49998dd0366a3d7dff3ec1b6c2add1c0f7283b42198273980025a41942bd8178

max time kernel
251s
max time network
252s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
28-08-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-28 at 14.57.55.png
Size

419KB
MD5

00345903f4db4bb2c44099a766cbadb0
SHA1

9fba40eb3a9ffb65b24c98e47d36d99b56fe588c
SHA256

49998dd0366a3d7dff3ec1b6c2add1c0f7283b42198273980025a41942bd8178
SHA512

efb23c5a838b2407d9b5544dd864734dbb8c892c445cca6f3e41ad8a77ce73e9f85fc6be960981de840aed20b4190f322742d40dbc4ddaa1de8e2b4d6876984f
SSDEEP

12288:m0EHCJmoNmRxMquJhItGXNBd/GyUtlsUVhVg:mviJ3OM3nH4yUt19g

Score

8^/10

adware discovery persistence stealer

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
333	1580	rundll32.exe
335	6020	rundll32.exe
336	6020	rundll32.exe
370	3400	rundll32.exe
371	3952	rundll32.exe
372	3952	rundll32.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a61edff5-10ee-4d3e-a806-d308087b01de_31.lnk	[email protected]
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a61edff5-10ee-4d3e-a806-d308087b01de_31.lnk	[email protected]

Executes dropped EXE 2 IoCs

pid	Process
5476	[email protected]
5188	[email protected]

Loads dropped DLL 6 IoCs

pid	Process
5476	[email protected]
1580	rundll32.exe
6020	rundll32.exe
5188	[email protected]
3400	rundll32.exe
3952	rundll32.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\a61edff5-10ee-4d3e-a806-d308087b01de_31 = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi\", start "	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Run\a61edff5-10ee-4d3e-a806-d308087b01de_31 = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi\", start "	[email protected]
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\a61edff5-10ee-4d3e-a806-d308087b01de_31 = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi\", start "	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Windows\CurrentVersion\Run\a61edff5-10ee-4d3e-a806-d308087b01de_31 = "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi\", start "	[email protected]

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a61edff5-10ee-4d31-a806-d308087b01de}	[email protected]
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a61edff5-10ee-4d31-a806-d308087b01de}\NoExplorer = "1"	[email protected]
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a61edff5-10ee-4d31-a806-d308087b01de}	[email protected]
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a61edff5-10ee-4d31-a806-d308087b01de}\NoExplorer = "1"	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
327	raw.githubusercontent.com
322	raw.githubusercontent.com
323	raw.githubusercontent.com
325	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Security Defender\Security Defender.dll	[email protected]
File created	C:\Program Files (x86)\Security Defender\Security Defender.dll	[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	rundll32.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32\ = "C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi"	[email protected]
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32\ThreadingModel = "Apartment"	[email protected]
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}	[email protected]
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\ = "{a61edff5-10ee-4d31-a806-d308087b01de}"	[email protected]
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32	[email protected]
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32\ThreadingModel = "Apartment"	[email protected]
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\ = "{a61edff5-10ee-4d31-a806-d308087b01de}"	[email protected]
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32	[email protected]
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32\ = "C:\\ProgramData\\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi"	[email protected]
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}\InProcServer32	[email protected]
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}	[email protected]
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a61edff5-10ee-4d31-a806-d308087b01de}	[email protected]

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Security Defender(1).zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Security Defender.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5476	[email protected]
5476	[email protected]
5476	[email protected]
5476	[email protected]
5188	[email protected]
5188	[email protected]
5188	[email protected]
5188	[email protected]

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeDebugPrivilege	4620	firefox.exe
Token: SeRestorePrivilege	4516	7zG.exe
Token: 35	4516	7zG.exe
Token: SeSecurityPrivilege	4516	7zG.exe
Token: SeSecurityPrivilege	4516	7zG.exe
Token: SeDebugPrivilege	5476	[email protected]
Token: SeRestorePrivilege	1896	7zG.exe
Token: 35	1896	7zG.exe
Token: SeSecurityPrivilege	1896	7zG.exe
Token: SeSecurityPrivilege	1896	7zG.exe
Token: SeDebugPrivilege	5188	[email protected]
Token: SeDebugPrivilege	4620	firefox.exe

