amadey | e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20

Analysis

max time kernel
1s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe
Size

1.8MB
MD5

3b36ce6e95099aeeda2d1f41a1ab2ca3
SHA1

afbfc4467a04eb09235fd96db8c27180d1d96dc4
SHA256

e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20
SHA512

f35c1d654221c26c8955498ac9e7043c4f93438d14eac4f355724365411ea8d90a1a452ab63d96c458383eeda53e3bb283b37b071ef5ebb738f84dc6d933436a
SSDEEP

49152:+jcEb1jDOWf6W/EI4Ngllj4ZUSQ/jYqK:+jcUDZB4N2jOWUq

Score

10^/10

amadey lumma stealc 0657d1 dana fed3aa valenciga discovery evasion stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0657d1

http://185.215.113.19

Attributes

install_dir
0d8f5eb8a7
install_file
explorti.exe
strings_key
6c55a5f34bb433fbd933a168577b1838
url_paths
/Vi9leo/index.php

rc4.plain

Extracted

Family

stealc

Botnet

dana

http://85.28.47.31

Attributes

url_path
/5499d72b3a3e55be.php

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Extracted

Family

stealc

Botnet

valenciga

http://45.158.12.58

Attributes

url_path
/e47233787df7c9a6.php

Extracted

Family

lumma

https://stimultaionsppzv.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Stealc
Stealc is an infostealer written in C++.
stealer stealc

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Software\Wine	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4744	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\explorti.job	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6388	1464	WerFault.exe	129

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4744	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe
4744	e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe

C:\Users\Admin\AppData\Local\Temp\e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe
"C:\Users\Admin\AppData\Local\Temp\e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4744
- C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
  "C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
  2⤵
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\1000020001\cdbea80a66.exe
    "C:\Users\Admin\AppData\Local\Temp\1000020001\cdbea80a66.exe"
    3⤵
    PID:760
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A604.tmp\A614.tmp\A615.bat C:\Users\Admin\AppData\Local\Temp\1000020001\cdbea80a66.exe"
      4⤵
      PID:4884
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
        5⤵
        
        PID:2600
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff91c96cc40,0x7ff91c96cc4c,0x7ff91c96cc58
        6⤵
        
        PID:4812
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1916 /prefetch:2
        6⤵
        
        PID:216
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
        6⤵
        
        PID:4920
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2572 /prefetch:8
        6⤵
        
        PID:1428
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
        6⤵
        
        PID:5572
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3224 /prefetch:1
        6⤵
        
        PID:5580
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3632,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3732 /prefetch:3
        6⤵
        
        PID:6544
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2196,i,5025862416900476239,16318716084986595345,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3492 /prefetch:8
        6⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
        5⤵
        
        PID:3444
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff91c8246f8,0x7ff91c824708,0x7ff91c824718
        6⤵
        
        PID:2464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        6⤵
        
        PID:4928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        6⤵
        
        PID:2008
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2388 /prefetch:8
        6⤵
        
        PID:2744
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        6⤵
        
        PID:2500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
        6⤵
        
        PID:2848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
        6⤵
        
        PID:5620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7007972622417869918,7649636515235326410,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 /prefetch:2
        6⤵
        
        PID:2404
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
        5⤵
        
        PID:4252
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        6⤵
        
        PID:4268
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0d8f64c-2261-48b1-a821-49a00f22cd28} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" gpu
        7⤵
        
        PID:4828
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6598f55b-ad67-47f8-842d-35e8a9dc096d} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" socket
        7⤵
        
        PID:5096
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3124 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3112 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c936e0-4fc6-4e43-896e-8a45f6b0de9f} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" tab
        7⤵
        
        PID:5432
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3448 -childID 2 -isForBrowser -prefsHandle 3128 -prefMapHandle 3256 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c093b1db-1d4e-4237-83da-c176a23017fe} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" tab
        7⤵
        
        PID:5948
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4244 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4236 -prefMapHandle 4228 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5decf533-826b-4015-9c2a-c80ac12c4564} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" utility
        7⤵
        
        PID:6268
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5164 -childID 3 -isForBrowser -prefsHandle 5240 -prefMapHandle 5380 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddbaa34e-d1c6-4cd8-909e-40b47736b281} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" tab
        7⤵
        
        PID:5240
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5588 -prefMapHandle 5600 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae7b87e0-d7e4-4488-a99b-044821a31447} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" tab
        7⤵
        
