Analysis
-
max time kernel
1797s -
max time network
1697s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
23-01-2023 05:45
General
-
Target
BTC Transacciones.exe
-
Size
3.9MB
-
MD5
bc5ee0bcefce9d21f9a17c60a19c2b18
-
SHA1
6b207ad03911865694e5f4c3059c2a5f0242c6da
-
SHA256
6b89421aeeac6f26e6f50749e52867082295767e13f059aaed031821d05da50e
-
SHA512
19534783f60117864065d402caa46808e8dadad2f1fb43ac4b28990ab863ea9eae894fb646359e25db007bcbcf5a7d506cb801de2ed81b2afbf0f2156d6a751f
-
SSDEEP
98304:iuWimPx3xiobns6osz1gyQ4BL995Bt9JWpViAG:iym5hi0HBtQ4P95L9g3i7
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\@Please_Read_Me@.txt
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE 64 IoCs
-
Modifies extensions of user files 16 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops startup file 20 IoCs
-
Loads dropped DLL 6 IoCs
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 5 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 12 IoCs
-
Suspicious use of SendNotifyMessage 9 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BTC Transacciones.exe"C:\Users\Admin\AppData\Local\Temp\BTC Transacciones.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"C:\Users\Admin\AppData\Local\Temp\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"2⤵
- Executes dropped EXE
- Modifies extensions of user files
- Drops startup file
- Sets desktop wallpaper using registry
-
C:\Windows\SysWOW64\attrib.exeattrib +h .3⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 175301674456504.bat3⤵
-
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs4⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe co3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @WanaDecryptor@.exe vs3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe vs4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet5⤵
-
C:\Windows\SysWOW64\vssadmin.exevssadmin delete shadows /all /quiet6⤵
- Interacts with shadow copies
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete6⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rzuigmvwj786" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f3⤵
-
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "rzuigmvwj786" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\tasksche.exe\"" /f4⤵
- Adds Run key to start application
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /f /im Microsoft.Exchange.*3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /f /im MSExchange*3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /f /im mysqld.exe3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /f /im sqlwriter.exe3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill.exe /f /im sqlserver.exe3⤵
- Kills process with taskkill
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskse.exetaskse.exe C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\@WanaDecryptor@.exe@WanaDecryptor@.exe3⤵
-
C:\Users\Admin\AppData\Local\Temp\taskdl.exetaskdl.exe3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.0.1264139002\220659319" -parentBuildID 20200403170909 -prefsHandle 1416 -prefMapHandle 1320 -prefsLen 1 -prefMapSize 219938 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 1608 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.3.1079373581\1298901389" -childID 1 -isForBrowser -prefsHandle 2228 -prefMapHandle 2224 -prefsLen 156 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 2160 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4592.13.1402775309\211112167" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 6938 -prefMapSize 219938 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4592 "\\.\pipe\gecko-crash-server-pipe.4592" 3460 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.0.1206690845\1332715966" -parentBuildID 20200403170909 -prefsHandle 1460 -prefMapHandle 1452 -prefsLen 1 -prefMapSize 220525 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 1572 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.3.248967621\1176940367" -childID 1 -isForBrowser -prefsHandle 2240 -prefMapHandle 2264 -prefsLen 461 -prefMapSize 220525 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 2172 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.13.219246066\1521989471" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 6553 -prefMapSize 220525 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 3592 tab3⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\dashost.exedashost.exe {e1f09031-5b3e-43a2-8e7cac9b9ae0dc85}2⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\12DCB97BE78FAE38D3431672E9A5E770A3526592Filesize