Suspicious use of FindShellTrayWindow 20 IoCs

pid	Process
4620	firefox.exe
4620	firefox.exe
4620	firefox.exe
4620	firefox.exe
4516	7zG.exe
5476	[email protected]
5476	[email protected]
5476	[email protected]
5476	[email protected]
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
1896	7zG.exe
5188	[email protected]
5188	[email protected]
5188	[email protected]
5188	[email protected]
3952	rundll32.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
4620	firefox.exe
4620	firefox.exe
4620	firefox.exe
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
6020	rundll32.exe
3952	rundll32.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4620	firefox.exe
4620	firefox.exe
4620	firefox.exe
4620	firefox.exe
6020	rundll32.exe
6020	rundll32.exe
3952	rundll32.exe
3952	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4316 wrote to memory of 4620	4316	firefox.exe	76
PID 4620 wrote to memory of 4732	4620	firefox.exe	77
PID 4620 wrote to memory of 4732	4620	firefox.exe	77
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 1452	4620	firefox.exe	78
PID 4620 wrote to memory of 4384	4620	firefox.exe	79
PID 4620 wrote to memory of 4384	4620	firefox.exe	79
PID 4620 wrote to memory of 4384	4620	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-28 at 14.57.55.png"
1⤵
PID:4228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.0.1516929117\983692291" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {833bf181-a3fe-4d0b-abf6-7d6b4a92583d} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 1800 2369baf6a58 gpu
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.1.1656840093\718097797" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab032f78-ba19-4901-84aa-b2ec30783108} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 2152 23689872e58 socket
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.2.522630256\1991958426" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2768 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {656626c7-0362-48e9-b9f4-42cc8280a3cc} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 2744 2369fdd7058 tab
    3⤵
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.3.1406154857\2018484025" -childID 2 -isForBrowser -prefsHandle 3376 -prefMapHandle 2732 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76d98112-2f57-4ff2-9948-ee5701c4a97d} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 3428 2368986d958 tab
    3⤵
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.4.620604524\1266444204" -childID 3 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc59027c-bdeb-4ec4-bc08-f0209e72302a} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 4448 236a1b2af58 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.5.1292473246\1758909564" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4856 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4a8d806-8cf9-42e5-b036-45ff9cf2439e} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 4896 236a25fc958 tab
    3⤵
    PID:3344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.6.2127369842\1491496053" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 4976 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc079d34-bb76-452f-8db2-0265f543ecc9} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5080 236a25fab58 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.7.492830829\1878658472" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {515f8c14-3c43-4c0e-9803-3a2581728086} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5216 236a25fcc58 tab
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.8.1726173954\1570199223" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5472 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf9c38f-9b80-46f8-bc6f-663af9910e1b} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5740 23689866e58 tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.9.920392039\521320180" -childID 8 -isForBrowser -prefsHandle 5040 -prefMapHandle 3408 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {449e57f5-1df4-4524-9cfb-486ccb96ce92} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5100 236a366da58 tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.10.1436038950\526576982" -childID 9 -isForBrowser -prefsHandle 5548 -prefMapHandle 5448 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5f3f3b-8d39-4501-99e7-f8c6f1b37666} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 4328 236a366f558 tab
    3⤵
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.11.1246230102\92098464" -childID 10 -isForBrowser -prefsHandle 5816 -prefMapHandle 5820 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff45d500-6953-47b8-9342-6033e60f66fe} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 5460 236a39e6758 tab
    3⤵
    PID:208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.12.67706629\591720692" -childID 11 -isForBrowser -prefsHandle 9384 -prefMapHandle 9380 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18c0f916-7fbd-497d-93d5-76c9d18fcb26} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 9388 236a4af3e58 tab
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.13.1448426814\1230286904" -childID 12 -isForBrowser -prefsHandle 3816 -prefMapHandle 9528 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2b441e9-a367-4a8b-be82-234a351c0267} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 9556 236a4b39558 tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4620.14.939658660\559454286" -childID 13 -isForBrowser -prefsHandle 1016 -prefMapHandle 2864 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {967e612f-359d-445c-8e86-b2cf24a693af} 4620 "\\.\pipe\gecko-crash-server-pipe.4620" 4656 236a5b1f158 tab
    3⤵
    PID:5612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2108

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\virus\" -an -ai#7zMap15265:108:7zEvent19254
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4516

C:\Users\Admin\Downloads\virus\[email protected]
"C:\Users\Admin\Downloads\virus\[email protected]"
1⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5476
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\system32\rundll32.exe" "C:\ProgramData\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi", start
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1580
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\wrk6E0D.tmp", start worker
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:6020

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\7c43fd973e9442e6b908a2c932316545 /t 6044 /p 6020
1⤵
PID:4308

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\virus\" -an -ai#7zMap522:108:7zEvent25677
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1896