        PID:5268
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5812 -childID 5 -isForBrowser -prefsHandle 5816 -prefMapHandle 5820 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea32e3de-1c09-43fb-88f7-b8b786385f7f} 4268 "\\.\pipe\gecko-crash-server-pipe.4268" tab
        7⤵
        
        PID:5248
- - C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
    "C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
    3⤵
    PID:6804
- - C:\Users\Admin\1000029002\2b14a2e68d.exe
    "C:\Users\Admin\1000029002\2b14a2e68d.exe"
    3⤵
    PID:1464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 1392
      4⤵
      Program crash
      PID:6388
- - C:\Users\Admin\AppData\Local\Temp\1000030001\bc0ee9d0f7.exe
    "C:\Users\Admin\AppData\Local\Temp\1000030001\bc0ee9d0f7.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
      "C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\1000045001\stealc_valenciga.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000045001\stealc_valenciga.exe"
        5⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\1000047001\postbox.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000047001\postbox.exe"
        5⤵
        
        PID:6604
      - C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
        
        C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
        6⤵
        
        PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5532

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1464 -ip 1464
1⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
1⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
1⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
1⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
1⤵
PID:5972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\1000029002\2b14a2e68d.exe

Filesize
2.5MB

MD5
b7677aad5399636a95eb6994e115916d

SHA1
e2d4dcd2ebc1027245d2103a0fd9606f9bd2c5d6

SHA256
88edcb330179b6d28b755308b2c06b9a9ee4adb10ea7e4185d0af1697ad89761

SHA512
d0b8024ade74ccd107d3e85cb3bcb1d164121097f75fbea5b74c657763d01ae58275a860e39f32fa2cc7e7064c551cce6e68c7bec2ce4f81ffd4b4f74dceca87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
570beb7916b2ba7cabf6d9ddbcde6c04

SHA1
3590bb1c12a49f35434ffe0ab9b4a4371618b2a4

SHA256
6ab13fbb1a63f4cb39a15bc342066645e81e903d54cccec0a2f02cc705328b5e

SHA512
4b342ee7d4cd0429e2f1f975ef831ac90ef1456931f72015da03ad571dc7bcf0e2ac056ebbe0651b49b64f96cd64fba31738b1004c38a8223c9787cf874b5c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
251c7c566da9d4c5ce8c6941311ad291

SHA1
49153e29ea38a1f7aaa603170436ff5bcd155106

SHA256
f160b3d4b7c1cdb969cdc15eb6873ee827cf52110e983706459ae72995bfe484

SHA512
0a4f4b8c11dc8cfad6ff1bbffa922e7083508aaffe98f3a802bb6d0fbc679646bbb6d097edbeac26bb5a90ff88dad36759ab63513c433ec0ae215e1528c3e665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
bf7601c66d1ec739fa324b1ce8f3cc27

SHA1
0c37f1eaf7b38b3503e844d818009f0a1c4e704b

SHA256
0c7f75886d5361cc961c479523e098014f04662f25a6a005d1a4173b9d4b3d94

SHA512
1e531c65045729f53bfb0a8de4dde4ddfd2b47537592c017ad5d63202a82e6aa81ea6ccb305413e505ec89e3fc14c772d84b0700fa7617cc804a251c5bb03662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
182b8ec662f7b6daf2bb5beccb710a73

SHA1
e15bf1b57b512a59e21c142e3c706fd2f42f5463

SHA256
b0f0694a771d6c6a8e152a2f301f1ac09755c1c6cbe3679a86d3feb4bb0682d9

SHA512
336212855fff8c555ce83706b688a5b69f32b7252d67d0f45040c42505558d40e8d2a1dbb68fd2555a9cd121d288d1dadb4f58c1bcfbe7b8eb56e08f4c5dd36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
68KB

MD5
fbf0911ebe4f2e508ac2ed235d00e55e

SHA1
bc4c28796a860bfd36c99e64b495682518f86896

SHA256
60a59803330f9e762c90793daf5ea396085b794d2f51ed1a730a838a4ad49767

SHA512
72f39b423285cec8f462995459c05a9a30e408652f72f06477ddef0f504c06d6cf8a0336cf0ac0984b9cbee85e611eb1c785d9e75dfe6b961c880bc943a8de1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
85KB

