7afc7a311740da58cb0b7d6c43e28b1ddb6fce9c67614e74902e552b330287b0

Resubmissions

07-08-2024 18:16

240807-wwjlqs1hjm 10

07-08-2024 18:14

240807-wvf48a1grn 10

28-05-2024 08:02

240528-jxc45abh5s 10

Analysis

max time kernel
450s
max time network
425s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c421ca94c441a4b74d364f952f8739c_JaffaCakes118.dll
Size

166KB
MD5

7c421ca94c441a4b74d364f952f8739c
SHA1

e5de78ae8db1aa78e00c1fa1eb5687cd1519843c
SHA256

7afc7a311740da58cb0b7d6c43e28b1ddb6fce9c67614e74902e552b330287b0
SHA512

0eb45486ab306562c267eba5eae7f1b8d6d551b83603d136865c2e1c7c90abb0067effc4a358649846dc89ef37ad9ff266922223f318a631d3f457792f1df4d2
SSDEEP

3072:JLFrb30BRtBZZg+i2ayyYOCWGPyLydrkxMT3QDhqtUczTajkz+XHUU:NJ0BXScFyfC3Hd4ygV6oPHU

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Saved Games\Microsoft Games\desktop.ini	minesweeper.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft Games\Minesweeper\desktop.ini	minesweeper.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	2652	WerFault.exe	30

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Office loads VBA resources, possible macro or embedded object present

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30be89daf6e8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10F5B7D1-54EA-11EF-A5E9-FE7389BE724D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000f3397ae42bba09d8c05a5a88f4c7b2e8cd3028f97988f4f8fe861a0fa979fe2a000000000e800000000200002000000065835f9999636a480dbe75d764d3cbffe1f709a0c70fbb815e08114ccca1bf5020000000f431edb12da1c000d4699b361f7f5202b4cdb83264de484c60070e958b74f2e44000000064f6cf8ad43be7f03c4a0efd7a40a5471b4f96d4058cb43ae3291b4993b7e2507850ed6dd8d662d933db9ba59674bba710be7c937d1463f0d3273deacaf61784	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000061be35ce6789cce6a7f731e88de4023e0f27d789d5b3bc2fbb33800ec3ae33ac000000000e80000000020000200000000f9506d7dfb21ca1cd287faa871ccefb7cc62a9436f7d896b3fc6daa486815d1900000000b1dee2fb6b180c5c4440ac7b403a4bd65f9a850c3a82b6ab367e8b13c974233ca095a522a42b0ee145fd930e05108105d20699b55d9d990197d26b34a5a4082ba99b52ff04157de3a4d9a8ab5752458f8b3fb2804bc9a63a53defd49acd6186c1584661bce7284dec5653c16415123cd8fda78ca732336538a5c18bc284d906d9ab0432082b8e6592024d7894c1be0640000000f87e21d6231ea7e818adfab743a9a0d72db30dd6e7f92918caf8336e493dcaa92c81addd48a074fe4f2631a61ff33d2c20bce8152895bb4cf147ecfae76e72fd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file\shell\Read\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft\Windows	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file\shell\Read	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX	minesweeper.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\LastPlayed = "0"	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.i64	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.i64\ = "i64_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings	minesweeper.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats	minesweeper.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\i64_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\""	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2808	WINWORD.EXE
1744	vlc.exe
2024	WINWORD.EXE
668	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
1744	vlc.exe
1224	shvlzm.exe
444	minesweeper.exe
2524	SpiderSolitaire.exe
2932	chkrzm.exe
668	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1556	firefox.exe
Token: SeDebugPrivilege	1556	firefox.exe
Token: 33	2152	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2152	AUDIODG.EXE
Token: 33	2152	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2152	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
1744	vlc.exe
1744	vlc.exe
1744	vlc.exe
1744	vlc.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
936	iexplore.exe
2524	SpiderSolitaire.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1744	vlc.exe
1744	vlc.exe
1744	vlc.exe
1556	firefox.exe
1556	firefox.exe
1556	firefox.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe
668	vlc.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
3064	xpsrchvw.exe
3064	xpsrchvw.exe
3064	xpsrchvw.exe
3064	xpsrchvw.exe
2808	WINWORD.EXE
2808	WINWORD.EXE
2808	WINWORD.EXE
2192	AcroRd32.exe
2192	AcroRd32.exe
1744	vlc.exe
2024	WINWORD.EXE
2024	WINWORD.EXE
2024	WINWORD.EXE
2248	mspaint.exe
2248	mspaint.exe
2248	mspaint.exe
2248	mspaint.exe
936	iexplore.exe
936	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
668	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2296 wrote to memory of 2652	2296	rundll32.exe	30
PID 2652 wrote to memory of 2168	2652	rundll32.exe	31
PID 2652 wrote to memory of 2168	2652	rundll32.exe	31
PID 2652 wrote to memory of 2168	2652	rundll32.exe	31
PID 2652 wrote to memory of 2168	2652	rundll32.exe	31
PID 1336 wrote to memory of 2192	1336	rundll32.exe	36
PID 1336 wrote to memory of 2192	1336	rundll32.exe	36
PID 1336 wrote to memory of 2192	1336	rundll32.exe	36
PID 1336 wrote to memory of 2192	1336	rundll32.exe	36
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 2172 wrote to memory of 1556	2172	firefox.exe	45
PID 1556 wrote to memory of 2456	1556	firefox.exe	46
PID 1556 wrote to memory of 2456	1556	firefox.exe	46
PID 1556 wrote to memory of 2456	1556	firefox.exe	46
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47
PID 1556 wrote to memory of 1152	1556	firefox.exe	47

