082

              Security Software Discovery

              1
              T1063

              Lateral Movement

              Collection

              Data from Local System

              1
              T1005

              Exfiltration

              Command and Control

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\FileZilla FTP Client\filezilla.exe
                Download Submit
              • C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libfilezilla-9.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libgmp-10.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libgnutls-30.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libhogweed-6.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libnettle-8.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libpng16-16.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libsqlite3-0.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\16x16\unknown.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\48x48\filezilla.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\cancel.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\close.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\compare.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\disconnect.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\dropdown.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\file.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\filter.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\find.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\folder.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\leds.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\localtreeview.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\logview.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\processqueue.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\queueview.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\reconnect.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\refresh.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\remotetreeview.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\server.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sitemanager.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sort_down_dark.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\sort_up_dark.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\speedlimits.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\480x480\synchronize.png
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\default\theme.xml
                Download Submit
              • C:\Program Files\FileZilla FTP Client\resources\defaultfilters.xml
                Download Submit
              • C:\Program Files\FileZilla FTP Client\zlib1.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\EventManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Ext18E4.tmp
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\LogicModule.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\LookupManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserUtils.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringUtils.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Resource.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\SettingManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\TaskManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\browserhost.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\browserplugin.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\downloadscan.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\eventmanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\ieplugin.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\installer.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\installer.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\l10n.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\logicmodule.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\logicscripts.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\lookupmanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\mfw-mwb.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\mfw-nps.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\mfw-webadvisor.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\mfw.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\resourcedll.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\servicehost.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\settingmanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\taskmanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\telemetry.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\uihost.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\uimanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\uninstaller.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\updater.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\wataskmanager.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\webadvisor.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\Temp1156428362\wssdep.cab
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\UIHost.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\UIManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\WATaskManager.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\MiscUtils.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\providers\duckduckgo.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\providers\yandex.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\PostInit.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\PriorityQueue.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiArbitratorHelper.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\UiThreadExitHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\class.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\dkjson.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\handlers.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\init.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\logger.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\triggeracceptor.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\PackageUtils.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\SettingsDB.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\core\utils\Telemetry.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\mwb\mwbhandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\nps\npshandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\atp_upsell_toast_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\av_scan_upsell_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\checklisthandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\chrome_extension_push_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\ext_install_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\overlay_ui_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\productupselltoast.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\securesearchhandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\upsell_checklist.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\upsell_toast_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\mfw\packages\webadvisor\wacsecuresearchl10n.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionConfig.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\DimensionProcessor.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\BaseAffidLookup.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\BingPartnerCode.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ChromeBasedBrowserVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\CurrentBrowserVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\DaysSinceSettingsDBLookup.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\DefaultBrowser.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\EventSupplied.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ExternalUtilityFunction.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\FeatureTrackingFeature.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\FirefoxVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ISBIsSecureSearch.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\InstallDate.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\LastBrowserUsed.