MD5
533028bc88b8c919df8015a5530b2619

SHA1
d0525738835505ff9d73ba26e3f7d3fe67805221

SHA256
174bc924860e66e957fce675f42e342f3ea8c16daa14854d4a33cdaf592fbbe9

SHA512
3a51ad22fc22beb0e7ccb8ee000c9ab4146e81f91791c59e6134572ba51ec543382bd3f17456ee9aec3ecefecb11f3dfd41ae2660ae3b06723f135f4ccfb23bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9609cb0411f43a4bc7380133b4f4898b

SHA1
438c8a60a64a7520fbaac6be35b87c143fc98ece

SHA256
01d1fe657c208fea24ef680c681ff5daf75b554f08f1b967153134bbb18f777d

SHA512
443b27576f7fb48beabfca30980f09b7922dbe7eecb360c9df16e8ceeddc3b6eca54735dcd252b64885225a559f0bffe0fe8ef37f7e2800bc8ac54bd6c42a6d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
19170b014601d84f239371dba204ce84

SHA1
938dffd2b9f70db8ff00796d4466533b0be19f90

SHA256
2fca2530fac31c3ed9522801a6b4f1b16de747d4c2f2a3df8c8f5923876ea8dc

SHA512
5e3ea3878ddade0791510190d8d77e9f7069481a5ec9761982cff4c6f318ef43b24b522174e0624a7cdb6044cf4c89be051b7000d384672301237ebe1af9c10a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1baa836db497ab87932955f1f433f57a

SHA1
3334af61e14c06d1dd860bcd1045d25e76b74fe9

SHA256
7d846d9bfd0ffc7c4fe854f23dffe8e8afb168042a8d94bb5ed05da352b43964

SHA512
414bc38c9b08fa0ff06e79dba54aacf0a3cac99932b7f73afd9076078db2aabe88d5ee6755673b0d62257b96f5cdc0c234b512805778f8c94346122538762081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
775c8d5685c02e649b4973eba3c4d531

SHA1
391d8d2db4ab9536a909185bc7b639e9ebec15c2

SHA256
dda6cee985a74c4a04f27d938b06c010b30b9629f7ac08a2f24d9214cd9222c9

SHA512
cd9dfbf3aace0fe0a4eec843e1309032cfd027313355b6bfe8319a2e4d425912a61dd87cf5a45de74155fecb5226bcc318120654fa386a30bbc168bf0b0ed004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bb03e94a4c778d35fef236335c2a139

SHA1
ca42946aea3b72e815de5e059347be3b7015158c

SHA256
84c441624c81449fd897ff5c93afdbf66b843091df3fb32649b9cec7d5974216

SHA512
39461cc034d980297439807e83f22ba0c27a4299af5e84409348698648f6175c9e692e8fb869fb5bebfd469f1d41ac8c7690bdf8d86466253371db422215d497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68c7161b201832f21860d0903ca78c61

SHA1
8c7e9e1ad789d99280ea41ac8c8fe9c5559db362

SHA256
f7fc916a7684eccc7b58a9871dc88916c7b0100b05d7cca1ecd3908ec5c14726

SHA512
1c113b5fd98bdc20dcdc05c741bd98051f0396364ce015e421209f96e9c18e2fa7a936ed8f65d9d6ebb15f7fb81332aa9ec30ad86b59e7b40286567caed5d9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59d7232c9c8144272db20a891921f86a

SHA1
65f1d5186c7ad56070c63b84a2782bd9cc6b978f

SHA256
559c1b25d6ed273d428225bc2ffade29a909506d89c3ffef2a1b8fe99ee2f63b

SHA512
6187eacc59cfeb40da5b51e69fe928abd10c31947f4ab67dba31c8e6801a62309e7fcca6b3eb16fc273c33a09974da10f474e91f3fd4801f3d91397966d2357b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28770e42327d7e608caf495045ff3a65

SHA1
ed1c6a5d85e92af7e2524e7e08d03a9cc4eb9e2c

SHA256
826ce8f947e42a5f197e4ad75c51e9ae87ae8fdd65ce4a0d2e55c8f02502c6d9

SHA512
cc7db42067716878399d327df78f3e90ab0128cae22a604acc5dbbbc9d10a40308d35b8ecf27948e51e37c5a3a0f364b7f8e1b6c7b0a7d96367e29299d2e7536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f764ae429439e7a5e83a4765ea37b15