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c421ca94c441a4b74d364f952f8739c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c421ca94c441a4b74d364f952f8739c_JaffaCakes118.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 300
    3⤵
    - Program crash
    PID:2168

C:\Windows\System32\xpsrchvw.exe
"C:\Windows\System32\xpsrchvw.exe" "C:\Users\Admin\Desktop\ResolveExport.edrwx"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\MeasureAdd.dotm"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\UndoApprove.i64
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\UndoApprove.i64"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2192

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OutCompress.wvx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\DenyRestart.docx"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\PushSearch.wmf"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.0.2091582044\1436496200" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1124 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8efc9e5-7484-4e0d-b8b5-287c038c296f} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 1296 10dd7458 gpu
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.1.1631482613\1746341643" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa76c681-062a-4daa-b897-fd7c1428bcee} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 1544 e70d58 socket
    3⤵
    - Checks processor information in registry
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.2.500819499\1162885001" -childID 1 -isForBrowser -prefsHandle 1976 -prefMapHandle 1992 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a35ef3af-f08c-4364-bbc9-9d3abebe73bc} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 1968 10d63e58 tab
    3⤵
    PID:108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.3.1686814527\1799536543" -childID 2 -isForBrowser -prefsHandle 2668 -prefMapHandle 2664 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {688e5626-dd2f-4689-a2fa-42338977126d} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2680 1d274b58 tab
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.4.1876498799\968159959" -childID 3 -isForBrowser -prefsHandle 2868 -prefMapHandle 2860 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1debce0e-42a3-4cb1-bd86-32002864f859} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 2888 1d975e58 tab
    3⤵
    PID:1520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.5.822580175\1322162637" -childID 4 -isForBrowser -prefsHandle 3796 -prefMapHandle 2824 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81e693d7-6d19-4d15-94c3-8f69fc51c5cb} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3776 1f084858 tab
    3⤵
    PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.6.24937693\395782062" -childID 5 -isForBrowser -prefsHandle 3812 -prefMapHandle 3836 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f09f739-98e9-4683-a962-0268bb8b6ae0} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 3948 1f086658 tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1556.7.621917561\1328671966" -childID 6 -isForBrowser -prefsHandle 4108 -prefMapHandle 4112 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 740 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f4119be-ead0-4b51-a3e2-53cb9e8c6932} 1556 "\\.\pipe\gecko-crash-server-pipe.1556" 4092 1f087258 tab
    3⤵
    PID:2624

C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe
"C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1224

C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
"C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"
1⤵
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:444

C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
"C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"
1⤵
PID:2712

C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
"C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"
1⤵
PID:1924

C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe
"C:\Program Files\Microsoft Games\minesweeper\minesweeper.exe"
1⤵
PID:884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkID=124572
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:936 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
"C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:2524

C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe
"C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2932

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OutCompress.wvx"
1⤵
PID:900

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Public\Desktop\Firefox.lnk"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a931ed39bc36c5fad0eb45f3e5edc8a

SHA1
abb062e611382a9a4f1b9771a32f1c9342dfd94b

SHA256
030172dacce48cbd6ff899749eea93051765ca5711373ab3fbf0353306c43771

SHA512
dcee2147fbde1293c45c83b9af3992465f8fa2b66a473d34ae55850943aa017562518ddb0e7f33b0007a6a2260d68fc9252d4ce2a6d0b111ed4a0d38dd5619ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b96cfd73b6098d61038c5a50381632da

SHA1
b59275d876a76fd2c166b9f2ba39562dd6305a73

SHA256
fe04876577a1d66d4cd9e0d7d835f5cc49aeb13b782b8c48d4ad8ccd54313ef8

SHA512
06c0a02aad9eedf3d5ccac98d6d691dc611bb94616b79d56f24cc9f9b280a157ead78ce1d2fcb8cb2a37188270d4d4cec346728b55914c17e637d4f8e849db76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90616bd5fb0b3600c66fa71d55873daf