45KB
MD52c16cfd4013eb60827caeb2f05b981d7
SHA1aeeb4869f063b5fc0f406547460790361090bc9c
SHA2564fd7c844f1f4711d30888609a437399c8af11b9358d07a7dfc58d267e03527d7
SHA512dbbc373652603f48caf5b9306d7f29c3b95fbddae34af9d48b9e9e218985ee3eb785ae9855b397e980ba8cd4b87ae327bd25d93811aa7f981ce9dfa1b7af1f54
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\185852C942BB4321CA7D0F727340AEE4A5231E70Filesize
71KB
MD56ca8ff5448a15c06f021e6e047453d26
SHA173b32d6db92c24698ef3d101995ad33ef987fd97
SHA25696768fcca019883dc4f292bdeba21965b0732301d8f9caca5eae59cecdac03a0
SHA512428eb71c0e54e9835c78111a403548dd8c1b2b9d30a857730584d015fb1600e5f7e005985b47cd1b3d9b28b99235657b962f130e6d786009746a16b03b08f214
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22Filesize
14KB
MD508b190ec213ecb3902afa249441221e1
SHA12406d9e90627c01e6e275e0dd33a42cdaf21366d
SHA2564803bbd13f84a937c729439563d49696da95fa7efc33960e062286012ca5b964
SHA512dd8ca6971d68f21744726f910dc4cc4e332d0ec091711290430fd464ef01a610424950929ba13d4aaa12cf9fc2e92a03819585f50c174ca291ee4a6b00ec4918
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\29C347351F6DF1E3DB1215F7D913753121E0F893Filesize
319KB
MD5420fa510dbf43f056e71d8c0dfbc2c9d
SHA1b9fe104a4a99e81107ac374d8a47f0b728cab6b3
SHA25617248257099b7a70e8f1eec307c13ceda20757b818872a4e1c0d6a88e8955a7f
SHA512eb5742d3b4e8357217b6bc57f05a36a75384f81c2219baa91a6d6eb5ef608a666cd6ce8d47a533c4aa0a5c1342e9848a0b63de8fccae41883ab6e0f59249d4f4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\2C6C7C98FEABC1A432EED154348BAE1346A93CFDFilesize
9KB
MD580a155b901070919c385bcc958377aa9
SHA17493d4158456768adadfc6b9e58db88c7a536407
SHA25628b00d83c0b65a0b03005477539f505cb3247820e59f63661968bb70b4fa6b8d
SHA51208dd794d8dd6acf6642a32cd2b137d7b39845eba23b019cb5f213be6d80a97785d18086be72caf5501dfce5d56ef3ed32fe30d3c8b3c6869550b66e1e83c54e3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\431484CF38F5986C6980273AB79B7AD0E04C586BFilesize
13KB
MD551b471181c573eb86972ce2b3153cdbc
SHA1ad2555846a7eeab09156d79517a2976ba9986a49
SHA256277ba9ae58f2ac81576749048a59c4ce114764970957384f883fea33affcb80a
SHA512aac93fad83125f144c231426dc8c3a828862bec4c1a29ed0f3ec71ba1768ebcd8b82e571720d283d5fdbe953d3b07b642d2309bfe13f87728019249dd6f66f76
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16Filesize
9KB
MD599133e63b5d70c3384236cbb2d0fb8da
SHA144b25e9535186df1954443db4e287ab72d620f9d
SHA256a272d1351fd9449d704e630ea7c8a2bea4ddf3fb61d3e85472e0a9250f14a9b7
SHA512bc02a55f54e6e6ec8480126b92f6dd37f608bfdecddba5e5128f10f5449488ff59f0605b13cdd0eeb6c4988c173e0cf44bd25fb22be761c460ed9e82a37925fb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0Filesize
15KB
MD5cc8f525593864be1b0ae1343a390130c
SHA123a8a8fb0d4d260661fd0a11e398108c9525d70c
SHA256c6b94fd1bbd1a47c1264a05ce85ba245372bf613ae9aab3d4485bd388aecbf82
SHA5122bfe9c51af317140162f728c736c5e247a0adedfa5e52117fe1c99dc16ac0ec1070129d15a8c91ac670e514b8e047f1b016ac034be964514d73f5d9cdee61a89
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\74AACE573E713C95EBB804FC5D4AC388F9FB6283Filesize
9KB
MD555a421b5fb868430ac835db55b469d71
SHA150e181be2ad43bf5cf1937c2654bb3fd0478d43d
SHA25632ec4bed95be773900e45b4e83bec64e982638edaebb77ef05e4857eb0640cc7
SHA5123381d1d09f6779a5e9cf3b4e17b3c631140ff30705c1a43be3866c366a64be9510f70e8c471c1ea05ad4fb3d341581c6928d09fec0d05cd18f0a3b5bfba7a91e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\7EB27D17BB3E4DE66B33529EF9EF40FF771FB16EFilesize
14KB
MD5be91ad27d197ec4e854c75eefce71384
SHA1c7936499318a4bf8e96e64f94fe9603a8079fb52
SHA25691a99615310e7d688bfb7732ee014bce45304063a04870dafe9a6eee330c9430
