djvu | ec4bf6cfc55df437a044d2f779cfd3619ddc96d4c7c5cb6621f38e9e30ec1041

Analysis

max time kernel
152s
max time network
159s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-09-2022 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Install.exe
Size

435.0MB
MD5

2a27acc2f6b26b15d6d839d43a6b6bc0
SHA1

661dca9bd343226ae54da0e21f12ef1e181b1776
SHA256

006fd40f696d274a44535fcf35d6130445842b148115db48c5b859a8519cdc77
SHA512

ebf8bfdf7529429a400ad39d473da0e43752c6cd16dffaadd067e38b3e0c9991664217d15931a73f7f78a0160cdbd4f5710699d2f293c1638ae8d1ed5f7940ee
SSDEEP

98304:Ak/AHdxT8BEU8MkJwe65adTX4a2tYsUxKr76hwrrKqdSlwrWL:Ak/i8jkJjLd8a2UxIzGwyL

Score

10^/10

djvu privateloader smokeloader backdoor evasion loader ransomware spyware stealer themida trojan

Malware Config

Extracted

Family

privateloader

http://163.123.143.4/proxies.txt

http://107.182.129.251/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

163.123.143.12

Attributes

payload_url
https://vipsofts.xyz/files/mega.bmp

Extracted

Family

djvu

http://acacaca.org/test3/get.php

Attributes

extension
.oovb
offline_id
6GXhR4uyHH9NXT2qot14T0HeNSviNKH0Q6PGVNt1
payload_url
http://rgyui.top/dl/build2.exe

http://acacaca.org/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-6g0MALAb7E Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0552Jhyjd

rsa_pubkey.plain

Signatures

Detected Djvu ransomware 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/828-99-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral1/memory/828-100-0x0000000000424141-mapping.dmp	family_djvu
behavioral1/memory/932-103-0x0000000004520000-0x000000000463B000-memory.dmp	family_djvu
behavioral1/memory/828-127-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Detects Smokeloader packer 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1180-121-0x0000000000230000-0x0000000000239000-memory.dmp	family_smokeloader
behavioral1/memory/1536-117-0x0000000000402DD8-mapping.dmp	family_smokeloader
behavioral1/memory/1536-116-0x0000000000400000-0x0000000000409000-memory.dmp	family_smokeloader
behavioral1/memory/1824-125-0x0000000000220000-0x0000000000229000-memory.dmp	family_smokeloader
behavioral1/memory/1536-122-0x0000000000400000-0x0000000000409000-memory.dmp	family_smokeloader

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Install.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Install.exe
Downloads MZ/PE file

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Install.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Install.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Install.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Install.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation Install.exe
Loads dropped DLL 6 IoCs

Processes:

Install.exe

pid process

768 Install.exe
768 Install.exe
768 Install.exe
768 Install.exe
768 Install.exe
768 Install.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Control Panel\International\Geo\Nation	Install.exe

pid	process
768	Install.exe
768	Install.exe
768	Install.exe
768	Install.exe
768	Install.exe
768	Install.exe

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/768-55-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-56-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-57-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-59-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-60-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-61-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-62-0x0000000000B70000-0x000000000172C000-memory.dmp	themida
behavioral1/memory/768-63-0x0000000000B70000-0x000000000172C000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Install.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Install.exe
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

3 ipinfo.io
4 ipinfo.io
1 ipinfo.io

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Install.exe

flow	ioc
3	ipinfo.io
4	ipinfo.io
1	ipinfo.io

Drops file in System32 directory 4 IoCs

Processes:

Install.exe

description	ioc	process
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	Install.exe
File opened for modification	C:\Windows\System32\GroupPolicy	Install.exe
File opened for modification	C:\Windows\SysWOW64\GroupPolicy\gpt.ini	Install.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	Install.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Install.exe

pid process

768 Install.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
768	Install.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Install.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Install.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Install.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Install.exe

pid process

768 Install.exe
768 Install.exe

pid	process
768	Install.exe
768	Install.exe

C:\Users\Admin\AppData\Local\Temp\Install.exe
"C:\Users\Admin\AppData\Local\Temp\Install.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:768
- C:\Users\Admin\Pictures\Minor Policy\VEEb49NCHC1hcjzYp1wRZj3N.exe
  "C:\Users\Admin\Pictures\Minor Policy\VEEb49NCHC1hcjzYp1wRZj3N.exe"
  2⤵
  PID:1480
- C:\Users\Admin\Pictures\Minor Policy\06sGWbrIQ0ufARw7C0h6RP59.exe
  "C:\Users\Admin\Pictures\Minor Policy\06sGWbrIQ0ufARw7C0h6RP59.exe"
  2⤵
  PID:552
- C:\Users\Admin\Pictures\Minor Policy\LhYcBMYv5w27m7pmovMTORKo.exe
  "C:\Users\Admin\Pictures\Minor Policy\LhYcBMYv5w27m7pmovMTORKo.exe"
  2⤵
  PID:1840
- C:\Users\Admin\Pictures\Minor Policy\K_yAS5s5jycawbGkrlCxZPD9.exe
  "C:\Users\Admin\Pictures\Minor Policy\K_yAS5s5jycawbGkrlCxZPD9.exe"
  2⤵
  PID:1964
- C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe
  "C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe"
  2⤵
  PID:1180
- - C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe
    "C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe"
    3⤵
    PID:1536
- C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe
  "C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe"
  2⤵
  PID:932
- - C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe
    "C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe"
    3⤵
    PID:828
- C:\Users\Admin\Pictures\Minor Policy\sUcf1HBHEL_IwLuAQLMmyy5q.exe
  "C:\Users\Admin\Pictures\Minor Policy\sUcf1HBHEL_IwLuAQLMmyy5q.exe"
  2⤵
  PID:880
- C:\Users\Admin\Pictures\Minor Policy\eTBf9zcK7Y4Z_dYNrT2bnd1o.exe
  "C:\Users\Admin\Pictures\Minor Policy\eTBf9zcK7Y4Z_dYNrT2bnd1o.exe"
  2⤵
  PID:1824
- C:\Users\Admin\Pictures\Minor Policy\UHEwLCQCsa79j0xBVy2DOqbj.exe
  "C:\Users\Admin\Pictures\Minor Policy\UHEwLCQCsa79j0xBVy2DOqbj.exe"
  2⤵
  PID:1724
- C:\Users\Admin\Pictures\Minor Policy\w8HgErQIwTe1t3oop17PJxXO.exe
  "C:\Users\Admin\Pictures\Minor Policy\w8HgErQIwTe1t3oop17PJxXO.exe"
  2⤵
  PID:1640
- C:\Users\Admin\Pictures\Minor Policy\J5LffDaMSqkavmpcMk9Y4oOm.exe
  "C:\Users\Admin\Pictures\Minor Policy\J5LffDaMSqkavmpcMk9Y4oOm.exe"
  2⤵
  PID:1944
- C:\Users\Admin\Pictures\Minor Policy\_hJsKVfYjJuZXqQJHBRSpMqv.exe
  "C:\Users\Admin\Pictures\Minor Policy\_hJsKVfYjJuZXqQJHBRSpMqv.exe"
  2⤵
  PID:568
- C:\Users\Admin\Pictures\Minor Policy\4O4415XnEbK6YyV_LDT2yc4T.exe
  "C:\Users\Admin\Pictures\Minor Policy\4O4415XnEbK6YyV_LDT2yc4T.exe"
  2⤵
  PID:1568
- C:\Users\Admin\Pictures\Minor Policy\7ZTYQSepfozz_zE47RMDQD3y.exe
  "C:\Users\Admin\Pictures\Minor Policy\7ZTYQSepfozz_zE47RMDQD3y.exe"
  2⤵
  PID:1616
- C:\Users\Admin\Pictures\Minor Policy\YkaWolpnWnm3nujZkW0jKeDA.exe
  "C:\Users\Admin\Pictures\Minor Policy\YkaWolpnWnm3nujZkW0jKeDA.exe"
  2⤵
  PID:1692
- C:\Users\Admin\Pictures\Minor Policy\x_cCp5gaoJNjzFT6dciU7OfP.exe
  "C:\Users\Admin\Pictures\Minor Policy\x_cCp5gaoJNjzFT6dciU7OfP.exe"
  2⤵
  PID:672
- C:\Users\Admin\Pictures\Minor Policy\m8hqUaor5vBNBkhFOdfY9OeU.exe
  "C:\Users\Admin\Pictures\Minor Policy\m8hqUaor5vBNBkhFOdfY9OeU.exe"
  2⤵
  PID:856
- C:\Users\Admin\Pictures\Minor Policy\ciaB9XeTJ1jUiqA3rQVT0wqf.exe
  "C:\Users\Admin\Pictures\Minor Policy\ciaB9XeTJ1jUiqA3rQVT0wqf.exe"
  2⤵
  PID:1920
- C:\Users\Admin\Pictures\Minor Policy\9dfVgtmHQQumgi17Xn9xlPFv.exe
  "C:\Users\Admin\Pictures\Minor Policy\9dfVgtmHQQumgi17Xn9xlPFv.exe"
  2⤵
  PID:556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Pictures\Minor Policy\06sGWbrIQ0ufARw7C0h6RP59.exe