SHA1
1cb9c8692f3e6ee8b9463e8f346b107705dc3c8d

SHA256
503a0ea3c8c0e3263f1344f709c7eb9ba82a83b03aa225645cc6532187064469

SHA512
265757c2685b3c11948a305ce640f618e3bb23f40c2e655f6c82aad91d7cb622bf2ca0cb8becf1fe2dcb47e3d19fec55b88c5f25d561c536ddce1cf5c9a97b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b19f4695730332365adebb83e5bc4733

SHA1
90a5a1f5db8533ae366b04c81a477038f5dfff82

SHA256
d34f9b3117a4dc4bdc2b66302d3fbe9282d79c310c8f4cca39c11297f0b294cd

SHA512
f0b49ecd42631dd6ae1491a61f7c9cd14c41e8a031b9f1975885822e457bbd8dc6383e74155a603037ca472d315463e4e2c12f252a105e04bf86f777b9af8d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b8c118cd3e1633d0ca6f92715ddec24

SHA1
f1cb9da7f6769221902eab7affd0f30fd9cb400b

SHA256
d00260027e939e256d7e5e368b95cb50daead83e725b05e25970d762c381573e

SHA512
6cad357d64a27d364ffbab1673a98be13e6a57cdbcf1c96ebd0243d7e78addc35db028df91320827cbd55317cf521bd7548dd49fd7c4472be7ff899d04eafeeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ce08c7cb9a6306bb91d8ce7f35930dd

SHA1
a4ef49b00d9d4e16bed64168dbf155ed819d7e75

SHA256
57a1ffa73acd6e1685a753f09f8ad6659e6057a72698845578ca0b5dc447e946

SHA512
3a5dc90993050c79bcb708e434a8d985b938992535ada94fc2a57dab59456713927e08ca640a3612d1da0a42ae7bc4022b7e318540a6098721c831c2c88e8189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8713bd03f416a1a2509c16b21f30a387

SHA1
aec776da0f2f71cc2eed7559d0bab47075c7cd2b

SHA256
d4adc5e4e24fe8027bc4c17cb2be162ff8194e553122ad5651d557f01bfdb545

SHA512
d70b07999f5abe672a5ea434ce93d5a2a8ece2501367d5cb2e6835805e949c1cbe1a86a0696882359e75274ae38691bc25d4ebe1546a85ce2fa933dd5c5f1afa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
958fa988e6882616e7af7c52fcc1d21b

SHA1
2359955cb5636fde5ca47df77af98cf48250e625

SHA256
ccb5c61a5de7ca1d77b5416bf0b87efb1324b70de027a5eb9344113adae237d7

SHA512
09fb38a5b04a1d9a044ada3eeccfc20dfd14d5e8bcf526fd608bb73fd08169cf06beffb8fbafd0c7644d0d469f15b803be6764d3079a80582d8a6cc99038654b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e355cf1d80a2fc8232d7bcbe41eeaf8

SHA1
c8fdb74eefe4b85180649a2cd5bd6ef7321d502e

SHA256
b3d61c8a44d0ad71b1d7649736d1f3ac990db67e88db3585ba01b4f0174200a7

SHA512
702a5371a2fb7b0abca07b7077c72fc94307aab376463d20d7aa2b1ce18ca30e810aace969f54004ec15f15493cb5b6b3998d6f6414a54a32193c41f3d3105b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d13ebab7bbfdae8dd40b399401ff8f8

SHA1
96e93e4bed250a0f23c88d8fa6903d7f8bb62bbe

SHA256
17affd8a24461feb2fa9266e69fa73987114ad57ddc200bc0b1c8e1c347b03a7

SHA512
68842ef8f67996394165f76aa35a5e2d3ab5895647a42cb11746fa961ffa8b070d5e74e4654514be5a2e5116606a7ee82d09a3bbc2f5cbb03a796937cb8dd227

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf4e8bdf0f3d8bd5605b8e59f1c14bbb

SHA1
9fbcb2883a02009ec2e9393a87928514814d7f47

SHA256
6e35fd23bff3577a1bb9d9ced5a610adef6afc76c41f7acc37159d1a47adaf38

SHA512
56aa02eb04bbde5fce08a24807bceede81c2d7fadf7694f98cb15b991a04c072bfcdccbc0bf87ebc252be77121ced81345e94b468c45fbf75c1676e9c8e8f486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c681bb93de39c0fa3eb93be7e8a138d

