677bf52adde8759ee8f4998029f615015b50a0291c8dce3300ae03e121e01e3f

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2023, 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec5d9a3c116ac4exeexeexeex.exe
Size

204KB
MD5

ec5d9a3c116ac4621536d47bcd78d33c
SHA1

f1aa9b558f7b3f0ab22f8ab11fa5b8cfee072471
SHA256

677bf52adde8759ee8f4998029f615015b50a0291c8dce3300ae03e121e01e3f
SHA512

281300be75c854a7745d07c898761a686ec7cabaf6691dcb42e54efc4ed6415d96cb8c0322062391abc3dd4534d9c81e0ee7d81850593fff565f9e6a3868d106
SSDEEP

1536:1EGh0oql15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oql1OPOe2MUVg3Ve+rXfMUy

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 24 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}\stubpath = "C:\\Windows\\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe"	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC5ECBF2-564B-4a0f-A346-2EE111956892}	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}	ec5d9a3c116ac4exeexeexeex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86C0A813-B840-4b2d-93EB-B1E9A3591802}	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{245E13F1-EE80-48ec-89F6-046DE64A4695}\stubpath = "C:\\Windows\\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe"	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{879FB162-8ADE-4be0-8912-A93511A77D3A}	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{AC5ECBF2-564B-4a0f-A346-2EE111956892}\stubpath = "C:\\Windows\\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe"	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}\stubpath = "C:\\Windows\\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe"	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}\stubpath = "C:\\Windows\\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe"	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}	{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}\stubpath = "C:\\Windows\\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe"	{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{879FB162-8ADE-4be0-8912-A93511A77D3A}\stubpath = "C:\\Windows\\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe"	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}\stubpath = "C:\\Windows\\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe"	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{86C0A813-B840-4b2d-93EB-B1E9A3591802}\stubpath = "C:\\Windows\\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe"	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}\stubpath = "C:\\Windows\\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe"	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}\stubpath = "C:\\Windows\\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe"	ec5d9a3c116ac4exeexeexeex.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{245E13F1-EE80-48ec-89F6-046DE64A4695}	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}\stubpath = "C:\\Windows\\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe"	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe

Executes dropped EXE 12 IoCs

pid	Process
4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe
1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
812	{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
4808	{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File created	C:\Windows\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	ec5d9a3c116ac4exeexeexeex.exe
File created	C:\Windows\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
File created	C:\Windows\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
File created	C:\Windows\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
File created	C:\Windows\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe	{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
File created	C:\Windows\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
File created	C:\Windows\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
File created	C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
File created	C:\Windows\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
File created	C:\Windows\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
File created	C:\Windows\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
File created	C:\Windows\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	432	ec5d9a3c116ac4exeexeexeex.exe
Token: SeIncBasePriorityPrivilege	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
Token: SeIncBasePriorityPrivilege	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
Token: SeIncBasePriorityPrivilege	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
Token: SeIncBasePriorityPrivilege	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
Token: SeManageVolumePrivilege	4240	svchost.exe
Token: SeIncBasePriorityPrivilege	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
Token: SeIncBasePriorityPrivilege	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
Token: SeIncBasePriorityPrivilege	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
Token: SeIncBasePriorityPrivilege	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe
Token: SeIncBasePriorityPrivilege	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
Token: SeIncBasePriorityPrivilege	4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
Token: SeIncBasePriorityPrivilege	812	{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4740	432	ec5d9a3c116ac4exeexeexeex.exe	93
PID 432 wrote to memory of 4740	432	ec5d9a3c116ac4exeexeexeex.exe	93
PID 432 wrote to memory of 4740	432	ec5d9a3c116ac4exeexeexeex.exe	93
PID 432 wrote to memory of 3548	432	ec5d9a3c116ac4exeexeexeex.exe	94
PID 432 wrote to memory of 3548	432	ec5d9a3c116ac4exeexeexeex.exe	94
PID 432 wrote to memory of 3548	432	ec5d9a3c116ac4exeexeexeex.exe	94
PID 4740 wrote to memory of 4128	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	99
PID 4740 wrote to memory of 4128	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	99
PID 4740 wrote to memory of 4128	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	99
PID 4740 wrote to memory of 4300	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	100
PID 4740 wrote to memory of 4300	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	100
PID 4740 wrote to memory of 4300	4740	{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe	100
PID 4128 wrote to memory of 3264	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	102
PID 4128 wrote to memory of 3264	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	102
PID 4128 wrote to memory of 3264	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	102
PID 4128 wrote to memory of 2312	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	103
PID 4128 wrote to memory of 2312	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	103
PID 4128 wrote to memory of 2312	4128	{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe	103
PID 3264 wrote to memory of 4300	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	104
PID 3264 wrote to memory of 4300	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	104
PID 3264 wrote to memory of 4300	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	104
PID 3264 wrote to memory of 1764	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	105
PID 3264 wrote to memory of 1764	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	105
PID 3264 wrote to memory of 1764	3264	{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe	105
PID 4300 wrote to memory of 1208	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	106
PID 4300 wrote to memory of 1208	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	106
PID 4300 wrote to memory of 1208	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	106
PID 4300 wrote to memory of 4976	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	107
PID 4300 wrote to memory of 4976	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	107
PID 4300 wrote to memory of 4976	4300	{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe	107
PID 1208 wrote to memory of 2484	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	113
PID 1208 wrote to memory of 2484	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	113
PID 1208 wrote to memory of 2484	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	113
PID 1208 wrote to memory of 3724	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	114
PID 1208 wrote to memory of 3724	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	114
PID 1208 wrote to memory of 3724	1208	{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe	114
PID 2484 wrote to memory of 4752	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	116
PID 2484 wrote to memory of 4752	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	116
PID 2484 wrote to memory of 4752	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	116
PID 2484 wrote to memory of 4760	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	117
PID 2484 wrote to memory of 4760	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	117
PID 2484 wrote to memory of 4760	2484	{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe	117
PID 4752 wrote to memory of 2668	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	119
PID 4752 wrote to memory of 2668	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	119
PID 4752 wrote to memory of 2668	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	119
PID 4752 wrote to memory of 4312	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	120
PID 4752 wrote to memory of 4312	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	120
PID 4752 wrote to memory of 4312	4752	{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe	120
PID 2668 wrote to memory of 1248	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	121
PID 2668 wrote to memory of 1248	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	121
PID 2668 wrote to memory of 1248	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	121
PID 2668 wrote to memory of 1804	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	122
PID 2668 wrote to memory of 1804	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	122
PID 2668 wrote to memory of 1804	2668	{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe	122
PID 1248 wrote to memory of 4484	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	123
PID 1248 wrote to memory of 4484	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	123
PID 1248 wrote to memory of 4484	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	123
PID 1248 wrote to memory of 4936	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	124
PID 1248 wrote to memory of 4936	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	124
PID 1248 wrote to memory of 4936	1248	{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe	124
PID 4484 wrote to memory of 812	4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe	125
PID 4484 wrote to memory of 812	4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe	125
PID 4484 wrote to memory of 812	4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe	125
PID 4484 wrote to memory of 4980	4484	{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe	126

C:\Users\Admin\AppData\Local\Temp\ec5d9a3c116ac4exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\ec5d9a3c116ac4exeexeexeex.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:432
- C:\Windows\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
  C:\Windows\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe
  2⤵
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4740
- - C:\Windows\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
    C:\Windows\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe
    3⤵
    - Modifies Installed Components in the registry
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4128
  - - C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
      C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe
      4⤵
      Modifies Installed Components in the registry
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3264
    - - C:\Windows\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
        
        C:\Windows\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe
        5⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4300
      - C:\Windows\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
        
        C:\Windows\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1208
        
        C:\Windows\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
        
        C:\Windows\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe
        7⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
        
        C:\Windows\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe
        8⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4752
        
        C:\Windows\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe
        
        C:\Windows\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe
        9⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2668
        
        C:\Windows\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
        
        C:\Windows\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe
        10⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1248
        
        C:\Windows\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
        
        C:\Windows\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe
        11⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4484
        
        C:\Windows\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
        
        C:\Windows\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe
        12⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:812
        
        C:\Windows\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe
        
        C:\Windows\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe
        13⤵
        Executes dropped EXE
        
        PID:4808
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{2D616~1.EXE > nul
        13⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{AC5EC~1.EXE > nul
        12⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{53C74~1.EXE > nul
        11⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7C5A5~1.EXE > nul
        10⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7CB71~1.EXE > nul
        9⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DC9FF~1.EXE > nul
        8⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{DBF39~1.EXE > nul
        7⤵
        
        PID:3724
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{879FB~1.EXE > nul
        6⤵
        
        PID:4976
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c del C:\Windows\{245E1~1.EXE > nul
        5⤵
        
        PID:1764
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Windows\{86C0A~1.EXE > nul
      4⤵
      PID:2312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\{A51FE~1.EXE > nul
    3⤵
    PID:4300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\EC5D9A~1.EXE > nul
  2⤵
  PID:3548

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4208

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
beba28c0307c0a32ec5731ea406d967e

SHA1
9e1e02ed62e9b075de3475f12fae62f6a82da84e

SHA256
898c8561d7c1be09c785306eb8de48c516cb588c9fac3d1d6cf9f1f1907a6a86

SHA512
1a7659410dab9f9d325cfd9f886196d51e341a362f0721ea04c71792bf6d82db8f6876f36b1eb442a019737f14f77939f812d3856d4e6b7152790028ac7d5e12

Download Submit
C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe

Filesize
204KB

MD5
f1fa820c91a28098998338a3bfe1621d

SHA1
ffad09a47b1c7b86f423bb0dc30f039d26ea09ec

SHA256
0b4612681d8a4e0c871c4deb48c520b665c485617460eb9af968d1a8a26fa589

SHA512
1bffd7c24054f19087d85ead3ae63727fdf7d419d0ddc054ad092cff51becb91ff1f8a7b14e27aff8c8e51ece378d1d2a836a9e961e81a70e0e2a28f0b33e7f6

Download Submit
C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe

Filesize
204KB

MD5
f1fa820c91a28098998338a3bfe1621d

SHA1
ffad09a47b1c7b86f423bb0dc30f039d26ea09ec

SHA256
0b4612681d8a4e0c871c4deb48c520b665c485617460eb9af968d1a8a26fa589

SHA512
1bffd7c24054f19087d85ead3ae63727fdf7d419d0ddc054ad092cff51becb91ff1f8a7b14e27aff8c8e51ece378d1d2a836a9e961e81a70e0e2a28f0b33e7f6

Download Submit
C:\Windows\{245E13F1-EE80-48ec-89F6-046DE64A4695}.exe

Filesize
204KB

MD5
f1fa820c91a28098998338a3bfe1621d

SHA1
ffad09a47b1c7b86f423bb0dc30f039d26ea09ec

SHA256
0b4612681d8a4e0c871c4deb48c520b665c485617460eb9af968d1a8a26fa589

SHA512
1bffd7c24054f19087d85ead3ae63727fdf7d419d0ddc054ad092cff51becb91ff1f8a7b14e27aff8c8e51ece378d1d2a836a9e961e81a70e0e2a28f0b33e7f6

Download Submit
C:\Windows\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe

Filesize
204KB

MD5
3f254faa7cc50ccef4b97e0b4fddecdb

SHA1
8bc61182e79517da29a74b54bcf9238c2b61174e

SHA256
7d981b524a54214ea1fb919995c1c85796e12f0699ee9e80cbf647af3fa53f7c

SHA512
0c45c0f30998ace04ae5ad306816c5d7f2e67f6cc664f732c4b28d33a0d557361a7c5b51bbba075091b8856a87478bc93e80130e0c7aa6f6195cb8af6cc2d5b6

Download Submit
C:\Windows\{2D616E5B-5F4B-459c-A615-65FCA6F3D10F}.exe

Filesize
204KB

MD5
3f254faa7cc50ccef4b97e0b4fddecdb

SHA1
8bc61182e79517da29a74b54bcf9238c2b61174e

SHA256
7d981b524a54214ea1fb919995c1c85796e12f0699ee9e80cbf647af3fa53f7c

SHA512
0c45c0f30998ace04ae5ad306816c5d7f2e67f6cc664f732c4b28d33a0d557361a7c5b51bbba075091b8856a87478bc93e80130e0c7aa6f6195cb8af6cc2d5b6

Download Submit
C:\Windows\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe

Filesize
204KB

MD5
a7b6962cc580aadeaa3af9108c73b0e1

SHA1
05c65526bc710490305ad559e17840951b2adb65

SHA256
f87265557c4b6371ee5f136b737ab7a862f557164edbb31c48a60aae2c40cf09

SHA512
f0a21408952f324a032eee36656b098ef8df0ca7f710350c4457f8f4bfa7647f79bcd18a675bb74972f2c1945087b47669184104570ba49b41032c45b9dec105

Download Submit
C:\Windows\{53C74FDD-965B-4d67-B2AC-1D0CDC285AB1}.exe

Filesize
204KB

MD5
a7b6962cc580aadeaa3af9108c73b0e1

SHA1
05c65526bc710490305ad559e17840951b2adb65

SHA256
f87265557c4b6371ee5f136b737ab7a862f557164edbb31c48a60aae2c40cf09

SHA512
f0a21408952f324a032eee36656b098ef8df0ca7f710350c4457f8f4bfa7647f79bcd18a675bb74972f2c1945087b47669184104570ba49b41032c45b9dec105

Download Submit
C:\Windows\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe

Filesize
204KB

MD5
f99485773663c740b74e773c36831509

SHA1
374d478f450bbc8d115f9719f92eb24a8c5ea1be

SHA256
a3b4347ae7a316476437810008ed6824fcbead2e00fd8583479a1577756aeb6e

SHA512
7d9a00e620398e3169759988997f2c53edb224c560207b954e660f87a10ff86da4e411304b392a0059762671ea2116757f595da418a2af3683128d0aab535ad4

Download Submit
C:\Windows\{7C5A5280-8C9B-4cb0-A43F-41D038A002BE}.exe

Filesize
204KB

MD5
f99485773663c740b74e773c36831509

SHA1
374d478f450bbc8d115f9719f92eb24a8c5ea1be

SHA256
a3b4347ae7a316476437810008ed6824fcbead2e00fd8583479a1577756aeb6e

SHA512
7d9a00e620398e3169759988997f2c53edb224c560207b954e660f87a10ff86da4e411304b392a0059762671ea2116757f595da418a2af3683128d0aab535ad4

Download Submit
C:\Windows\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe

Filesize
204KB

MD5
599730e9f4a2ceae8b08cd083911d565

SHA1
8c956d2c52d46d96ac87aba527b86bbe45794120

SHA256
a8e427cb2142c3ec443ab7fcf6a5ab0732507e33d56dc76248abcf96c42607b3

SHA512
e1b1f4b943832c58c1cac97a81c2df02550e9e508af2c06693ecb01a5e1ea354a98e1a4c875be68eab94590a5e15d7ebbb7c495df667c226c3c315ea73e1cca4

Download Submit
C:\Windows\{7CB71173-6C69-4d9b-9D6C-38DAB8758C4A}.exe

Filesize
204KB

MD5
599730e9f4a2ceae8b08cd083911d565

SHA1
8c956d2c52d46d96ac87aba527b86bbe45794120

SHA256
a8e427cb2142c3ec443ab7fcf6a5ab0732507e33d56dc76248abcf96c42607b3

SHA512
e1b1f4b943832c58c1cac97a81c2df02550e9e508af2c06693ecb01a5e1ea354a98e1a4c875be68eab94590a5e15d7ebbb7c495df667c226c3c315ea73e1cca4

Download Submit
C:\Windows\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe

Filesize
204KB

MD5
ddd4d2ebace77a0c9fd77c0885a63a26

SHA1
581677fef3c6cf5112444f91ba44330705a29839

SHA256
4cff87263344d830d33188cfd5bd68a6d5bf420ed8e9d300bd956babce3e6fe7

SHA512
788907ef53f3eb15f154c811971cb576fdbc98b71429dcc95929e41ae5c18a3aa382f1a129e1768b42366643acbe4feab20269ddcf09e7c00d2d49bfb2903f62

Download Submit
C:\Windows\{86C0A813-B840-4b2d-93EB-B1E9A3591802}.exe

Filesize
204KB

MD5
ddd4d2ebace77a0c9fd77c0885a63a26

SHA1
581677fef3c6cf5112444f91ba44330705a29839

SHA256
4cff87263344d830d33188cfd5bd68a6d5bf420ed8e9d300bd956babce3e6fe7

SHA512
788907ef53f3eb15f154c811971cb576fdbc98b71429dcc95929e41ae5c18a3aa382f1a129e1768b42366643acbe4feab20269ddcf09e7c00d2d49bfb2903f62

Download Submit
C:\Windows\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe

Filesize
204KB

MD5
239dfeb72d959981d1e4bf663fcdcd91

SHA1
c35cd9e8a79d0d3c5775ea8702651f274fc6189b

SHA256
62544a75f155977b9ba96f7f5a2bd8eca0001b4fd6fea5810b7ba81ff3472817

SHA512
fd46b17eac1f5ff689fb1b965899b14bc66657fb72fd1eb1905c61104b548e382593f649779c273fd1e32a9f9232dd6881e1bc4cd501010ad624e4e3ed068737

Download Submit
C:\Windows\{879FB162-8ADE-4be0-8912-A93511A77D3A}.exe

Filesize
204KB

MD5
239dfeb72d959981d1e4bf663fcdcd91

SHA1
c35cd9e8a79d0d3c5775ea8702651f274fc6189b

SHA256
62544a75f155977b9ba96f7f5a2bd8eca0001b4fd6fea5810b7ba81ff3472817

SHA512
fd46b17eac1f5ff689fb1b965899b14bc66657fb72fd1eb1905c61104b548e382593f649779c273fd1e32a9f9232dd6881e1bc4cd501010ad624e4e3ed068737

Download Submit
C:\Windows\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe

Filesize
204KB

MD5
68c5c0510d47d551bfb3715913ca899e

SHA1
7aff42a9397bffd6b72db251450cf97aab99f545

SHA256
0669e950cb57b6fae463e43403b6cdbdc2a4d9382730db1996945821c04e8921

SHA512
3cd48c9ce35ac594662b154c8f727f35d545567506747529d89d4475166b5280c247e7c574a1ab4ee3e5608ba48d0d83d7067f9af4d1aba1586514d0b7cce99e

Download Submit
C:\Windows\{A51FE6CB-6E4D-4db4-8F30-38333D8B65CB}.exe

Filesize
204KB

MD5
68c5c0510d47d551bfb3715913ca899e

SHA1
7aff42a9397bffd6b72db251450cf97aab99f545

SHA256
0669e950cb57b6fae463e43403b6cdbdc2a4d9382730db1996945821c04e8921

SHA512
3cd48c9ce35ac594662b154c8f727f35d545567506747529d89d4475166b5280c247e7c574a1ab4ee3e5608ba48d0d83d7067f9af4d1aba1586514d0b7cce99e

Download Submit
C:\Windows\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe

Filesize
204KB

MD5
d17369c814ba5e13bb0d9e3df304ea2d

SHA1
16ca61b64c0e233b1d21796948a2c544aee190cd

SHA256
6ed7f57ffd542f8ceb894aaff2ba913c334c3fe304eded66ec5b76798961d9f6

SHA512
9bc73df74389a206a180e7f1db88e16ec11c16e2da50a39c393581b3a1727b879c3265eb4f865ffa0f87987fa2b1ec11e9a5757fe2076858edc36ac6796a2251

Download Submit
C:\Windows\{AC5ECBF2-564B-4a0f-A346-2EE111956892}.exe

Filesize
204KB

MD5
d17369c814ba5e13bb0d9e3df304ea2d

SHA1
16ca61b64c0e233b1d21796948a2c544aee190cd

SHA256
6ed7f57ffd542f8ceb894aaff2ba913c334c3fe304eded66ec5b76798961d9f6

SHA512
9bc73df74389a206a180e7f1db88e16ec11c16e2da50a39c393581b3a1727b879c3265eb4f865ffa0f87987fa2b1ec11e9a5757fe2076858edc36ac6796a2251

Download Submit
C:\Windows\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe

Filesize
204KB

MD5
25df9ee44717612f9019cee739ef161a

SHA1
75daa137b20870a1e508a6134cf09785e79749e8

SHA256
250f4908324d8b283906ba8e8956ab69eeaa8a773bc426bb997afad887186d9b

SHA512
857bbdcb44c05a562e6c0d39db6e1fab4aa11dd895ac34cdabc334950bd8e37943328b2eb74325abf9bd85376ad0c090d68a05ea48dab17959120686f8ab0d0b

Download Submit
C:\Windows\{B3BE6B00-EC52-49b2-8F5E-FE38BB2B253A}.exe

Filesize
204KB

MD5
25df9ee44717612f9019cee739ef161a

SHA1
75daa137b20870a1e508a6134cf09785e79749e8

SHA256
250f4908324d8b283906ba8e8956ab69eeaa8a773bc426bb997afad887186d9b

SHA512
857bbdcb44c05a562e6c0d39db6e1fab4aa11dd895ac34cdabc334950bd8e37943328b2eb74325abf9bd85376ad0c090d68a05ea48dab17959120686f8ab0d0b