SHA1
f63ff21463b1d299078f354acc04f5d9ef898888

SHA256
d5bc1f01c4d9391206de6342c5a73f3604b89ad21b2539f1ba3d1b1a3407116a

SHA512
27864be4150652377cc6b2a79e70b9fc572ce0fcd29d1869032301bc5bffb2f79fafa7ad768285423ab3b1fb63065cd2d7096b23617babca0104e7dfbc187100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d3e30c2f724066b05406658c11d9c64

SHA1
72be1858a729359ab89baecbf5082c03b6ecfca9

SHA256
e4f3877fb6d3b7d3f85e293b5ac0d79f3aaa80af20f10037a8ada672ddc8e62a

SHA512
46b14179bedc2042b673787c065a8c951e9a3663d68d491b83c296058c394f845855d377e74be89dcf5fe274cb3f22d671c363efb4959b44b76699055ddd8f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83d858887576c2ed392c71cf5a91e039

SHA1
14348a237dd80fc4c68dcdefe5229a45276eafa2

SHA256
de87fe73e102230572e8b16f7a10589b1b8cfebacd25bc11aafa18a7ec0e8884

SHA512
d1e78ab7881f61b2bb433e0a8dbbc594f704fb300adcb49b220a28a6cc682c678978de3f0f272014b820bc674ae23a6ea32a63723d0705f9faa1a667fc72bbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e69e5af14205e6e4de2ccd4c4c6862a0

SHA1
464f54574593b2edee37ea37a5119fc5ae0459d0

SHA256
6c9264a0e7ad49276e437e2ef5ea1599dd46f14de0ef19bca69939b87466d8ab

SHA512
06ad184fc6e10230d07b6ea98bb33361a3e366734aef84032d4c83d5b24a29540d9a53c5fcc6829d4b1f6fd949f79f98d452b00b5c61652c2949ff095faa08fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a828c1d873bbe8dc07957497a3898576

SHA1
2093c00114cfe2a23a35b926de6f0f4d4887f607

SHA256
fe0a7a9da445f604f79e6e03e42e1f114fe0783a0d2a4bf9ed3d4703e0e6e351

SHA512
0f1a088b93478e8826aa5bd416ea03ef6dbd63e5d48932d8fda25b32a0d34cafab00354d3a80e21df124012b6e1d89a6c2ba784ed24e35acce10adaec6ae8a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
0c8ed2f6105599d0b50260d405418bc7

SHA1
889cf2746c264726717d084f66be2ff595e3d0f0

SHA256
d78564a0a6d3dca787736d24516327f04836328e3f1b16bca83d05b34bba74f1

SHA512
2918dedeead69763ed3ca8b7dc8058b9877333a7e75f092641fed614f20dd2393e9cf9c649cdaca92ec0c040b208819957c7cc889ffa959039729bfa1c9c563d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ed4598c11a996ce644acb153b18f0d92

SHA1
56dce2e00b6a24a3d1967e4cf958c8621d7d0187

SHA256
9cb4084ec7d927cec314ec8fe2eb8766085c00d0804ba239157ecba02b84799d

SHA512
2e7f4c8955238c4c3afdf056ec16f1b89662950099fa87b8b5984a8e40550a56c26fb792f23da1d518736d0bf0470e8f752b8003da656d5ee3995b6130e6bdd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
33KB

MD5
daa6948a37ac312342600f2b96db15ea

SHA1
0bfa2e04bf51480baf1fc7e7819f65cd3b0c90ba

SHA256
de7cf820e8eb0aa51d82aff3a848fd853dfa878674cc67094aee0ac115c85fee

SHA512
5af3ceb0a4c56b767792ad349b83a179191d9fe6dca8e3795cb48edb87ae6a8b89e51a64ebedd68857c674befd71dc1664a2e8380ac21abacc9566329d8c2e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
a1cbc8600fb0e0b668df61bb5d1737f9

SHA1
65aaea9cf40ee7aafcf033f35980aac172b0a267

SHA256
b0324009cc7d496245d763710959284dbc9eb3c4aa93227cd6fa82772ff5a2bb

SHA512
c731cbc3fd2397fea0afdb98ad7e0a2624dfdd9da00da2032cbb425ff653291bd3e9290514d6aac2761923a055c0666b521a61524595c5ab1aa2b56ce18b2338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c64ed84099af56c4ef4e902a292846c0

SHA1
381a18c52894baca7f1dd91c51b2fca501d064c5

SHA256
bfd677f0dfbe78f75e34d5498444007d96d1b233e5b98a96ef2fadd0b45cb903

SHA512
6eb4ed1e1dae7c31098a31184285365416ec2c116583400ed640ed6dd2caced4bc67192903f076ab20caef03a152dd098518f417ec7cfef5fa3bfc2fdee125cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
26843a6adade60403403ed913e2753e1

SHA1
87be51a3f5485ecf26efd865ff316505456f4827

SHA256
418ea12248f3d2246efc84ca456c2eaa840ed0883618a5807a05c469e0e5bbd8

SHA512
18e49093d836b5809e9fa0cc89502b58e0ecbed05c57ffd66993f150c2a3adf24002c2543e89926ba12b1fa265ca5c4a5277947a795043bf584be2fddaf59ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9e81a602ccb98f55741f03ef0c601be

SHA1
a80dc440d24df47fded1cb3edae0d3b29938db56

SHA256
e7292a470388ae5f32a64ba7d2dda6b82a340da7144ec7843259d365bfd7863d

SHA512
d83541cef7e01275a6dcdff14698016063274c2b5e551f3058551bcc540ac35fe4814729890b49863be92b1ac6eb4a3b8a38fca2316eba58f476de510a7d9128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ecf92ab0ac3ccf86d34d3136d2ab007a

SHA1
39567a38fff42a1c9b0c36334961ae918564784e

SHA256
c5fdbb676bcbca1e0fb7520a5f52913e0a842788e8a79bf635c86080b20ed4ad

SHA512
1af65fc81b1e9d7ccbcb1e54a4a7b949feec84092ae3f12d1e744627a0827694e2116d36f0c062d6693a32bcfa41b8dad31cd8d705beab74c768bcc963750f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2299c5929b632187346e76f29471c8f1

SHA1
6906a51daae13cd65775730398fd9301c7ec1168

SHA256
dad0427a3416cf22c75fd381f7a6a5c18d1c564b332058aa3c70b582c2ec3d2d

SHA512
8579f1d915ccea75a1aac0f7d136001fa0360c3b92863e3bfff07c876b361bf4e4778eae60a4cb30b33741931db12200991abab6047f723b9c3dca5a0bf53522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b5b241013b71c9f0d5d7e11a9cde8200

SHA1
0c553a295841271eb3405f5db2ed325b17a7e715

SHA256
063d807debf243d7caf2d4fe39f14729a8691cc9591889ee43424259b2eff0ee

SHA512
2daab4d4ea413fe112293bb5a982ff4c767df1657bc8d7de5a307fd3e87f5bcb4d23bc754fe77184c043d6b813f4088ea4b2f7163a75d3ccc6ea409e0477a456

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
6beceb5eed0d9572653d8ced077921e5

SHA1
87fef8ba71379e085a37f570242cae640f667ead

SHA256
52ff4015054b5461a192c3d45e43ac090bd0194ffe6c5744b649cf0a4521ceef

SHA512
4dcfe77283fe51542c3dde9315b62edeeb4e3c3751cff2ddf28f93670cdec8d9cac2dc48e2a7672381ddd64dc0230c73430cae22f8006fc43a89c2e8f8dd0f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Filesize
1.8MB

MD5
3b36ce6e95099aeeda2d1f41a1ab2ca3

SHA1
afbfc4467a04eb09235fd96db8c27180d1d96dc4

SHA256
e9785a288816cb9d2d8a475a8d60fa34ca32ed6b0afb14b3a80c45f52b692f20

SHA512
f35c1d654221c26c8955498ac9e7043c4f93438d14eac4f355724365411ea8d90a1a452ab63d96c458383eeda53e3bb283b37b071ef5ebb738f84dc6d933436a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000020001\cdbea80a66.exe

Filesize
89KB

MD5
48f2efbe8db3376277aef10a2b53fd27

SHA1
76c56d5f798d8b16c854b9b5bea016ae89027634

SHA256
cec6429a9dcda4aeb9dca21c60c57ba96c73d42c7cab17f1d0ef1c3cc9ef6f61

SHA512
3625e5d9788c51bba13b892ab343444c1e16832ba05af67ab401950a0fe4e1e1668d8f92e6715de80e8b165ced72341d62208880f01f7b46a1f48230e6a94733