SHA1
69cab118d815150f05831dfdcebdeb87c6dd376e

SHA256
c8fe0d5612004b9ecd82284f2b428c7429eb7f8f9fef8b877bb7984519b14ab3

SHA512
b2d5e1b15a94690ec7c1ff9c6cb1d25a53b66a52d638bacee831b8485d4426a26cd469ef9c85b6e5026dc354df3fb3a9d1781622517ccfa45ef163a3fee93018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bccb2f5b491af9a8385f317dc8e8c377

SHA1
d1af17d0371b87cf553af9a424a54f657c5c9471

SHA256
537df7b2dbdfea8461214ce9b268889d1c538a4e504bb9b0d197e5f8848f5d3a

SHA512
c8c65d12b0f4e2c02cc7b657866989b8260fb609efe18b7ff0102ff9dce20e50ae758689eb84888b1761c359f6d8a09b4e512261f5c4791f6efe3f3155185251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44aae5a8a53898dfa3b84f7745c0c80b

SHA1
a588d390c0c3b8e749057224f8200bbbde0f519a

SHA256
3fd862a9f4981e44c7242e74eab802149c3fd1fd33f4daf62104ff3cc72fd76e

SHA512
626503b65f2622f48f8919713da5163bb0ef91247facc69ebd13a99a7a8685f258ff91ac0081a8564f1039162f257a60f707a68e1bc3eac73c1253bff190545e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49dba7524c4ad1eec3d40d357ff7e922

SHA1
f80cff08c062144bbd3c48abd71d8702b286686c

SHA256
1fcc79be3439f3b9ca1d111a8e14e375bbcbee77e908430827b823290f3f03b7

SHA512
def1fbcfe6d40df2b7d256a1a573a7d0686017e62da44fb351089796c43dcd4399501c3ad1be8709a29de9d1f06e71150a95828ad4a78bd6ea51cdd6007a7ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c3a6bb4e916b521c963047a864558f9

SHA1
4170ce29b9f97e3ccc5bd1b0dcc08dfcd082cce9

SHA256
ac149244bea533992063ae9691dffc012e116656b5e873ef2081d0f084205963

SHA512
8be47d2d71ac5a0edae613e1b3c0216acf1a81ed6cbc7659e5d3ec5105e9013156bac61405815f709a4b761a2165536244a708c8c7334e2795566a1fe614913a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a71b692418c75a2e4737b938ccc21707

SHA1
88cdf812ca68fdd912bd85c509856f6ca0bb1e28

SHA256
5e16dc74b4adc191bc3761b676cc9b804fec8736e977acac5d7cc1864ed91443

SHA512
55bd5891e779db7156566cc8342ea5c19caf7ab01a9c1c1a61c4ee958ddf933641dc0158d652dfa633eb45eccd5bba30f4bce1fbed88594e7ef3d64bd48c2289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b018e451c4276d50a6e9ab0acae92d5

SHA1
1d322371f756c89e280594c610747d25ef00d85d

SHA256
52ccf9d6bbbf1582376328fba96eb0b334ba10c7c8f5b3756a04a4a6f94fc963

SHA512
3ca96c2918cfd57fc177ef1a271b42964da8a72aa366a479af61238f0c60a05f77ad392c6f673db369b8267362485d1200ad745dc969a3649861c76ed7ff3a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cf7d965e2e6b69cf47a4b86f3244334

SHA1
6f36aa3d13c3c756f258fd12d27dfaf242d93443

SHA256
065d7f377d0cee645a4dd45f1a62119b8247931f1f57a9b3bdf4742869a495f7

SHA512
9e4faae1f731942d5061d1979c9aa8efb5930562c9b7797c2f8c36b1015db655fe2b7780c6590d3417bfb9ee200c78eacccd6da562d63a4cb74aecc766e1bde3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d08f0762d6699682b36951af4e08a3

SHA1
a7291b59b7af5aca1d5f9de16b9fbd91153e1640

SHA256
5188684547e1b72af5905ad7c786001cdf164c15a5435b499832628fe8f0c5fe

SHA512
fc6c6054ef3854d93883e5cad0cc0318393f4fca20c74d4cec3aa087b1d5089d1a12322bb9ba6c217523e90c4a7c06c3b2b0ec3b9e10f66d1bd4d374044347ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2be0d17e6d1e57798bd9e2dda1f3928

SHA1
6303407a67c7492b20172d1b9f1b3aa404a8d3f8

SHA256
543b53cc5523435a38b2e8a7845ca5efc030d2b3076a3bd55b9293bea59de017

SHA512
9ec86b805ad43bbb7603b6647b1d01c92e7508fa651122367d92328cef57249e604fac8122653a6cfce410336ade0062e48d94983ea1ba3c19740f3374f143a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e4091d3f05d12ebb8e381f23b915b83

