f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60

Analysis

max time kernel
1562s
max time network
1567s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ThunderSoft Flash to Video Converter 5.2.0.exe
Size

16.6MB
MD5

23ba577cf7061da608cbcf5827dbfe13
SHA1

fe4fef8a84142c5138b3ac12e5df2fb182bc4c33
SHA256

f5dbc0ed5238807fd7a05f563e6f6c215708f2ef4f35b2b957659f88fbf52e60
SHA512

90a71b5cd44626cff146802adf644e0816eb9974850e726b1e7f8e66ae7d56d562459d48b9106f6f7b0182ff4513cdb783ae9a806583b9e6fbdd518e6f6d5e51
SSDEEP

393216:WIBjNqG0llTzhmldMp3dbtD1rzBx4Ol4l16Vh5MaW7vooZ9vVRB:PsDhml6p39thhxK16VE9voo3B

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp

Loads dropped DLL 7 IoCs

pid	Process
2248	ThunderSoft Flash to Video Converter 5.2.0.exe
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Icons\is-F1NRO.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-T47HV.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\avfilter-1.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\avformat-52.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-61EBD.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-AMSHN.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-C6SAN.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-398HJ.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-1P73N.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\unins000.dat	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-DFJT2.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-48SA0.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\Flash2Video.exe	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-KSLUR.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-IVEST.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-DE9IN.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-3PU4M.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-PMHQ5.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-UUSVP.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-SOBS5.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-4NU1G.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-R6PM5.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-96EVN.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-S7MV1.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-8LCS3.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-KOUOS.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-8RQAE.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-KA2HQ.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-77JN0.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\avcodec-52.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-A78M3.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\is-2N3GB.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\is-AMT2L.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-504K3.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-E9T2O.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-82A2U.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-DNJJ2.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\MeSetup.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\avutil-50.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-VRB8G.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-C04BO.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-A0E37.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-1PK2R.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-19C1J.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-S4E3J.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-TLBEC.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-MKH0G.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Icons\is-76ISV.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\html5\is-V6MEJ.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-N6V01.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-3LS4T.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Icons\is-QHBUF.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\unins000.dat	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-DKQU8.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\is-EQ02U.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-KKFAG.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-ET4N2.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\GdiPlus.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\is-MIH5C.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-ILEET.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File opened for modification	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\SDL.dll	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\FFDLL\is-S15N8.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-C4OS1.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp
File created	C:\Program Files (x86)\ThunderSoft\Flash to Video Converter\resource\Video\is-PR9KK.tmp	ThunderSoft Flash to Video Converter 5.2.0.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "117"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "860"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "103"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000009929c2d9b22465c733332411345b099c528022dc0656398d9c9d200f8925d226000000000e80000000020000200000004bca655849f7330a80cb47ea2b7bc265d835c515d67b2a52152a4ddc3f1e58d92000000007c524ab442ae54e0b562c128aa113ef2e2b77845ec645da848aecca4241123e4000000057b89458635396c8a4f22119d3caef6cdcc474fdd785ef9165339088c5f99f0aaf04f350c6a3069271b4517a9ed6d917d951ecd536742677326f175cd6fcc585	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "40"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "969"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "103"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "40"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "149"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "969"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105599eafc6fda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "117"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "117"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "88"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "61"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "149"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415915335"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000007f6921f9427525ccd1bc96a8972f829cc987495921bbf1020a88a36444c3bbd3000000000e8000000002000020000000b4b26a6cc8d224fa7bb0c471ad19e92206c00c19fa64e84b26e4984cd087af229000000088c7b87b0b80f8fa693b5bc672067dae4e3dd7d0b39d376d5dabe8b211b3f75923b2a9f80dbb6866d9d6f53448f5707a46f25fbc4f36e75a840b2d49ca95b33455da2195dae0a3597f8ac441246a4b8c9f40b07042ea61e7039b9dd701d76e3bb491d7427cd920e92b3a70c280a5c29e201a96323dd603308f3de9c707b181d5ed07c98c119fcc4fc9f116d256e83cf9400000002e81eb339587364776aabeb307ef4c831563d8b4becef04c97d6188f901664f42a4af3373520c353d7f746e46d6a382174191887aadec02d6473a9743a68b374	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "88"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\Total = "88"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\lrepacks.net\ = "103"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "860"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{12198381-DBF0-11EE-A336-7EEA931DE775} = "0"	iexplore.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\insguid = "875AC79FFE744CE0B13E562FAC51BB02"	ThunderSoft Flash to Video Converter 5.2.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\4.4	ThunderSoft Flash to Video Converter 5.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\4.4\tmins = "\x7fIwUPBYe"	ThunderSoft Flash to Video Converter 5.2.0.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile	ThunderSoft Flash to Video Converter 5.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\ = "FV Project File"	ThunderSoft Flash to Video Converter 5.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\main = "D930F7F4172DE300B449A85BEC8F938E0"	ThunderSoft Flash to Video Converter 5.2.0.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\conver = "37CE0C545F61D8EF5BB8DAA386812CE40"	ThunderSoft Flash to Video Converter 5.2.0.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\FV.ProjFile\version = "350"	ThunderSoft Flash to Video Converter 5.2.0.tmp

