arkei | 7b14a38b8ab88532170f6d6abac22a6b170d5bd8c7fa2c1301479184854a9124

Analysis

max time kernel
4294183s
max time network
129s
platform
windows7_x64
resource
win7-20220310-en
submitted
30-03-2022 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
Size

11.0MB
MD5

9ad2a9a60994ff956e0dd4678b3ef9f1
SHA1

ab7d7ec8ef3893bc599d582c80cb48639654df1d
SHA256

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa
SHA512

012adcfeff91e107571f33bffa214385bb0f93fe81c99d45482db4225b3e07e16917d75483d30b10e955f5484ce3f0d9619df0340d1a99a638906ee881f49fec

Score

10^/10

arkei babadeda default crypter link loader pdf stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

http://tonyshop312.com/8cPynL7Va1.php

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\gdb	family_babadeda
behavioral1/memory/1988-140-0x0000000003BC0000-0x0000000008CC0000-memory.dmp	family_babadeda

Executes dropped EXE 3 IoCs

Processes:

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmpcf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmpPIXWin.exe

pid	process
1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
1988	PIXWin.exe

Loads dropped DLL 29 IoCs

Processes:

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.execf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.execf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmpPIXWin.exe

pid	process
1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\gdb	pdf_with_link_action

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp

pid	process
860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp

pid process

860 cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

PIXWin.exe

pid process

1988 PIXWin.exe
1988 PIXWin.exe
1988 PIXWin.exe

pid	process
1988	PIXWin.exe
1988	PIXWin.exe
1988	PIXWin.exe

Suspicious use of WriteProcessMemory 25 IoCs

Processes:

cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.execf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmpcf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.execf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp

C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
"C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1800

C:\Users\Admin\AppData\Local\Temp\is-QVO3J.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QVO3J.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp" /SL5="$4014C,10733989,780800,C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1640

C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
"C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe" /VERYSILENT
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1184

C:\Users\Admin\AppData\Local\Temp\is-KAJ9L.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
"C:\Users\Admin\AppData\Local\Temp\is-KAJ9L.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp" /SL5="$5014C,10733989,780800,C:\Users\Admin\AppData\Local\Temp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe" /VERYSILENT
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:860

C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\PIXWin.exe
"C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\PIXWin.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1988

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-KAJ9L.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
Filesize
3.0MB

MD5
c415fd6dd64aec88dcef43a471a27b06

SHA1
fe1e740b29901ad81f9f19b653b7756f382e5255

SHA256
564bba1d6b9e77985304cccf995a89d49ca295ed247b1861a4bd2e0b219655ed

SHA512
cabb388cbe7b49563e1042347f2d43a375effc6e237c1872baa702d83e9d0cf39245ff477a06f18016bacfb0a14487b16e97259158fd55ec6b439f11f041fbf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QVO3J.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
Filesize
3.0MB

MD5
c415fd6dd64aec88dcef43a471a27b06

SHA1
fe1e740b29901ad81f9f19b653b7756f382e5255

SHA256
564bba1d6b9e77985304cccf995a89d49ca295ed247b1861a4bd2e0b219655ed

SHA512
cabb388cbe7b49563e1042347f2d43a375effc6e237c1872baa702d83e9d0cf39245ff477a06f18016bacfb0a14487b16e97259158fd55ec6b439f11f041fbf9

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\D3DCOMPILER_43.dll
Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\Detoured.dll
Filesize
41KB

MD5
6adaae7fd80038159b26b19a88b41d9e

SHA1
d0a8132d83b2904f024f4224285b0f8c658d45fa

SHA256
abb11bb061f932124e0f6ed4bdf323adedba845fac65d83a78910a3c63b0d8cd

SHA512
b3b214c133654b047420f956a35eab998c94e4f17d5d4cf555a95fa99ebbeee441b17542ce2ca46509c960072a097a79fcfe4f254f7737166945189c91be7a19

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\MSVCP140.dll
Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\PIXWin.exe
Filesize
2.2MB

MD5
f5aa5e6b49e00a8e66e50984166d0e8c

SHA1
56085a70e1b863a8bb2552f968d5c4cd6ff419f2

SHA256
c781c5b74c938940564d1447ecddcb614cdbbb25cec13ee2a5dc127b92cc1fbe

SHA512
1bb38e538814f1811044c5054d33476062eaccac502f202efe0cc53226fa73bdb3d5b4fe337d9583653740e80b2f3bb55ccdaafa512cd4a7a436391cc48da40c

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\PIXWin.exe
Filesize
2.2MB

MD5
f5aa5e6b49e00a8e66e50984166d0e8c

SHA1
56085a70e1b863a8bb2552f968d5c4cd6ff419f2

SHA256
c781c5b74c938940564d1447ecddcb614cdbbb25cec13ee2a5dc127b92cc1fbe

SHA512
1bb38e538814f1811044c5054d33476062eaccac502f202efe0cc53226fa73bdb3d5b4fe337d9583653740e80b2f3bb55ccdaafa512cd4a7a436391cc48da40c

