joker | 8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f

Analysis

max time kernel
150s
max time network
183s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-10-2022 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe
Size

310KB
MD5

74b2c9b9a15dc0a92f867fe210622c3f
SHA1

befd6c6bb6889cdc0c32d9e36b369a6f9aea2454
SHA256

8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f
SHA512

32f98c17927af20866b67c3ed9540929687de1559da37ae462618cdf72c01c617d657cd3429007bd613eb1bafdfca379664d02bf3b97c8b42af47393237b17a6
SSDEEP

6144:NiMDpVyzfutYz87ZY7yAVxHytGNr8cwPM2vuii2IW6MIPg5q5zV:NXNkWqIueUHytMS5inWzIPDZV

Score

10^/10

joker infostealer trojan

Malware Config

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\safe.ico	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe

Drops file in Program Files directory 14 IoCs

description	ioc	Process
File created	C:\progra~1\ico\$dpx$.tmp\38b13b28eb345b44addd0aa6b4a96df9.tmp	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\120adbd819aadc418b6b0b267b5cfd6d.tmp	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\542119c7e8c0ca4a8311da70a1b6839f.tmp	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\5305a1c95c12b049bc1736aeb370abf6.tmp	expand.exe
File opened for modification	C:\progra~1\ico\$dpx$.tmp\job.xml	expand.exe
File opened for modification	C:\progra~1\ico\Chat.ico	expand.exe
File opened for modification	C:\progra~1\ico\meiv.ico	expand.exe
File opened for modification	C:\progra~1\ico\Video.ico	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\4548b6f75674a044a0e1162c2507cddb.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Film.ico	expand.exe
File opened for modification	C:\progra~1\ico\Taobao.ico	expand.exe
File opened for modification	C:\progra~1\ico\$dpx$.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Beauty.ico	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\7465fc427ac3164c822c72f99e6140c2.tmp	expand.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.779dh.com\ = "63"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\779dh.com\Total = "126"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.779dh.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D6C0ED1-4BBF-11ED-8B55-6651945CA213} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mitao01.bar\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mitao01.bar\Total = "63"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\779dh.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mitao01.bar\ = "63"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\ename.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\ename.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "126"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70531b13ccdfd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\779dh.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "189"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\618889.shop.ename.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\ename.com\Total = "63"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "372517004"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\618889.shop.ename.com\ = "63"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000ee325ea9eec4dde610af570f80c4ee106a48e11d9b44a9627cc3bd1c7f41ae79000000000e80000000020000200000006be969cfc0d582723f2ef457ec847cdb7c20e0e1311115f9d82cb029acc958f220000000ba547138f166a7ae3bb8637eb4a4f0600170d62f808cd78a63b7af9b8a0ce0d8400000003c9ea00c12c78b99b01b580f21b03c42a2c6154119ec8f6ec7bb13de93e8fe59e95e9ec495ec52ada0b8550051a843ca1806efdf34168ac410ff3681fd998360	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\mitao01.bar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf000000000200000000001066000000010000200000009c5fdaff6eb70a956c0eb770d4279e5dd9f97a73ef1a9c2046bc8cbda24f3702000000000e800000000200002000000030f2d4dcbfade6fbc65116c1f49e1d169af46ef41347b3998fcd5d28ff7856bb90000000f3cffafde8ec94f1df269c7ac1951f614e63d1c65ff2ff6510b90ad6220484cc5a1efe4ca6845953bf5e110557fc823054d03f971b9f06f5c66900f285662b8c8c41aa55ebe95c47739fb74d6ad5f64f268f0f93ada17ca9af7793069e3901a898599a65a3c79c60e8e8da9281981af30d0441419de22dc096568fb7975f2924db247aab64aa4346b1dcba3c092136f640000000696db505d4f014188a0b5f5dc3db814130e745ca97d073dc6b2232bf1926800c3669853051120d743a6fc39f982598ce845ce0fca4fcbbb9222fa09e943b702e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe
1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe
1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe
1556	iexplore.exe
1556	iexplore.exe
1064	IEXPLORE.EXE
1064	IEXPLORE.EXE
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe
1556	iexplore.exe
1348	IEXPLORE.EXE
1348	IEXPLORE.EXE
1144	IEXPLORE.EXE
1144	IEXPLORE.EXE
2020	IEXPLORE.EXE
2020	IEXPLORE.EXE
1348	IEXPLORE.EXE
1348	IEXPLORE.EXE
1064	IEXPLORE.EXE
1064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1752	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	29
PID 1896 wrote to memory of 1752	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	29
PID 1896 wrote to memory of 1752	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	29
PID 1896 wrote to memory of 1752	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	29
PID 1896 wrote to memory of 1732	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	28
PID 1896 wrote to memory of 1732	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	28
PID 1896 wrote to memory of 1732	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	28
PID 1896 wrote to memory of 1732	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	28
PID 1752 wrote to memory of 968	1752	cmd.exe	31
PID 1752 wrote to memory of 968	1752	cmd.exe	31
PID 1752 wrote to memory of 968	1752	cmd.exe	31
PID 1752 wrote to memory of 968	1752	cmd.exe	31
PID 432 wrote to memory of 1556	432	explorer.exe	34
PID 432 wrote to memory of 1556	432	explorer.exe	34
PID 432 wrote to memory of 1556	432	explorer.exe	34
PID 1556 wrote to memory of 1064	1556	iexplore.exe	35
PID 1556 wrote to memory of 1064	1556	iexplore.exe	35
PID 1556 wrote to memory of 1064	1556	iexplore.exe	35
PID 1556 wrote to memory of 1064	1556	iexplore.exe	35
PID 1896 wrote to memory of 1840	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	38
PID 1896 wrote to memory of 1840	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	38
PID 1896 wrote to memory of 1840	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	38
PID 1896 wrote to memory of 1840	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	38
PID 1896 wrote to memory of 1668	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	37
PID 1896 wrote to memory of 1668	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	37
PID 1896 wrote to memory of 1668	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	37
PID 1896 wrote to memory of 1668	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	37
PID 1896 wrote to memory of 1672	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	39
PID 1896 wrote to memory of 1672	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	39
PID 1896 wrote to memory of 1672	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	39
PID 1896 wrote to memory of 1672	1896	8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe	39
PID 1556 wrote to memory of 1348	1556	iexplore.exe	41
PID 1556 wrote to memory of 1348	1556	iexplore.exe	41
PID 1556 wrote to memory of 1348	1556	iexplore.exe	41
PID 1556 wrote to memory of 1348	1556	iexplore.exe	41
PID 1556 wrote to memory of 2020	1556	iexplore.exe	40
PID 1556 wrote to memory of 2020	1556	iexplore.exe	40
PID 1556 wrote to memory of 2020	1556	iexplore.exe	40
PID 1556 wrote to memory of 2020	1556	iexplore.exe	40
PID 1556 wrote to memory of 1144	1556	iexplore.exe	42
PID 1556 wrote to memory of 1144	1556	iexplore.exe	42
PID 1556 wrote to memory of 1144	1556	iexplore.exe	42
PID 1556 wrote to memory of 1144	1556	iexplore.exe	42