Runs .reg file with regedit 1 IoCs

pid	Process
2908	regedit.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2684	ThunderSoft Flash to Video Converter 5.2.0.tmp
2000	iexplore.exe
2000	iexplore.exe
908	IEXPLORE.EXE
908	IEXPLORE.EXE
908	IEXPLORE.EXE
908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2248 wrote to memory of 2684	2248	ThunderSoft Flash to Video Converter 5.2.0.exe	28
PID 2684 wrote to memory of 2908	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	31
PID 2684 wrote to memory of 2908	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	31
PID 2684 wrote to memory of 2908	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	31
PID 2684 wrote to memory of 2908	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	31
PID 2684 wrote to memory of 2000	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	32
PID 2684 wrote to memory of 2000	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	32
PID 2684 wrote to memory of 2000	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	32
PID 2684 wrote to memory of 2000	2684	ThunderSoft Flash to Video Converter 5.2.0.tmp	32
PID 2000 wrote to memory of 908	2000	iexplore.exe	34
PID 2000 wrote to memory of 908	2000	iexplore.exe	34
PID 2000 wrote to memory of 908	2000	iexplore.exe	34
PID 2000 wrote to memory of 908	2000	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe
"C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\is-SC4RM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SC4RM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp" /SL5="$3014E,17046573,67072,C:\Users\Admin\AppData\Local\Temp\ThunderSoft Flash to Video Converter 5.2.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:2908
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://lrepacks.net/
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aea50c78ffbc166dfc294ee3996cf416

SHA1
d65da95043a6f5c86826054fa9bc368ce0872b53

SHA256
8de5ef82c7997a5c8fc089a79ce42ef3d93d159c781fa8defec288521f547b4b

SHA512
d505362d00fae8f5c105395df5dadf046af989abe78f119c9a07b9c7467380912a17096d164a43b5b6fdc94e5c28fda2d8e6294d0f96920b3e8c1423a5e83914

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d73c5c234bbeca3b5455fa5dcdcb517f

SHA1
ddcd2aef7fcedd474fc32eebd39e3158675622a0

SHA256
1a4a908bda5568c0095142153946e714b85189bdf12fa58ce3330846299c2931

SHA512
8882d8e2352ae694ca179a1c769f4619c08cfff01a71bdd289939169f6ea05a7cf4f871a60c5bd6607bced0bf77f91cc2ca2174e55fc42186ec3cabb478f36ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1abac197f15a8a91b98eccf8b83040bd

SHA1
3dda34ff5e9ceaf87fb64913841a1c34d434234f

SHA256
443003bf7be769ca3203e4418188c9708f40e9fc05d1efde80b859c89d40027e

SHA512
3063da1b8a5b52c0c38a5b645d9891f323973e8e3f8c2ab4c0c5ce6a72ab7120bf3d7298c65e856a5fa637824e24b66e1524a2c5a0cc564e4055cb0c8653ef5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56977e2719127180b78d9d83dad4bb17