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\VCRUNTIME140.dll
Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-file-l2-1-0.dll
Filesize
10KB

MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
eb6f7af7eed6aa9ab03495b62fd3563f

SHA1
5a60eebe67ed90f3171970f8339e1404ca1bb311

SHA256
148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02

SHA512
a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-convert-l1-1-0.dll
Filesize
14KB

MD5
88f89d0f2bd5748ed1af75889e715e6a

SHA1
8ada489b9ff33530a3fb7161cc07b5b11dfb8909

SHA256
02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc

SHA512
1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
0979785e3ef8137cdd47c797adcb96e3

SHA1
4051c6eb37a4c0dba47b58301e63df76bff347dd

SHA256
d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257

SHA512
e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
12KB

MD5
a1b6cebd3d7a8b25b9a9cbc18d03a00c

SHA1
5516de099c49e0e6d1224286c3dc9b4d7985e913

SHA256
162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362

SHA512
a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-heap-l1-1-0.dll
Filesize
11KB

MD5
a6a9dfb31be2510f6dbfedd476c6d15a

SHA1
cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

SHA256
150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

SHA512
b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
50b721a0c945abe3edca6bcee2a70c6c

SHA1
f35b3157818d4a5af3486b5e2e70bb510ac05eff

SHA256
db495c7c4ad2072d09b2d4506b3a50f04487ad8b27d656685ea3fa5d9653a21d

SHA512
ef2f6d28d01a5bad7c494851077d52f22a11514548c287e513f4820c23f90020a0032e2da16cc170ae80897ae45fc82bffc9d18afb2ae1a7b1da6eef56240840

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
461d5af3277efb5f000b9df826581b80

SHA1
935b00c88c2065f98746e2b4353d4369216f1812

SHA256
f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf

SHA512
229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
16KB

MD5
5765103e1f5412c43295bd752ccaea03

SHA1
6913bf1624599e55680a0292e22c89cab559db81

SHA256
8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

SHA512
5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
f364190706414020c02cf4d531e0229d

SHA1
5899230b0d7ad96121c3be0df99235ddd8a47dc6

SHA256
a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2

SHA512
a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
d0b6a2caec62f5477e4e36b991563041

SHA1
8396e1e02dace6ae4dde33b3e432a3581bc38f5d

SHA256
fd44d833ea40d50981b3151535618eb57b5513ed824a9963251d07abff2baedf

SHA512
69bd6df96de99e6ab9c12d8a1024d20a034a7db3e2b62e8be7fdbc838c4e9001d2497b04209e07a5365d00366c794c31ee89b133304e475dde5f92fdb7fcb0bc

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
3dfb82541979a23a9deb5fd4dcfb6b22

SHA1
5da1d02b764917b38fdc34f4b41fb9a599105dd9

SHA256
0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb

SHA512
f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\d3dx11_43.dll
Filesize
242KB

MD5
8e0bb968ff41d80e5f2c747c04db79ae

SHA1
69b332d78020177a9b3f60cb672ec47578003c0d

SHA256
492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d

SHA512
7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\d3dx9_43.dll
Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\fontdesk4.DLL
Filesize
7.9MB

MD5
f678a70827c790c23cdbc069e385f46b

SHA1
c8b37f85cd472ec995a80604e9494347ab0d4872

SHA256
c98bf672212fa961e2e727cff59f788069494a5ff2e9679d26ef6237d956cb85

SHA512
057fc70bf87dc1540dd88fce9e0d6545534fd5db09cecfd12c10f6a49489310fcfe450cd14449a04c8e524266fea2f035c51eaa7d5d09edf037931349503db14

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\gdb
Filesize
472KB

MD5
eacf3db30c4503f5824cadb693fed291

SHA1
abfef9cee85dd2ec4281b2109e378477ba924628

SHA256
e371aeeee12f660e7e00b6ca2970a6e927f72d35ae3917cabd6e6cf0f30e78fc

SHA512
623aaba3edd240bf1f629cce94a5c667a76ab811328cc0622a14a97328c72bd37e4adf18354fa0adbb947d62258493d536190dc6519370da7c95c127b4879cb0

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\iisnetwork.dll
Filesize
13KB

MD5
9ebe0f0fb6f2bba7665376a7943b2137

SHA1
92c81061a889d4b78231927ba78dc303b1804fbe

SHA256
69114bd6e375646e38c2323af52794f4658a2718b90c3ecb290594776a868dba

SHA512
e38ed1853c6a50de2e4ac764002a0e3269b0bc7b3e6434ae1000048167095a5c942f921454c5bea4597ea4523d2563037878ea0c2ebab8944e850cc878da99a1