C:\Users\Admin\Downloads\virus\[email protected]
"C:\Users\Admin\Downloads\virus\[email protected]"
1⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5188
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\system32\rundll32.exe" "C:\ProgramData\a61edff5-10ee-4d3e-a806-d308087b01de_31.avi", start
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3400
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\wrk3257.tmp", start worker
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\a61edff5-10ee-4d3e-a806-d308087b01de_31.lnk

Filesize
1KB

MD5
1cc9ccd68550bede213e24560331f172

SHA1
58813f72a3ea9e0e673a3768a368184d2d568baf

SHA256
6954809ffec326e9dfeafee467ea3815e5aeed625054c6a6b4df7505ebe90667

SHA512
9f2126339280acfc4dc06962e1ec50967a0397bb2d25eb3b19aaf942d0b5205d4a21b6ebc21b8d23cf512c5dbfee909ad717408abccddd8cdb7f5897143265e6

Download Submit
C:\ProgramData\a61edff5-10ee-4d3e-a806-d308087b01de_.mkv

Filesize
214B

MD5
2cbfa80dee6b9a7a39cc5aba0027332a

SHA1
4eb9f4736940e2682d0b71cc1b8f546302321645

SHA256
99cdcf885ddb782fe37a1d78d3ffc83c3eae37bed0eff202ddd7d991877c2986

SHA512
5a77aae9017457357df0106a5867de4b37ac52f4163dbe4123682e46b211ad0856a5994d79977e4af8aca0df134a6beecddb495180df39953b3c5aa898d98ecb

Download Submit
C:\ProgramData\a61edff5-10ee-4d3e-a806-d308087b01de_31.ico

Filesize
24KB

MD5
cf7cf5e7df3be55ccbfba87936a631bb

SHA1
23763b7a273e6c1bc858ffd53605d6a9aa49776e

SHA256
56c173f375c5255e2107a7deedfff8d1918c11e4e4b03b4b43977af24c42ce2e

SHA512
e977fda2b492296089428d1ea509788403c8716700bdcfe9cbb2360ebecba7be6934927d684618a09fd8edf0a770cf4715b790c3af5cd447a1e45507019eaba5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\16519

Filesize
6KB

MD5
4458f4af4ed01dc697d2c9fc799bd89f

SHA1
ace9326b623cb3a40d9955d3e3d5bc14d23cfac0

SHA256
f44d3cd8fb20132c5bd8a21798fcdceba95ebae1d36944b35dd214c23dd2c9ad

SHA512
798c413e44966763ad7574b95b58b0eb10ea045e2a1d7257f806e450eb1b86d1f10e3e54838c7b2fdae8f7d4907bdc05deffaeedd2375c1656ca53ca69656124

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\19897

Filesize
12KB

MD5
941b1311e29da55a36ced9201c3ca7e0

SHA1
c75be3f7b600c856caa98d2c1eb5804a6017ca38

SHA256
75fd926bf4788acefae7579ec5dc9202a7e4e16d596dcf235e33ce8294ccfdde

SHA512
520431678283e1f6a9d7072b901cf3fce02443de22913097fcf742d6112e318947acdfb30cd20b83a364f75a1e6470e84302632581b5c341b6c02cdd5ecbc942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20726

Filesize
10KB

MD5
98fad04a41603dff5566b879f7e35a96

SHA1
4930c8cafee9a064a2185fdba88a646087d191f3

SHA256
c2620e3eede3c712731adf3ce01c19ccef90c57675b91f9ee5d25f092a858a74

SHA512
2666f3228128ed0834b4b10f47ce6cdc3222407fc2a4ea18f685a15301a249f63548991f985e81338a0c624874a940329a917c3b06584de6caec313a761fdd70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\23835

Filesize
15KB

MD5
180b644dde3eac4fd0cee9440e153a04

SHA1
4b3bef01ad7118bedeb218f1f9bd1daa5690994c

SHA256
087dc3745721cbb6110205cd7f2d31aa178da707dacdee74f3fac6fdba3669df

SHA512
e7524d71fc2aaca2f55b5bff7d5fbe6410fedd8714f41a0d6509315e66fabe01e1799c45906b6c8e1a66a10730742ea9ca56441aff3ac0af73bf2b25b3716115

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\24307

Filesize
5KB

MD5
f5a9f39b956dcaef81023a2152013d04

SHA1
faf8a71f0cd147fc1431e6d8c58404ea690f4676

SHA256
99f50c108d76188189eb9c4cbf150c01416813deefc5e2a375517905a9a0f57a

SHA512
780449731b3301c5986e8d13cc2ea5a56e4114d05fb22635b0fe5952bd421d8e1e8614ffca1c5e3d6d2dda2205e6c747461599c7af413e3fa2ecf6ce5bb50c41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\2447