Filesize
5.6MB

MD5
b3b0630feab568055f33b84593b6a0b3

SHA1
e9cb1f95f51fcf31ecbc132f822897cb8dab839f

SHA256
aba67ec9bd4de3a05d77d0049c165058d642c40bb27f67f87748ee712f8f38b4

SHA512
752e20041e43364a68a5fc21e55307835a8b479b49ade1d8cf60a90ed62fe611753abaeda35735a61c2ec80c6982e3b97f067ea22c55ce1afbb7fc6741a37bd6

Download Submit
C:\Users\Admin\Pictures\Minor Policy\06sGWbrIQ0ufARw7C0h6RP59.exe

Filesize
5.6MB

MD5
b3b0630feab568055f33b84593b6a0b3

SHA1
e9cb1f95f51fcf31ecbc132f822897cb8dab839f

SHA256
aba67ec9bd4de3a05d77d0049c165058d642c40bb27f67f87748ee712f8f38b4

SHA512
752e20041e43364a68a5fc21e55307835a8b479b49ade1d8cf60a90ed62fe611753abaeda35735a61c2ec80c6982e3b97f067ea22c55ce1afbb7fc6741a37bd6

Download Submit
C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe

Filesize
331KB

MD5
b6fc166edf95ed9b017e1346a9a5f52a

SHA1
530e29c8c2ff653143801d95c6e4f8f9aff34d7e

SHA256
ca9dbca0f02fed09d543de7382bdd1acc694dbfcd1dd373891d95c2c1dc5acff

SHA512
6f17a4d4414a2eed2a130dc8001257f9677d3c86b7b71b63a100dd05d3a9ad17bc77708ad024f2314494062f36c770dd0919bdd1d2fc41c95e4e7fc26435214a

Download Submit
C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe

Filesize
331KB

MD5
b6fc166edf95ed9b017e1346a9a5f52a

SHA1
530e29c8c2ff653143801d95c6e4f8f9aff34d7e

SHA256
ca9dbca0f02fed09d543de7382bdd1acc694dbfcd1dd373891d95c2c1dc5acff

SHA512
6f17a4d4414a2eed2a130dc8001257f9677d3c86b7b71b63a100dd05d3a9ad17bc77708ad024f2314494062f36c770dd0919bdd1d2fc41c95e4e7fc26435214a

Download Submit
C:\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe

Filesize
331KB

MD5
b6fc166edf95ed9b017e1346a9a5f52a

SHA1
530e29c8c2ff653143801d95c6e4f8f9aff34d7e

SHA256
ca9dbca0f02fed09d543de7382bdd1acc694dbfcd1dd373891d95c2c1dc5acff

SHA512
6f17a4d4414a2eed2a130dc8001257f9677d3c86b7b71b63a100dd05d3a9ad17bc77708ad024f2314494062f36c770dd0919bdd1d2fc41c95e4e7fc26435214a

Download Submit
C:\Users\Admin\Pictures\Minor Policy\K_yAS5s5jycawbGkrlCxZPD9.exe