SHA51261bd5ad7de9ef805c6fa65cca08c13a6036ab6a839e3805b9a1e5696d5cfd56aed6d42b957a2d82f4a194fa8e0a2bfe0114161287b78021a202ad0b329270245
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\917DDC01EB7F72ABF80EAF421A61216921D931D8Filesize
47KB
MD59467d640c1470c63c783bd7c172656a5
SHA1ab6095dab167901dfd8dc0aee939efa06090b5b4
SHA2560f9990f0739071c86c651d7f34186b769461820859274c0e7a9330a572010361
SHA5126e1606ebad4452dc3530e578071f4a4abbce3e1d42cc39278839e226723264020dd24fd9b4f1c92f381549e4b4f6bebd5217f0188e3d1da2534a23339c45c5a0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\AF3D286772C601B77184DF2DDA8ED91D1624DFDFFilesize
10KB
MD5d658776c08a8bb2c4f157eb424e40935
SHA168dfa4c484706d1b3efa0483d1185c8d10ee489c
SHA2568825c8a4de2a43eda0211348b71aa6c2d167a3ef4c8bb341000fe3e7fe438dac
SHA5122d3b9ecb0379be540c9be50a6f7db4cbbc4b1bdfd7cfcfee2910f8f03f747da3ed36f593d3123ad9beb17529cbf8f7481bd40b9803b5196ae147c290a3b24ddf
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\B73E25E4AAB52FAC174E7CC2482A0F7AB00141C7Filesize
17KB
MD595eccff34d0f47307ab1db0b7cb4a067
SHA18f0a186d1cb8cb07c02f2aebb019b21af07b89c1
SHA25618faba2dba86764aa5df7c234dce4cdf9f869e415eec9eee313416972c340316
SHA5122456257a4d658e87dd2132c2302a36f425f4a8955dd80bce4517f24c06d95f9dc46b87098c334263035ded0fc1a0cac64afd9004600b6f3c176b531d9deff9ed
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\BED8997268544C4202FB6C0E8FE619E4D43EF60EFilesize
9KB
MD547dbe73d9de4c790b555945e6db1a841
SHA1a9754209ecc3bed386b45dc2e21281d8e4d98742
SHA2563a2f175375c8dc99610f9d63c5c1041330b9c4cee321b32b9e66cd25a7c362de
SHA512d1aee9646df756097097011c37a9bf2093354a83455f3efb676a1ea5e4319ce6f132467885feb9409e8957f8549d91b98e21664cc80a34307ba22e978c51633b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\C980A94128AA0AD9C9907C37D3F3B5B16A722701Filesize
72KB
MD527741e862e0ad27e5fb692ea27e8af7a
SHA10a3dbd484f117955a431b473e66bd77a361f0181
SHA25649660bc762c538d7c68a67fe9d5566242f7434dfd1d7f74e69643f56bfea6c0b
SHA51278629dc9fe588612f4fabea3cbc36eb303afa7939d607ddef3455d4597db334f6bea7b4036437ecd0606b2c4c4faad7d8a1b882ebaac9f0389fe9f838469b3b1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\ED07F042F4253F704BFC7070ADB92A3EDC4588A0Filesize
8KB
MD5b84daf9abadbd544c566e22495342ec0
SHA1b396ca6c39d5aed6f989c833c291c1bfb7de66e3
SHA2562fb3410ff40d0e8b7a6a51870b038d7362b1a915cc207db0b23e55ffdc5cdb76
SHA51281d8474bfd3424080fa7adc982a267d7755854f50055d2374d8b4b43be86ab767000b4111dfd9c22313d5d325c0da0e3ec61bbacd9e318d701cebef5c026f2ea
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497CFilesize
720B
MD51bc1fcbd8b618de6b4c256c9df9f582c
SHA142b5d96bdf21b69213658afffbce8dae666f615c
SHA256d98ff5548a192f1197040f5cb77549ebfbb08c12e07261a02ed6c750d2e75767
SHA512bfa164f039983295f56252116a8feaa170c13349fa85d5317d6ed024d23e8fa2315b8743aeebf6406e0d26ac909219658c2c55e41f6041399846e21346dd1390
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\ads-track-digest256.vlpsetFilesize
51KB
MD56c3605de4e50f585c2dad2819d138112
SHA14c647f39e09f9a3f16c982febbcca061ffa42652
SHA2561983aa1c36d96d197aa522d6347f0ab6a62234294964f1d5889600c2ca6605d0
SHA512b619f4fa7138b90ea92064fa9e614e978b014257a59a71738d2fd2382988d395c1d9d7aa362e90abe5acf82dbe786f860bdeff65684db16ab5b42ebd5f47fc44
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\allow-flashallow-digest256.vlpsetFilesize
69B
MD5de0d88480c24350c59e1e9a3583de0d1
SHA14e3c279344cb37deb5e893ab24770982de135789
SHA25601ba9f0b913e04ed10bd7166796483dd4f72005f249d6ee68b12117be4b5d3c7
SHA512f627c69598baa9bc60b036cea03fdadc8b4cc424ef8cdf93614275a336de05a60961f5e77553226c99c29ec2932272ae994327a4da77d75d2464f6722cb700aa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\analytics-track-digest256.vlpsetFilesize
9KB
MD52b077f437067b52d00d4280df1b248a5
SHA119c10d8bdf159b9e53db9855d1d97a658d92c994
SHA256a8cb2ff713acaba0b4612c5bfece51a5e5d436a739c0455a3731d1ef8e0eae12
SHA512ba03b93b68e5cc0de34f890d7d112a1df0a17dcb451bd9c0761e087260fe9b3cb2afda9efb0b9d075cb722b77a859ca0b27c570a6db62a08b2fa9d30a04d00d5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\base-cryptomining-track-digest256.vlpsetFilesize
2KB
MD5f45cb33dfea35013b6d5951f464a7841
