Analysis Overview
SHA256
28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc
Threat Level: Known bad
The file 28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc was found to be: Known bad.
Malicious Activity Summary
Detected Djvu ransomware
Vidar
Djvu Ransomware
Amadey
SmokeLoader
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Modifies file permissions
Adds Run key to start application
Looks up external IP address via web service
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Creates scheduled task(s)
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-28 05:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-28 05:54
Reported
2023-03-28 05:57
Platform
win10v2004-20230220-en
Max time kernel
51s
Max time network
152s
Command Line
Signatures
Amadey
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
SmokeLoader
Vidar
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FA84.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FA84.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\ae74796f-ee6d-4af3-8f06-7cdc37b8fe21\\C5E5.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3688 set thread context of 3744 | N/A | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | C:\Users\Admin\AppData\Local\Temp\C5E5.exe |
| PID 4040 set thread context of 4316 | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | C:\Users\Admin\AppData\Local\Temp\C7BB.exe |
| PID 1068 set thread context of 4148 | N/A | C:\Users\Admin\AppData\Local\Temp\C7BB.exe | C:\Users\Admin\AppData\Local\Temp\C7BB.exe |
| PID 1648 set thread context of 4304 | N/A | C:\Users\Admin\AppData\Local\Temp\FA84.exe | C:\Users\Admin\AppData\Local\Temp\FA84.exe |
| PID 316 set thread context of 3652 | N/A | C:\Users\Admin\AppData\Local\Temp\C5E5.exe | C:\Users\Admin\AppData\Local\Temp\C5E5.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7B2D.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\3F79.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe
"C:\Users\Admin\AppData\Local\Temp\28aac8c8ae16bc2357792a4aac39fd0416846b99e35c7b7d460f4f09214472fc.exe"
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\ae74796f-ee6d-4af3-8f06-7cdc37b8fe21" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
"C:\Users\Admin\AppData\Local\Temp\C7BB.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
"C:\Users\Admin\AppData\Local\Temp\C5E5.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\FA84.exe
C:\Users\Admin\AppData\Local\Temp\FA84.exe
C:\Users\Admin\AppData\Local\Temp\FA84.exe
C:\Users\Admin\AppData\Local\Temp\FA84.exe
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
"C:\Users\Admin\AppData\Local\Temp\C7BB.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
"C:\Users\Admin\AppData\Local\Temp\C5E5.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\FA84.exe
"C:\Users\Admin\AppData\Local\Temp\FA84.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\FA84.exe
"C:\Users\Admin\AppData\Local\Temp\FA84.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\573B.exe
C:\Users\Admin\AppData\Local\Temp\573B.exe
C:\Users\Admin\AppData\Local\Temp\3F79.exe
C:\Users\Admin\AppData\Local\Temp\3F79.exe
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe
"C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe"
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe
"C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe"
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
"C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe"
C:\Users\Admin\AppData\Local\Temp\4297.exe
C:\Users\Admin\AppData\Local\Temp\4297.exe
C:\Users\Admin\AppData\Local\Temp\573B.exe