Filesize
380KB

MD5
44ef10541424c5aff878c9c2e11e9149

SHA1
2df830a4c357f7617fbdaf3f6a4b911a386f9719

SHA256
308b9d686f10b6164f3334c657fdefb82cd9209845e50b78679452db9cd08368

SHA512
e39ee6dc1beae44b9c5d21f3e75a1be067bd22cae4d6f06e8cdeecddf4764ac3c283ef16b431b6b13728b91eb0581190436136ff81b6be1ea9012e8141b70bdf

Download Submit
C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe

Filesize
849KB

MD5
0d81e32125ab67f6a8512313fc3e9afd

SHA1
7838c96200053375506dc61c2e2b1fb7f1348b3e

SHA256
0260fa3d0f107846e8d2182e0829be985c5f46f6983847dce3f024c28f470765

SHA512
d24d22837fc9def5604e4fcf28470dc700213595bf194ca5adf8d777d8a2116a37328ba1e84ff38b56f7b9fe31248c903389d952752b599adcf2f9522e996f4e

Download Submit
C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe

Filesize
849KB

MD5
0d81e32125ab67f6a8512313fc3e9afd

SHA1
7838c96200053375506dc61c2e2b1fb7f1348b3e

SHA256
0260fa3d0f107846e8d2182e0829be985c5f46f6983847dce3f024c28f470765

SHA512
d24d22837fc9def5604e4fcf28470dc700213595bf194ca5adf8d777d8a2116a37328ba1e84ff38b56f7b9fe31248c903389d952752b599adcf2f9522e996f4e

Download Submit
C:\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe

Filesize
849KB

MD5
0d81e32125ab67f6a8512313fc3e9afd

SHA1
7838c96200053375506dc61c2e2b1fb7f1348b3e

SHA256
0260fa3d0f107846e8d2182e0829be985c5f46f6983847dce3f024c28f470765

SHA512
d24d22837fc9def5604e4fcf28470dc700213595bf194ca5adf8d777d8a2116a37328ba1e84ff38b56f7b9fe31248c903389d952752b599adcf2f9522e996f4e

Download Submit
C:\Users\Admin\Pictures\Minor Policy\LhYcBMYv5w27m7pmovMTORKo.exe

Filesize
400KB

MD5
9519c85c644869f182927d93e8e25a33

SHA1
eadc9026e041f7013056f80e068ecf95940ea060

SHA256
f0dc8fa1a18901ac46f4448e434c3885a456865a3a309840a1c4ac67fd56895b

SHA512
dcc1dd25bba19aaf75ec4a1a69dc215eb519e9ee3b8f7b1bd16164b736b3aa81389c076ed4e8a17a1cbfaec2e0b3155df039d1bca3c7186cfeb9950369bccf23

Download Submit
C:\Users\Admin\Pictures\Minor Policy\VEEb49NCHC1hcjzYp1wRZj3N.exe

Filesize
4.2MB

MD5
87f70cdda4feb18292012619e52a9058

SHA1
378991ce2f28b944511919061ac1f8327577d740

SHA256
0f58266dde76e2917bfe7a8ab6617a8d5603a4935a76b37f54c5dbaaa7c0e06c

SHA512
26ddb2da2775aa72043cd1ce0d1a6c099a0cb13039fd865dea0714abc7744add0ba4fe0e36405697fe9d46df385e76d2258f285b548bee3ce6e41b19ed5b6ac7

Download Submit
C:\Users\Admin\Pictures\Minor Policy\eTBf9zcK7Y4Z_dYNrT2bnd1o.exe

Filesize
331KB

MD5
75e1195a24e2461cb33a385452b1c866

SHA1
918178878875801d9e583552c80977ca43bd606f

SHA256
8c9ead199cbac8ffd1c69a4514d7c01a6c07064f77ade57957ec035531716f30

SHA512
a78625724e694ecf2f19ff057c1d61e6fa6a85c16cc0639db0db06280f1916acf687dc29041fe40442f24e1d699b74ce5dea4847a0186dc0413a9fd943174795

Download Submit
C:\Users\Admin\Pictures\Minor Policy\sUcf1HBHEL_IwLuAQLMmyy5q.exe