SHA121c9d73636871aafe063797059078fe2373d1233
SHA256498ab828f2dff25b45deed474bebdbcfadac63a1cbba2e393162ab54bbc9f2e1
SHA51288ff2955d709d53fe248b88beb3f6bc31a485c17c80c5ddb8ea91abf46b0a43bcaf7f357ea4ac09dfb1d7988f8b7b1034ded15c2861d9de01719c131cf72a27c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpsetFilesize
2KB
MD5cb73b8baffcd07ff5d1df58f8477370b
SHA13bdda94d12aea19a659c3b4035d0e613e18ca202
SHA2561e063a0cbc2d947925265cabbbb0da6721b7e05361b1171316fca37e906226fa
SHA512f5004c43ba0b5b48fae0c45c5f61c2a608a4ca3c61362cf27c51da7335597f9862f6c5a04e137bba16e92f3523e1009b5ca2542f52d478f56b946cebf2140712
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\block-flash-digest256.vlpsetFilesize
6KB
MD5130b9ac2beec5ada274561105d81ae36
SHA185a4785b34bb151da41bc0dfed380cceb7a29983
SHA2567d99fec08182a5b95d18d1569edaa2c60c2aafbd15a56d8882f22f3b395e6460
SHA512cbf32630bfe48fe6dd0e815f2e9752ca75c066bdfb5f12941f3278883b0530f1736b2d179801afc7ab4680be6ca9976c6e2e3705147d95503ef32cf730194631
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\block-flashsubdoc-digest256.vlpsetFilesize
71KB
MD540165280ff1345b5241ec2a9d1da2af0
SHA1c49f9172a6bba2dc4e91fa97defd161d9e87773e
SHA256f80bdd5341d8b1ee946e344e258ef2d35c3c0bb6b13eb7b3e6a77467dfa8b97f
SHA512b5ec96e5f786de54976de804491aaf01bd79dd48d81ec81e1a9d32157881b0e7690d3608ee18e60e4381291a1c179999f40e0b98f9483519084da268b4904c8e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\content-track-digest256.vlpsetFilesize
15KB
MD59f355ca06a2c5eed2b13ab75dd4ca3d3
SHA116a014268d85c8b1cd476da2cfcf7aef79d5218c
SHA256039695d5ea6e79797e1b2acb4aa95bcbbe3f4c53970abf28c68aef2b13f1a95e
SHA512ace6b46c28c25ce5d87162566a882cf99b4a2512ac5fd9f0168ff9936d316af8652e775ebce8b1fc8b95d33844425da3a4832348115ead078d7b78a0b369b78f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\except-flash-digest256.vlpsetFilesize
101B
MD5c2994d388f8780c87d35c352d9582985
SHA1b4e9ecdf3ecce53f072b7ce9e695ffcc17ea9f76
SHA2567ed09f7d2bd632f70077a4ae4f2bd2f3fb654b03cd72652f51678b0c7d027f25
SHA51260edd83f6e0ff782ab251579e0f3c113d3d5fff7ba7f3a8900cd4fd6bc7271921445e94b53073129db9529f0210750615318348307db650fd11ffaedaeb7bd15
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\except-flashallow-digest256.vlpsetFilesize
69B
MD57194b6bff691a056852a51e2e06ce8fe
SHA10adb901d9e202ee31ce6a8131ff15e5ecca834f7
SHA256cbe2dc6abfe25bead60f4dfaf419fc0f441ff8a8dd4a2febf5553be1cbd90c49
SHA512b0d8240050a25b2ab754e8f260361298d0017e3a938e965a34b6db072380cb6167c4fa5e0c2293b46b1135207ce9242ce1441b77af8b07a3212a49000e8bbd36
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\except-flashsubdoc-digest256.vlpsetFilesize
133B
MD50c0d67875bd75a0227c02dd8529ba01a
SHA12b12efb5e31bdac680b6283e2585eeea096fe73c
SHA256614be0169ec36e67223eb9645a98da66dbfde5dfbb89bb064f428aaeabdd9d97
SHA5128fb01246c4b7b4a2cf0379f931e0cd3ea5a32781078efdc4c4a5ac3bc496697957f6d15a0b6daaf562e48bd1b1ffbafe0583c59962689b030c4c5543cf8e2ce5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\google-trackwhite-digest256.vlpsetFilesize
1.4MB
MD5e54e5b84194eee15e64d2a03f1136bb7
SHA1308413c74a49af1a575bc6f64fea33f9ad2f220d
SHA25607707b589be3dba3bb0bdac67760a2b180ea3531e9d7976b73e4c1d8df9dbb1e
SHA512f3bae1816db808c69871bd1a059236bf57982e90da5706adcc3359a200f1ec2c529be516be629fbdb5e7da8c3ea80000815d99c8c2c347440cacd9237bddd3b7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpsetFilesize
293KB
MD5dbd7544bf04db52719348298521f4ed4
SHA1ab838a83ae023aadba87bcae62093e874393a0e6
SHA256f87c0e78f812bf39363b1974ed20175e907cd6114173db31e1c7243f4d515dfd
SHA5120ef0ba0a594bb019133a133b9edb73901e804c845a66d427686f32a48c9d1ba665623d3fcd10018c2415202fd3f722aa23420598ce892444b4574c108ce4d6e4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\social-track-digest256.vlpsetFilesize
2KB
MD5399e146c7c24fb3a69525f748f6742ab
SHA15a19c6f96244a65ec44af582956a9085407768a0
SHA25611bddd57f215cf440ef5e41385a618123658be38b03097b547a9ac5220db425e
SHA5123d280f40d78b0ef1b76fb8210f1d59edc5412208058d7f9448e14ff11c4e717505735c161979e2f84c4ccbcf4c4fa13ff3e8200b27ee2bb96e8d1180fca62e5e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpsetFilesize
485B
MD5c6e5d0e5cc6cabbb446b625d9a14f3ef
SHA12d46657ed7ddb6f4c295b90aea7c477f2560d4f4
SHA256de974099351ab8e3b4945d3fae34a2d8bf43407921800719256cf29139f516e7
SHA5126e30e2adc27654d3052fbdaa8c4bf6d2ea41687bea67cc80c412c0d07a6174211e633a1aace5629444ba9ab0289af9f56651b5ab9061bcbb820b04debe175098
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpsetFilesize
165B
MD5e28d310df430e7b6d95d9c912fa94e2f
SHA16c54ae3b421f47b73260751c44584d4b1effbb16
SHA2560f6bd075711185f73238b0cd030f84a6fa9ddc17d341a669aadd07b806a86626
SHA5121dc3c42fd79042eb9d17746a6f5c3e46d3bcbf36bda2143b380a02519771c39870cef4e8031e29191505c125c52a73e20c8167e1c26c3458fd9b7c89f231f0ce
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpsetFilesize
261B
MD5dafe2c58eba7740af1a2bad64cef0f54
SHA1f10d56c4c9d035744f46ed60690d7eab35952c27
SHA25616093715575f4b5990d69d92459156f5843134a22135ff93185fbf109d64423d
SHA5125e6e65b2e357e6dabb163496135b0269f4e6f19f230e2f5f51f17c18b3462280f83e48d621747aeb88eca016906acc9d6c05664b3f5d20ac6d90ba0aca41ba4c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\startupCache\scriptCache-child.binFilesize
710KB
MD5abc24374f5f2de85d61a56f94e5d6b44
SHA1b8abb954ee5f65629a0fb250261efb3fc797f9e7
SHA25649fd5e15aeb2e56cf2bc1a4e5172bc3f2493e9fd78f4dc6fa85fe2d70dfaab2b
SHA512fd630de06ffb1a5e19a171d4b333a2fb1f8e7817780e10c0f0d12f3c7e02736b73a68799e70569512d6b1cea438b6a57bdc956927e49cb68bb900cc78c40583d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\startupCache\scriptCache.binFilesize
6.7MB
MD5f84e419bc3a66331208f19a7a7c6e022
SHA1e792a8ce30d47264c20314959f5c8e1f77621d42
SHA25668787fa5543b7a754491eb5fb2128d706f03384252dd189d91959e9345d5d6d0
SHA51261e46a963e83064a720f1e6606e05d641785f3b603b7207bf21d4a9993f40c5e5a1540978970f155ff2f47a83da1f13fae204e9556ebf3379889b78a03dfc29f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\startupCache\startupCache.8.littleFilesize
1.7MB
MD5e5cf6ff8f8dca5043c3626d538422cc6
SHA17176755bd93d8ea761b8d2d24cd1e9fb5e7b6708
SHA256e78ad24ecc60e05192559c46c36e74e7dccbf398b1b7607b7c045dc1229946d4
SHA512c5e651062f1e277a9e355fd06daf4edcf1515b3a15d3bb680474478bac4aa6335aa6af05e3eba7c7b039de01af5c06396d903ee41caa59cefa91e148b9ddabe7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zptz2arc.default-release\startupCache\urlCache.binFilesize
1KB
MD5d3aff2581bffc34d9b43e0d8b4315c47
SHA14968aeb59bf6b430c45ef9642ee915bd8b5a29a7
SHA2561f4cb79f717e26d1ae03f15cd3f6b9f664993c7f0a0c0764e1c3c4ea7dbe7c8e
SHA5129acbd6488f88000a35e35f06c1cd18a64b736f2b657f9fb8be1882419de9a9789fd96b4239cbc9515dc5952cfea3d3f7d05841e0e238e13d029cd9bef0107328
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ZPTZ2A~1.DEF\cert9.dbFilesize
224KB
MD553123577d3a4d468514dae6d16aa2e96
SHA19b43ef4f60f2ea55cf1d5c2332e7a0612b22a807
SHA2564c69f7b2df8a707a55ad8e36a8ea77c65d8fc4451074dfeea2ab6ff0d968d9f9
SHA5121a82ca9406350c2231b6ffaaf01e311bff0aa9f8bd0f2c045a58c3454a57362364a9e40a76d98809d9ef10b7dec53c5e21d729069de9fc5785af27725d711f24
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\SiteSecurityServiceState.txtFilesize
655B
MD5feb32e7629a7dbe6152bb10a82a67985
SHA111c9874fa4e19932f48d43f9c5882562ab4e7a9a
SHA25677f8b15e07bcccd4826c4d546dca32b26651595628d03ba2a94adefb92c6372b
SHA5127213a18d4191f7ce16d338ed4dcf07509f3cbe997c629167865d5f854e8b9b37386c6d0f4f84c319165eb1077bf081f9bf2d237e4e444f929663da65b8d77f78
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\addonStartup.json.lz4Filesize
1KB
MD5bc4bd0071af0574fe57b6756f0b26071
SHA1dfc6af6b87b58391f67679a24c28495503f9e75d
SHA2562f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3
SHA5129cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\content-prefs.sqliteFilesize
224KB
MD53c84e4e3d7df96c52a6aee056031acae
SHA1fc63a1d743b94bba6455b61bb0fa25345129d90a
SHA256009957959f3a9b190bf33d94a56fad25016cf74cc6d8786dd29d1d8e87541d2e
SHA51291ec2a41fca76701aec40ab84301c9dcf755f0f02d04a9ccd4aaa0de112d30cded497d18e3fd07a50b9cb14e93de6c350db023d0d2558974c422fce0ad53639d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\cookies.sqliteFilesize
512KB
MD568d5def5aee16d1435e988631fe369e0
SHA11dcfc56511310d9d047d56ea9b2b0bff6898fdb7