C:\Users\Admin\AppData\Local\Temp\573B.exe
C:\Users\Admin\AppData\Local\Temp\4557.exe
C:\Users\Admin\AppData\Local\Temp\4557.exe
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build3.exe
"C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build3.exe"
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build3.exe
"C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build3.exe"
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build3.exe
"C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Users\Admin\AppData\Local\Temp\7B2D.exe
C:\Users\Admin\AppData\Local\Temp\7B2D.exe
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe
"C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe"
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe
"C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4380 -ip 4380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4168 -ip 4168
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
"C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 340
C:\Users\Admin\AppData\Local\Temp\573B.exe
"C:\Users\Admin\AppData\Local\Temp\573B.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\573B.exe
"C:\Users\Admin\AppData\Local\Temp\573B.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\87A2.exe
C:\Users\Admin\AppData\Local\Temp\87A2.exe
C:\Users\Admin\AppData\Local\Temp\8C08.exe
C:\Users\Admin\AppData\Local\Temp\8C08.exe
C:\Users\Admin\AppData\Local\Temp\Player3.exe
"C:\Users\Admin\AppData\Local\Temp\Player3.exe"
C:\Users\Admin\AppData\Local\Temp\Player3.exe
"C:\Users\Admin\AppData\Local\Temp\Player3.exe"
C:\Users\Admin\AppData\Local\Temp\ss31.exe
"C:\Users\Admin\AppData\Local\Temp\ss31.exe"
C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe
"C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe"
C:\Users\Admin\AppData\Local\Temp\XandETC.exe
"C:\Users\Admin\AppData\Local\Temp\XandETC.exe"
C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe
"C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe"
C:\Users\Admin\AppData\Local\Temp\XandETC.exe
"C:\Users\Admin\AppData\Local\Temp\XandETC.exe"
C:\Users\Admin\AppData\Local\Temp\ss31.exe
"C:\Users\Admin\AppData\Local\Temp\ss31.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN nbveek.exe /TR "C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "nbveek.exe" /P "Admin:N"&&CACLS "nbveek.exe" /P "Admin:R" /E&&echo Y|CACLS "..\16de06bfb4" /P "Admin:N"&&CACLS "..\16de06bfb4" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "nbveek.exe" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "nbveek.exe" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\16de06bfb4" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\16de06bfb4" /P "Admin:R" /E
C:\Users\Admin\AppData\Local\877fd981-562f-4ccf-b496-6dfbeedd4d3c\build2.exe
"C:\Users\Admin\AppData\Local\877fd981-562f-4ccf-b496-6dfbeedd4d3c\build2.exe"
C:\Users\Admin\AppData\Local\877fd981-562f-4ccf-b496-6dfbeedd4d3c\build2.exe
"C:\Users\Admin\AppData\Local\877fd981-562f-4ccf-b496-6dfbeedd4d3c\build2.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | potunulit.org | udp |
| US | 188.114.97.0:80 | potunulit.org | tcp |
| US | 8.8.8.8:53 | uaery.top | udp |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.84.119.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 254.217.0.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.155.64.172.in-addr.arpa | udp |
| NL | 173.223.113.164:443 | tcp | |
| US | 13.89.179.10:443 | tcp | |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 52.152.110.14:443 | tcp | |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| US | 8.8.8.8:53 | zexeq.com | udp |
| KR | 211.59.14.90:80 | zexeq.com | tcp |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 90.14.59.211.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| US | 8.8.8.8:53 | aainvestment.org | udp |
| TR | 159.253.45.38:443 | aainvestment.org | tcp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 38.45.253.159.in-addr.arpa | udp |
| KR | 211.59.14.90:80 | zexeq.com | tcp |
| KR | 211.59.14.90:80 | zexeq.com | tcp |
| KR | 211.59.14.90:80 | zexeq.com | tcp |
| DE | 77.91.84.172:80 | 77.91.84.172 | tcp |
| US | 8.8.8.8:53 | 172.84.91.77.in-addr.arpa | udp |
| DE | 45.9.74.80:80 | 45.9.74.80 | tcp |
| US | 52.152.110.14:443 | tcp | |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 80.74.9.45.in-addr.arpa | udp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| KR | 211.119.84.111:80 | uaery.top | tcp |
| US | 8.8.8.8:53 | bz.bbbeioaag.com | udp |
| US | 45.136.113.107:80 | bz.bbbeioaag.com | tcp |
| US | 8.8.8.8:53 | 107.113.136.45.in-addr.arpa | udp |
| AT | 77.73.134.27:80 | 77.73.134.27 | tcp |
| US | 8.8.8.8:53 | 27.134.73.77.in-addr.arpa | udp |
| KR | 211.59.14.90:80 | zexeq.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 116.203.10.236:80 | 116.203.10.236 | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.249.124.192.in-addr.arpa | udp |
Files
memory/3776-134-0x0000000002E10000-0x0000000002E19000-memory.dmp
memory/676-135-0x0000000000D00000-0x0000000000D16000-memory.dmp
memory/3776-136-0x0000000000400000-0x0000000002B71000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/3744-147-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3744-149-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3688-150-0x0000000002510000-0x000000000262B000-memory.dmp
memory/3744-151-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
| MD5 | f194ac765ef33c0ea9492348021eddc3 |
| SHA1 | 1d821007587e84e9516a3c6cfc6d05221e728614 |
| SHA256 | b8f105a2506e754dc7504e9f44714d5c5550fcb723e589dc70ed5d5e1de4559d |
| SHA512 | 2276dbcdad0c6c6ca3a7afce80b809da613150166b0e842a090d7a063ca902c9b5b5fbad718710f61aa096b3a1503237b66cd130cdcb4358791db8273cc54d94 |
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
| MD5 | f194ac765ef33c0ea9492348021eddc3 |
| SHA1 | 1d821007587e84e9516a3c6cfc6d05221e728614 |
| SHA256 | b8f105a2506e754dc7504e9f44714d5c5550fcb723e589dc70ed5d5e1de4559d |
| SHA512 | 2276dbcdad0c6c6ca3a7afce80b809da613150166b0e842a090d7a063ca902c9b5b5fbad718710f61aa096b3a1503237b66cd130cdcb4358791db8273cc54d94 |
memory/3744-156-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4316-158-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
| MD5 | f194ac765ef33c0ea9492348021eddc3 |
| SHA1 | 1d821007587e84e9516a3c6cfc6d05221e728614 |
| SHA256 | b8f105a2506e754dc7504e9f44714d5c5550fcb723e589dc70ed5d5e1de4559d |
| SHA512 | 2276dbcdad0c6c6ca3a7afce80b809da613150166b0e842a090d7a063ca902c9b5b5fbad718710f61aa096b3a1503237b66cd130cdcb4358791db8273cc54d94 |
memory/4316-162-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4040-164-0x00000000024E0000-0x00000000025FB000-memory.dmp
memory/4316-168-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 3adac03b181d7980568dda0da0efc9de |
| SHA1 | a283c4c9bd26a65b8240d21708e57f5946778341 |
| SHA256 | 24c4973ced938b77d9670ac79eb76cd52411b17ab59ec78ba14c1b433f342933 |
| SHA512 | 6fbd2a32fc18606628ea56311764cd879a1196405dddd4d269ad6163b2ffdcf916786f1c0328f27ec089be5cb9b4ecb3542363f4dfb3df1c1b91a0e038b67241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 51f57913bb90ee533f722888fa34dae7 |
| SHA1 | 5749934552d76d445b2907b66f1195a9761d12d4 |
| SHA256 | 93f7f7ebe634e86ffa303c1ab4f9c965e910fff7abf1d2feb12d03feb637cc67 |
| SHA512 | 0b369bdd89ec1b272c68c909ea1ef9cc9c7b0c2d775d9854ad9dabdaf64315ef6cdf702904da3eda7ce8cce392408ab5041a2a4ebea2da322a17b4b534b9f341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | e5b1cc0ae5af6a8277d75cff4af2c5e8 |
| SHA1 | 4768fff3d4bbe02f89683b4a0e7b15b24b54eb9f |
| SHA256 | d950c0d748aae641d71b11cd1c519b289917c23bee1a2b6bc5c496fd8e5d4655 |
| SHA512 | 57a4737deeefac0124d73b52525993fecbbebd21a556ece87f8e79e845e07f037abb5e49f7458e8a010935c6691f18fbb913d77ecfb2ba902067788c483ec3d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | dcb9fbb6bd1c06a6aad8d2172198c8ba |
| SHA1 | d1acd2eb982307be590f33d1cda0e96001a3146f |
| SHA256 | 9effa8be9316630b1db913bfa039f3fb702dae8fa919619b997aa1faa60eb5f7 |
| SHA512 | f3a2a201d0ec5a5722ffd0cb4c33f3611f99eec46b06c3da4128330c079e232527413744d8d882765506da477883c77244f4956e4782d3f3174ba631339ed4ff |
C:\Users\Admin\AppData\Local\ae74796f-ee6d-4af3-8f06-7cdc37b8fe21\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4316-175-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
| MD5 | f194ac765ef33c0ea9492348021eddc3 |
| SHA1 | 1d821007587e84e9516a3c6cfc6d05221e728614 |
| SHA256 | b8f105a2506e754dc7504e9f44714d5c5550fcb723e589dc70ed5d5e1de4559d |
| SHA512 | 2276dbcdad0c6c6ca3a7afce80b809da613150166b0e842a090d7a063ca902c9b5b5fbad718710f61aa096b3a1503237b66cd130cdcb4358791db8273cc54d94 |
memory/4316-179-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3744-178-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\C7BB.exe
| MD5 | f194ac765ef33c0ea9492348021eddc3 |
| SHA1 | 1d821007587e84e9516a3c6cfc6d05221e728614 |
| SHA256 | b8f105a2506e754dc7504e9f44714d5c5550fcb723e589dc70ed5d5e1de4559d |
| SHA512 | 2276dbcdad0c6c6ca3a7afce80b809da613150166b0e842a090d7a063ca902c9b5b5fbad718710f61aa096b3a1503237b66cd130cdcb4358791db8273cc54d94 |
memory/4148-196-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4304-197-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4304-195-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4148-193-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-200-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C5E5.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/3652-201-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4148-202-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4304-205-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4148-204-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-206-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4304-207-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4920-213-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-214-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4920-215-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FA84.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4920-216-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4148-221-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-217-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4920-232-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-230-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4920-228-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\bowsakkdestx.txt
| MD5 | f9e3d17cab47cd05c3c508767b0e8096 |
| SHA1 | 77e8d889110193f6caa454ebbbe0a0b44ac13f98 |
| SHA256 | d280521c10cc9066794767183bee0a1f810ae5fd12120e6a34b089f6759d6985 |
| SHA512 | 61d492012f2074d37bfc02cdc9b45ddd5cd592aed6a1e097f5436568bcc4c8655a0444ee55300e0339aa326b49756649e5b29abdb14cab6ce8ca38885af8eca9 |
memory/3652-243-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\573B.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
memory/4148-235-0x0000000000400000-0x0000000000537000-memory.dmp
C:\SystemID\PersonalID.txt
| MD5 | c6f422a5168179c20adef72d8e9879ae |
| SHA1 | 98c618f626e6e565ef6ef545cddf84dabf304649 |
| SHA256 | 927eb7504489582e5f71d4fcf54e04e09414b1694b1a5f2d786d1b722d718244 |
| SHA512 | 803852ed011b653fac8bf42a21df724d7142e19c14f3404ac77fd5a0ba93ae49e372edd2c5b0b8b60cad93da2c14d17c362f6f47ca8ff0809ffab36e28e7501b |
memory/4920-237-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4148-244-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3652-247-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\573B.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4920-250-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4148-272-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
memory/3652-276-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3F79.exe
| MD5 | 76dca3590e411588ce7589c21a9b356c |
| SHA1 | 12e113554cc9efa93697d4aa5956cf94b1104a33 |
| SHA256 | a8fcd75deb3bfd4561d726c4f88e807c7f9a74f8725dc1800942e42af30640b5 |
| SHA512 | a047536c4741ed90ce5073c244186dc6f3e014330a1bdbc9d5fb29c42e381042406cf05d11ed2fe6f51e6958440ba1462bf38d9eaf123717035b8563af435b00 |
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
memory/4920-263-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4920-278-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3F79.exe
| MD5 | 76dca3590e411588ce7589c21a9b356c |
| SHA1 | 12e113554cc9efa93697d4aa5956cf94b1104a33 |
| SHA256 | a8fcd75deb3bfd4561d726c4f88e807c7f9a74f8725dc1800942e42af30640b5 |
| SHA512 | a047536c4741ed90ce5073c244186dc6f3e014330a1bdbc9d5fb29c42e381042406cf05d11ed2fe6f51e6958440ba1462bf38d9eaf123717035b8563af435b00 |
C:\Users\Admin\AppData\Local\Temp\4297.exe
| MD5 | a06853218a437ab626647a0fe8400a52 |
| SHA1 | a314c45826bf8895e6f83c690f694d54c0912a63 |
| SHA256 | 73d2c93eac5a168dace9a988f636fe50a92a0fe80967c3c4abd9cb2f790c0136 |
| SHA512 | d37b97131bc945ab3856d3492af8b08aed1321cac24b69c4375737290fa56ef69356cd256b52c5cbb2e9532a1af454ad728f1cab7c3716246f97b7b28e19404d |
C:\Users\Admin\AppData\Local\Temp\4297.exe
| MD5 | a06853218a437ab626647a0fe8400a52 |
| SHA1 | a314c45826bf8895e6f83c690f694d54c0912a63 |
| SHA256 | 73d2c93eac5a168dace9a988f636fe50a92a0fe80967c3c4abd9cb2f790c0136 |
| SHA512 | d37b97131bc945ab3856d3492af8b08aed1321cac24b69c4375737290fa56ef69356cd256b52c5cbb2e9532a1af454ad728f1cab7c3716246f97b7b28e19404d |
C:\Users\Admin\AppData\Local\Temp\4557.exe
| MD5 | 2c28e4d5c442288c06720e825064200f |
| SHA1 | 0b3378466febe7acffee98a17db3a6c1a3e65393 |
| SHA256 | 77739c5d6a6613fb8d477ca5a79ffd35667a8a6139c8c2bcbf0dfd8865d137be |
| SHA512 | b957c2a04a7be72c03df272a0381d9e098d6bd047f8cbbedb6fb38f9a8b906c38c14bcd5f9940ab5bc1f86d59e85c0feaeff064d39775927a4a2d333b3a8d4a9 |
memory/2908-291-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2908-287-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\573B.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/4920-312-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4144-344-0x0000000000860000-0x0000000000869000-memory.dmp
memory/4144-337-0x0000000000400000-0x0000000000705000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7B2D.exe
| MD5 | 5a8415f7326f6542612327b5411b6a67 |
| SHA1 | d5915278feac694953077002e6213b397a5e6989 |
| SHA256 | eda6d3ec29aef5cd7a2000d17efab7dcb710fcd0906357cb43a68cee6e9b7605 |
| SHA512 | bc9308af2e28f792db6779fc4ee02e5f4049fedda0e1fc8ffb380c98dc0f1c36edcbc034ec23a90133ca346ec683eafd16e06338e8f0d4d8075c48526d5aa390 |
memory/676-329-0x00000000030E0000-0x00000000030F6000-memory.dmp
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
memory/4148-303-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\Temp\7B2D.exe
| MD5 | 5a8415f7326f6542612327b5411b6a67 |
| SHA1 | d5915278feac694953077002e6213b397a5e6989 |
| SHA256 | eda6d3ec29aef5cd7a2000d17efab7dcb710fcd0906357cb43a68cee6e9b7605 |
| SHA512 | bc9308af2e28f792db6779fc4ee02e5f4049fedda0e1fc8ffb380c98dc0f1c36edcbc034ec23a90133ca346ec683eafd16e06338e8f0d4d8075c48526d5aa390 |
memory/3652-294-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4557.exe
| MD5 | 2c28e4d5c442288c06720e825064200f |
| SHA1 | 0b3378466febe7acffee98a17db3a6c1a3e65393 |
| SHA256 | 77739c5d6a6613fb8d477ca5a79ffd35667a8a6139c8c2bcbf0dfd8865d137be |
| SHA512 | b957c2a04a7be72c03df272a0381d9e098d6bd047f8cbbedb6fb38f9a8b906c38c14bcd5f9940ab5bc1f86d59e85c0feaeff064d39775927a4a2d333b3a8d4a9 |
memory/4168-336-0x0000000000400000-0x0000000002B71000-memory.dmp
memory/2908-345-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\4a459f33-2149-44bd-b324-f97e5e8c45ee\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
C:\Users\Admin\AppData\Local\b04050ae-3a0c-4e6a-9047-4436d22a32bf\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
memory/1800-352-0x0000000000570000-0x00000000005C7000-memory.dmp
C:\Users\Admin\AppData\Local\27f7aaa4-13d4-4497-84c2-31f754c9884e\build2.exe
| MD5 | 6b343cd7dea3ae28d0819bc55a2f86fe |
| SHA1 | cedd49849a5dd678d0a55da607e9b28a9680073c |
| SHA256 | 4240b655ed2af5ae8873b49e2e2d204383b2fd675c21f02527a9a4d9b719cd49 |
| SHA512 | 7c28ba260fe53879b6e8f69d65c4263d454d75033889162d000c421695e634aeb13f4d4c2b999934f8eb2e58d62913764f1590689925e120600155d8390d0a48 |
memory/2908-369-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2120-377-0x0000000000400000-0x000000000046C000-memory.dmp
memory/2908-379-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\573B.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
memory/1288-382-0x0000000000400000-0x000000000046C000-memory.dmp
memory/4696-383-0x0000000000400000-0x000000000046C000-memory.dmp
memory/4380-384-0x0000000000AB0000-0x0000000000AB9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\573B.exe
| MD5 | 6dc08c51b41a14f879fc1a3e6591fdcc |
| SHA1 | cbf90fee4fd7509cbd4974df2b4d4925bf4ef736 |
| SHA256 | b472ba768782bdf7d81f0521fd40e20544b225599cc67b906f672e9ee68cabb8 |
| SHA512 | 561245e79d108db3bd0558d88223778e3e282889b246cc3b788634faf97ccccc580637e7731f765b2eb373b7f10d96615824728bdb1ba6bdd66fa0bcbad42f7d |
C:\Users\Admin\AppData\Local\Temp\87A2.exe
| MD5 | 2546be1f997c39b02143a5908ac7bec9 |
| SHA1 | 7b6c80b8b0288ec37430a8c5662c1f92dd46f11d |
| SHA256 | 24e2f026cb22f7dd672b369b91c75847d66976c787142599a2ed8669f1666ed2 |
| SHA512 | 016a5fc1a01b4e35cbf7873d2aba6e8801551ed1d9764b35ea383def83e60b50ae779814c51981d55c9b098c5d33933e360a0752e3855ed9c64e790ba388d179 |
C:\Users\Admin\AppData\Local\Temp\87A2.exe
| MD5 | 2546be1f997c39b02143a5908ac7bec9 |
| SHA1 | 7b6c80b8b0288ec37430a8c5662c1f92dd46f11d |
| SHA256 | 24e2f026cb22f7dd672b369b91c75847d66976c787142599a2ed8669f1666ed2 |
| SHA512 | 016a5fc1a01b4e35cbf7873d2aba6e8801551ed1d9764b35ea383def83e60b50ae779814c51981d55c9b098c5d33933e360a0752e3855ed9c64e790ba388d179 |
memory/440-396-0x0000000000970000-0x0000000000DBA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\8C08.exe
| MD5 | 2546be1f997c39b02143a5908ac7bec9 |
| SHA1 | 7b6c80b8b0288ec37430a8c5662c1f92dd46f11d |
| SHA256 | 24e2f026cb22f7dd672b369b91c75847d66976c787142599a2ed8669f1666ed2 |
| SHA512 | 016a5fc1a01b4e35cbf7873d2aba6e8801551ed1d9764b35ea383def83e60b50ae779814c51981d55c9b098c5d33933e360a0752e3855ed9c64e790ba388d179 |
C:\Users\Admin\AppData\Local\Temp\8C08.exe
| MD5 | 2546be1f997c39b02143a5908ac7bec9 |
| SHA1 | 7b6c80b8b0288ec37430a8c5662c1f92dd46f11d |
| SHA256 | 24e2f026cb22f7dd672b369b91c75847d66976c787142599a2ed8669f1666ed2 |
| SHA512 | 016a5fc1a01b4e35cbf7873d2aba6e8801551ed1d9764b35ea383def83e60b50ae779814c51981d55c9b098c5d33933e360a0752e3855ed9c64e790ba388d179 |
C:\Users\Admin\AppData\Local\Temp\Player3.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
memory/2848-408-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Player3.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
C:\Users\Admin\AppData\Local\Temp\Player3.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
C:\Users\Admin\AppData\Local\Temp\ss31.exe
| MD5 | dc92b8045d44cd6841d54716a677aaf9 |
| SHA1 | ca82c1d5c768e6cd39cc4a8d25e274d55b03bd2f |
| SHA256 | f57cbf96e67c31e5a568f06589647fcd54310a96ec62853400a69b462967e96b |
| SHA512 | cbf9ba9b78e442c918c5f220b5609191d39a18145dbf4a7527162fdc60ad8378d5fdb9f34487d7c589bca98eed6956f5064910ee57453555bf9df5b5cdf538ca |
C:\Users\Admin\AppData\Local\Temp\ss31.exe
| MD5 | dc92b8045d44cd6841d54716a677aaf9 |
| SHA1 | ca82c1d5c768e6cd39cc4a8d25e274d55b03bd2f |
| SHA256 | f57cbf96e67c31e5a568f06589647fcd54310a96ec62853400a69b462967e96b |
| SHA512 | cbf9ba9b78e442c918c5f220b5609191d39a18145dbf4a7527162fdc60ad8378d5fdb9f34487d7c589bca98eed6956f5064910ee57453555bf9df5b5cdf538ca |
C:\Users\Admin\AppData\Local\Temp\ss31.exe
| MD5 | dc92b8045d44cd6841d54716a677aaf9 |
| SHA1 | ca82c1d5c768e6cd39cc4a8d25e274d55b03bd2f |
| SHA256 | f57cbf96e67c31e5a568f06589647fcd54310a96ec62853400a69b462967e96b |
| SHA512 | cbf9ba9b78e442c918c5f220b5609191d39a18145dbf4a7527162fdc60ad8378d5fdb9f34487d7c589bca98eed6956f5064910ee57453555bf9df5b5cdf538ca |
C:\Users\Admin\AppData\Local\Temp\XandETC.exe
| MD5 | 3006b49f3a30a80bb85074c279acc7df |
| SHA1 | 728a7a867d13ad0034c29283939d94f0df6c19df |
| SHA256 | f283b4c0ad4a902e1cb64201742ca4c5118f275e7b911a7dafda1ef01b825280 |
| SHA512 | e8fc5791892d7f08af5a33462a11d39d29b5e86a62cbf135b12e71f2fcaaa48d40d5e3238f64e17a2f126bcfb9d70553a02d30dc60a89f1089b2c1e7465105dd |
C:\Users\Admin\AppData\Local\Temp\ss31.exe
| MD5 | dc92b8045d44cd6841d54716a677aaf9 |
| SHA1 | ca82c1d5c768e6cd39cc4a8d25e274d55b03bd2f |
| SHA256 | f57cbf96e67c31e5a568f06589647fcd54310a96ec62853400a69b462967e96b |
| SHA512 | cbf9ba9b78e442c918c5f220b5609191d39a18145dbf4a7527162fdc60ad8378d5fdb9f34487d7c589bca98eed6956f5064910ee57453555bf9df5b5cdf538ca |
C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
C:\Users\Admin\AppData\Local\Temp\16de06bfb4\nbveek.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
C:\Users\Admin\AppData\Local\Temp\Player3.exe
| MD5 | 43a3e1c9723e124a9b495cd474a05dcb |
| SHA1 | d293f427eaa8efc18bb8929a9f54fb61e03bdd89 |
| SHA256 | 619bbbc9e9ddd1f6b7961cacb33d99c8f558499a33751b28d91085aab8cb95ab |
| SHA512 | 6717d6be0f25d66ba3689b703b9f1360c172138faa0172168c531f55eb217050c03a41396b7a440e899974d71c2f42b41d07db0ef97751c420facfae1550bfa7 |
memory/4736-440-0x00000000032B0000-0x0000000003423000-memory.dmp
memory/4736-441-0x0000000003430000-0x0000000003564000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\529757233348
| MD5 | b3a256d415fa4b7d0c20c83dc6ee95ca |
| SHA1 | 9965706c1175d2fff4594d119d943abe34d178ab |
| SHA256 | 1f50ea8527ee64721b8d93a85e826c27b5d7f769ae4d883782a32554c1a50c54 |
| SHA512 | 71afd0b6c654c02a2421e4e25438efdbe94e113ae14173b16884cf81a20f981d90245dc2fa7dac454938eec0d6193fca01b4ea02ea49dc04ea65935da8904976 |
memory/4448-475-0x0000000000400000-0x000000000046C000-memory.dmp