SHA1
30ae2641f5bd2e4dc754cc59b19e6c0baa2cc254

SHA256
c830974c2cd288644c61198e033adb28e2f388ff0c7c9b29a9f3365cd137b785

SHA512
2ab06cee99b1794bdab2f578df71ab077b7936f5753dd326279e3ff3c88cd90ef9a60ae305b8e7f4ecf13b91ec592cb620ab0df6b1fbedc0259e3cb299582750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cf9e3ab25de92ac52f950b0794ed4d3

SHA1
d26b45348f33f3add91b95a40fcaf26db2e61fae

SHA256
997588f89ad9da2ca6f319ac343f456c824cb81ce3f8149621c6c55b673c79f5

SHA512
71c49f3ab1fb616e30cc1ba722229e2c022a57f5cbc98b90d74ab3846eb5fd212315c459c110d394c94279f658529f3a86a5cf6d46b8980519eb47190a4e3ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3933f5a0b6dcb3a0f54da5621d009d2a

SHA1
f6a58443c49a88d3c0def169067eaf030afe54a3

SHA256
33927ab59f465c2be23d5e10d15e3566da18164d0a84d13c6bcaf2a6e5b5aa7c

SHA512
b3a76ce4054d158524bb4e5b00bf2207b2308ba4546d725974210b967f594f716cf0b8dc17a6bef066678d03737b136fb3af793b57f4f2b6497dfdc2093c62c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23e6baf492ce4f9e14d1f2d25671e0bf

SHA1
1dc76cf3b8f5f7eb0c7bff1814126c7e461effbe

SHA256
5858f1e16dd52592e39027b34c78c7092ba79bd9d806d9d39788cd430fc8eaef

SHA512
5fe546d7bce0b1bcf62b4c356d4d205f621a923be4df1e3731cb93e12bf6f51ac9a948b1fb1e1a0b8665f80246c00ef1f9d398f91ed46d9ad0b4ae96cbe368de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6a628a98095e539a055757172e05c7f

SHA1
42a379e4db3512367b957e89805cb307206bbd8c

SHA256
bd3d6c4460ca1c8c6125a7dc2a8be9bb7d2d0ca6c682561468b4a77d01dcad5f

SHA512
6a722b5c97bd4a4ab7e34f2ab34d282456f8cdd2a7c190f44af6106f76d1a4bd78fbaccc3a6433b13788519a235ca4a5ee4dd7ab08005929e53e02f375015bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
934b630bc5184e4164f6b7def091078e

SHA1
92cbf0229f95fd6d580177494f176e0e2423c6b6

SHA256
1cd6c52fd36f5066b2742611e44905f95676a217b885b06c24fc8db9cbdd31ff

SHA512
35121c43dc2c8b386ee5e5246cdc98bded681b818da174b2227072e970a2c9fb7e2a1c8a7ec9f4b5ac0b659c02d0db57f0ee00b9e02e6dd30b25b1c9f74b4916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fb22a9518c6e7af8bd1c7746af9dc45

SHA1
0beab72c9d23727c1a44f60413548b5a4dd7fd66

SHA256
69b1bdc61c538ec577163d688f5a8c1d9f36c385011b18397d7a4281dc53fb5f

SHA512
bd853f140717153102e0c424c6132c257eda14c5def3e9656f189d569311249a11193cdb12a3df27420fc6e511be9815aa0e9f6d3caad931bce6aaec78e3e09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79479d6e2a3aff62efbe8c4f392bd50f

SHA1
f1271106233de862e0f03c7ce4471f3101ce05bc

SHA256
acdc8ed657876a5cc430db8f650b711b89f80611ba9b7c667532280c68b0f7c1

SHA512
ecc9a67bc1b0eee6d6d6244e3ab15a442a0a3373fbc9adfc20f56310c904ad52ef5d7ba2ae43a0edf42bbf6c74f0a5d3c1cb35f368dc762f6c6333a2dcf516e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft Games\Minesweeper\MinesweeperSettings.xml

Filesize
11KB

MD5
3f3d1498eeb630d2502e8f7dce9d2034

SHA1
24ebfe1977662d35fb93fa2cad84d328f80e4c7e

SHA256
2a2ee3b59c74024e0634f1984b3cf0e70de7c2120a07000034c5a303d485cbdb

SHA512
b2f281fda0c3c9c547bf27df48454b67f28673314b92bcd9efe88b286dbf084c1460a5ff6035729883776788caa6d7911794cec3ae397c6d694c463b04d8f9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}.gamestats

Filesize
3KB

MD5
11b1cb66abbbe81e007ddd2959f6b068

SHA1
f87a67ffe354b00cbb2f492701b6429762e9c87f

SHA256
cb5314886a9d885e9d9df33497476223bd30ead81d8cd8ddb7a977bf15675184

SHA512
efcba4aaddaea5e60c120811bf8e04664fea877b4fdf3559aac086a68ad679a8561d43b53a76ee6bef5d5ca8b4bd452a22082ed8a68a78ead7bde02b106230bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}.gamestats