C:\Users\Admin\AppData\Local\Temp\8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe
"C:\Users\Admin\AppData\Local\Temp\8e14c98dd7723cf7a05f58d78194237f2ccfa63fc20eeae9546cec05a90fb91f.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\explorer.exe
  explorer.exe http://www.v258.net/list/list16.html?mmm
  2⤵
  PID:1732
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\T9rob.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Windows\SysWOW64\expand.exe
    expand.exe "C:\Users\Admin\AppData\Local\Temp\ico.cab" -F:*.* "C:\progra~1\ico"
    3⤵
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:968
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v921.com/?uk
  2⤵
  PID:1668
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.q22.cc/?ukt
  2⤵
  PID:1840
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.779dh.com/?kj
  2⤵
  PID:1672

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v258.net/list/list16.html?mmm
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1064
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:799745 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2020
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:603138 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1348
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1556 CREDAT:668675 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
b90f7774c9a454dcb4e765a13fd24eb0

SHA1
f08a1453647c33dfd7d5757619f8b786106c1810

SHA256
cef9e0d09bcefec36de16ecca1a53665018bae69aac8c5350e5e74594574b877

SHA512
648f95283286096734187c0c130db8ee294046fde96bcaf7409761bc5b4207073b2006f4dddd8c8e3f44423934ce92ac112bd18fafc329e0b839404552b54249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
be9d844ee366a93894115b42bfdb9e5f

SHA1
72502c6dc0cf0096085e58347022d318e7cac171

SHA256
ea7d6276f53a1683acdd10a5d591483e43318e4a1623291cfebc4b984d4c5090

SHA512
495e1f2e07785ca66b0ab30c432de1a0e067c11d3cc05e214f5dc5a579e9f6908d5801a3122cc29653d7d8357c7a352c4c79cf7ccc873f6e94fdf849f1e9072b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
be9d844ee366a93894115b42bfdb9e5f