SHA256274bf06759bc6f8cea4646a84382599fd017bb055e3d0f40de609e1340938d90
SHA512ef2499f4117714fcd22964b7da1849d925f35efcf6eb5e9bf7463d8607969560b31f7f13d0228db0c108f11a568b348c92bdeb0b8db17887c6ca2a5c279578fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\favicons.sqliteFilesize
5.0MB
MD5d3cc4ea24f141b47097206efaa10fc6b
SHA144c4aa817724dc5d74a33afff7b176d1bbf67100
SHA2562d95fe3961f83ab1b67d2627906341b230b61880b7f397c8ea4380845bdeee89
SHA512d008deef346dfbeb9e17f0b932a935e9349a1c6af1a8825fc675d1c5f87a4c1daaf8ca93f111abc34f5300684496f403c0b0e53eb89c24a4b2f7c6a3aa20a8a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\permissions.sqliteFilesize
96KB
MD547174fbc30613378b112a1480e57f253
SHA1b8b5b73ebff6e08b4dd0ed82bc2bc204bb7b1a0c
SHA2569b4356212b7b5077884a16720f256c207f3339205db41c19ee3c3a8d08760212
SHA51265c1393c132db1009ce3db5c9c08fe4d234660f8fe2636d1e5f3cbdba166c064f3a915a63b13fa028351328b511f5e9d90233060a32279c5d026ab77a040d26b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\places.sqliteFilesize
5.0MB
MD5e66e4a4d58c44ffcfa2bc45a543bc0eb
SHA13f57d25fcf0b6a04ca66771a9831fd5345012023
SHA2568cd27074b3009d1edc219bd80a131f7507505b46ec492835293f52d230a7c8d5
SHA512f826f3d47eced391dacca04a360045e788f8cda4d65f7bafa190eb67ccc013051951cbd1dd35a28fa3e9cf47231cb85909bbb41df4e79b88b301495c40abb1cf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\prefs.jsFilesize
7KB
MD5f1f71024c6e5febdeadedcd0c51b59d6
SHA17496c2c9757ef4cd77c16046685160c892498a59
SHA25672d2b92319658c15b073be3318fc832e35f4433554188d2a751e0514ad0bee0c
SHA51279f5442bd557ca9946061b54f02e3499ddb412d8a6b89b80f29a448f2ac74a8e2e71606728a706b63d8526cbccaa388bb75c8b409eb321eb22a2090501628cc9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\protections.sqliteFilesize
64KB
MD56c050eb6d13675bfeab8bc7f09fd274a
SHA14d14b0ef1884a6b5c0b6860da3ebb8a83b398df7
SHA256b6e55a1dfda381c4356952acb8aebc56c09191e4013ecc4980a847feb511f76e
SHA512b52f418e3247d42cd7274163d1968630657d66380bd243ba8ca5077853949c75aed7a5af8a9425765aa0da501f42d713420f8434a42a3c391cac999144df5e0f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\search.json.mozlz4Filesize
2KB
MD52910245abbab439f20109ef045fdf9d9
SHA13ad6040812406d897ab68f99579ef6c3bece4a7f
SHA25661a4bb957e47ae3f33cf8760d36709ba400c4ced31556c2be982c866ee9bf207
SHA512e1c2648f2c61873c6c9432ae6a9f09cbf8743d12d0ce4d4d48840f365e260b1400dce5729d83f40028ea0e82e16909069f2e6031775fff6d9577eea40a6987a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\sessionCheckpoints.jsonFilesize
288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\sessionstore.jsonlz4Filesize
7KB
MD58a1758011111d35a342167f8936242fc
SHA1e7cbc2cb7a12ba3183e9ddea5a00685cb086a2fb
SHA2568ec5996c6d3899433ffb99e61a9fefdb7d25ec1479f7eb272856a8e622da656e
SHA51296342a0aa016789a4b29a515ec9d440edc6f64e3816871b433d6cf156f8e47762f1fed6e826bc73a9d0a03c2b2059c758269a009b3b2f25b1442bcb514038097
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteFilesize
72KB
MD52e8a36c45baf84c4590fb1265fe4474a
SHA108b62ba2dd3f6777c9d29381343fc046f2338842
SHA256de3b9a2c0b38b988da12aad133c8e9a1a2560189a656688fef30e9475d144360
SHA51261fb99f06923be2594ab0a574303204374b231c76fe1b898a5d4ffa2da9a254006fda8c7c59f13db8e557922eb22e88510fe702834059e76f4d8d0df7dfae1ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
3.2MB
MD59dd9b212ff551a5a8468b8c4674a9353
SHA160d0a7e371dcb0b0cff13f058ea6fbe2f71c2e85
SHA256e302de0a856587f199648b217b9bc71ec13b6f80353c756a5198a6c7776dbbc0
SHA5125be287d481d715763ad4a73ed022e7f994bcde077b73b73d5d758befa1a6f0e67091c25cf53d8d7642d5e579448ed7b00b0e9fcf412470b210daed79f8cf6465
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\webappsstore.sqliteFilesize
96KB
MD5c3b019f9bdbec1806b56015a1643a91e
SHA1a5528da43b6c048126ff80fb5f423c995d5e2434
SHA2566ffee03a694adf62a302e394d59e0e21eb220e5b927ab4f291146544ea486f69
SHA51260301e26a20541dd9146bf474a471ec74b3e239bab884bae90c092582e0188ef22cda5b18bd478087dfc2a5384b496cc7f7b3f564b73f29ec399aff9c6ab2c22
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zptz2arc.default-release\xulstore.jsonFilesize
141B
MD51995825c748914809df775643764920f
