bb6130d499e48c2a0235964ccbd89262c5f62ecce6d2e7c2af9728a36756ffb1

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebfca9a6c5232eexeexeexeex.exe
Size

408KB
MD5

ebfca9a6c5232e1f2a32a43b9325d0ff
SHA1

9e7bc8c1b893f55f82efc0fc270193341fc62aa6
SHA256

bb6130d499e48c2a0235964ccbd89262c5f62ecce6d2e7c2af9728a36756ffb1
SHA512

ed1222b678d107993f237488628fbccd4301234fd1d77dca7581dd9f31bb3baaee8ccbcf37ee765e889be5665dec4d666a8227aa6ea57c9c0b67a0d6b79421f5
SSDEEP

3072:CEGh0orl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGpldOe2MUVg3vTeKcAEciTBqr3jy

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 24 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{145BC9A0-771F-438d-A2DD-F2783518F832}	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{145BC9A0-771F-438d-A2DD-F2783518F832}\stubpath = "C:\\Windows\\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe"	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}\stubpath = "C:\\Windows\\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe"	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}\stubpath = "C:\\Windows\\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe"	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}\stubpath = "C:\\Windows\\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe"	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{122C25D6-3AF2-41af-B294-805AF49D4D9C}	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}	ebfca9a6c5232eexeexeexeex.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}\stubpath = "C:\\Windows\\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe"	ebfca9a6c5232eexeexeexeex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53FF3595-C819-4035-A026-3E1BAD00B98E}	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}\stubpath = "C:\\Windows\\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe"	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{122C25D6-3AF2-41af-B294-805AF49D4D9C}\stubpath = "C:\\Windows\\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe"	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}\stubpath = "C:\\Windows\\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe"	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}\stubpath = "C:\\Windows\\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe"	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{267E054B-0208-4a5f-8FB5-0915D7C325B7}	{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{267E054B-0208-4a5f-8FB5-0915D7C325B7}\stubpath = "C:\\Windows\\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe"	{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}\stubpath = "C:\\Windows\\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe"	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53FF3595-C819-4035-A026-3E1BAD00B98E}\stubpath = "C:\\Windows\\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe"	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe

Executes dropped EXE 12 IoCs

pid	Process
4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
2900	{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
2928	{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
File created	C:\Windows\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	ebfca9a6c5232eexeexeexeex.exe
File created	C:\Windows\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
File created	C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
File created	C:\Windows\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
File created	C:\Windows\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
File created	C:\Windows\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
File created	C:\Windows\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
File created	C:\Windows\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe	{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
File created	C:\Windows\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
File created	C:\Windows\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
File created	C:\Windows\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	4512	ebfca9a6c5232eexeexeexeex.exe
Token: SeIncBasePriorityPrivilege	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
Token: SeIncBasePriorityPrivilege	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
Token: SeIncBasePriorityPrivilege	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
Token: SeIncBasePriorityPrivilege	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
Token: SeManageVolumePrivilege	924	svchost.exe
Token: SeIncBasePriorityPrivilege	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
Token: SeIncBasePriorityPrivilege	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
Token: SeIncBasePriorityPrivilege	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
Token: SeIncBasePriorityPrivilege	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
Token: SeIncBasePriorityPrivilege	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
Token: SeIncBasePriorityPrivilege	3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
Token: SeIncBasePriorityPrivilege	2900	{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 4660	4512	ebfca9a6c5232eexeexeexeex.exe	96
PID 4512 wrote to memory of 4660	4512	ebfca9a6c5232eexeexeexeex.exe	96
PID 4512 wrote to memory of 4660	4512	ebfca9a6c5232eexeexeexeex.exe	96
PID 4512 wrote to memory of 3852	4512	ebfca9a6c5232eexeexeexeex.exe	97
PID 4512 wrote to memory of 3852	4512	ebfca9a6c5232eexeexeexeex.exe	97
PID 4512 wrote to memory of 3852	4512	ebfca9a6c5232eexeexeexeex.exe	97
PID 4660 wrote to memory of 3632	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	100
PID 4660 wrote to memory of 3632	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	100
PID 4660 wrote to memory of 3632	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	100
PID 4660 wrote to memory of 2132	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	99
PID 4660 wrote to memory of 2132	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	99
PID 4660 wrote to memory of 2132	4660	{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe	99
PID 3632 wrote to memory of 856	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	103
PID 3632 wrote to memory of 856	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	103
PID 3632 wrote to memory of 856	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	103
PID 3632 wrote to memory of 1048	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	102
PID 3632 wrote to memory of 1048	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	102
PID 3632 wrote to memory of 1048	3632	{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe	102
PID 856 wrote to memory of 2652	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	104
PID 856 wrote to memory of 2652	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	104
PID 856 wrote to memory of 2652	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	104
PID 856 wrote to memory of 4288	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	105
PID 856 wrote to memory of 4288	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	105
PID 856 wrote to memory of 4288	856	{145BC9A0-771F-438d-A2DD-F2783518F832}.exe	105
PID 2652 wrote to memory of 2432	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	107
PID 2652 wrote to memory of 2432	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	107
PID 2652 wrote to memory of 2432	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	107
PID 2652 wrote to memory of 1132	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	106
PID 2652 wrote to memory of 1132	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	106
PID 2652 wrote to memory of 1132	2652	{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe	106
PID 2432 wrote to memory of 4212	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	113
PID 2432 wrote to memory of 4212	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	113
PID 2432 wrote to memory of 4212	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	113
PID 2432 wrote to memory of 2664	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	114
PID 2432 wrote to memory of 2664	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	114
PID 2432 wrote to memory of 2664	2432	{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe	114
PID 4212 wrote to memory of 1204	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	116
PID 4212 wrote to memory of 1204	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	116
PID 4212 wrote to memory of 1204	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	116
PID 4212 wrote to memory of 1952	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	117
PID 4212 wrote to memory of 1952	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	117
PID 4212 wrote to memory of 1952	4212	{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe	117
PID 1204 wrote to memory of 1532	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	119
PID 1204 wrote to memory of 1532	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	119
PID 1204 wrote to memory of 1532	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	119
PID 1204 wrote to memory of 4240	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	120
PID 1204 wrote to memory of 4240	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	120
PID 1204 wrote to memory of 4240	1204	{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe	120
PID 1532 wrote to memory of 964	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	121
PID 1532 wrote to memory of 964	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	121
PID 1532 wrote to memory of 964	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	121
PID 1532 wrote to memory of 2700	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	122
PID 1532 wrote to memory of 2700	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	122
PID 1532 wrote to memory of 2700	1532	{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe	122
PID 964 wrote to memory of 3988	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	123
PID 964 wrote to memory of 3988	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	123
PID 964 wrote to memory of 3988	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	123
PID 964 wrote to memory of 4136	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	124
PID 964 wrote to memory of 4136	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	124
PID 964 wrote to memory of 4136	964	{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe	124
PID 3988 wrote to memory of 2900	3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe	125
PID 3988 wrote to memory of 2900	3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe	125
PID 3988 wrote to memory of 2900	3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe	125
PID 3988 wrote to memory of 4288	3988	{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe	126

C:\Users\Admin\AppData\Local\Temp\ebfca9a6c5232eexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\ebfca9a6c5232eexeexeexeex.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
  C:\Windows\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\{CD5D7~1.EXE > nul
    3⤵
    PID:2132
- - C:\Windows\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
    C:\Windows\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3632
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\{30AED~1.EXE > nul
      4⤵
      PID:1048
  - - C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
      C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe
      4⤵
      Modifies Installed Components in the registry
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:856
    - - C:\Windows\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
        
        C:\Windows\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe
        5⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{33574~1.EXE > nul
        6⤵
        
        PID:1132
      - C:\Windows\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
        
        C:\Windows\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Windows\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
        
        C:\Windows\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe
        7⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4212
        
        C:\Windows\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
        
        C:\Windows\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe
        8⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        C:\Windows\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
        
        C:\Windows\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe
        9⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1532
        
        C:\Windows\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
        
        C:\Windows\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe
        10⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:964
        
        C:\Windows\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
        
        C:\Windows\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe
        11⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3988
        
        C:\Windows\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
        
        C:\Windows\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe
        12⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2900
        
        C:\Windows\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe
        
        C:\Windows\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe
        13⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{9FE9C~1.EXE > nul
        13⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{381DC~1.EXE > nul
        12⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{122C2~1.EXE > nul
        11⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{CDD99~1.EXE > nul
        10⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2D36E~1.EXE > nul
        9⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{B50F7~1.EXE > nul
        8⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{53FF3~1.EXE > nul
        7⤵
        