Filesize
3KB

MD5
d989d55ba606463e6a539ca0bd91fc08

SHA1
156197fb5df94b8afe08b53de09a5854cc687e81

SHA256
4b81636432d2b454bfd66d6032eb090f6c0b58c109049731b57c4f3d1e06bfc0

SHA512
ffa45e9c843c490155cc6e531e2373f5ee757737390044607ad9f7dbd3593b4f7c3f1ee41b0147dfacd17618789eb017996df0615a3f7160ba1e1bc6ec990517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer\GameStatistics\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}\{89FE5CB3-11CB-489C-AC0D-0C0B6707E1F6}.gamestats

Filesize
3KB

MD5
d724b2e61ee0f979531e596a64b2e9d1

SHA1
a05db06a5a845bfd017d0a5d136ee5781f18a810

SHA256
57f7a3e1e302912f9e80c41793bd9a20897337df4de8efe7e3526fc2f6649e6b

SHA512
85df8ca497172e6fe7e335a7365a1970f9c8198f899c114e5aded180d36522ad5c81c12fbb0355b2e38bc2aa4755200de38d14a64df9b4dfe39a9124276d594a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\runtime.846864f8839f404a[1].js

Filesize
3KB

MD5
1664ba66a8ff0ccd486e2c60bce9f17e

SHA1
bbbce4f440e41cdd40afa78c32fbfbeae9babed4

SHA256
5748649b02eff9b4aede8f553b7a2c8ed1115e27d27d3f3fa3bd211ea049acf9

SHA512
3fb6d10fbf947af302bf210a2e9c77654ef98ad46ce154901a5d6af6f35e7d192ac7cb16263b5ab9de303e236552b9df60116ff6ef53ee0b4f06414e441126f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\browser-no-module-support[1].js

Filesize
497B

MD5
047da04a58d82b2044c8f66721849daa

SHA1
c389a26ed60448e100bc54115eae54528952ad91

SHA256
0768a5776efc83ce7b984030eaff921978fa1a2f1837d70902982ec0ef972e83

SHA512
e143c4af3884ee1aac32a7b937f5a93100ffe882a390bd0dede8c1b5e23ea4ada68a35b5bcd4d6720b9e0952580f493475534044994eeec31038eeed73f2d37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\browser-not-supported[1].htm

Filesize
60KB

MD5
87877b3329b54181e78115512dd21f4e

SHA1
490ca335ba280aeb3f2ac227beb5c9ce40698470

SHA256
70ff948bc1b8b4a6f4f55580dde2639d21b227bb57a17cdf8c8b5869f08da6e2

SHA512
6d9946c058dc346f63341392f6dae30ee0239f68277625e8e6e21f7353e16ce4087af54c482c86dd6c7eb40784a4f5f604bd622b52c24cfc5e4db458fa15bac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\styles.ec44fcb9361959b6[1].css

Filesize
86KB

MD5
e8d73f858bfe8d4fecd952fe530fa866

SHA1
f332166c5f8e3fe44eda05e916089769be642be9

SHA256
bf0caa91bf07f6912bd3d9d804dbe1bf9b6241baeff0e29d9230d45317f7d608

SHA512
3424522d431e546222dfc559ea1cc04d7ccb7d0cc2844679d4c88e6308ef6827ce25108a5c9a83382371eacb4c52c166c78b94c3c321e63b6d4467343a227fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\logo_msn[1].svg

Filesize
842B

MD5
0a7885d82216c2a9ae8c1362c240aae7

SHA1
03967116d3b5a9ef767ef7cd875b1ce76ac38f9e

SHA256
03792d429ad94b5972bef56078a482def71a1936109c2c2b213540836229491e

SHA512
d160dadded6da04798d6051f64dbb9b38ea8c16519de69fd62f83efc03bc7c8984670180507d2b19e0724079877cf1d3915b6c8be954adb48492d124dbd3064e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\main.21ddedfa314d59da[1].js

Filesize
1.3MB

MD5
42107d70d1923e517e665f9861c46234

SHA1
63d971ac419824d7c0f0ee62cea15e093350ebac

SHA256
9b5434a9136d2a7bca8e40a06378446d2f32c1e9de4d954d13bbb1ecef6ceaf7

SHA512
8d44b0654e2d250173ce712cb890479c9facbabf79a3658e4142140c13ae3f1e8cf6e3bf83b351f276733c0202b5cd26fa6cf01d12fe631bb1dae87d4974bfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\polyfills.466e981258fe8a9f[1].js