Filesize
1.4MB

MD5
9d043cab9366921e58a607c216b642bf

SHA1
351b426edd11ea09342fd22fc5dfdf2b117ef5bf

SHA256
1db1cbda83910c8d13ae4a0f20cb09d5897788429e04cd66832f5c1dda3318e8

SHA512
0fe073f166b41f4d577e6f72e5ff09463ed4b86514b97ee5331c44d523cad20d6419d1918734b89820674fdff73b10fb5f28861fe6b8ed4292523ff7c2294d88

Download Submit
\Users\Admin\Pictures\Minor Policy\06sGWbrIQ0ufARw7C0h6RP59.exe

Filesize
5.6MB

MD5
b3b0630feab568055f33b84593b6a0b3

SHA1
e9cb1f95f51fcf31ecbc132f822897cb8dab839f

SHA256
aba67ec9bd4de3a05d77d0049c165058d642c40bb27f67f87748ee712f8f38b4

SHA512
752e20041e43364a68a5fc21e55307835a8b479b49ade1d8cf60a90ed62fe611753abaeda35735a61c2ec80c6982e3b97f067ea22c55ce1afbb7fc6741a37bd6

Download Submit
\Users\Admin\Pictures\Minor Policy\9dfVgtmHQQumgi17Xn9xlPFv.exe

Filesize
434KB

MD5
a02c32933a9afef8c2c3f624d8e0a50c

SHA1
0e91dc7fe61aaab801c8492fcbaf623090c31ab8

SHA256
7110b169b91367725a879b62e6a678126757daf30a942e55ad6b8fee54a446db

SHA512
e3f7ba98fbb8bc2042b957a432bdda3159bcfee8779c60e297a5d650e6b005ebe3f645140d9c2beef5dd1dbecfad47c0c2bb2c97a2ee80b56a7e4e0b485a2696

Download Submit
\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe

Filesize
331KB

MD5
b6fc166edf95ed9b017e1346a9a5f52a

SHA1
530e29c8c2ff653143801d95c6e4f8f9aff34d7e

SHA256
ca9dbca0f02fed09d543de7382bdd1acc694dbfcd1dd373891d95c2c1dc5acff

SHA512
6f17a4d4414a2eed2a130dc8001257f9677d3c86b7b71b63a100dd05d3a9ad17bc77708ad024f2314494062f36c770dd0919bdd1d2fc41c95e4e7fc26435214a

Download Submit
\Users\Admin\Pictures\Minor Policy\IKmB3knlSC8rIfxRBzVHvvgE.exe

Filesize
331KB

MD5
b6fc166edf95ed9b017e1346a9a5f52a

SHA1
530e29c8c2ff653143801d95c6e4f8f9aff34d7e

SHA256
ca9dbca0f02fed09d543de7382bdd1acc694dbfcd1dd373891d95c2c1dc5acff

SHA512
6f17a4d4414a2eed2a130dc8001257f9677d3c86b7b71b63a100dd05d3a9ad17bc77708ad024f2314494062f36c770dd0919bdd1d2fc41c95e4e7fc26435214a

Download Submit
\Users\Admin\Pictures\Minor Policy\K_yAS5s5jycawbGkrlCxZPD9.exe

Filesize
380KB

MD5
44ef10541424c5aff878c9c2e11e9149

SHA1
2df830a4c357f7617fbdaf3f6a4b911a386f9719

SHA256
308b9d686f10b6164f3334c657fdefb82cd9209845e50b78679452db9cd08368

SHA512
e39ee6dc1beae44b9c5d21f3e75a1be067bd22cae4d6f06e8cdeecddf4764ac3c283ef16b431b6b13728b91eb0581190436136ff81b6be1ea9012e8141b70bdf

Download Submit
\Users\Admin\Pictures\Minor Policy\K_yAS5s5jycawbGkrlCxZPD9.exe

Filesize
380KB

MD5
44ef10541424c5aff878c9c2e11e9149

SHA1
2df830a4c357f7617fbdaf3f6a4b911a386f9719

SHA256
308b9d686f10b6164f3334c657fdefb82cd9209845e50b78679452db9cd08368

SHA512
e39ee6dc1beae44b9c5d21f3e75a1be067bd22cae4d6f06e8cdeecddf4764ac3c283ef16b431b6b13728b91eb0581190436136ff81b6be1ea9012e8141b70bdf