Filesize
5KB

MD5
04eb6df6c57c0a635ca29cfab1df29d3

SHA1
138efb8fa6191bb1d0f9f5ab3bf55abab63d58f9

SHA256
1b4a66a4fa9a686af7c7aea0d72059a4246b786f03c39e0881ae2c943ae792dc

SHA512
4759ef12e1a632fbcbfab7be09fc2ddf5f25e5481fe181cd83e154277b6b0bf850c82cf8b91b7861ca7fa1cf9d6d61de8320699e02a1367bfef80605a408ccf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\28190

Filesize
2KB

MD5
555616c3d5dbdc8ac96c247e38a92cdb

SHA1
4269001ea541657eb142ae8b16d2dcb8a7ce1011

SHA256
adf3095c87d7bd2b5bf13c2ac5f671cdc6b6a51d84dae2f58f2801b9e59613c6

SHA512
880c3dde9e15a5c2e344a13c9cb411eaafe9fff3e289ffc1f4f9b060868aa66510bc6c15cb4a0e6eb024fc761b247478a63542641ca49858ff6b3e50697cb262

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\28235

Filesize
1KB

MD5
0e54abbd76a441d1555a5c4060b36606

SHA1
1700e0e5700ab5affb0f65c884bf2e9ea49470c9

SHA256
6f4c6936ca6f25c0bf972f68df8f0e1e41a3d34c5139e01a7b2a353c385be287

SHA512
adcddfca54af4ee41fbdbb094577a85f6f8e714ebce1a4de8bd51b6dafae673be5681e9227c6ff8ed1c1b14c297eb5374a30ebbc1a978f0bd593c9dab13ced0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\32735

Filesize
2KB

MD5
285491b9b579e8428f22903720a13970

SHA1
9f04f648da6f60cc71cf3bdb32971d8fa61478d9

SHA256
a82e5c2b64bea22d7da76003135bfa5e06a68df461e22d95dec9250796d5c5a3

SHA512
910cd9687eb3e9f69ce0caa9918aa25ee8d37975d45e0aa8fdaf40c120b0aea58729a329e1b245bdadb8778f01257f3c2610dfc678b9180dc5a4f3466a16064e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0A73C6E23F02820E5C7F05AD9890531BF91D87DB

Filesize
111KB

MD5
32b55f26c0b8a14129f7bdf3a58b3694

SHA1
294213ac3c06311aad867f1d3a5867d1dfc4f2a5

SHA256
11bd8c9d0e182fc82bd15677ec2ba4a8f52536c7bdac67f23f749f51abe16fc9

SHA512
5ebef5b1b5c8a0a581632e985a4289d4ea2359a21248f26774c5b5079d785f927e058492ad73d5bc0b1d60e4ec49a24ad9e94f1875d1517674563c455002e58a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

Filesize
1.1MB

MD5
6db0454186d54aa36a14580f4ad43789

SHA1
1f3880155132e23d6a0f2dc5664a2647990cceac

SHA256
c57375dd6dd412236a7b989260c53f6cb8027f758226e1e4f29c4dc7705b0e9a

SHA512
6256b23b5e5113048cc5f83137beb0d6b44c2521910964292e6ce3dfd28db125cb80657c2af3c58640b69c04aa032390cb898cefedd1e6a8626b2ef087d7b3c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\4C7B6F2CAD8B3C17C2BFE488FBEA72FE061AE34B

Filesize
20KB

MD5
64cf1715de0c07bf14559c5abb3756e7

SHA1
e0c49a55fb70ac4b2b59d737ab10e466c4e8d373

SHA256
90f9da413aeb7664ed0341cf6b33551f5cd8729d31c24c0dfa048fa24251b78a

SHA512
6ff3f544bd93cc791b5c99fcc5567c530e42549ccac77aa66d0007a13e266442c2b8da186f2bd65cdccfa929c45a6181df6d3ab37fd95188e832ab0c05d096d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\53C8C46F04350B64D691DB4860BD34DEDDBDBB16

Filesize
97KB

MD5
446be3dd3c9c6adcb006298871326adf

SHA1
7429ad90bff3e24d229154da2af475f2653da1cd

SHA256
5d44c31f2d317f966fd413e27bd61887bc05448d7bc59848c9883179ca135838

SHA512
012c89198934d6425f543530111d19728fbf60c3729f769ec540d38b8092a95f084b54b861ecfa747b49d93dcd1cc564010f51d48072d691781b1be4f8e3d500