SHA1
72502c6dc0cf0096085e58347022d318e7cac171

SHA256
ea7d6276f53a1683acdd10a5d591483e43318e4a1623291cfebc4b984d4c5090

SHA512
495e1f2e07785ca66b0ab30c432de1a0e067c11d3cc05e214f5dc5a579e9f6908d5801a3122cc29653d7d8357c7a352c4c79cf7ccc873f6e94fdf849f1e9072b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B

Filesize
1KB

MD5
3b84cebb286ce173832e181b4ee6e5a4

SHA1
90addc1507cb6daa7a4568bae0cae01e9f3e6898

SHA256
13973bf04aa11227209e8d3da202340159943ee95a0e8974e764886ced4af4ff

SHA512
87ecf8915b7b6eeb073e507ffa55c08bc6e34e5ee47082590bd790fd718232601145c4f8c4e73355a76e71bf90d8cdea7cbf6e44d9296b4f30c0c6387a6b75b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
60KB

MD5
d15aaa7c9be910a9898260767e2490e1

SHA1
2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

SHA256
f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

SHA512
7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

Filesize
1KB

MD5
00227a1997000059db17c4973b72409d

SHA1
f583a8cf20fafabdc46595d85f32ed3f51f140a9

SHA256
37f5fa67232195384dfb20b9437c251697dfb2c9a377b1da726176757b31c917

SHA512
bcb08425bf0998004ab5331c5d0b3989b1ac6ee9616da1e1e3cfd02ee288c267fa3b8b1ef1d3bd9dcce707c0a3288ef0904fc5851513641a05f4718fc3e711ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
2faa5fa6cf8cbd0a994e883351f7e8e3

SHA1
b8c3a1bb394c13f0d7ca8fbe3b867fed2b21dc98

SHA256
8488e0208fddfe15b79514e70777c0ec7bff1e680f704c04eac1580fad4d421e

SHA512
d90b96f1d81ea32a19681e27949c10dc434f07c5270c6cc454428b36f52a62a751b152299fcc1202973b32947353e23fe2a93516bf64bea6634ea134d4f9ad67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
6ad22bb37c06a8542959021fc49948fa

SHA1
753e47099793b24efedc8208611e9fabb74990b2

SHA256
e88f513b287a2aaa2118d51d71a20ff6cd04dacb2bbafba25676fc0ade7874b7

SHA512
838d033789ae6028b8fac4c5a6f7415d1515a2ea3a4a022c890e0879abddcf05794165799ae890ae3c54601fed034efb3f2fed35d3fa980c13941799d87dd440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
931843ea3cb5ce01f506518ad68e2ce4

SHA1
b0449a882e0bb92bc3f014c19c0c326c70e60281

SHA256
1ad1eb30eb08d763aef39a1056c734dd1d0b5d95b218e7975474c519f4c341ee

SHA512
d708d519723d4705af6bcfb0084904501309d9397e4b4489fcf1dfe2fa584df1ee76a1ef1c6391727c93bf3a32603feaaaeb7c2ebccd7e57875aaa56eaa7200c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
7c2e22e44fb4b1c0490d4ec4153090b8

SHA1
15d38c5ef895b23246a51033eefc03392174c83f

SHA256
201316327ccd3b202affff1b5755a44002255eee5554093b404323434ed65cf5

SHA512
ee777616be93baac9cb5b37a8bf0e3e9c2d468c33638c570cbd386fe0ab9d4ec648edcaac833ba1c9f9bad0b02d6585490c3b4233a4685615cc605052ff01a33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
328ccc8e8ee6a3f4e36fc4bde3500d99

SHA1
c7864cc00e11ffd44784c53248085f5c69ee1292

SHA256
d086d6d7d66183c44dbaf59d543c673fa564426995a47ce2127dd541752965de

SHA512
97c1098279876a9e2c156d23181375ba397e7530ddbb5032e202cf1d0c7cae6f344d7d6dea0094e1e70cc570b6b9b51cb542eb13244823b1421f9af4f01cdf8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B

Filesize
532B

MD5
5300edc0bbd0fd94e9d04874a173f299

SHA1
a1f716ce151b8763120bab17c149634e0688878c

SHA256
f37859e416a834ff86d39017d006fd0cae7f91b593ce7e3be0c56ee6aea94c8f

SHA512
65192bac13a88db2e5a749e7c04d8555b0fad9d61a9120abb79bd1c11eff57156b2894bb66afa82eee82227b8f4ffacfb9010b3c0b5cef64b3d8f24f121d4a5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
fa3b9c5d61ca9935eb44949223109f6d

SHA1
7d05a0ab48a4e9179258819db7a55d996b4002d8

SHA256
11f7e3ccf4f81e0929fa99e49ec346c01aa28b4fb7b06aae0a4073810aa26d1f

SHA512
1acc56de5e980f2c162b0a6ad63abb8b1dc3820c3b8bebb56f09763f4535f647e8cd8fc1b6d37881591881278adc7a729f33f7ad4d3d0aa0720abc8c78c55f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f79427d40ee630192bc61158f1e5d7f6

SHA1
93fa561a0352161750a7e848cf94c561e5b7b43e

SHA256
62ba67c0a4ddd563bab725053b07495aabe61da98cb3e624fe3b5f32d9feffdf

SHA512
aa7722ac4a6f703b00ff4957ca48b2950a737f7b9be5fc385d604619cd73e76ff6c5b9dd59f7198c15384c24772b93cf36d6eaf5575b378e75d706b9b2b2fffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7facfa957b4264f6c4f47a4fdf846a2b

SHA1
0505348a4df3a877f31557c4b2ba286558bf326b

SHA256
081da062efa28c3aa247697a0bec0c159c03b0b8285c0952523f58fa6ed04696

SHA512
6189de857f3681199bcecfecfb661aedeafdfc804fe29f8c49bf47acf4289ce787cc0925648bd06381d92c0c7e118aa093563d0ebc3f86fd6e9dd4c8a78f1ff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d089b5f187b10b698b76ee992ae364ef

SHA1
b251fc628239c2af9e5a1e6bf4d816b79e3b100d

SHA256
4dc11e7b15153b86b813f0423923084867c8e8a10cee5f5a439eed7e8f856535

SHA512
ac4a00d8afa97fbc0c398283e97a96c5cd24e8c355605f6a3c8ac5277074e77ccc0d11ebdc6f4fc22444b1d9c5ebb90fcf8b0e112fd73e1d4ca55dbf66a23831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d089b5f187b10b698b76ee992ae364ef

SHA1
b251fc628239c2af9e5a1e6bf4d816b79e3b100d

SHA256
4dc11e7b15153b86b813f0423923084867c8e8a10cee5f5a439eed7e8f856535

SHA512
ac4a00d8afa97fbc0c398283e97a96c5cd24e8c355605f6a3c8ac5277074e77ccc0d11ebdc6f4fc22444b1d9c5ebb90fcf8b0e112fd73e1d4ca55dbf66a23831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f756c39df7e031b63f598ea14af9cda8

SHA1
74f7f3077f0f61de3104cbaf67d304ab26a3593c

SHA256
411167a823c294f4afcebe25c423f6f4d14094bd99c28a3dc8b27c987ae401c7

SHA512
315269d9353ea8eafd8dbdf6356d6c5ef6606674229210c1df46d3df4a799ce95194845c53da5b74680621b1abde8c58242177552d8adfe7c1a33db5f6f50f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f756c39df7e031b63f598ea14af9cda8

SHA1
74f7f3077f0f61de3104cbaf67d304ab26a3593c

SHA256
411167a823c294f4afcebe25c423f6f4d14094bd99c28a3dc8b27c987ae401c7

SHA512
315269d9353ea8eafd8dbdf6356d6c5ef6606674229210c1df46d3df4a799ce95194845c53da5b74680621b1abde8c58242177552d8adfe7c1a33db5f6f50f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

Filesize
492B

MD5
a2c391a9923460d41a852b0bf3e2dafa

SHA1
642b0f3b8ed94d94253d51a5a00763aa3c20c5af

SHA256
bf6e56a2543eb5c248d87642341c878bdac3fdbff8b10d54cc9525cb66c56665

SHA512
471114ab679da44c7623cb7e22a21bea231a11ecdc30efe2328c113f17e590887c55d425e024dc12f2d0d5a4910b25372b438d146dfdbb127b359d0797ceda7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
2510328a4910ef61b628547033856847

SHA1
c3f3d0c2161a2a50a6461e0f4fdbcf0831c88dcd

SHA256
e613a95889b637d07da0f11a80a91a7099a33420687c81eb45982a0a487e0715

SHA512
52fb5e75d92420d4696c773c4327cb2403f8a68e46e5843b182fe1250809967de0522cdce6524192ccf310f3ea090d36f12fa05675b42995a8e462f269c4aaef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
449d7fdbbc628f58b99e8daf7ec84607