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\LastOEMCheck.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\Locale.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\OSFlavour.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\PercentageHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\PostUpdateRebootTimeLookup.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProfilesCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProxySubTypeHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\ProxyTypeHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\RegistryLookup.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SearchAnnotations.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SequenceNumber.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SettingsDBLookup.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\StaticValue.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\SuiteStatus.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\TelemetryVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\UpdatePending.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\UpdatePendingVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSAffid.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSCSPID.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSEulaDate.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSPackageType.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSSetting.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSSettingExpiry.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\WSSVersion.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventFormatter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\EventTransmitter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\HandleOnNavigate.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\SendOnPing.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\TelemetryConfig.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\TelemetryHandler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\EventFormatter_JSON.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\AdblockCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\BlockPage.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\BrowserNavigate.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\CommonLogicLoader.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DailyCounters.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DailyPing.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DomainNavigatedCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\DownloadScan.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\LogicScriptError.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\MetricCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\NavigatedToday.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\NewTabCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SMAReputationCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SearchSuggestCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SearchTerm.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SecureSearchHit.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\SendImmediately.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WABadgeNotificationCounter.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WSSAnalytics.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\WSSAnalyticsRaw.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browser_host_launchers_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\Transmit_Azure.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\events\version.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\SecureSearchStateChange.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\ToastCheckCompleted.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\ToastCheckTriggered.luc
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\uihost.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\updater.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\updater.exe
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
                Download Submit
              • C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\0ja\y1m.exe
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\installer.exe
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\ns20813EE1\2D6B7D05_stp\saBSI.exe
                Download Submit
              • C:\Users\Admin\AppData\Roaming\fnt_0F1L1I1P0Z1L1I1I1T1V0N1P2WtJ1V0W1L1G2T1L1EtCzy.txt
                Download Submit
              • C:\Users\Admin\AppData\Roaming\fnt_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
                Download Submit
              • \??\pipe\{FE05D378-5232-474D-B693-510024A75B82}
                Download Submit
              • \??\pipe\{FE05D378-5232-474D-B693-510024A75B82}
                Download Submit
              • \Program Files\FileZilla FTP Client\fzshellext.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\fzshellext_64.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libfilezilla-9.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libgmp-10.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libgnutls-30.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libhogweed-6.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libnettle-8.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libpng16-16.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libsqlite3-0.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\libstdc++-6.dll
                Download Submit
              • \Program Files\FileZilla FTP Client\zlib1.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\eventmanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\logicmodule.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\lookupmanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\settingmanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\taskmanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\uimanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\wataskmanager.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\win32\downloadscan.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\win32\ieplugin.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\win32\wssdep.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\x64\ieplugin.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\x64\wssdep.dll
                Download Submit
              • \Program Files\McAfee\WebAdvisor\x64\wssdep.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\inH259367375574\libeay32.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\inH259367375574\ssleay32.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nsd25932204626964\libeay32.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nsd25932204626964\ssleay32.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\INetC.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\INetC.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\Math.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\StartMenu.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\System.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\System.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\UAC.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\UserInfo.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\nsDialogs.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\nsis_appid.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\nsis_appid.dll
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\nsxE5E5.tmp
                Download Submit
              • \Users\Admin\AppData\Local\Temp\nszAAFD.tmp\nsxE5E5.tmp
                Download Submit
              • memory/408-7-0x00000000033F0000-0x00000000033F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-4-0x00000000033F0000-0x00000000033F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-5-0x00000000033F0000-0x00000000033F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-21-0x0000000006E10000-0x0000000006E11000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-9-0x00000000033F0000-0x00000000033F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-20-0x0000000007610000-0x0000000007611000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-19-0x0000000006E10000-0x0000000006E11000-memory.dmp
                Filesize