SHA155c55d77bb712d2d831996344f0a1b3e0b7ff98a
SHA25687835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776
SHA512c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c
-
C:\Users\Admin\Downloads\windows-10-logo-onscreen-100809733-orig-3.jpg.webpFilesize
6KB
MD5760b6c48fe58c5658972ec5e825fe22e
SHA1ddd1afe5e2f68c5bbc4ee5d6abd5fddfffd8e915
SHA25658a409fd9a2c84f5c865712e9cfd3250266587101489dc4d2d96139017bc76f8
SHA512354d29adf4ec6a70c4a3c035a22e539be25d93c4180cb40986d1108b6fb17048e9386cecc9fd2011a95217c38e48999db2650b6425c24ac7bae591baeef77d01
-
memory/64-1731-0x0000000000000000-mapping.dmp
-
memory/208-629-0x0000000000000000-mapping.dmp
-
memory/360-1658-0x0000000000000000-mapping.dmp
-
memory/680-1528-0x0000000000000000-mapping.dmp
-
memory/860-951-0x0000000000000000-mapping.dmp
-
memory/868-1602-0x0000000000000000-mapping.dmp
-
memory/976-1732-0x0000000000000000-mapping.dmp
-
memory/1148-627-0x0000000000000000-mapping.dmp
-
memory/1176-1398-0x0000000000000000-mapping.dmp
-
memory/1184-818-0x0000000073050000-0x000000007326C000-memory.dmpFilesize
2.1MB
-
memory/1184-605-0x0000000073270000-0x00000000732F2000-memory.dmpFilesize
520KB
-
memory/1184-540-0x0000000000000000-mapping.dmp
-
memory/1184-603-0x00000000733D0000-0x0000000073452000-memory.dmpFilesize
520KB
-
memory/1184-604-0x0000000073050000-0x000000007326C000-memory.dmpFilesize
2.1MB
-
memory/1184-606-0x0000000073300000-0x0000000073322000-memory.dmpFilesize
136KB
-
memory/1184-820-0x00000000003A0000-0x000000000069E000-memory.dmpFilesize
3.0MB
-
memory/1184-819-0x0000000073270000-0x00000000732F2000-memory.dmpFilesize
520KB
-
memory/1184-817-0x00000000733D0000-0x0000000073452000-memory.dmpFilesize
520KB
-
memory/1184-607-0x00000000003A0000-0x000000000069E000-memory.dmpFilesize
3.0MB
-
memory/1208-830-0x0000000000000000-mapping.dmp
-
memory/1252-1601-0x0000000000000000-mapping.dmp
-
memory/1384-1146-0x0000000000000000-mapping.dmp
-
memory/1556-1471-0x0000000000000000-mapping.dmp
-
memory/1636-1723-0x0000000000000000-mapping.dmp
-
memory/1688-1593-0x0000000000000000-mapping.dmp
-
memory/1736-472-0x0000000000000000-mapping.dmp
-
memory/1828-1472-0x0000000000000000-mapping.dmp
-
memory/1828-726-0x0000000000000000-mapping.dmp
-
memory/1880-959-0x0000000000000000-mapping.dmp
-
memory/1980-960-0x0000000000000000-mapping.dmp
-
memory/2104-1406-0x0000000000000000-mapping.dmp
-
memory/2128-894-0x0000000000000000-mapping.dmp
-
memory/2128-1407-0x0000000000000000-mapping.dmp
-
memory/2132-163-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-162-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-160-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-159-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-157-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-158-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-156-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-155-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-154-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-153-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-152-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-151-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-150-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-148-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-149-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-147-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-146-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-145-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-144-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-143-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-142-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-141-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-140-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-139-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-137-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-138-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-136-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-135-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