        PID:2664
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{145BC~1.EXE > nul
        5⤵
        
        PID:4288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\EBFCA9~1.EXE > nul
  2⤵
  PID:3852

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2896

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
a41632bcf67e7b52f169c12ba47b7fa6

SHA1
0514454c2841ca2745500666555936c4390b1b40

SHA256
6fe16955abde36c1577668d08bfbcca880aaae50cf1b3b098a7e6cab136755e5

SHA512
112f9e836a8d76fe11c49dba4975d09a17686d56ee214f8088ca16e3f990c3d9c694f4e0ffb18fe31a53c073c4e3f08f88528d622c1a611c29a3ba55d4e4cdca

Download Submit
C:\Windows\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe

Filesize
408KB

MD5
1958b80b5222bab282b0f4655316ddbc

SHA1
1e0de09ee001a2047bd96bde3bfda7196f993d6d

SHA256
7c3096560df399c221c70e377b8a165fc6ddd74468eb8d6060f5d1061cfb0d13

SHA512
d131d271ace3cafbc626bbb5c8f51eb04e8d38c41824a1389a29fd08563c6c404cdf9d8a4f37172c94619734267bc74c56736ec7cde78a48a0b21f1a65e75257

Download Submit
C:\Windows\{122C25D6-3AF2-41af-B294-805AF49D4D9C}.exe

Filesize
408KB

MD5
1958b80b5222bab282b0f4655316ddbc

SHA1
1e0de09ee001a2047bd96bde3bfda7196f993d6d

SHA256
7c3096560df399c221c70e377b8a165fc6ddd74468eb8d6060f5d1061cfb0d13

SHA512
d131d271ace3cafbc626bbb5c8f51eb04e8d38c41824a1389a29fd08563c6c404cdf9d8a4f37172c94619734267bc74c56736ec7cde78a48a0b21f1a65e75257

Download Submit
C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe

Filesize
408KB

MD5
cf8bdcca371248a83f7ebd416adaa66c

SHA1
09c6c1cd0cfaa35a61e0343d793863bac351420e

SHA256
c7809389296b8467c32009d75da7017c275ddc4e2d9ccfcb8f95d86582f82f33

SHA512
f3d5ffdef0947f7398ea22377b4521432307365a61aef3347f26dab347715fbd48e402f77314ed104e353421c169a8610962b897873cad43256551885f7a7ef9

Download Submit
C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe

Filesize
408KB

MD5
cf8bdcca371248a83f7ebd416adaa66c

SHA1
09c6c1cd0cfaa35a61e0343d793863bac351420e

SHA256
c7809389296b8467c32009d75da7017c275ddc4e2d9ccfcb8f95d86582f82f33

SHA512
f3d5ffdef0947f7398ea22377b4521432307365a61aef3347f26dab347715fbd48e402f77314ed104e353421c169a8610962b897873cad43256551885f7a7ef9

Download Submit
C:\Windows\{145BC9A0-771F-438d-A2DD-F2783518F832}.exe

Filesize
408KB

MD5
cf8bdcca371248a83f7ebd416adaa66c

SHA1
09c6c1cd0cfaa35a61e0343d793863bac351420e

SHA256
c7809389296b8467c32009d75da7017c275ddc4e2d9ccfcb8f95d86582f82f33

SHA512
f3d5ffdef0947f7398ea22377b4521432307365a61aef3347f26dab347715fbd48e402f77314ed104e353421c169a8610962b897873cad43256551885f7a7ef9

Download Submit
C:\Windows\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe

Filesize
408KB

MD5
4da7c4f60d8894d8ceab8f6183d54374

SHA1
b4254627b144ae778b3ef3a01e410fc7705487eb

SHA256
a1415c4420964f4d3389ce946d88f594232b2ad1b2197e3fd99a25380ae4d0da

SHA512
94033387f66ebffbe2abc9f3c5689ee504500f5b5b4ee0426ae9455740bf8338a001c432745abb95c4ad7bf738e8356c045b1d6310c86d70baa20aa48763d1ef