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\79985AB77E10412EDE6DA0D4C63BDB24736A4E69

Filesize
1.2MB

MD5
8dcbf7233ec7293cc2a2bb77061ffead

SHA1
bc529c7aedf0a12a623862b54a8863fbc6e3e1c5

SHA256
fe583de1072baf32e8579d84efc3f277067ae2df324530429585fb680e60c4a9

SHA512
dbdf9c374153dfce6485bffae04fa022da7100aff55c4a187b4c67a9ce327f5a5440902bf81f7331159fad70912de04ab0b79309c38678790faea2f740ca1a53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

Filesize
2.0MB

MD5
79cfea933a7dbf263495df197e7c1923

SHA1
aecd355cb64fddca7d095f799be054a5f35df0b7

SHA256
da8c272d50eb7f683cad33e5a2ab252d9b5e51edbf697975d9e5e810a7621329

SHA512
a6f7fc075d5710e061f17ca727bb64b511ac065e40690b009a1fe39a316885cccf2fb6ff6cdb66dde1b1ee8cb000ba248bd8c457d15dc2a25a6f10e1e033a9b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\98AF737DD946CA3B37F8CD63EC1E1756F57F2E19

Filesize
68KB

MD5
0610a79c75203112b73744daf63e6571

SHA1
7318e9fe434e66315fbaa7b0dc660fb6de398475

SHA256
a07cb60cdf24df3cf7b7c5d0589cf044fc63dafd32aad98c7b7d3e97fb7d8ae4

SHA512
02f4df6d211ba70d04f619ce84f0b9f39b88814ed8679a10e8a76b07877e5f7998d28197ec383d5cf85aa7f99c954f3a53949c641c8a0885ae6344afffd5b728

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\A316A67D82F673191BAD9C75885EB5E7557D7EFD

Filesize
48KB

MD5
8b19d2f68bfb079fd0fe3d93fad9ed87

SHA1
3a15a52360d5405a5fd78d1c73c68a2240728675

SHA256
954c56a42b53ae3ae20a44d60c1af0fdc8cb48ea56175a0930b3d71702d7dd49

SHA512
17bdad2aa655d0470171c3f048acb6dbd963012a7909e95949997f07c9429993ddd9e6c14391d6bf1d2814a1eb62e882109445931dd01861dc62d07cd4456e80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\AB740295913D6FEAC15A7060502087FA226E19B5

Filesize
71KB

MD5
90da9417cd32d93e629737abc8f15b38

SHA1
4d609d5aeb7d2702798268fa8f469cbcfa67dbd8

SHA256
5b4dbd58db524868f5d0b49dcb831cb7c67ac5e45a6a0074279088f2d6bc7a72

SHA512
026ef71fb9a41ed0c3f4cce70677b97b31e113bd0bdaf9823901fdc2c2fb448d8b286754485bcb93158f88e64474472c0ba65e928b9c323f613f57a00e60d4cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C99A2D466BEA9EC52B47375727DDC6FCCE700636

Filesize
198KB

MD5
40f4fe053d02a62162177aa6e3c85178

SHA1
5aff52ac928b06507510a2a2baaa3f4917721fd2

SHA256
8fc1a81a126a4fec5437dde4c113c66177083885dae566c3e47569c270665a44

SHA512
1ac40faa32a753aa11a4c87783ac010d63f05add37be5f755927ecbe74158e76fb0e357b00b05e178b3501aa44b04b390647ab743177e3e32811e0dd5395c7f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
1.4MB

MD5
f0c0f92e6d444f8d3c60a0b49f642462

SHA1
30b844e8d96b5b9866e01a6f74c8ac4edaf75878

SHA256
e74925bd172fd72370ca7ccc5c48294e83c56dbc7a9c2ef33c2ac22e19803758

SHA512
697c5cab839dc260cda851d1d164555cc723449ab00b66ebb34eaa9a91c686424b5042a303cbe500208c34fd7c96c876d7e92506fa36a9cbff0a9037dd1bff6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk

Filesize
1KB

MD5
f76572210200c2f984ee788d0112dcaa

SHA1
d674db1bececcf2eec67929b8a9fb5225d6f1c13

SHA256
ddc112dae155cf992d698738d64a1ad86e2cc0139632da889277adb8c8336963

SHA512
4c91030f319f54af99f10531672b92a8e0c488d79d07131980909d17d942af0fd5ca9a981693d43cd89dd4916d03fa67886d0b4c854955138d4f0e480556c2cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
137a15e00e2149585fc91541a29cfbf0