Download Submit
C:\Users\Admin\AppData\Roaming\R for Windows 4.1.1\ucrtbase.DLL
Filesize
1.1MB

MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
\Users\Admin\AppData\Local\Temp\is-KAJ9L.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
Filesize
3.0MB

MD5
c415fd6dd64aec88dcef43a471a27b06

SHA1
fe1e740b29901ad81f9f19b653b7756f382e5255

SHA256
564bba1d6b9e77985304cccf995a89d49ca295ed247b1861a4bd2e0b219655ed

SHA512
cabb388cbe7b49563e1042347f2d43a375effc6e237c1872baa702d83e9d0cf39245ff477a06f18016bacfb0a14487b16e97259158fd55ec6b439f11f041fbf9

Download Submit
\Users\Admin\AppData\Local\Temp\is-QVO3J.tmp\cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
Filesize
3.0MB

MD5
c415fd6dd64aec88dcef43a471a27b06

SHA1
fe1e740b29901ad81f9f19b653b7756f382e5255

SHA256
564bba1d6b9e77985304cccf995a89d49ca295ed247b1861a4bd2e0b219655ed

SHA512
cabb388cbe7b49563e1042347f2d43a375effc6e237c1872baa702d83e9d0cf39245ff477a06f18016bacfb0a14487b16e97259158fd55ec6b439f11f041fbf9

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\D3DCompiler_43.dll
Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\D3DX9_43.dll
Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\Detoured.dll
Filesize
41KB

MD5
6adaae7fd80038159b26b19a88b41d9e

SHA1
d0a8132d83b2904f024f4224285b0f8c658d45fa

SHA256
abb11bb061f932124e0f6ed4bdf323adedba845fac65d83a78910a3c63b0d8cd

SHA512
b3b214c133654b047420f956a35eab998c94e4f17d5d4cf555a95fa99ebbeee441b17542ce2ca46509c960072a097a79fcfe4f254f7737166945189c91be7a19

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\PIXWin.exe
Filesize
2.2MB

MD5
f5aa5e6b49e00a8e66e50984166d0e8c

SHA1
56085a70e1b863a8bb2552f968d5c4cd6ff419f2

SHA256
c781c5b74c938940564d1447ecddcb614cdbbb25cec13ee2a5dc127b92cc1fbe

SHA512
1bb38e538814f1811044c5054d33476062eaccac502f202efe0cc53226fa73bdb3d5b4fe337d9583653740e80b2f3bb55ccdaafa512cd4a7a436391cc48da40c

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-file-l1-2-0.dll
Filesize
11KB

MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-file-l2-1-0.dll
Filesize
10KB

MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-localization-l1-2-0.dll
Filesize
13KB

MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
11KB

MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-synch-l1-2-0.dll
Filesize
11KB

MD5
eb6f7af7eed6aa9ab03495b62fd3563f

SHA1
5a60eebe67ed90f3171970f8339e1404ca1bb311

SHA256
148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02

SHA512
a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-core-timezone-l1-1-0.dll
Filesize
11KB

MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-convert-l1-1-0.dll
Filesize
14KB

MD5
88f89d0f2bd5748ed1af75889e715e6a

SHA1
8ada489b9ff33530a3fb7161cc07b5b11dfb8909

SHA256
02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc

SHA512
1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-environment-l1-1-0.dll
Filesize
11KB

MD5
0979785e3ef8137cdd47c797adcb96e3

SHA1
4051c6eb37a4c0dba47b58301e63df76bff347dd

SHA256
d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257

SHA512
e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
12KB

MD5
a1b6cebd3d7a8b25b9a9cbc18d03a00c

SHA1
5516de099c49e0e6d1224286c3dc9b4d7985e913

SHA256
162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362

SHA512
a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-heap-l1-1-0.dll
Filesize
11KB

MD5
a6a9dfb31be2510f6dbfedd476c6d15a

SHA1
cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

SHA256
150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

SHA512
b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-locale-l1-1-0.dll
Filesize
11KB

MD5
50b721a0c945abe3edca6bcee2a70c6c

SHA1
f35b3157818d4a5af3486b5e2e70bb510ac05eff

SHA256
db495c7c4ad2072d09b2d4506b3a50f04487ad8b27d656685ea3fa5d9653a21d

SHA512
ef2f6d28d01a5bad7c494851077d52f22a11514548c287e513f4820c23f90020a0032e2da16cc170ae80897ae45fc82bffc9d18afb2ae1a7b1da6eef56240840

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-math-l1-1-0.dll
Filesize
21KB