Download Submit
C:\Windows\{267E054B-0208-4a5f-8FB5-0915D7C325B7}.exe

Filesize
408KB

MD5
4da7c4f60d8894d8ceab8f6183d54374

SHA1
b4254627b144ae778b3ef3a01e410fc7705487eb

SHA256
a1415c4420964f4d3389ce946d88f594232b2ad1b2197e3fd99a25380ae4d0da

SHA512
94033387f66ebffbe2abc9f3c5689ee504500f5b5b4ee0426ae9455740bf8338a001c432745abb95c4ad7bf738e8356c045b1d6310c86d70baa20aa48763d1ef

Download Submit
C:\Windows\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe

Filesize
408KB

MD5
c140cfea1cd47fc3e0199cdf08b1118a

SHA1
711a4c6516200216d94fc3771be5388b575362ac

SHA256
6be023e04b2440c9824d4fa6ab09bbdef47e3621b46d4603d216ef3608428911

SHA512
040380aa7c6e0eaa0d2b50bcda23ac7287ebbf9efda8610277eb6dd0495a6979f133270b2b2801420687e2a30ab1e56a2cbd66f561dc8faa04940c8a6898d7e5

Download Submit
C:\Windows\{2D36E7A0-EF48-4579-BC82-A0F2B5DBCAFC}.exe

Filesize
408KB

MD5
c140cfea1cd47fc3e0199cdf08b1118a

SHA1
711a4c6516200216d94fc3771be5388b575362ac

SHA256
6be023e04b2440c9824d4fa6ab09bbdef47e3621b46d4603d216ef3608428911

SHA512
040380aa7c6e0eaa0d2b50bcda23ac7287ebbf9efda8610277eb6dd0495a6979f133270b2b2801420687e2a30ab1e56a2cbd66f561dc8faa04940c8a6898d7e5

Download Submit
C:\Windows\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe

Filesize
408KB

MD5
e6d981ad6d205524e88b3fbdd7792eeb

SHA1
54b1dfbf9fe74453a9c936c6175572e34e8c3885

SHA256
b0ed630ff733622a2ba61e37a0fbda605bc975aceeab3cc34c4c00255fdca8f9

SHA512
2c5a8c0f34e20fbf24f63def23b5c67b250fe5eab430e72cb6f2756187e8e8c4629b3880668e7d3e95857d57d98bcaa77217f8ac21de3d1edeb2896fe6868532

Download Submit
C:\Windows\{30AEDED0-38D0-45bf-A06B-70E7B91E6C10}.exe

Filesize
408KB

MD5
e6d981ad6d205524e88b3fbdd7792eeb

SHA1
54b1dfbf9fe74453a9c936c6175572e34e8c3885

SHA256
b0ed630ff733622a2ba61e37a0fbda605bc975aceeab3cc34c4c00255fdca8f9

SHA512
2c5a8c0f34e20fbf24f63def23b5c67b250fe5eab430e72cb6f2756187e8e8c4629b3880668e7d3e95857d57d98bcaa77217f8ac21de3d1edeb2896fe6868532

Download Submit
C:\Windows\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe

Filesize
408KB

MD5
022be932b97c81b794db31ae9b1dc238

SHA1
21783da8218621a03911ba2e9f4b7b84ad775ac0

SHA256
45793545c4503bef3cc72c81b0943e4938c2f95b7cad81e817265c97ebb2c1fe

SHA512
db1f0b5b1cd201b42066e98d4a56eb2e8347da5fdb19b6e80f7e23f032da19f932db8905b289a68583964df8fec8ceb7f9800ebcd1a8db84cfc78e48a24be161

Download Submit
C:\Windows\{33574940-16B3-44f3-BDE7-B6B5BD9EF3E3}.exe

Filesize
408KB

MD5
022be932b97c81b794db31ae9b1dc238

SHA1
21783da8218621a03911ba2e9f4b7b84ad775ac0

SHA256
45793545c4503bef3cc72c81b0943e4938c2f95b7cad81e817265c97ebb2c1fe

SHA512
db1f0b5b1cd201b42066e98d4a56eb2e8347da5fdb19b6e80f7e23f032da19f932db8905b289a68583964df8fec8ceb7f9800ebcd1a8db84cfc78e48a24be161

Download Submit
C:\Windows\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe

Filesize
408KB

MD5
8efad1fca06ef1536ef5fabc066b3cde

SHA1
1d3a4bff203314a6bddb8f9b1c792afc396a2969

SHA256
d75bd39771cd575d7c485630729ee931d437569395a15b9a717ec96b2bcd1bce

SHA512
55a56cdfa839f17be86c4b07facd5a476ef322accf6c11cbe8c5e0e18c68a46d042b98beb9180e77e8681ce0ab8d68e22558338e80050d166bb85681f8a00abc

Download Submit
C:\Windows\{381DC7F9-B57E-45aa-8DA8-952C2AF6EDD2}.exe

Filesize
408KB

MD5
8efad1fca06ef1536ef5fabc066b3cde

SHA1
1d3a4bff203314a6bddb8f9b1c792afc396a2969

SHA256
d75bd39771cd575d7c485630729ee931d437569395a15b9a717ec96b2bcd1bce

SHA512
55a56cdfa839f17be86c4b07facd5a476ef322accf6c11cbe8c5e0e18c68a46d042b98beb9180e77e8681ce0ab8d68e22558338e80050d166bb85681f8a00abc

Download Submit
C:\Windows\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe

Filesize
408KB

MD5
bfa4408effbec8138c732702d91daff3

SHA1
9c3fcc72cecbb6f7eeda7b4bb15ea112e0afe23b

SHA256
09e5042ee92901190d8f0e0d1426e9bada1f4ea532230e2bc68f1738db2ed79e

SHA512
43d09500a0098cf84dc970700b634b3c135d3cc7310bcab13e4ce56b399ff5130eebe44b28cf342848aa8b003c5a9efea656b31632dbe9fe9c11a88d7df97e25

Download Submit
C:\Windows\{53FF3595-C819-4035-A026-3E1BAD00B98E}.exe

Filesize
408KB

MD5
bfa4408effbec8138c732702d91daff3

SHA1
9c3fcc72cecbb6f7eeda7b4bb15ea112e0afe23b

SHA256
09e5042ee92901190d8f0e0d1426e9bada1f4ea532230e2bc68f1738db2ed79e

SHA512
43d09500a0098cf84dc970700b634b3c135d3cc7310bcab13e4ce56b399ff5130eebe44b28cf342848aa8b003c5a9efea656b31632dbe9fe9c11a88d7df97e25

Download Submit
C:\Windows\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe

Filesize
408KB

MD5
f724c5da0eef7d21d2273d53ee4da410

SHA1
ca236b48ab53494bda40012c2d9cc3e9005624e2

SHA256
57b01d4f550530934d1a26a2ba1644db448740373e743f75b4f35457b144b115

SHA512
032e503fdb86367a875e173302cd88c97017907b25266492331f30518905b94cdd90537ad42d9e281581e45474c6893b49b15086deabf0c39bdebb7c5d4a9a31

Download Submit
C:\Windows\{9FE9C789-D4B8-44f0-8AAF-936CA6B3C1B1}.exe

Filesize
408KB

MD5
f724c5da0eef7d21d2273d53ee4da410

SHA1
ca236b48ab53494bda40012c2d9cc3e9005624e2

SHA256
57b01d4f550530934d1a26a2ba1644db448740373e743f75b4f35457b144b115

SHA512
032e503fdb86367a875e173302cd88c97017907b25266492331f30518905b94cdd90537ad42d9e281581e45474c6893b49b15086deabf0c39bdebb7c5d4a9a31

Download Submit
C:\Windows\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe

Filesize
408KB

MD5
137f8898e08245ccbc86ab52e5da118d

SHA1
8e69268643295ed5bf2009666e5ca351882fa561

SHA256
fd8c113102bb12e27be962117cded0a701c020a4e418aab4c0a9e0b841ff5943

SHA512
d94b6e4db2e6cf54c75d0af0dc9e85786f496b9e0e4f24bb70dda6341319be00a6ebe2ee55e584040a62d6841cdff83fbe0cd321f2f23bd170d1c7395463f762

Download Submit
C:\Windows\{B50F77EF-7A93-4558-BCF8-2CEDE3E0F45D}.exe

Filesize
408KB

MD5
137f8898e08245ccbc86ab52e5da118d

SHA1
8e69268643295ed5bf2009666e5ca351882fa561

SHA256
fd8c113102bb12e27be962117cded0a701c020a4e418aab4c0a9e0b841ff5943

SHA512
d94b6e4db2e6cf54c75d0af0dc9e85786f496b9e0e4f24bb70dda6341319be00a6ebe2ee55e584040a62d6841cdff83fbe0cd321f2f23bd170d1c7395463f762