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000030001\bc0ee9d0f7.exe

Filesize
1.8MB

MD5
3fea22d484f814212c748c57f56bb8de

SHA1
e1f3d6c40a9788e2a02be9896825135bc354f609

SHA256
1ea6becdc0c69a9783863c28aa9d73a3c3fae35ecbd7f896152d6ac296d9e929

SHA512
35ea60256a2564f7a001d485330c1e5e5c63bb91a601cf05f3877a86c28956040e26bbda2f55c4058683247865db85778e9037a2f47067bdc761fc6dfc524ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000045001\stealc_valenciga.exe

Filesize
187KB

MD5
dc4df67829d076c9c33c0d728a9a6ddb

SHA1
8362b7c722fcd493a473c0ad12c38c381f0c3e90

SHA256
b11d77860541c64edc90ba2b3841ce41913aada626bc56d6c10a9214f3040da8

SHA512
03da0637bf30b8d01591629b501b339b77e57b920e0cfd406222b0b28d81399e950da58f0088b7b7cf80cda49084b611056812618a586328232f9697f56e2ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000047001\postbox.exe

Filesize
22.0MB

MD5
c53bb047b93851b66fead144d7c46ff3

SHA1
42ef9d0a7efe477fabd290d16c30c63f5f576cd1

SHA256
54092d2fb30f9258ab9817de3b886997dbefdee2963b4d051b70c0309aea99e6

SHA512
7060e10d60d0699c7c06012a3e2be44f859ec06ec00bbd51331b5ac5169e88d14baf7949d2cd40bcebe42016f8a7d5a28a11c755a54675f5715dbee34cfc11a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\A604.tmp\A614.tmp\A615.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.2MB

MD5
c1c61263ad9352c4024adb49b1e59889

SHA1
123440f1981f6b26be6e1285f71f31afb6b30b8c

SHA256
bc278ca066d4920f1723cf431b0318f454b80c81c0b2b8404ea3182126a19f6a

SHA512
dcfed0a24f91ba6d2e17e6a1a60f941528500b4e48c0895e3c9b1cd725eccc758e464981334c28eea90340568da620d15ab3840ff4488cf44239c6046bcc1225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
12KB

MD5
572dcc00e93264fc5740705a75b35b57

SHA1
c104694a7af900fbf2241dcee77ab5170df10401

SHA256
753b1c0b57688fc2039d6ad356513414b9e7189fb3b8b8966b7be17b38c62528

SHA512
96459ca14bf5d0e66e76486893e5f25db1415939651fd5b55c77067109ca879aea33b083f7df9ed988a5b178eef36497f2af00f7f0d8b0e928c21490b7543513

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
16KB

MD5
4e5b0a7571d11f37a869c73bd9579cb1

SHA1
edbdf8856610ea782aeaad8cfa521839212b3452

SHA256
bcb50e70db9a506a73f5425d6f9db433c4f10617cee9e199ffe3d67a6d19532e

SHA512
c8c5cf5fd09f1ab361c03a63ffad47e21b8a62ee81d1278420a2810dd84fca9eb9f3d202da0e812d05fc0ebd9ce8c3b1e6e3982e19049c60b9ee24fcc50656cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\cookies.sqlite-wal

Filesize
256KB

MD5
2407bb6cce095abd14cc138e2ea23ef4

SHA1
50bea9b3744d03b3910968a11a729097e5dc71ac

SHA256
68abe516d71359049b981a7dd03198b1fc1f6cb8c7c6bdcbba7d02402c7aac2a

SHA512
e9eaf4d801e96cce5573199b54995f58b7225851e771b1f5f9ee52b1e3f5f2ed99eb8ba00b06423bdc198cbdfa5a2d70725a5f0091ac9720a64005cb74e3c5e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
ff131c797e7d97f7b8d5593751e0876f

SHA1
e73686d6e7bf34f0a2e4535e9b27dd2c733a95ea

SHA256
e718f058cee1778718ea82779322a562e81f529f3a5de9fdd29e726d2eea9ba9

SHA512
33713a59f9a4938686da470d0c3437f3884d673c2115b971906bf386b810fc5866bc72c9712c829a86f5097e164baf80ef187aaa13e82be69f26c380ce4e284c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
0346af7526a1cb8927959fa53ef707d6