Download Submit
\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe

Filesize
849KB

MD5
0d81e32125ab67f6a8512313fc3e9afd

SHA1
7838c96200053375506dc61c2e2b1fb7f1348b3e

SHA256
0260fa3d0f107846e8d2182e0829be985c5f46f6983847dce3f024c28f470765

SHA512
d24d22837fc9def5604e4fcf28470dc700213595bf194ca5adf8d777d8a2116a37328ba1e84ff38b56f7b9fe31248c903389d952752b599adcf2f9522e996f4e

Download Submit
\Users\Admin\Pictures\Minor Policy\Kq42Qf04HIR6Kazeh9VYI5hX.exe

Filesize
849KB

MD5
0d81e32125ab67f6a8512313fc3e9afd

SHA1
7838c96200053375506dc61c2e2b1fb7f1348b3e

SHA256
0260fa3d0f107846e8d2182e0829be985c5f46f6983847dce3f024c28f470765

SHA512
d24d22837fc9def5604e4fcf28470dc700213595bf194ca5adf8d777d8a2116a37328ba1e84ff38b56f7b9fe31248c903389d952752b599adcf2f9522e996f4e

Download Submit
\Users\Admin\Pictures\Minor Policy\LhYcBMYv5w27m7pmovMTORKo.exe

Filesize
400KB

MD5
9519c85c644869f182927d93e8e25a33

SHA1
eadc9026e041f7013056f80e068ecf95940ea060

SHA256
f0dc8fa1a18901ac46f4448e434c3885a456865a3a309840a1c4ac67fd56895b

SHA512
dcc1dd25bba19aaf75ec4a1a69dc215eb519e9ee3b8f7b1bd16164b736b3aa81389c076ed4e8a17a1cbfaec2e0b3155df039d1bca3c7186cfeb9950369bccf23

Download Submit
\Users\Admin\Pictures\Minor Policy\VEEb49NCHC1hcjzYp1wRZj3N.exe

Filesize
4.2MB

MD5
87f70cdda4feb18292012619e52a9058

SHA1
378991ce2f28b944511919061ac1f8327577d740

SHA256
0f58266dde76e2917bfe7a8ab6617a8d5603a4935a76b37f54c5dbaaa7c0e06c

SHA512
26ddb2da2775aa72043cd1ce0d1a6c099a0cb13039fd865dea0714abc7744add0ba4fe0e36405697fe9d46df385e76d2258f285b548bee3ce6e41b19ed5b6ac7

Download Submit
\Users\Admin\Pictures\Minor Policy\VEEb49NCHC1hcjzYp1wRZj3N.exe

Filesize
4.2MB

MD5
87f70cdda4feb18292012619e52a9058

SHA1
378991ce2f28b944511919061ac1f8327577d740

SHA256
0f58266dde76e2917bfe7a8ab6617a8d5603a4935a76b37f54c5dbaaa7c0e06c

SHA512
26ddb2da2775aa72043cd1ce0d1a6c099a0cb13039fd865dea0714abc7744add0ba4fe0e36405697fe9d46df385e76d2258f285b548bee3ce6e41b19ed5b6ac7

Download Submit
\Users\Admin\Pictures\Minor Policy\eTBf9zcK7Y4Z_dYNrT2bnd1o.exe

Filesize
331KB

MD5
75e1195a24e2461cb33a385452b1c866

SHA1
918178878875801d9e583552c80977ca43bd606f

SHA256
8c9ead199cbac8ffd1c69a4514d7c01a6c07064f77ade57957ec035531716f30

SHA512
a78625724e694ecf2f19ff057c1d61e6fa6a85c16cc0639db0db06280f1916acf687dc29041fe40442f24e1d699b74ce5dea4847a0186dc0413a9fd943174795