-134-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-132-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-133-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-121-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-122-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-161-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-123-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-125-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-164-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-165-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-185-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-126-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-166-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-167-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-168-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-169-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-170-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-171-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-172-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-173-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-131-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-130-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-174-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-175-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-176-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-177-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-128-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-178-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-120-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-179-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-180-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-184-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-129-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-181-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-182-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-183-0x0000000077710000-0x000000007789E000-memory.dmpFilesize
1.6MB
-
memory/2132-1147-0x0000000000000000-mapping.dmp
-
memory/2184-1341-0x0000000000000000-mapping.dmp
-
memory/2212-1211-0x0000000000000000-mapping.dmp
-
memory/2288-438-0x0000000000000000-mapping.dmp
-
memory/2480-895-0x0000000000000000-mapping.dmp
-
memory/2520-690-0x0000000000000000-mapping.dmp
-
memory/2776-1277-0x0000000000000000-mapping.dmp
-
memory/2884-1536-0x0000000000000000-mapping.dmp
-
memory/3036-886-0x0000000000000000-mapping.dmp
-
memory/3184-305-0x0000000000000000-mapping.dmp
-
memory/3252-1666-0x0000000000000000-mapping.dmp
-
memory/3260-1025-0x0000000000000000-mapping.dmp
-
memory/3268-1148-0x0000000000000000-mapping.dmp
-
memory/3284-369-0x0000000000000000-mapping.dmp
-
memory/3572-262-0x0000000000000000-mapping.dmp
-
memory/3604-1788-0x0000000000000000-mapping.dmp
-
memory/3612-439-0x0000000000000000-mapping.dmp
-
memory/3640-1667-0x0000000000000000-mapping.dmp
-
memory/3732-1333-0x0000000000000000-mapping.dmp
-
memory/3816-760-0x0000000000000000-mapping.dmp
-
memory/3864-307-0x0000000000000000-mapping.dmp
-
memory/4120-1024-0x0000000000000000-mapping.dmp
-
memory/4160-1016-0x0000000000000000-mapping.dmp
-
memory/4252-640-0x0000000000000000-mapping.dmp
-
memory/4268-1537-0x0000000000000000-mapping.dmp
-
memory/4340-1090-0x0000000000000000-mapping.dmp
-
memory/4340-626-0x0000000000000000-mapping.dmp
-
memory/4356-1089-0x0000000000000000-mapping.dmp
-
memory/4404-1242-0x0000000000000000-mapping.dmp
-
memory/4492-1212-0x0000000000000000-mapping.dmp
-
memory/4496-829-0x0000000000000000-mapping.dmp
-
memory/4688-278-0x0000000000000000-mapping.dmp
-
memory/4716-356-0x0000000000000000-mapping.dmp
-
memory/4752-1081-0x0000000000000000-mapping.dmp
-
memory/4808-346-0x0000000000000000-mapping.dmp
-
memory/4876-1276-0x0000000000000000-mapping.dmp
-
memory/4896-821-0x0000000000000000-mapping.dmp
-
memory/4932-1463-0x0000000000000000-mapping.dmp
-
memory/4936-720-0x0000000000000000-mapping.dmp
-
memory/5012-1342-0x0000000000000000-mapping.dmp