SHA1
cc36a2d4d60086208a4b38d800c07e6ccba6359f

SHA256
828537eb3f66749860ff96af1cb66a2b581ac8a83ea03f35c180abff6d7ff53e

SHA512
4c39262dba49015d51a2c615a7f46e488b7aa2aea7a418ba2c51d7b7352f2ab381766f3bcc4eded5a11a189a7a81850a01c97ceab6487572ecbc825252083bbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
b2efcd67c7fda13373023139b43d7981

SHA1
ff5bf9dc715a9bf46633c4c8030f569b46052bb7

SHA256
874112c9b29c9ebf2f785202df67afb52356f813d6f02171f17b7fadab6d87f5

SHA512
a4a9cc60906f856860e1fae4ac8c80b0132cde25abeba789bbe33c6783303202c17d3383788fb6f086f570bc1c60695824796a2e04768aea6ba035a078c9456b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
216406dc9f967d866fb2e55f857d51d4

SHA1
19e53bd5cd8e585d860139b52aa7fdba97671b95

SHA256
b18404874d0ddf42c4dd9c4a26f1587e13236b68419f9d09e0da0e54e32c93b3

SHA512
7422a08bc10fe825994ade9eb11419fa0eab5a134b7dbbff6a515a59788f5a44472ef89c11dc88aac434b974ad15a7b18d147e39da7b9813484846e3980f5683

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
424e76a816f32ab6728d0bd10fd83801

SHA1
4854f736c7a4000620c37cc116d025ba5cc96c62

SHA256
04ea8afc4abc7cd4184c8eb6400b79dc396559cf2d437f337b2a260568360e6d

SHA512
d718406e11bb257b8eb4f0d9a1930c8d25acb98ff4f6625086fefb2f304a6b1c560b376d2f2a02b2a4be414bd68c68ef2fa725eef8098846e0ba9166cdaec587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\3ee20074-9237-4237-929c-27acac9402eb

Filesize
982B

MD5
8772c24e8efd136927951a3fcd09b266

SHA1
6d5bca154baf25bab24d6065925c4b49a04b9290

SHA256
49b6fc1e30b3395419c829d977833bc862aa3275c705358e49408fe8043466ed

SHA512
ea3ae72d0527fa41df0ddc4ea92e7f26bc0541b8eeb2a2bd2faad3f92c1f8082d5d1814a4e402b4583fa4f9fcddc6c79c603cf1c542ab2fbd3f9c247bc019ed9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\9f8a1dcc-7f64-4d2a-b129-8c9f536ff295

Filesize
659B

MD5
7baed3ecfbe2975f6451a5b00ccf45cd

SHA1
6abf9d6885f23cc884908f9842fecb633489ee54

SHA256
3a4717360fff2b5e0e2cc4d1c1e24115da2c3d7f2de4c8c3180d604218707e41

SHA512
d3a9e19a7e256946f13a4360ddf66ac31c72855f0f9112eb43be5c8b98bb03572305afa142fac691069d3c968df674a66967fd397fbc0c799631866ff363c587

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
4.8MB

MD5
9a7be2de221cf6d8e24d5120e9ffa8c9

SHA1
b8e7f46dd0953e9a788b20c2ad7edb48dc0fc13e

SHA256
5aaec3da0dd869af31160c7a12c9359caaebbb886c80ca93c8f590da044a84ec

SHA512
38cd3eca6a4fc3ef3e302d42c4004fed6a37d01368a18f38a15ccb6e64684f3169ba42f3be62de1c9d97c046098f21e3b14e4390f2de2083ccbda99030460020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\places.sqlite-wal

Filesize
1.1MB

MD5
2d31a89fa5f3653451829ae56645c462

SHA1
3f4b09f961c4180cc6d69c7e12be7ae82fce9159

SHA256
bcef7aa29ede2460b7c49ccac10dd802917eccc1bd452e4b4fc0bbf6ea838998

SHA512
f465f4aaa6934c4d549c7277e5358d96bba4003cad5e3bd292fbde2563db6d64d08cd5f03d9cf73de95657211a72318c9a3cdd73dfc73931a8412442cc45c89b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
10KB

MD5
d00199ff13855fb555c3b42c1d673875

SHA1
d25595d5e814b07e6497875851d34f6caf2a795e

SHA256
0d6b43c2bb413cd7bec8e1a1f0059b23c71df0ad806073d96aa63699171b2e2c

SHA512
f39a082ac47c33a662223f647d2ba4dd491a9f1d7a6b9ef3b3780e3c4e5a2aa45d8d4b4c2bac7a760b35a276de8de13a352a9b58839568233e4008240149fa2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
b1385a82777eba89fb54a4341052f786

SHA1
877e864e3f55433d6f176d8eac19c2bfba455a81

SHA256
a5283e8b4a066ebe992aaab94ef6672436bcdfefe6e5c6b7f62298f1dd864ed4

SHA512
9ab09e14aa3f4525c952b7c73ceaff722aad59ed82e152ec2b479b02c1568e66092c2cda0e03d86d49604d8301fb90446a064d1c31fc5f3a0a255d80c0e0eba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
ba6b3231642e13d647ffe45dfa42808c

SHA1
25c3a79c1e55a9a9cb6e978a13454e31dcfae55b

SHA256
7fae880935155465fe56c0f02aad9b7c1952aa74465a43f6cdf90ad8f2b8688f

SHA512
3349f1fffe31c683d9df836bebf8671b712e347c4ebf66abe4db48b8ba16d79630305de0ae2821e73d8a4922245126128750a4e65820c09952c2a8bb61807495

Download Submit
memory/832-926-0x0000000000790000-0x00000000007E7000-memory.dmp

Filesize
348KB

Download
memory/832-924-0x0000000000790000-0x00000000007E7000-memory.dmp

Filesize
348KB

Download
memory/1464-527-0x0000000000400000-0x00000000031D3000-memory.dmp

Filesize
45.8MB

Download
memory/1464-535-0x0000000000400000-0x00000000031D3000-memory.dmp

Filesize
45.8MB

Download
memory/1548-834-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1548-839-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-567-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-906-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-982-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-966-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-946-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-928-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-879-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-812-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-682-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-993-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-854-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-833-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/1976-918-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/2712-811-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-604-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-992-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-472-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-17-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-20-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-853-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-19-0x0000000000FC1000-0x0000000000FEF000-memory.dmp

Filesize
184KB

Download
memory/2712-981-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-878-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-566-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-832-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-965-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-905-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-21-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-938-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-681-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-917-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-927-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/2712-588-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/4744-18-0x0000000000CB0000-0x0000000001163000-memory.dmp

Filesize
4.7MB

Download
memory/4744-2-0x0000000000CB1000-0x0000000000CDF000-memory.dmp

Filesize
184KB

Download
memory/4744-1-0x0000000077664000-0x0000000077666000-memory.dmp

Filesize
8KB

Download
memory/4744-5-0x0000000000CB0000-0x0000000001163000-memory.dmp

Filesize
4.7MB

Download
memory/4744-3-0x0000000000CB0000-0x0000000001163000-memory.dmp

Filesize
4.7MB

Download
memory/4744-0-0x0000000000CB0000-0x0000000001163000-memory.dmp

Filesize
4.7MB

Download
memory/5776-947-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/5776-951-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/5972-948-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/5972-952-0x0000000000880000-0x0000000000D50000-memory.dmp

Filesize
4.8MB

Download
memory/6384-591-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/6384-583-0x0000000000DE0000-0x0000000001023000-memory.dmp

Filesize
2.3MB

Download
memory/6384-798-0x0000000000DE0000-0x0000000001023000-memory.dmp

Filesize
2.3MB

Download
memory/6604-907-0x00007FF78E160000-0x00007FF78F7D8000-memory.dmp

Filesize
22.5MB

Download
memory/6604-904-0x00007FF78E160000-0x00007FF78F7D8000-memory.dmp

Filesize
22.5MB

Download
memory/6604-923-0x00007FF78E160000-0x00007FF78F7D8000-memory.dmp

Filesize
22.5MB

Download
memory/6604-925-0x00007FF78E160000-0x00007FF78F7D8000-memory.dmp

Filesize
22.5MB

Download
memory/6668-838-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/6668-835-0x0000000000FC0000-0x0000000001473000-memory.dmp

Filesize
4.7MB

Download
memory/6672-564-0x00000000006E0000-0x0000000000BB0000-memory.dmp

Filesize
4.8MB

Download
memory/6672-551-0x00000000006E0000-0x0000000000BB0000-memory.dmp

Filesize
4.8MB

Download