Download Submit
C:\Windows\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe

Filesize
408KB

MD5
1bf9cb7528a808eb898b54738f3a8977

SHA1
d185fce51f43dab59aac304b2dc1a0b5f2e27c48

SHA256
f149bf43e3b04ce2f546f31885326bb5f6fda586c4908c5e6cc7a42d4d9cf8c0

SHA512
cdbed016152c19a214ad00aa29160c4918303eb0104fc23e5c3ad8e44c09ee704f145f88556c5466f79a719f78628594b990b49dc41f27de9d7d620a6098bace

Download Submit
C:\Windows\{CD5D7417-EC24-4eac-87CA-89F88F9D010D}.exe

Filesize
408KB

MD5
1bf9cb7528a808eb898b54738f3a8977

SHA1
d185fce51f43dab59aac304b2dc1a0b5f2e27c48

SHA256
f149bf43e3b04ce2f546f31885326bb5f6fda586c4908c5e6cc7a42d4d9cf8c0

SHA512
cdbed016152c19a214ad00aa29160c4918303eb0104fc23e5c3ad8e44c09ee704f145f88556c5466f79a719f78628594b990b49dc41f27de9d7d620a6098bace

Download Submit
C:\Windows\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe

Filesize
408KB

MD5
fb308782bbce458dcd87c4765ba6098b

SHA1
a4ea1381e44294d968e606ee8d78430ad82c171a

SHA256
1a78cefc174fc0dd43db6d3b5129d4c25925424573647c15f36416075a199c3a

SHA512
fa071ffa00eb7bc72e5a4120ad248c0855930c488b89f391c1dfa993ba09b4deaf5f91069abaf0fb89a31349751cfae7eefe15dbce94f90eda17488fa3ebfe2b

Download Submit
C:\Windows\{CDD99EBE-15B1-4eaf-9BF9-B3F65890E006}.exe

Filesize
408KB

MD5
fb308782bbce458dcd87c4765ba6098b

SHA1
a4ea1381e44294d968e606ee8d78430ad82c171a

SHA256
1a78cefc174fc0dd43db6d3b5129d4c25925424573647c15f36416075a199c3a

SHA512
fa071ffa00eb7bc72e5a4120ad248c0855930c488b89f391c1dfa993ba09b4deaf5f91069abaf0fb89a31349751cfae7eefe15dbce94f90eda17488fa3ebfe2b

Download Submit
memory/924-169-0x0000022F09F70000-0x0000022F09F80000-memory.dmp

Filesize
64KB

Download
memory/924-202-0x0000022F121A0000-0x0000022F121A1000-memory.dmp

Filesize
4KB

Download
memory/924-205-0x0000022F120E0000-0x0000022F120E1000-memory.dmp

Filesize
4KB

Download
memory/924-199-0x0000022F121B0000-0x0000022F121B1000-memory.dmp

Filesize
4KB

Download
memory/924-217-0x0000022F122E0000-0x0000022F122E1000-memory.dmp

Filesize
4KB

Download
memory/924-219-0x0000022F122F0000-0x0000022F122F1000-memory.dmp

Filesize
4KB

Download
memory/924-220-0x0000022F122F0000-0x0000022F122F1000-memory.dmp

Filesize
4KB

Download
memory/924-221-0x0000022F12400000-0x0000022F12401000-memory.dmp

Filesize
4KB

Download
memory/924-197-0x0000022F121A0000-0x0000022F121A1000-memory.dmp

Filesize
4KB

Download
memory/924-196-0x0000022F121B0000-0x0000022F121B1000-memory.dmp

Filesize
4KB

Download
memory/924-195-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-194-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-193-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-192-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-191-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-190-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-189-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-188-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-187-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-186-0x0000022F12580000-0x0000022F12581000-memory.dmp

Filesize
4KB

Download
memory/924-185-0x0000022F12560000-0x0000022F12561000-memory.dmp

Filesize
4KB

Download
memory/924-153-0x0000022F09E70000-0x0000022F09E80000-memory.dmp

Filesize
64KB

Download