SHA1
6dd01982277fee09d040b17e7d78db9fc105b39b

SHA256
fe71c81e409753354ff2049dfb2e6490f34d3c14da30d2e8f83999a155863155

SHA512
6f4528b22a979a1fcbed0a28f1594f04912d5dfa16fe206d15f65b8def3138377126daf454c63670876871b169b6f4d27fb84c1638ea956ba993a4d6e2f896f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
676ef6ff896e568476036e0aebb1fd58

SHA1
7ed25022ffba4bd44132149a006e9b1ef5de86c9

SHA256
469a80de08271d5e54b58a2bbef9634941f11d42e63d47da6e5c8ed6b4916589

SHA512
2edf9a9792af10771189a9f6726734516b0187b504d2d50d244150fed0ac06b60448ce504348e480c770e603a922f8d12e71907063a445b93597cb59156b7329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbb9c248645ffebcd62c26ffeda490de

SHA1
48d48507f83ff5970a087c1a0a132512a6165553

SHA256
73b2f1d0720b84431f7323ee3c8abbe13e1f4321d51d1d6a548832cddb5fd8dd

SHA512
f4fa921c1dfd49b6236b0f871bf98b0eebc9ff52ce306e6b5c08953e554035a799699cf98d3d771f883b914921703269ad6717e1b0cc0d8b72c5e29b62f61f2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b56bea90d29c3614a18bfab0c9d5d15

SHA1
0c554d7c008c89977306f0090f008f4955d45002

SHA256
7aaec2d669f82062e6e014c71ef479722f692dfa62509cfbdb192b9623c8272c

SHA512
69b9b82db5f3b177a6551eca00cc5ea8c3975e7afb2344ec969efce0ac6b5576095426e2c8ac869f1b29f43aa2e8d8b9149d85fd5db1675bf83b6994e1dee24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5f1e7655c1e559de6f799d639875ef8

SHA1
1105c8d3a861fb5ba95e756d5b3e11ed493b22cb

SHA256
31cd7dcb625e84e1ee22f6f3be177dc3bb6d967d2fb9ec83759870893ad265d2

SHA512
86eb728f568c9d351a950b173d6e394d9aa1e7ae2ce65d6b4aa74afb5a7b8fd15931ecdcfd9f52332979d43e27ade7cef1eb298266d1290b4c1dc63a18f87ace

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46adaf6e0a6b43d5cae61ca7a9fb4f42

SHA1
66bc6ce0f5c18441b8ae83a4864a681e7a16cea6

SHA256
3c487d024358799d84f69c97a43e6df989df1c9594e57eb4eae3acfc08135775

SHA512
65351836fabd6f38c0f43d63eaee4ac1efb0fc06b1f11369867678b6be07041b97b29e47090fedeb37b316b6b94a6cfbba6f45dfd75fa951f064e619f1d79ee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a801cf9b073bdd3085f1bebdec0156c

SHA1
5e628bf9f0a2e9d9467b4e700f96fc37d8a43c33

SHA256
8c1313f64c6b991efaba53e1b85299a3386cdcb7163b549fe3e65099d6580555

SHA512
bb6d461a6b423c2863a05ae2ea19525df9d4db5e1b8b9283340fe3ac8c2fd117e7b7fd4344c5d146d3d47922ce0ab694016ebe2cee23b74d27d3bbe4adb0e13b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ebc69cfb708fb91a5b909334f16520

SHA1
16e0414456eaf82beac81b7a429e59e884b32d6f

SHA256
40cbbca31ece78aa6cd0d464eb2f115cb9e78d5cf607907def9d4edca663433d

SHA512
ebeb8393540be4079ae72b1dea0198630c2548935d7f8e7fd23f21f96195f94efb204b0066170882eaf159531983af55a48ad0f8e2b70d4777b452b248c19ad9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e89222bcfae79ffefb3184ec8e39b273

SHA1
adf306d17b4628e495e48b6d1af80dcace1d7bbc

SHA256
fe048f7e02479aa65a1540ed4bc135a2c4f50c0a246c9fd508cf6f807c56aedf

SHA512
6a4cacb23d384b022f054ec7cae5b8883749607f82c864d2faf45f4dfb46d9f499eb4264dbe319b22bef4870fda5040485893a7a24a3e10f3533a542e307b2e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb2700b79eb003303904f114dfe6d89a

SHA1
59c50f2a78d7e255ed55d6ed02bda9781cf576d5

SHA256
5665142b642cb82a45c505659562c937907568439f32045b8de899bc2de93e1d

SHA512
b93f95165e080823cd7652acc69679b8b4e4026000ed19f47a20bc0e658435d7e401e55830e31eccaa290e9ae6645baa1b4228052c5dd0e1999cb39830536bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dba33fb6598d93c43c5bcc41d414185

SHA1
b8c4bd98f203b87f2ffa6e6514f3abfdb43d2529

SHA256
e990f6fd95ec0ff89515e0b3dc5c674171092084ea96503c51d61cc493f2b45d

SHA512
f87d823be65bce30f3841cf0ce70682d037b84a0cbbe92b0589b15c953829f3bd3a93376fa50c994615926900b7c7d6c964480cf35ba1541f5e736d58543b697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2d8fd3524c42115935630bd5454a937

SHA1
b568417c704fcb66d059a7a54b3340c0792bb17c

SHA256
07f4c6667dbcec4b4b0fef7deb3af52ba2cda23b85d92045dd074cb7c1a051c4

SHA512
ebe9a95bb7a83e7323bf6b5f09f3d9ae6882563f47d975f384c05590bf50f40fdfe87eee03e22daae9d4fc87bfb8077d6f7559d081ba0d97ab8df255c1464887

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49597c8b25d6356951be918e7056d294

SHA1
ec7a5c166715fdad19d64254eee46fb5289a1b78

SHA256
604bdede234627c888db3787d0bd388a2e8b7209c7892a604f2646b87196d2d8

SHA512
7a7ceab82191924cd1a77a85efc4ac4625ff22da553476d5bd5545ed7617daecf1217dbabed8963bcb950fccc70dba1bfde52f1dcedfd8239875ea46d10f0bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3969e3f54dce2c200e9bbb851d5b221b

SHA1
5910af0f4188d5611e547590ce18097317f6a565

SHA256
985172bc33b2fb91df20bf98eb6f99cdb64bdb5dbe58074791e768dd2627396a

SHA512
56d00be6582e86d2a699b1fc49049a5a998ced6c64b37a69c1a6403d24df88ddced71566fce44291f251e4a5a27caf015b85d295b0671524d0d3f2970c730575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac288b3819ea43c44fd53634c244ee5b

SHA1
d59c623acb756db9b392e7a9e140b7fd816737cd

SHA256
acdb0166ef91bb2e85c81e858f7d5d8a764873ebacb18ff38245adb4918f37d5

SHA512
394c3f9f776cc47c10d300623adb81d393afb33a2b5f7c2b64e791678ece9e3c3ccb7de650b3560fc965cff4764a5276003536d66a05ae4f065dbfac57ebdfd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a800d562aa8bb75d545a749f2e9ea8a

SHA1
4c9955d6724456e46943a480a3cf88b5802b997b

SHA256
41096ec7dc0dfb6ea07a1baaa3905f1b51e700d999acb1b7ed142999a7b48ce2

SHA512
237453e1339ed974efe61dcb47d5bd97244565a0d4fe8635b0ed290fd231d1823b1a0a02886bf624d55d156a945148b932c8b12194076e70c1bddd3f40b8dc41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f671e98690aa3655e1746f99e38762e

SHA1
e32f1e3606152f10a203c8cea7b22643a8577a81

SHA256
8442117f9cd8070202b735d605b2c81f7aa867427637b12ce50a9334ffd15234

SHA512
bade9d77311ae4b04cf04c438853321d6a25a86d55dc2d010bf792a557500ce2727503a3e59d1fea09dc42b294a1074446670d2e7469e6fed3362ca06cda0ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da78c922ce3355f5f03fe028e194ad19

SHA1
939496e5799f82af7e854d7d908ac759e1c23403

SHA256
78756c695427c03a0001644178678f342fb44a50e340f98d9c44bf308c3ca8b6

SHA512
2d909015b1d0ef2ed4f762c54776b2d68715101f8a1515b73825b6fa5f65147769463580e623def6e23afbf7ff54ab78211804de97897d6a829179ea717140d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013410f9e6d556ca0948f5034ee30f15

SHA1
0f95483ba9877f6829664427e45b5ed8e42f48f9

SHA256
0e7237324af46d3cf64b287f10003f9df60ed4744bf57e4dea0fda3118b874e6

SHA512
93108a419fc9076c1b1734902edf5706e3465f02090d06fa4b7a87f9ffed6bc07cc282d5842e5f1b2792aeaa6d84fa0a1acc7caeb2a7e6255297ab891c83550b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee41e85b81e0bf8073985393669be6aa

SHA1
48dcd3a4c5ac4f561bab135332217c67047a652a

SHA256
3a30e85dc44725a56ef3033db6fbc520d6cebb5179cd66b0aadf0ed4034147f0

SHA512
d90ce277ff5823bcda705d3dd402880b8f857445eeda7129d87cfa961c30c400048460461c72f5fa32b100bd86154f23e41290e3ff99d00d4ba45cbc673c4532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1441b139bd1a417161f5336afe8f93b0

SHA1
e179150fd0c44120e5a2e973dca96712a9b279b0

SHA256
fbd05617da83a58eee80d9fc54e9a610ba058737b23f99672d96340af3be21f7

SHA512
853a0e669cbba76168cd481820c92f451f9bb3b229870dda748f850ce4e4b4e7c858e197db82f459ed29528dbac9ae3143b31e8f49506b091bcd51be3627ba36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd2e16b174e9c0c14f350df227326e09

SHA1
95fb259a52391e8ea33a0e7a711bcb99221a54be

SHA256
8622ee45deda71b0b139b6fb15863b2e2fabaeee3a2e99940f642fe41322f9ac

SHA512
13ed65314d4105273a348318db4f8fdb2bf069a909603c49d0e96b99e4faf9b3ab8fa235bb9ba099f41141d848c09ef96eedc8291ebf8079d4c300ec970dd664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S6A5JFJ6\lrepacks[1].xml

Filesize
175B

MD5
bf8a219eb9845dac9e5a443bb9f1a2e8

SHA1
54d0bd38c9eea5be2624a76123431276b6afe3e0

SHA256
d69f3148af93a67fe68202959e91abb5f87539d437af0831bfc5440805bbcb3c

SHA512
e5140ab8866b82f5913788c233f773f5ea7ee98e82b40b981a2e65d16ee1222972f7e66cb479bdcdbc10f7b09c3d7b177069b346498b835c00a54c8fa041183f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S6A5JFJ6\lrepacks[1].xml

Filesize
355B

MD5
6fec6104cba085208245e31f20120fe9

SHA1
46070974694fa6e99a414f05d4d3987eceaeecb1

SHA256
6f0b2240dd2bb5cac92475a7565fb7bc89263404c32e4c738e82e0f53395e74e

SHA512
37f2ccd30e19378c7753157b057d799fbbf8dbc7f561b1200b17522f3ba73ea60448409cefff67a1ee402f2491c15eee290f044b89f51cb6c83a4cd44480a627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\S6A5JFJ6\lrepacks[1].xml

Filesize
548B

MD5
c9ccb48ccfe996affae669bbc06bc186

SHA1
6e85fbafb63c4279f391baf5c8ef21cbdb2e418d

SHA256
d370f90357dc0ff8ef86743cef4c2f5c25de3fef51dd4102e808a8918e57fd8e

SHA512
9e5d1ac38eeb2c2cd8942f08930747aa8bbf3a054a1926d321a7e015058275cc73b9a3c4edfe29ce9c8f9a3f1a342e17d9d712e125472f5dc44d3a4135c3f301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

Filesize
968B

MD5
e6bd13ca3f55f181bd49618a6c5e9c63

SHA1
f1cf8707bc1cca2d69cb4281c1c4cb5d4513ec70

SHA256
bc18a00afc6377bd497813db182431fb8e0881da4ee554d28a1ed67f5b8a938f

SHA512
5bbd8eca786f267964697f9906117b09c37e8b74b0baa088b24deaaf2e956621f58f6567fb0b7acefd9f049e07ed5ef938c3d908de7e14cf8cc4d241e870d696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\fa-solid-900[1].eot

Filesize
378KB

MD5
6c207a7b79c06c76e915eb8f30e51d8a

SHA1
88a2213dfe8815e292d1d790074e9480402f7bba

SHA256
5c717ef54d31b15a859b4b1dc83ad8c14da100a25ae1beb288172e78655c1193

SHA512
aba5b8461f796546efc0493d11890cf3f6f71969f7904a70b2164e8cbcc3a4ca74769e7be5c23b86c888c45478163f66ed8e26fb98ada1053b777f28ddc45b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\fa-brands-400[1].eot

Filesize
131KB

MD5
05c475fabceebae1f9d40ba6711cb41a

SHA1
a99a03f1c2d33c85c7b3cc8cb36c77a1a0514ac2

SHA256
1741e902d0609045ca692234a56220b97db5dd9cd42b7a474b407e4a2469bc3e

SHA512
dcf1be37b8cde9cd6a2bdbd23ca52f5cab946f25fc51e7dce02fc1dd9d263db1a043409e060801f177c9feff822ea1073b9913eca46e772a3f2b43c95b47147e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\fa-light-300[1].eot

Filesize
481KB

MD5
a624ea3f4dd832cb54ea41286ded8fc3

SHA1
0acf0008a482418f68518e53fa3369d9e2ac6b34

SHA256
a3044338a2c6d0b78be05b2cd06afe87a407237c7195a4343749fddc077d1776

SHA512
c69b6ba7e7eaeb1018c7f7fd70bcf6200f95e6b1cf217c512ef7f0c135fbe1960c76708921034949c1722e8196f697e612ade40830ecc5b9d8653c5fb4af2832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\fa-regular-400[1].eot

Filesize
443KB

MD5
fde04f8e6967b818c6fb3338d8b366d3

SHA1
e5f8b9b64c63a7d5153c7f238f237ee1e9e10052

SHA256
d1acd8ecef6503303684610722a43a3d958035d003aa49fb58d0165fd6cd9f8f

SHA512
042ace8eb675615aaded6ce16a187024bcfa11fc8bd71a7766c47eda080ef96fa95a42c87704ee07525a78399f1ba730df7861adeff44d38b98b20562a22a951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon-32x32[1].png

Filesize
792B

MD5
d4b7557dc08ee86a49060415550c273a

SHA1
9b04d63bc47731d4fecc46a551329ceb4574e6cf

SHA256
199b63c561e370692187ad3011fd3a339f544ede0438b4db2574a002e9904560

SHA512
b5e173cf381fab9cb2603b331b8473b813a608587304a433afb2b412f7786d161605963f7fb6311b6d159741de6c31277326042c9393d928ad05410570c90379

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29D1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B7E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF550F001D5FE9E33A.TMP

Filesize
16KB

MD5
120096b988a94abc854d60603c5d61b7

SHA1
53a0f7df5f943a281381ad68d3605d2fa9da9a3f

SHA256
501dc86b0ed88fafd29bb6b9af33aca2fc22c9c10c54d6be882c2fb726bc15a9

SHA512
bf0534b9e515150c52844074bc3fbbd6ead1838917516af0444f11eb2812002b66cd48a1cd5e0e12abbaddc4750afb4ad0980594257cf633e23c8913c53a5e7c

Download Submit
\Program Files (x86)\ThunderSoft\Flash to Video Converter\Flash2Video.exe

Filesize
2.9MB

MD5
7a95db0c3050f3602b4a91b326572822

SHA1
7fe8884d22b4e256b7a651d35676a7c0f6a348da

SHA256
68d554bab1a9057821ec52c339f9bfc8a4a49f3724cff46ffc5377252854a2b1

SHA512
203698d0fa00c7ff8432ffe1de9cedfb53f499099e464da446e7555fe9ae6cdd7f3435162a2ff8c055aa6f84f89e69c5f3e012408b68a048be97b44e0a9a7c75

Download Submit
\Program Files (x86)\ThunderSoft\Flash to Video Converter\unins000.exe

Filesize
923KB

MD5
df1bcbc05ad65c2452e8d68ddb916a0b

SHA1
bde581d641b7fd2f3ef315a9f466a11430847b66

SHA256
b659ca76eea562e2fa0a3f40af3b9824220244de83c6277f8cd78fb3d9c7e62b

SHA512
492751df1ba0bee785cf8a66a608e7e7e80edd8bd65ed587c7059164828d81bc26eff0e0bca51170067164e22245ff55dd1f60135a5c51babd94d8e56212bfa8

Download Submit
\Users\Admin\AppData\Local\Temp\is-IH099.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
\Users\Admin\AppData\Local\Temp\is-IH099.tmp\VclStylesInno.dll

Filesize
1.6MB

MD5
cd5044b51f844e9ad7c2897616be8668

SHA1
5e06298c2967b994e37700c3464c9d671d8f1b76

SHA256
ecc10437731115da7f372372af5565923cfe3faf5a67bf3c4f4edaa68865ff31

SHA512
d913969f644ee27bc8e4a61e3b88e087c1ee118d7ca25dcd57b9a49d331bcd4a8731c226566578aeee85fbc57165246dfe6c219436b4a7cca89448fa2dc25f4c

Download Submit
\Users\Admin\AppData\Local\Temp\is-IH099.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-SC4RM.tmp\ThunderSoft Flash to Video Converter 5.2.0.tmp

Filesize
913KB

MD5
30571cb5b76edfa481dc52346ec8526c

SHA1
0f1ac53282a6adf0388ef65f45a967447e65b685

SHA256
d2713609b5c74e889b38a4ee7853da7b5a0dc99cab6c7011d592661cb0697212

SHA512
f690066f6526398c80b17c0e2d572a8b6e1a7d3e56279f5b23b72a030808bfae9dd756667e557aeb6313459e9c10836214acfda19de1aaf209bd92bf49be215c

Download Submit
memory/2248-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2248-98-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2248-2-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2248-510-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2684-44-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-56-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-66-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-68-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-69-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-70-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/2684-67-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/2684-71-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-72-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-73-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/2684-75-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-77-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-78-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-76-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/2684-79-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/2684-74-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-80-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-82-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/2684-83-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-81-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-84-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-87-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2684-65-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-99-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2684-104-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2684-64-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/2684-62-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-63-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-61-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/2684-59-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-58-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/2684-57-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-55-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/2684-60-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-54-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-52-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/2684-53-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-51-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-50-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-48-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-49-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/2684-47-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-46-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/2684-45-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-43-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/2684-42-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-41-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-40-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/2684-39-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-38-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-36-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-37-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/2684-33-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-35-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-34-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/2684-32-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-31-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2684-30-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-28-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2684-29-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-27-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-25-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2684-26-0x0000000007100000-0x0000000007240000-memory.dmp

Filesize
1.2MB

Download
memory/2684-23-0x0000000006DE0000-0x00000000070FA000-memory.dmp

Filesize
3.1MB

Download
memory/2684-19-0x0000000001DB0000-0x0000000001DC6000-memory.dmp

Filesize
88KB

Download
memory/2684-8-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download