MD5
461d5af3277efb5f000b9df826581b80

SHA1
935b00c88c2065f98746e2b4353d4369216f1812

SHA256
f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf

SHA512
229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
16KB

MD5
5765103e1f5412c43295bd752ccaea03

SHA1
6913bf1624599e55680a0292e22c89cab559db81

SHA256
8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

SHA512
5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-string-l1-1-0.dll
Filesize
17KB

MD5
f364190706414020c02cf4d531e0229d

SHA1
5899230b0d7ad96121c3be0df99235ddd8a47dc6

SHA256
a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2

SHA512
a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-time-l1-1-0.dll
Filesize
13KB

MD5
d0b6a2caec62f5477e4e36b991563041

SHA1
8396e1e02dace6ae4dde33b3e432a3581bc38f5d

SHA256
fd44d833ea40d50981b3151535618eb57b5513ed824a9963251d07abff2baedf

SHA512
69bd6df96de99e6ab9c12d8a1024d20a034a7db3e2b62e8be7fdbc838c4e9001d2497b04209e07a5365d00366c794c31ee89b133304e475dde5f92fdb7fcb0bc

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\api-ms-win-crt-utility-l1-1-0.dll
Filesize
11KB

MD5
3dfb82541979a23a9deb5fd4dcfb6b22

SHA1
5da1d02b764917b38fdc34f4b41fb9a599105dd9

SHA256
0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb

SHA512
f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\d3dx11_43.dll
Filesize
242KB

MD5
8e0bb968ff41d80e5f2c747c04db79ae

SHA1
69b332d78020177a9b3f60cb672ec47578003c0d

SHA256
492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d

SHA512
7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\fontdesk4.dll
Filesize
7.9MB

MD5
f678a70827c790c23cdbc069e385f46b

SHA1
c8b37f85cd472ec995a80604e9494347ab0d4872

SHA256
c98bf672212fa961e2e727cff59f788069494a5ff2e9679d26ef6237d956cb85

SHA512
057fc70bf87dc1540dd88fce9e0d6545534fd5db09cecfd12c10f6a49489310fcfe450cd14449a04c8e524266fea2f035c51eaa7d5d09edf037931349503db14

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\iisnetwork.dll
Filesize
13KB

MD5
9ebe0f0fb6f2bba7665376a7943b2137

SHA1
92c81061a889d4b78231927ba78dc303b1804fbe

SHA256
69114bd6e375646e38c2323af52794f4658a2718b90c3ecb290594776a868dba

SHA512
e38ed1853c6a50de2e4ac764002a0e3269b0bc7b3e6434ae1000048167095a5c942f921454c5bea4597ea4523d2563037878ea0c2ebab8944e850cc878da99a1

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\msvcp140.dll
Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\ucrtbase.dll
Filesize
1.1MB

MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
\Users\Admin\AppData\Roaming\R for Windows 4.1.1\vcruntime140.dll
Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
memory/860-71-0x0000000074A81000-0x0000000074A83000-memory.dmp

Filesize
8KB

Download
memory/860-68-0x0000000000000000-mapping.dmp

Download
memory/1184-62-0x0000000000000000-mapping.dmp

Download
memory/1184-64-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1184-66-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1640-58-0x0000000000000000-mapping.dmp

Download
memory/1800-54-0x00000000766A1000-0x00000000766A3000-memory.dmp

Filesize
8KB

Download
memory/1800-60-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1800-55-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/1988-73-0x0000000000000000-mapping.dmp

Download
memory/1988-128-0x0000000075B30000-0x0000000075B40000-memory.dmp

Filesize
64KB

Download
memory/1988-131-0x0000000003020000-0x000000000317C000-memory.dmp

Filesize
1.4MB

Download
memory/1988-126-0x0000000000851000-0x0000000000853000-memory.dmp

Filesize
8KB

Download
memory/1988-133-0x0000000000470000-0x0000000000494000-memory.dmp

Filesize
144KB

Download
memory/1988-139-0x0000000074880000-0x000000007488E000-memory.dmp

Filesize
56KB

Download
memory/1988-138-0x0000000075B30000-0x0000000075B40000-memory.dmp

Filesize
64KB

Download
memory/1988-140-0x0000000003BC0000-0x0000000008CC0000-memory.dmp

Filesize
81.0MB

Download

description	pid	process	target process
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1800 wrote to memory of 1640	1800	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1640 wrote to memory of 1184	1640	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 1184 wrote to memory of 860	1184	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.exe	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp
PID 860 wrote to memory of 1988	860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	PIXWin.exe
PID 860 wrote to memory of 1988	860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	PIXWin.exe
PID 860 wrote to memory of 1988	860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	PIXWin.exe
PID 860 wrote to memory of 1988	860	cf1d4bf6b4a831d9664bbf0f40a609152a699f8d535c21e41ada406c47f63bfa.tmp	PIXWin.exe

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads