c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe
Size

309KB
MD5

c99e8e48a1d28dbca548020dd3571072
SHA1

d011dc4f61fbdc2cdb6a8f8672318098435074e8
SHA256

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6
SHA512

7017a958f2edb6c4b0cb8c87a1fc66052d7cb1c01c1249a688240d078bdb506862de7cbab5c15916150529d88f0916987bd519ce4d0b646aedbae13a3089a861
SSDEEP

6144:lhRifAX7WuXXAHEI+UPiO5sxK4rXjXyYODfjBgoRC088Gx2k:XLhQ+bOOT2fdg4O8G8k

Score

8^/10

persistence upx vmprotect

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

1.exe5913.exegy.exegyuuyg.exe520.exesvchost.exesvchost.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exe

pid	process
1076	1.exe
3000	5913.exe
4888	gy.exe
4808	gyuuyg.exe
4784	520.exe
4024	svchost.exe
4244	svchost.exe
5008	gyuuyg.exe
4756	gyuuyg.exe
1520	gyuuyg.exe
4972	gyuuyg.exe
3632	gyuuyg.exe
3896	gyuuyg.exe
3304	gyuuyg.exe
3924	gyuuyg.exe
2072	gyuuyg.exe
1244	gyuuyg.exe
1588	gyuuyg.exe
5040	gyuuyg.exe
3140	gyuuyg.exe
376	gyuuyg.exe
4276	gyuuyg.exe
3892	gyuuyg.exe
3244	gyuuyg.exe
4652	gyuuyg.exe
4504	gyuuyg.exe
448	gyuuyg.exe
1236	gyuuyg.exe
4236	gyuuyg.exe
2828	gyuuyg.exe
1804	gyuuyg.exe
5108	gyuuyg.exe
1496	gyuuyg.exe
3980	gyuuyg.exe
4544	gyuuyg.exe
836	gyuuyg.exe
2604	gyuuyg.exe
4924	gyuuyg.exe
2884	gyuuyg.exe
4824	gyuuyg.exe
4904	gyuuyg.exe
3160	gyuuyg.exe
1256	gyuuyg.exe
1632	gyuuyg.exe
3376	gyuuyg.exe
3196	gyuuyg.exe
1764	gyuuyg.exe
1232	gyuuyg.exe
1964	gyuuyg.exe
4692	gyuuyg.exe
1136	gyuuyg.exe
636	gyuuyg.exe
2228	gyuuyg.exe
2284	gyuuyg.exe
2712	gyuuyg.exe
2972	gyuuyg.exe
220	gyuuyg.exe
2100	gyuuyg.exe
4308	gyuuyg.exe
1600	gyuuyg.exe
3604	gyuuyg.exe
1968	gyuuyg.exe
4312	gyuuyg.exe
1868	gyuuyg.exe

Sets DLL path for service in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

5913.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ServicesTest\Parameters\ServiceDll = "C:\\Windows\\ServicesTest.dll"	5913.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\gy.exe	upx
C:\Users\Admin\AppData\Local\Temp\gy.exe	upx
C:\Windows\gyuuyg.exe	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/4888-160-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4808-161-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4808-165-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/5008-169-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/4756-171-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4756-174-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/1520-178-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/4972-180-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4972-183-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/3632-185-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3632-188-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/3896-192-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/3304-194-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3304-197-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/3924-201-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/2072-203-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/2072-206-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/1244-208-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1244-211-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/1588-215-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/5040-217-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/5040-220-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/3140-223-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/376-228-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Windows\gyuuyg.exe	upx
behavioral2/memory/4276-230-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4276-233-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3892-234-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3244-235-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3244-236-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4652-237-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4652-238-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4504-239-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/448-240-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/448-241-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1236-242-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4236-243-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4236-244-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/2828-245-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1804-246-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/5108-247-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/5108-248-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1496-249-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3980-250-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3980-251-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4544-252-0x0000000000400000-0x0000000000410000-memory.dmp	upx

VMProtect packed file 8 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
C:\5913.exe	vmprotect
C:\5913.exe	vmprotect
behavioral2/memory/3000-138-0x0000000000680000-0x00000000006C7000-memory.dmp	vmprotect
\??\c:\windows\servicestest.dll	vmprotect
C:\Windows\ServicesTest.dll	vmprotect
behavioral2/memory/2556-142-0x0000000075390000-0x00000000753D7000-memory.dmp	vmprotect
behavioral2/memory/3000-144-0x0000000000680000-0x00000000006C7000-memory.dmp	vmprotect
behavioral2/memory/2556-146-0x0000000075390000-0x00000000753D7000-memory.dmp	vmprotect

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

5913.exe1.exegy.exe520.exec051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	5913.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	gy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	520.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe

Loads dropped DLL 64 IoCs

Processes:

1.exesvchost.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exe

pid	process
1076	1.exe
2556	svchost.exe
4808	gyuuyg.exe
5008	gyuuyg.exe
4756	gyuuyg.exe
1520	gyuuyg.exe
4972	gyuuyg.exe
3632	gyuuyg.exe
3896	gyuuyg.exe
3304	gyuuyg.exe
3924	gyuuyg.exe
2072	gyuuyg.exe
1244	gyuuyg.exe
1588	gyuuyg.exe
5040	gyuuyg.exe
3140	gyuuyg.exe
376	gyuuyg.exe
4276	gyuuyg.exe
3892	gyuuyg.exe
3244	gyuuyg.exe
4652	gyuuyg.exe
4504	gyuuyg.exe
448	gyuuyg.exe
1236	gyuuyg.exe
4236	gyuuyg.exe
2828	gyuuyg.exe
1804	gyuuyg.exe
5108	gyuuyg.exe
1496	gyuuyg.exe
3980	gyuuyg.exe
4544	gyuuyg.exe
836	gyuuyg.exe
2604	gyuuyg.exe
4924	gyuuyg.exe
2884	gyuuyg.exe
4824	gyuuyg.exe
4904	gyuuyg.exe
3160	gyuuyg.exe
1256	gyuuyg.exe
1632	gyuuyg.exe
3376	gyuuyg.exe
3196	gyuuyg.exe
1764	gyuuyg.exe
1232	gyuuyg.exe
1964	gyuuyg.exe
4692	gyuuyg.exe
1136	gyuuyg.exe
636	gyuuyg.exe
2228	gyuuyg.exe
2284	gyuuyg.exe
2712	gyuuyg.exe
2972	gyuuyg.exe
220	gyuuyg.exe
2100	gyuuyg.exe
4308	gyuuyg.exe
1600	gyuuyg.exe
3604	gyuuyg.exe
1968	gyuuyg.exe
4312	gyuuyg.exe
1868	gyuuyg.exe
3996	gyuuyg.exe
2580	gyuuyg.exe
5096	gyuuyg.exe
4676	gyuuyg.exe

Drops file in System32 directory 64 IoCs

Processes:

gyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exegyuuyg.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe
File opened for modification	C:\Windows\SysWOW64\hra33.dll	gyuuyg.exe

Drops file in Windows directory 4 IoCs

Processes:

gy.exe5913.exe

description	ioc	process
File opened for modification	C:\Windows\gyuuyg.exe	gy.exe
File created	C:\Windows\ServicesTest.dll	5913.exe
File opened for modification	C:\Windows\ServicesTest.dll	5913.exe
File created	C:\Windows\gyuuyg.exe	gy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\1.exe	nsis_installer_2
C:\1.exe	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Config	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Config\ = e6070b0001001c0002000e002d00c700	svchost.exe

Modifies registry class 1 IoCs

Processes:

1.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 1.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

svchost.exe

pid process

4244 svchost.exe
4244 svchost.exe
4244 svchost.exe
4244 svchost.exe
4244 svchost.exe
4244 svchost.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

svchost.exegy.exe

description pid process

Token: SeBackupPrivilege 4244 svchost.exe
Token: SeRestorePrivilege 4244 svchost.exe
Token: SeIncBasePriorityPrivilege 4888 gy.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	1.exe

pid	process
4244	svchost.exe
4244	svchost.exe
4244	svchost.exe
4244	svchost.exe
4244	svchost.exe
4244	svchost.exe

description	pid	process
Token: SeBackupPrivilege	4244	svchost.exe
Token: SeRestorePrivilege	4244	svchost.exe
Token: SeIncBasePriorityPrivilege	4888	gy.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe5913.exe1.exe520.exegy.exe

description	pid	process	target process
PID 5100 wrote to memory of 1076	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	1.exe
PID 5100 wrote to memory of 1076	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	1.exe
PID 5100 wrote to memory of 1076	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	1.exe
PID 5100 wrote to memory of 3000	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	5913.exe
PID 5100 wrote to memory of 3000	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	5913.exe
PID 5100 wrote to memory of 3000	5100	c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe	5913.exe
PID 3000 wrote to memory of 3720	3000	5913.exe	cmd.exe
PID 3000 wrote to memory of 3720	3000	5913.exe	cmd.exe
PID 3000 wrote to memory of 3720	3000	5913.exe	cmd.exe
PID 1076 wrote to memory of 4888	1076	1.exe	gy.exe
PID 1076 wrote to memory of 4888	1076	1.exe	gy.exe
PID 1076 wrote to memory of 4888	1076	1.exe	gy.exe
PID 1076 wrote to memory of 4784	1076	1.exe	520.exe
PID 1076 wrote to memory of 4784	1076	1.exe	520.exe
PID 1076 wrote to memory of 4784	1076	1.exe	520.exe
PID 4784 wrote to memory of 4024	4784	520.exe	svchost.exe
PID 4784 wrote to memory of 4024	4784	520.exe	svchost.exe
PID 4784 wrote to memory of 4024	4784	520.exe	svchost.exe
PID 4888 wrote to memory of 3964	4888	gy.exe	cmd.exe
PID 4888 wrote to memory of 3964	4888	gy.exe	cmd.exe
PID 4888 wrote to memory of 3964	4888	gy.exe	cmd.exe
PID 4784 wrote to memory of 424	4784	520.exe	cmd.exe
PID 4784 wrote to memory of 424	4784	520.exe	cmd.exe
PID 4784 wrote to memory of 424	4784	520.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe
"C:\Users\Admin\AppData\Local\Temp\c051756a54caa1df806d7f92802c07cd4905d0bc38cde903725707bed5503ff6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5100

C:\1.exe
"C:\1.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1076

C:\Users\Admin\AppData\Local\Temp\gy.exe
"C:\Users\Admin\AppData\Local\Temp\gy.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4888

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\gy.exe > nul
4⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\520.exe
"C:\Users\Admin\AppData\Local\Temp\520.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4784

C:\Windows\temp\svchost.exe
"C:\Windows\temp\svchost.exe" -install
4⤵
- Executes dropped EXE
PID:4024

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\~0.bat" "
4⤵
PID:424

C:\5913.exe
"C:\5913.exe"
2⤵
- Executes dropped EXE
- Sets DLL path for service in the registry
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3000

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\240546531.bat" "
3⤵
PID:3720

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k ServicesTest -s ServicesTest
1⤵
- Loads dropped DLL
- Checks processor information in registry
PID:2556

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4808

C:\Windows\temp\svchost.exe
C:\Windows\temp\svchost.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:5008

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4756

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1520

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4972

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3632

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3896

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3304

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3924

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2072

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1244

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1588

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5040

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3140

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:376

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4276

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3892

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3244

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4652

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:4504

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:448

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1236

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4236

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2828

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1804

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5108

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1496

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3980

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4544

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:836

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2604

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4924

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2884

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:4824

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:4904

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3160

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1256

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1632

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3376

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3196

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1764

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1232

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1964

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4692

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1136

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:636

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2228

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2284

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2712

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2972

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:220

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2100

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4308

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1600

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3604

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1968

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4312

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1868

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:3996

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Loads dropped DLL
PID:2580

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Loads dropped DLL
PID:5096

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Loads dropped DLL
PID:4676

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:8

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1484

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1392

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:440

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3228

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2436

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:764

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2900

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4908

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1360

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2372

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1892

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4784

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2536

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1828

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2196

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2888

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4060

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4536

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3328

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4200

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3752

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4992

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1140

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1956

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4756

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3640

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4308

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1064

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1996

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1916

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5068

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4840

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3096

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1868

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3444

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3420

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1796

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3820

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:740

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4612

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1224

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2608

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4504

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4876

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2844

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4164

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2388

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2588

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5012

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2976

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2604

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:764

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4916

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4900

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4520

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3648

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4068

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4908

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3724

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2840

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4180

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4432

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2288

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4472

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4820

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4212

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:736

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4416

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2148

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1464

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2876

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4200

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4104

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4992

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1140

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4100

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2100

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4756

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3384

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3664

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:5000

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3604

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2036

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4928

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4840

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2760

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1868

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:868

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3420

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5096

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1324

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4688

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4436

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2384

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4072

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3164

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1660

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2804

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1216

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4316

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3748

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3536

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2524

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:5036

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1284

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:544

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4696

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2140

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2884

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5076

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3080

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1552

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4824

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4024

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3160

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:1844

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3104

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4944

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2128

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4184

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2864

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:724

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2196

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1964

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:736

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4536

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:2148

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1440

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1364

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4200

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4104

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:220

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1140

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4100

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3428

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4680

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1600

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3624

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5000

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4512

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5072

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2812

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3200

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3996

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1868

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2580

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3420

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3736

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2316

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4688

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:4436

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1016

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1528

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4476

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1224

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3204

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1392

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1860

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3344

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2200

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2252

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:5036

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:1284

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:544

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:2604

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4664

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4328

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:4452

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
- Drops file in System32 directory
PID:3968

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:748

C:\Windows\gyuuyg.exe
C:\Windows\gyuuyg.exe
1⤵
PID:3400

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1.exe
Filesize
152KB

MD5
653b105955e4ebb5ae20eb1fd22e8c0c

SHA1
fdfcaf735ad9e1c565cb876a0c541528b99fc940

SHA256
014f22f862be89eaad174e657b0b0e893cfc5c8feff1e6644bf281b2d7d333da

SHA512
08533a5594be95d6684821d138973f13d0e2815ddc9bbc1c011008d569a2c2487e43a77aa960eada3f39f9b8b8aee5cb77407042eb61578bd0c3e2b508043b02

Download Submit
C:\1.exe
Filesize
152KB

MD5
653b105955e4ebb5ae20eb1fd22e8c0c

SHA1
fdfcaf735ad9e1c565cb876a0c541528b99fc940

SHA256
014f22f862be89eaad174e657b0b0e893cfc5c8feff1e6644bf281b2d7d333da

SHA512
08533a5594be95d6684821d138973f13d0e2815ddc9bbc1c011008d569a2c2487e43a77aa960eada3f39f9b8b8aee5cb77407042eb61578bd0c3e2b508043b02

Download Submit
C:\5913.exe
Filesize
140KB

MD5
3630d6e5f296612aa1e55aa07e23dc18

SHA1
9985c74e23b5117586baed084e872588cb9dee44

SHA256
44d17e3e091b384bb1afc6edd03d0ff0288f01d0f900999642307d4ea1c57059

SHA512
a5ac6810593463fda5fc8346054f1ac058829f9d15ac51c7057863050004605847579db356a491c0405288c9b6793f833281d98780a98411d532d4a566daeed7

Download Submit
C:\5913.exe
Filesize
140KB

MD5
3630d6e5f296612aa1e55aa07e23dc18

SHA1
9985c74e23b5117586baed084e872588cb9dee44

SHA256
44d17e3e091b384bb1afc6edd03d0ff0288f01d0f900999642307d4ea1c57059

SHA512
a5ac6810593463fda5fc8346054f1ac058829f9d15ac51c7057863050004605847579db356a491c0405288c9b6793f833281d98780a98411d532d4a566daeed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\240546531.bat
Filesize
57B

MD5
1a1ffab3d6ccbfeaf5e485882c9cffb5

SHA1
bc50b1cd9dff7ea8b6a3ea71f4bd0eea84d14b4e

SHA256
e020a531ab623cf3b6a8b55dda652cbd37e795fd32919251b54d65cb45421803

SHA512
242fc86e23b617af8ae4d0cb3dad8fe434d73c0947a8f53a453ed8b081982e019571203052457dfa4e30ba1f1d0264bb39492364249ec591f6b6e7cecd7d6a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\520.exe
Filesize
172KB

MD5
5b6a11850e44e4d1d0a2b35848e1add0

SHA1
b8f23cea4a79268a4f852b2591cac6d3052110ef

SHA256
9124d576c54132e0e902fff1062eb7e7919cbeb0e6c076e2004e4fd140e8eab5

SHA512
3f05d755f0748af1a09b91f15cf0e1e660e0955c8518db57a6f195412cc7a75c361e375b4b42738e4cbe4a1742552255c07ecfea935dafc269f3a64c06cb9375

Download Submit
C:\Users\Admin\AppData\Local\Temp\520.exe
Filesize
172KB

MD5
5b6a11850e44e4d1d0a2b35848e1add0

SHA1
b8f23cea4a79268a4f852b2591cac6d3052110ef

SHA256
9124d576c54132e0e902fff1062eb7e7919cbeb0e6c076e2004e4fd140e8eab5

SHA512
3f05d755f0748af1a09b91f15cf0e1e660e0955c8518db57a6f195412cc7a75c361e375b4b42738e4cbe4a1742552255c07ecfea935dafc269f3a64c06cb9375

Download Submit
C:\Users\Admin\AppData\Local\Temp\gy.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\gy.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm72C5.tmp\System.dll
Filesize
10KB

MD5
0c8ea8e6637bbf8408104e672d78ba45

SHA1
c231c7acaf9abb7da93f28e1b71bed164d57103e

SHA256
509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

SHA512
ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\~0.bat
Filesize
136B

MD5
ae2c7813247aaba1311db05455769dcf

SHA1
02ad2ae4ef27639e68b3cf5370dd0f17e4968d4b

SHA256
f5ff09333591ebd4108bce117b4a3b5ee754e3cb03d772f2353a53cdc0545120

SHA512
7e5c6f1cef2deef5b42e909e1beaf9362bd3f6faf42d5d7b7d302487832b93e6e23fd88b1cd9be6ac927610532f07f6cce77a904acb9b83d5493f0090a07b711

Download Submit
C:\Windows\ServicesTest.dll
Filesize
140KB

MD5
41b20956cfadd0615318a1f05579439c

SHA1
70135a402896a9da903cb29a427dc050497192fb

SHA256
eed7e98d3f7dbedb2f75aabaf63eb3309d6fb414985158051ad78d56e9550c15

SHA512
6637ec708d4645707d218aeccea70e61e1987db41f142165d72bfab681caaea7e04878c4f29fcc2b738c155629cdd77276f001cc7253df4415c15f6338341d1c

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
883ba5ec182adc16c6e9917fadc0ef38

SHA1
bc06b766b79f5e29324ee72ffd29b4418d8d2ff4

SHA256
94ac6ad27ec2e3a90222afdf271f36b270025597a81706b0c114f7463eebdd27

SHA512
dfae890fafe38e9251be5fee2f2764fb3479c31fc41b1681daf4925d0c57d86caafdf14f00fffdc06aaa550fb54e00e43a15772b5b3fe65aecbc22fce9cae541

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
883ba5ec182adc16c6e9917fadc0ef38

SHA1
bc06b766b79f5e29324ee72ffd29b4418d8d2ff4

SHA256
94ac6ad27ec2e3a90222afdf271f36b270025597a81706b0c114f7463eebdd27

SHA512
dfae890fafe38e9251be5fee2f2764fb3479c31fc41b1681daf4925d0c57d86caafdf14f00fffdc06aaa550fb54e00e43a15772b5b3fe65aecbc22fce9cae541

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
8KB

MD5
9ac7d4c8105fa3ab02023d07b790dfb9

SHA1
299ed07fc7fb57efb74c0db8554bd4c32b8c4274

SHA256
dca0ba454b88ae513e8d74b27fddbc160d96aacd40d27c23d6edd893c071011c

SHA512
7007e9086fdcc4804bde1995e804970baafcaf1e2b2688d7b408b001adca41fbe2b34b3ea6b4f4d4280419757c2119b7ae8a2be386709e1955e40adc0b8bbf6a

Download Submit
C:\Windows\SysWOW64\hra33.dll
Filesize
28KB

MD5
e488e56ce1e32594d1bef97d930e16b0

SHA1
6e3c57ae5ed7c7aeec8380c653477c2482f33a5d

SHA256
1edd940efd80a74af8659a479ae7c05291459ad481a3b6d8c665533478070268

SHA512
7aee5b14e977330a1c5da60c886186a39a49fa1d7a539956fd3089be671f995584fdc7bd1bb01f9124c30406017943f38fbbdfa4312a7d3400edf487fe873147

Download Submit
C:\Windows\Temp\svchost.exe
Filesize
172KB

MD5
5b6a11850e44e4d1d0a2b35848e1add0

SHA1
b8f23cea4a79268a4f852b2591cac6d3052110ef

SHA256
9124d576c54132e0e902fff1062eb7e7919cbeb0e6c076e2004e4fd140e8eab5

SHA512
3f05d755f0748af1a09b91f15cf0e1e660e0955c8518db57a6f195412cc7a75c361e375b4b42738e4cbe4a1742552255c07ecfea935dafc269f3a64c06cb9375