Download Submit
\Users\Admin\Pictures\Minor Policy\eTBf9zcK7Y4Z_dYNrT2bnd1o.exe

Filesize
331KB

MD5
75e1195a24e2461cb33a385452b1c866

SHA1
918178878875801d9e583552c80977ca43bd606f

SHA256
8c9ead199cbac8ffd1c69a4514d7c01a6c07064f77ade57957ec035531716f30

SHA512
a78625724e694ecf2f19ff057c1d61e6fa6a85c16cc0639db0db06280f1916acf687dc29041fe40442f24e1d699b74ce5dea4847a0186dc0413a9fd943174795

Download Submit
\Users\Admin\Pictures\Minor Policy\sUcf1HBHEL_IwLuAQLMmyy5q.exe

Filesize
1.4MB

MD5
9d043cab9366921e58a607c216b642bf

SHA1
351b426edd11ea09342fd22fc5dfdf2b117ef5bf

SHA256
1db1cbda83910c8d13ae4a0f20cb09d5897788429e04cd66832f5c1dda3318e8

SHA512
0fe073f166b41f4d577e6f72e5ff09463ed4b86514b97ee5331c44d523cad20d6419d1918734b89820674fdff73b10fb5f28861fe6b8ed4292523ff7c2294d88

Download Submit
memory/552-114-0x0000000000B80000-0x0000000001122000-memory.dmp

Filesize
5.6MB

Download
memory/552-76-0x0000000000000000-mapping.dmp

Download
memory/768-57-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-63-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-60-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-128-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/768-56-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-55-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-61-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-54-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/768-59-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-83-0x0000000006880000-0x0000000006AB8000-memory.dmp

Filesize
2.2MB

Download
memory/768-67-0x0000000003730000-0x0000000003757000-memory.dmp

Filesize
156KB

Download
memory/768-64-0x0000000003180000-0x00000000031AE000-memory.dmp

Filesize
184KB

Download
memory/768-58-0x0000000077E80000-0x0000000078000000-memory.dmp

Filesize
1.5MB

Download
memory/768-109-0x00000000040F0000-0x0000000004160000-memory.dmp

Filesize
448KB

Download
memory/768-62-0x0000000000B70000-0x000000000172C000-memory.dmp

Filesize
11.7MB

Download
memory/768-112-0x0000000003CB0000-0x0000000003CD9000-memory.dmp

Filesize
164KB

Download
memory/828-100-0x0000000000424141-mapping.dmp

Download
memory/828-99-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/828-127-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/880-108-0x0000000000000000-mapping.dmp

Download
memory/932-102-0x00000000002F0000-0x0000000000381000-memory.dmp

Filesize
580KB

Download
memory/932-88-0x00000000002F0000-0x0000000000381000-memory.dmp

Filesize
580KB

Download
memory/932-103-0x0000000004520000-0x000000000463B000-memory.dmp

Filesize
1.1MB

Download
memory/932-82-0x0000000000000000-mapping.dmp

Download
memory/1180-120-0x0000000002C8E000-0x0000000002C9E000-memory.dmp

Filesize
64KB

Download
memory/1180-78-0x0000000000000000-mapping.dmp

Download
memory/1180-121-0x0000000000230000-0x0000000000239000-memory.dmp

Filesize
36KB

Download
memory/1480-80-0x0000000000000000-mapping.dmp

Download
memory/1480-89-0x0000000004940000-0x0000000004D29000-memory.dmp

Filesize
3.9MB

Download
memory/1536-117-0x0000000000402DD8-mapping.dmp

Download
memory/1536-116-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1536-122-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1824-124-0x0000000002C8E000-0x0000000002C9E000-memory.dmp

Filesize
64KB

Download
memory/1824-125-0x0000000000220000-0x0000000000229000-memory.dmp

Filesize
36KB

Download
memory/1824-126-0x0000000000400000-0x0000000002B9D000-memory.dmp

Filesize
39.6MB

Download
memory/1824-107-0x0000000000000000-mapping.dmp

Download
memory/1840-75-0x0000000000000000-mapping.dmp

Download
memory/1964-97-0x0000000000870000-0x00000000008B2000-memory.dmp

Filesize
264KB

Download
memory/1964-74-0x0000000000000000-mapping.dmp

Download
memory/1964-92-0x00000000002AB000-0x00000000002D2000-memory.dmp

Filesize
156KB

Download