Download Submit
C:\Windows\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe

Filesize
204KB

MD5
e6a779a6f2ef9c7270db299e23780202

SHA1
b43095b1d827a5ab2054968e1e6b6746c6ca3a87

SHA256
3ce660273be369e9a3bdb96edc1f2600b5d2fea18e8b53306b237797f549c90f

SHA512
e54d77ea08f05ea27bf3194563d7eb15fd2edb215a98f6bc8937eb8d2d9cf4ad6f01931a1d338d7b37acac403863c0e9ec56ef93df5a5535758be51ab5f2e094

Download Submit
C:\Windows\{DBF39D94-734D-4922-BA10-33A3AC3DE8C6}.exe

Filesize
204KB

MD5
e6a779a6f2ef9c7270db299e23780202

SHA1
b43095b1d827a5ab2054968e1e6b6746c6ca3a87

SHA256
3ce660273be369e9a3bdb96edc1f2600b5d2fea18e8b53306b237797f549c90f

SHA512
e54d77ea08f05ea27bf3194563d7eb15fd2edb215a98f6bc8937eb8d2d9cf4ad6f01931a1d338d7b37acac403863c0e9ec56ef93df5a5535758be51ab5f2e094

Download Submit
C:\Windows\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe

Filesize
204KB

MD5
1b7606c50b94b878a642ff0e280fbe2b

SHA1
e061376dd372a23d3bc11d2202527b848705d8fc

SHA256
66cbb0e03b034bccfb0737c1e9629dc6fae284b8287446c465b8f13545ee2b0b

SHA512
66a776b9ec2878b808481ad8f5ebadbc6c23766f29855553119050eec049f0c63e7b90dd4ad6109d858fac0a1d8e10d1bec7d436190697e179b3b85effbdd3fa

Download Submit
C:\Windows\{DC9FF620-6C4C-43a5-A6F3-E354EA521AB3}.exe

Filesize
204KB

MD5
1b7606c50b94b878a642ff0e280fbe2b

SHA1
e061376dd372a23d3bc11d2202527b848705d8fc

SHA256
66cbb0e03b034bccfb0737c1e9629dc6fae284b8287446c465b8f13545ee2b0b

SHA512
66a776b9ec2878b808481ad8f5ebadbc6c23766f29855553119050eec049f0c63e7b90dd4ad6109d858fac0a1d8e10d1bec7d436190697e179b3b85effbdd3fa

Download Submit
memory/4240-169-0x000001BA52F40000-0x000001BA52F50000-memory.dmp

Filesize
64KB

Download
memory/4240-202-0x000001BA5B130000-0x000001BA5B131000-memory.dmp

Filesize
4KB

Download
memory/4240-205-0x000001BA5B070000-0x000001BA5B071000-memory.dmp

Filesize
4KB

Download
memory/4240-199-0x000001BA5B140000-0x000001BA5B141000-memory.dmp

Filesize
4KB

Download
memory/4240-217-0x000001BA5B270000-0x000001BA5B271000-memory.dmp

Filesize
4KB

Download
memory/4240-219-0x000001BA5B280000-0x000001BA5B281000-memory.dmp

Filesize
4KB

Download
memory/4240-220-0x000001BA5B280000-0x000001BA5B281000-memory.dmp

Filesize
4KB

Download
memory/4240-221-0x000001BA5B390000-0x000001BA5B391000-memory.dmp

Filesize
4KB

Download
memory/4240-197-0x000001BA5B130000-0x000001BA5B131000-memory.dmp

Filesize
4KB

Download
memory/4240-196-0x000001BA5B140000-0x000001BA5B141000-memory.dmp

Filesize
4KB

Download
memory/4240-195-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-194-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-193-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-192-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-191-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-190-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-189-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-188-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-187-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-186-0x000001BA5B510000-0x000001BA5B511000-memory.dmp

Filesize
4KB

Download
memory/4240-185-0x000001BA5B4F0000-0x000001BA5B4F1000-memory.dmp

Filesize
4KB

Download
memory/4240-153-0x000001BA52E40000-0x000001BA52E50000-memory.dmp

Filesize
64KB

Download