Download Submit
C:\Windows\Temp\svchost.exe
Filesize
172KB

MD5
5b6a11850e44e4d1d0a2b35848e1add0

SHA1
b8f23cea4a79268a4f852b2591cac6d3052110ef

SHA256
9124d576c54132e0e902fff1062eb7e7919cbeb0e6c076e2004e4fd140e8eab5

SHA512
3f05d755f0748af1a09b91f15cf0e1e660e0955c8518db57a6f195412cc7a75c361e375b4b42738e4cbe4a1742552255c07ecfea935dafc269f3a64c06cb9375

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\gyuuyg.exe
Filesize
19KB

MD5
83cc9cd5f10586e2d4263c5f63c25648

SHA1
f2ab328ee1319a1e9020c3bccca8485f6c924753

SHA256
5b877835f6caa5186b6259e7667c21b9e3ac44499f2b218b4d097f5edac6a2ee

SHA512
6f4c78502c05094f2a54124f1b8c93a3f9cac1061ab441ff2c43e621bd7b23746aae82fad665fbd99419a734caa855b820281b5bc3d2a0f5e110ddf28e3b06c2

Download Submit
C:\Windows\temp\svchost.exe
Filesize
172KB

MD5
5b6a11850e44e4d1d0a2b35848e1add0

SHA1
b8f23cea4a79268a4f852b2591cac6d3052110ef

SHA256
9124d576c54132e0e902fff1062eb7e7919cbeb0e6c076e2004e4fd140e8eab5

SHA512
3f05d755f0748af1a09b91f15cf0e1e660e0955c8518db57a6f195412cc7a75c361e375b4b42738e4cbe4a1742552255c07ecfea935dafc269f3a64c06cb9375

Download Submit
\??\c:\windows\servicestest.dll
Filesize
140KB

MD5
41b20956cfadd0615318a1f05579439c

SHA1
70135a402896a9da903cb29a427dc050497192fb

SHA256
eed7e98d3f7dbedb2f75aabaf63eb3309d6fb414985158051ad78d56e9550c15

SHA512
6637ec708d4645707d218aeccea70e61e1987db41f142165d72bfab681caaea7e04878c4f29fcc2b738c155629cdd77276f001cc7253df4415c15f6338341d1c

Download Submit
memory/376-228-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/424-162-0x0000000000000000-mapping.dmp

Download
memory/448-241-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/448-240-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/836-253-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1076-132-0x0000000000000000-mapping.dmp

Download
memory/1236-242-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1244-208-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1244-211-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1256-264-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1496-249-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1520-178-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1588-215-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1632-265-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1632-266-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1804-246-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2072-203-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2072-206-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2556-142-0x0000000075390000-0x00000000753D7000-memory.dmp

Filesize
284KB

Download
memory/2556-146-0x0000000075390000-0x00000000753D7000-memory.dmp

Filesize
284KB

Download
memory/2604-254-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2604-255-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2828-245-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2884-258-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2884-257-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3000-138-0x0000000000680000-0x00000000006C7000-memory.dmp

Filesize
284KB

Download
memory/3000-135-0x0000000000000000-mapping.dmp

Download
memory/3000-144-0x0000000000680000-0x00000000006C7000-memory.dmp

Filesize
284KB

Download
memory/3140-223-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3160-263-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3160-262-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3196-269-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3244-236-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3244-235-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3304-197-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3304-194-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3376-267-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3376-268-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3632-188-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3632-185-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3720-143-0x0000000000000000-mapping.dmp

Download
memory/3892-234-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3896-192-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3924-201-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3964-159-0x0000000000000000-mapping.dmp

Download
memory/3980-251-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3980-250-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4024-155-0x0000000000000000-mapping.dmp

Download
memory/4236-243-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4236-244-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4276-230-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4276-233-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4504-239-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4544-252-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4652-237-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4652-238-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4756-174-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4756-171-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4784-152-0x0000000000000000-mapping.dmp

Download
memory/4808-161-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4808-165-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4824-259-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4824-260-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4888-147-0x0000000000000000-mapping.dmp

Download
memory/4888-160-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4904-261-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4924-256-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4972-183-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4972-180-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5008-169-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5040-217-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5040-220-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5108-248-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/5108-247-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download