SHA1
52a9a8f46fea253f92eb88a2f39ca87c4945a971

SHA256
542025de7716f9a51a6a5997a3447c2846d4fd458e8f39ddee69116e1a71ca98

SHA512
df9328bc595a465e7dad12cf59871a9db8b56cee621de93f0149024fd55412da5ff731b837ea76aab0cebd0021ad481b691eae580664f03216fe0e23518e9bcc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a61edff5-10ee-4d3e-a806-d308087b01de_31.lnk

Filesize
1KB

MD5
27d486677410bf80d890070bbdd423b8

SHA1
ec92ff7c3bf5793f7677bbf6096ae7ec526be864

SHA256
a0cdc56453661c9500be89aed2f4d84480b4fd18aa61cbc4a955bdb0b5ee5960

SHA512
3f8f5dcf085c5dbaa1967e3437d49efa2a1127a9c58fb7844dae4921728e8f8ed1a63bfe7d5229359b9157aa3297cb26e770cb12f42df7f9bd66edcec384625e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
6a8ddc941e993033a839bb61cebd8d67

SHA1
d486a7beac5c87d697ecaf8edec65c6ddb12354a

SHA256
37931d2e15356502261de82938af465e383d8b93b0bd42f6572ff74f90b50070

SHA512
68d1ae256b2d8edb5f723df60a0882c6543f6ee6e47110eee67579d39bd835e0d1d5ff6a5a2a4245752680fd8437cdb5c85e9ed414a287827f060cc9dc5aacc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\46c84886-2301-45fc-957b-843005216f82

Filesize
746B

MD5
a21675fc4dc5102b60b4b7db8dbe5b46

SHA1
d45679c6d8f98f9046ee8c577c77ef71fceb3482

SHA256
b8ebb43818b376dff97b031820043cef2ec3fca8f170aeb6852ddd9597fb63e2

SHA512
7db9c9d751ca3753bde0bdebc00286dbf6bea9f5f2c4e74d7a274dcf12dca36bc0d684c4815e4d8854cc71f17f142a54b3f17c1f37a2e31e0e29327524c6d465

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\aed2e699-eef9-4b07-b1d3-fe07df49b5be

Filesize
10KB

MD5
d4830b85225b39303149213198b2d38b

SHA1
63e7f8ef46ce55e7f998d4ceab9d148425f0a65e

SHA256
5c7ef056ea751e55e5bee333e7db4281a7d228f3f6c1c71fea58f028ace94a2b

SHA512
d01aa610422e24c78ad09227138ae86147b678c0457b8b8b07bd72739da0c30749baa0fd0cf4c7de67637968284d3b0b0b81abeeb096966697dfb4cce9c8b24d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
e806766da4f1ce7d23046dab7d5b01d8

SHA1
3eeadc3cd72fb6f0c2681c5a467259fa1792ac7f

SHA256
9cfd5811f0b63a75444180f18cdb74a0c9ff334916620b38aa00a5dd6e1603eb

SHA512
18d31025c802b9fa0b9b4c789d48d80d9f0ab524aaf147e8a29132c5894c157f72f02ec5ac324b9f391bb5be2913d9e98d8c217a74b0690540c11ea3e878268c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
a5945b77dd313e17a31e312f1a064e43

SHA1
20af5463b1ed4cbbaeca58444ad93c303d952350

SHA256
4a9bf264d3f3dbf38a95cb51c5cd744fd70d8a98305fb2cf3fc42c71363c42e5

SHA512
c7987bce6f79820c63306e88ad3cbd1ab46e933fa5fe848e1942f5cb890b069af831c37165bc1215bac6c3e3600e12d46625ccda7f809684202363c947b5ee21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
d471582e414a9cafcbb388b5ca82b408

SHA1
e9feb04acb7373ffcda0be1edb4d5c37b8425549

SHA256
eff2e10674f301294568fe14e8903f9f5f4c563e0f7d9958d8bb7b2571d4c5cf

SHA512
7bbed391d909dbe0b04d08c1b923848239e7dba656134b7692467655c0229695587ba8184f5c32653b2331ef3e20be58755f05410a6475961712a6b4955c3003

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
086a663ac180ba4c93d9c26da84cedb3

SHA1
1efc5abfe865a2b8c4538cee04d3fb8c94d76b50

SHA256
9b386bccab1c153c1eae0ac123f52b52fd051dd28cd7f9b4e0d81ddb02ef79b6

SHA512
65128631289e727f1d18752edc65a80b1934154ba4fe99363ddabdc109b7dfaeb2e61b9857f9472627c059caa749d9b10707e81c2689a78cb9bff71d9545d686