                4KB

                Download
              • memory/408-14-0x0000000006280000-0x0000000006764000-memory.dmp
                Filesize

                4.9MB

                Download
              • memory/728-949-0x0000000000000000-mapping.dmp
                Download
              • memory/1928-811-0x0000000000000000-mapping.dmp
                Download
              • memory/1928-857-0x00007FFA03D20000-0x00007FFA03D30000-memory.dmp
                Filesize

                64KB

                Download
              • memory/2032-481-0x0000000000000000-mapping.dmp
                Download
              • memory/3264-618-0x0000000000000000-mapping.dmp
                Download
              • memory/3332-712-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-720-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-642-0x0000000000000000-mapping.dmp
                Download
              • memory/3332-668-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-697-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-698-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-699-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-703-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-702-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-783-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-704-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-782-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-781-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-780-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-779-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-778-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-777-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-776-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-706-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-707-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-775-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-708-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-774-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-773-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-772-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-771-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-709-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-770-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-710-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-769-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-711-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-768-0x00007FF5E5990000-0x00007FF5E59A0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-766-0x00007FF62CD10000-0x00007FF62CD20000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-767-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-761-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-765-0x00007FF5E5990000-0x00007FF5E59A0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-764-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-763-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-757-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-762-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-756-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-760-0x00007FF62CD10000-0x00007FF62CD20000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-759-0x00007FF5E5990000-0x00007FF5E59A0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-758-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-754-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-755-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-753-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-752-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-751-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-750-0x00007FF630310000-0x00007FF630320000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-749-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-713-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-714-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-715-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-716-0x00007FF627520000-0x00007FF627530000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-717-0x00007FF619C50000-0x00007FF619C60000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-739-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-738-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-737-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-736-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-735-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-734-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-733-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-732-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-731-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-730-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-729-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-728-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-727-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-726-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-725-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-724-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-718-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-723-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-719-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-722-0x00007FF5CD180000-0x00007FF5CD190000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3332-721-0x00007FF631750000-0x00007FF631760000-memory.dmp
                Filesize

                64KB

                Download
              • memory/3388-487-0x0000000000000000-mapping.dmp
                Download
              • memory/3444-599-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-608-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-496-0x00000000054F0000-0x00000000054F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-617-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-616-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-511-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-615-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-614-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-613-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-612-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-482-0x0000000000000000-mapping.dmp
                Download
              • memory/3444-485-0x0000000002760000-0x00000000029A1000-memory.dmp
                Filesize

                2.3MB

                Download
              • memory/3444-486-0x0000000002760000-0x00000000029A1000-memory.dmp
                Filesize

                2.3MB

                Download
              • memory/3444-495-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-610-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-490-0x00000000039B0000-0x0000000003E83000-memory.dmp
                Filesize

                4.8MB

                Download
              • memory/3444-609-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-584-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-607-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-606-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-518-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-504-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-497-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-533-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-534-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-536-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-537-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-605-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-538-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-582-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-550-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-559-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-564-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-572-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-604-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-603-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-580-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-581-0x0000000005CE0000-0x0000000005CE1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-547-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-601-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-579-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-585-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-586-0x00000000058F0000-0x00000000058F1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-587-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-588-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-589-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-590-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-591-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-592-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-593-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-594-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-595-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-596-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-602-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-597-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-598-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3444-600-0x00000000054E0000-0x00000000054E1000-memory.dmp
                Filesize

                4KB

                Download
              • memory/3464-620-0x0000000000000000-mapping.dmp
                Download
              • memory/3500-705-0x0000000000000000-mapping.dmp
                Download
              • memory/3796-480-0x0000000000000000-mapping.dmp
                Download
              • memory/3944-477-0x0000000000000000-mapping.dmp
                Download
              • memory/4012-700-0x0000000000000000-mapping.dmp
                Download
              • memory/4152-741-0x0000000000000000-mapping.dmp
                Download
              • memory/4188-743-0x0000000000000000-mapping.dmp
                Download
              • memory/4224-747-0x0000000000000000-mapping.dmp
                Download
              • memory/4272-748-0x0000000000000000-mapping.dmp
                Download
              • memory/4428-870-0x0000000000000000-mapping.dmp
                Download
              • memory/4472-868-0x0000000000000000-mapping.dmp
                Download
              • memory/4496-872-0x0000000000000000-mapping.dmp
                Download
              • memory/4632-950-0x0000000000000000-mapping.dmp
                Download
              • memory/4640-784-0x0000000000000000-mapping.dmp
                Download
              • memory/4652-785-0x0000000000000000-mapping.dmp
                Download
              • memory/4696-787-0x0000000000000000-mapping.dmp
                Download
              • memory/4748-909-0x00007FFA069B0000-0x00007FFA069C0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/4748-939-0x00007FFA069B0000-0x00007FFA069C0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/4748-914-0x00007FFA069B0000-0x00007FFA069C0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/4780-901-0x0000000000000000-mapping.dmp
                Download
              • memory/4796-793-0x0000000000000000-mapping.dmp
                Download