SHA1
f5adba8cf3b34163712684db3a96fef4a2f17259

SHA256
e633f32c587283be20f6bd3c47a4320f779604d156c30ba698e8e3e12751910f

SHA512
0405291ee1fe5b8614514d1862bdb1e652494610764c3163cdb553791c62d5d5f57de33cf4913048a800d5edd78a700634b30abede47ca8dd6f1050ce5fd4d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\T9rob.bat

Filesize
98B

MD5
ada787702460241a372c495dc53dbdcf

SHA1
da7d65ec9541fe9ed13b3531f38202f83b0ac96d

SHA256
0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

SHA512
c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1WMI2Z0J.txt

Filesize
599B

MD5
1a773021f2a426149f498e0f9763146a

SHA1
731fe13ea89ac151f9aff24de999b49c49c973ae

SHA256
10f0d8a19b8579069a2aa2ab2a2d9c1ed951e47bbc61783149b60a6cb2577d98

SHA512
e4e674b2ddf159fec2348ae9ecbf96545677de138ab1b118f4a000c6272623830d46d63013d5f3bba259a35f39145cc76859c406fa3063245d67e6ed4f65acac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OMJGZF0O.txt

Filesize
93B

MD5
92eb0bee63cfd9b8ac6ededd7e144f4d

SHA1
d14aeb8b4719ad3ec4f2ba187817a3cbb213f39f

SHA256
abbd79872d576a3907dbec2c7f5d1c47d71eee2d50a287d3b7248536b01206d8

SHA512
56f6bf67f21c05d437397b4f530d82eca8db0a7ef4ae68559da2b5b2daf39e02407d7a6695c17e9a7cd63df063c365706b1f3ad74fdb9c1358f839289ecf7af1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R7M4KF5J.txt

Filesize
320B

MD5
edf867bf8f1f0e723ffda7ec4f1dc019

SHA1
6d0f0393388abfdbd05beb81dffa079bb9829403

SHA256
acb0cf94b54ba35769fb782e248693508d59821fa90b37d7c0403f8d5e550133

SHA512
d58b066179d8efb0d61d9cee73e52d7300e1992d190c8fb9ce7577dead358483c16bb6c6d92e71a8845f6b251fd2d60b3fa7cd00ebcc1490e48aa4fd52900966

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U78WEPHE.txt

Filesize
116B

MD5
70a29de0a255e3a69adde2228e74a374

SHA1
277860efd1c89fed0e4f3b8e4ea5758d3c5dc367

SHA256
6bfe7db6fde3331db26e47d303f29cce4af6a9f11ff65d021b33f7e169eb8f44

SHA512
254fc4f0a833fd5a7a75382d5f787b3c676deace75945d0f53b651f66bda8c70950c774a073ff02ba5ef0e7ed7dc5e6bc3b7f70388058658b3fccd243000093a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZQRCB4TD.txt

Filesize
224B

MD5
193c735e6d1445a29abf57755024425d

SHA1
2112aa6aa19dbc40cd88ad7d32536c8136348501

SHA256
508d93035acd34686f875edefc27617c59831f1c413dc7921b733c0db53f9f3c

SHA512
9f5d166cde8062637e1b5d0dd314ac4d1366789739b210519e521e72518e39f13839d4959f26fbd9dbe7f89463bdb19b10e397551aa67d7e652af757b9671a5d

Download Submit
\??\c:\users\admin\appdata\local\temp\ico.cab

Filesize
20KB

MD5
1319e9998cedc513c68fa6d590b6ad63

SHA1
ae95b333e88a13886994f320f5dfb4856168a710

SHA256
9a5b18efe243fbe9b9b0be3674a24080e9210436986988f3f85a4007905083bb

SHA512
d4052a899c6c310296e2f5fdf6c2031c22d2644be620cb34ddcc6b59789d82a6462daaeb34466c568be48ee975c4a5ab43143eab0792312a6cd0d49f9fbd8d3f

Download Submit
memory/432-65-0x000007FEFC1F1000-0x000007FEFC1F3000-memory.dmp

Filesize
8KB

Download
memory/1732-61-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download
memory/1896-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download
memory/1896-55-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/1896-64-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download
memory/1896-66-0x0000000000400000-0x0000000000534000-memory.dmp

Filesize
1.2MB

Download