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
21f549689380323751e4fd41965e0103

SHA1
d2786f6eed986979157b5a4a7c1021a477ca191b

SHA256
9c3e94ffee7fd1a39ba9398139af5992d33f48a56cf22e7df497723f86a4d5b3

SHA512
b75a924085321a86b51116f4b1a42f8fffa0ee47724895eb68e99e1022fa08d61fce39269c72086c8fbf79d04cdf74a2cc2b3b8b71e3986665623a55ae14fbb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
1d6cfa6e6fe810d24fe8ef9ec979a7d1

SHA1
4086a51a2b6a7e5467d24a1b9b6b75154e2cd32c

SHA256
dc4d76b31432487d51f21c79aef8b95c93f4a977794bd234a4e2cc2de1e7c6e3

SHA512
e8ed1b76a47a5856f17b4448918d613332316c4068125e63973c319fea57c4198665f1286e9b1dab6b817dc6bbe42c6f66963dc9e3b324c6959a5cc39af14a0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
9a0a240ec067e671843b1f7a1279570e

SHA1
4d992b6ad24d96f20aab0a92f08e3009466e3f31

SHA256
27070ac87b1a30f8e79dd5ab78e7daa8a3de01dc386960af0eb85573b8c6dfe5

SHA512
3b075e3bbce45474942295cce0051099ad755615ac8b501cff61df4582b5bebda16890ecb9e85d8d7de84d8cbcbfe1c000b08306d7dc10a9fa598a3a8b7f5ec8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7fda1526c257598be2c4e1f75fb179c9

SHA1
a4ca05a3d3f3e5626754f854fcaf7fb3916728d5

SHA256
992cfebdd0dabfa54c8378d2d612aec24e4573549ea13c01eda995b3fc11ceda

SHA512
194b8b28eb5a01e31ecd6aa40192d90b09748c5073a549d8e12f16994e820bdb2ad94443522e969af8aedd42371e149b162b42e48886560bc5027cadc3a43d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
beba80b772e9e448886fc744f528ae47

SHA1
7c39fbd55b3e5d12e426681b6f2667acf50b8cc6

SHA256
e1c31adee523555ff6cb972f365330d6be69edcfd7a5204daff9cc240fa494f5

SHA512
a517eccdf402f9db8b29e8686409d51e6026baca775a19efe2d14b6483bac9560d95b233f2dd9734a9e490fbf76916992c368ce25d831dc8559523fb8f3ba1e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2f8787500da7fbdde2936722cef899e7

SHA1
da87141d4fedfb2283d124e69e1897ac05b55e73

SHA256
e4b3aa64f118899867d7ee9c64b41ae2db352776b56facb7fb9611192304dfd8

SHA512
e940497b0d2045765a8a2292f3e011e0579a57a8ae787aa1a44fcdab14036f9abe72894db2fa4f057b8dd41cdadb668aa4f563036a0560eaf73bde276b864d93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
212f9606fca2f59b574c5b6f3e6fa1f4

SHA1
99e34efb76a65387173687503a60dbdf2bdf2ab0

SHA256
8fc95203a792628015a26bdbfa48d17e62ce3c3e242518df8ccdab687cd1210f

SHA512
995a8db2c70f9ec0447e80d1a4b70fd24f643d697f445b5eece8cca76860e0237c5f06f5812f1379229e72488e85c0b29c4179037db30c60901ce1545c9c7d54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
50fa28b2826c8a7ea74f4a63411cfda0

SHA1
86537359704c5be8cef0a5774130b0757a50ddc2

SHA256
d9cb8839b19bda4e7d3747311536052e90771f87228bc8e330bf7214b8722e84

SHA512
14db3ac4dfa6464240fccbcffc5372f482e10b9fd372438cdb1077f774e695cc66c650abd821706367cb983543539cd023d077f7aa74245b83c14d23b2493ae5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5d477965044d315069c4c31c4a65d271

SHA1
091a21a4e0dfcda0fb3e73b302ffbda56a05ea1c

SHA256
94c0e0e6d9359e2cca43503e2cbb6b312c383c339f99ab30e93faade8746a707

SHA512
213853f47a1254e6fab56d1892ff81ae697e45e4af7b5dd43528a4a926d45a674677145f40bbf20c2f8868ea822f8d99610c6d31bfe599128bba1faf52cb16be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
90a0da15e0fd947471b797de7037e676