Filesize
43KB

MD5
788e2b7595915fa886defa8e6d56633a

SHA1
0c1b6479892bb5141e16213088ffb774fd1c45d1

SHA256
e930bfa43b1689b49ac015e7ce155fba0cfeba2aa97c34486637f20f1098d4b1

SHA512
e1d823c5a7828c87d1fda565c0cc8178087a332fe93ae82afd55ecb97ee889afabbf6e651fb955df1582719578cc1b3ed2c3fd24c77f802559a6b6938775ea29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
544164ff9d394bc3fce8e16082c5ee9a

SHA1
df653909f291f0f4ce567bfbe8a7a175b333772a

SHA256
baf49fc1dca009877087a030541f771d1a8c34a6c0c00e45ae4e95a9c8075110

SHA512
9f067af1b8f86449ffaa016989bb311e06fba78e6bd09f6b52576ae1c260342ec5a4a8fd8eff1632f278a2cc010013abc33d277ac1bcf52f377b816fe4e5b58e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA759.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA7E8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF056602457159C708.TMP

Filesize
16KB

MD5
82957845614ea553213099abdc58abcb

SHA1
c2b7ab6580ad8419f2ec5f448268852c2b7c0724

SHA256
2d8ee38af95d3639971e5d4aa71618a3e28e310d27339359ab943d097606f9df

SHA512
a9b752a3eaed9461f08e2636de4bc04b414020a64ac963b6bc4653049c9814ca3e85e7a4b472ddda111802cc0bb06291c03ad7d0102b3bcb2cdee67a67664797

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
19KB

MD5
9b90f6e3658e8f928e3b48140e068d68

SHA1
2376d1e58a2604cb0caa3418cd9fef0f9685ecc9

SHA256
4f3905c63df394d332d7a835543b7e6e814f59d831e7a2b73554ac1618445d2e

SHA512
1bd7b7c66a5f2788df491d054ed8a125142a12461363b68186d2fde1779b70faec4bdf6b15fb5585663f51fb8924adca4608e0252bc54110c1dfd177c82879a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
5dc44d848ab748be846dc7beff7315fb

SHA1
376c04f0276d45c1136ff2f6db2b097686b38328

SHA256
c52bc40f4ef3c566f6d50dd7ff8c119752ad73cf3ebd6a7457b072ccd8c87b7b

SHA512
8d2208a8a4e5d61da4093486db05cdf42b6b7f1b7fc082d78adc4f27badef75df2a4409acfd14ab72382c149a4920cf411add2d4dca3811b15b3300726f1ff3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\948940cb-b600-40f9-8e78-e18a3adf2018

Filesize
745B

MD5
22aba92160f061b71c0f506628caef9f

SHA1
de18578c86adbb6a5c76b1e10aa9f2f54e5f9ab7

SHA256
c4ebda6005dd6696b7d8a91ae0710d639309a90f9c93e78ba6643a6652f9f73d

SHA512
46f78bb1dd1cb8c134dda2d1efbe57a7d23cdababde744f75c9aaeb4b4c218372466dbdbbf6fd9babc394c3d1cdedf51827e694b328aef03ee785ee8b6be0785

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\b11c222d-dfc0-4c96-a9bd-3bc48ef0fdc5

Filesize
11KB

MD5
964b9f5fc97a9357887e534408ec14fe

SHA1
97b844ab7e0b0397e303b86d7484a4afbd5621b2

SHA256
e548746f4e702166631ee400397135b7e51587c46335fd85a87c1dfc2f2baa82

SHA512
7ea20899cb9606a98522bfc5ffd6c71d69ab1a64f8b1b9d0146e09b0d3ed4ef3ff72bca4cb07ab609a04aed30eec891a676fc9bb1c0ffa820d1deb9b04e70bc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
6KB

MD5
933e60ac4e78a7fa79fc71211ab7db4b

SHA1
226b314a239e011837297d0c34ef912461f11670

SHA256
26a266a584f9796b714bef5e58c90fcd1ae34844046ea1423adc8e07b2cc0b69

SHA512
94217e84570fd68eb1f9f32c2754f7daa69b18d984209c2289c4241b7b770d1af81493108e860d5ca66d383df2c187a5e5d8590b576679365d88ea91f3ce2d01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore.jsonlz4

Filesize
832B

MD5
d3b26a16040462800ee024a64d14d13c

SHA1
1a952e8049fa032709e21d852206d1889efe133a

SHA256
4ccc563ff8198d78e788bcd693815e030446db289808a58bd03ac1e82daf6508

SHA512
73c3cc0740a5cd89c7fa86906d6ec26f0844b478c4a5da61d53dab6dcb332c45d22cba6471d3320eece443e4026ae353a8e04234670f3ba5ad1146e950eb73df

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
557B

MD5
e36a71c72de29c0e3017f8977f8e81e4

SHA1
d8cbd5d849c0fa9ed15a2516cc8e6952cb3e95b1

SHA256
33857c3a77c90a3934cc7995db48fe9b9d775317845f4474c08dcece2699c4b3

SHA512
79cfe391fcda779d67610bfcfa26b98b9a067092b43abbebff111256fe86877d5712bbede631635671977412c2bff92c35ff22de2979377d53ca85d7fbce73e6

Download Submit
memory/444-271-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-265-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-234-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-235-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-236-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-274-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-275-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-237-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-238-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-272-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-262-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-263-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-264-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-247-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/444-266-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-261-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-233-0x0000000001F40000-0x0000000001F4A000-memory.dmp

Filesize
40KB

Download
memory/444-246-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/444-252-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/444-251-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/444-255-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-254-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-273-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/444-253-0x0000000002000000-0x000000000200A000-memory.dmp

Filesize
40KB

Download
memory/668-2060-0x000007FEF5A60000-0x000007FEF5D16000-memory.dmp

Filesize
2.7MB

Download
memory/668-2061-0x000007FEF5390000-0x000007FEF549E000-memory.dmp

Filesize
1.1MB

Download
memory/668-2058-0x000000013FD20000-0x000000013FE18000-memory.dmp

Filesize
992KB

Download
memory/668-2059-0x000007FEFAF20000-0x000007FEFAF54000-memory.dmp

Filesize
208KB

Download
memory/900-2042-0x000007FEFB270000-0x000007FEFB287000-memory.dmp

Filesize
92KB

Download
memory/900-2038-0x000000013FD20000-0x000000013FE18000-memory.dmp

Filesize
992KB

Download
memory/900-2043-0x000007FEFAEE0000-0x000007FEFAEF1000-memory.dmp

Filesize
68KB

Download
memory/900-2040-0x000007FEF5A60000-0x000007FEF5D16000-memory.dmp

Filesize
2.7MB

Download
memory/900-2039-0x000007FEFAF20000-0x000007FEFAF54000-memory.dmp

Filesize
208KB

Download
memory/900-2041-0x000007FEFAF00000-0x000007FEFAF18000-memory.dmp

Filesize
96KB

Download
memory/1744-39-0x000000013F5B0000-0x000000013F6A8000-memory.dmp

Filesize
992KB

Download
memory/1744-40-0x000007FEFB4F0000-0x000007FEFB524000-memory.dmp

Filesize
208KB

Download
memory/1744-41-0x000007FEF6410000-0x000007FEF66C6000-memory.dmp

Filesize
2.7MB

Download
memory/1744-43-0x000007FEF3E20000-0x000007FEF3F2E000-memory.dmp

Filesize
1.1MB

Download
memory/1744-42-0x000007FEF4E90000-0x000007FEF5F40000-memory.dmp

Filesize
16.7MB

Download
memory/2024-44-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2248-58-0x000007FEF6F80000-0x000007FEF6FCC000-memory.dmp

Filesize
304KB

Download
memory/2248-59-0x000007FEF6F80000-0x000007FEF6FCC000-memory.dmp

Filesize
304KB

Download
memory/2524-2018-0x0000000002130000-0x000000000213A000-memory.dmp

Filesize
40KB

Download
memory/2524-2017-0x0000000002130000-0x000000000213A000-memory.dmp

Filesize
40KB

Download
memory/2524-2000-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2001-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2002-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2019-0x0000000002130000-0x000000000213A000-memory.dmp

Filesize
40KB

Download
memory/2524-2033-0x0000000002130000-0x000000000213A000-memory.dmp

Filesize
40KB

Download
memory/2524-2034-0x0000000002130000-0x000000000213A000-memory.dmp

Filesize
40KB

Download
memory/2524-1999-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2027-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2031-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2032-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2030-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2029-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2524-2028-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2652-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2652-1-0x0000000000170000-0x000000000017A000-memory.dmp

Filesize
40KB

Download
memory/2652-11-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2652-10-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2652-9-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2652-8-0x0000000003910000-0x0000000003A19000-memory.dmp

Filesize
1.0MB

Download
memory/2652-7-0x00000000003A0000-0x00000000003BF000-memory.dmp

Filesize
124KB

Download
memory/2652-5-0x0000000003470000-0x000000000350F000-memory.dmp

Filesize
636KB

Download
memory/2652-2-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2652-6-0x0000000003510000-0x000000000363D000-memory.dmp

Filesize
1.2MB

Download
memory/2652-4-0x00000000033A0000-0x0000000003469000-memory.dmp

Filesize
804KB

Download
memory/2652-13-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2808-14-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2808-31-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download