SHA1
b41d9af3945396913ac22172b32ba191d075dc16

SHA256
3e51a9377dc8aa4056f6c63adf99be4b018fdaf1f4c59bff298731d2c04c8f80

SHA512
3e791de1672ed75138712ad4f86755dcc344f9b3a152f016a391e69ea05ecf5342d4690d35248900a37519ac9083690f5a1bce9cb0d4959123a671b84493038e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b3f41525cf23c577f498b1eaa5bc0945

SHA1
7002669dbf354c977d24e21611b5a813ff0944d4

SHA256
4874d99108088d702c72a1d71d5f95f8fbb04f88846d23196da34c60262c7afc

SHA512
b8fa2e7772740d4463c77d9c8edcc26b281f98a1d28afafe72b5c0f355d59d98c2b50d0776410e2d97bbb4ba15b47af4e5c33b9772517747b938b1490dd20980

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\Desktop\Security Defender.lnk

Filesize
1KB

MD5
393dabe40e5382d9f9522e61983e7842

SHA1
264fadee6aeacf9ddad48c2454844c3086fa355d

SHA256
62b72794a1c848f08fef12e8eb029c6739b3ab704afb1b6a0d1f615d551f5760

SHA512
01849a0618718f4b7ae36f4fd4aa0ff19051b4f30e743ca984c5933ef4290266167742fdc98d27a64277155e0ca9df36d65adc345d175770012091a43a633724

Download Submit
C:\Users\Admin\Downloads\virus\[email protected]

Filesize
1.4MB

MD5
e1b69c058131e1593eccd4fbcdbb72b2

SHA1
6d319439cac072547edd7cf2019855fa25092006

SHA256
b61c53f4137c41aa0a5538fc9a746034b3a903cc4b1b3c8b5f3d3118e1e2bd8f

SHA512
161a5923dc3a6507cbee3b547edcef4fbfe1dc6a04832c2472b1e635d758d1503a61361c2a83a13a0d8e4607516fda4ae6462a74df66b20a7c93174bbcc7129c

Download Submit
\Users\Admin\AppData\Local\Temp\ins1710.tmp

Filesize
1.0MB

MD5
42c29e6c196f7aa781474eef90afecce

SHA1
aaa689aa76ee08a2c38219bdc395770e4d8ecd4d

SHA256
aba35a4ce41fb0a67d6b4fde441e26073b6005e67e40b23c907a0af6ffe24cdf

SHA512
87b055cf153e6158cbf5b1e1873000b0c1160939e870a3a74165cf0e2ab67d39d45d74346d5e44faae30604c0e55289b9e54b52df8d7723ffa51f1aa0d766d44

Download Submit
\Users\Admin\AppData\Local\Temp\ins67C5.tmp

Filesize
1.0MB

MD5
c5d77e86110c52ad4883e9c1d2e038fc

SHA1
0082e9e14d81ec2c2e23ffe79958886b41171202

SHA256
ff8827c9b6bf571b1758626360f06fc693bc92c3b504c286828268bc19418792

SHA512
5fd03eae28baa38cae157a8d0023ac78e28453cfeb28602dbbd274a8bb76218eb70d33486268f234a0e96826c48fa9c3124089dc7af5943058add199e99f7b32

Download Submit
memory/3952-1747-0x0000000000BE0000-0x0000000000CA1000-memory.dmp

Filesize
772KB

Download
memory/3952-1744-0x0000000000BE0000-0x0000000000CA1000-memory.dmp

Filesize
772KB

Download
memory/3952-1745-0x0000000000BE0000-0x0000000000CA1000-memory.dmp

Filesize
772KB

Download
memory/3952-1746-0x0000000000BE0000-0x0000000000CA1000-memory.dmp

Filesize
772KB

Download
memory/3952-1759-0x0000000000BE0000-0x0000000000CA1000-memory.dmp

Filesize
772KB

Download
memory/5188-1758-0x0000000000FF0000-0x0000000001164000-memory.dmp

Filesize
1.5MB

Download
memory/5476-1634-0x00000000013E0000-0x0000000001554000-memory.dmp

Filesize
1.5MB

Download
memory/6020-1631-0x00000000009B0000-0x0000000000A71000-memory.dmp

Filesize
772KB

Download
memory/6020-1632-0x00000000009B0000-0x0000000000A71000-memory.dmp

Filesize
772KB

Download
memory/6020-1630-0x00000000009B0000-0x0000000000A71000-memory.dmp

Filesize
772KB

Download
memory/6020-1637-0x00000000009B0000-0x0000000000A71000-memory.dmp

Filesize
772KB

Download
memory/6020-1635-0x00000000009B0000-0x0000000000A71000-memory.dmp

Filesize
772KB

Download