7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350

Analysis

max time kernel
592s
max time network
367s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bat_To_Exe_Converter.exe
Size

444KB
MD5

76d5900a4adf4c1f2ab8dbfd0a450c4a
SHA1

6177a27416519564ecb5d38093d61c9a81d3c290
SHA256

7adc1f7ff040628a600f99465bd70e71ad83fecfe60b0f1dadc84b5d262ff350
SHA512

286b05ff09d4e85856c251d56902486738d9b2457d9a56ea8a449195b349f2718816099f4602efba88dad592dd6cecefcd0748382888c3026dd585b3e46f0c6e
SSDEEP

12288:iYicHMPMDp8WrZtzlqQMB/FS/CiUF7RAfoSBjF:viuMPMDp8mtzbMFFS/CzKF

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 13 IoCs

pid	Process
1928	upx.exe
2824	upx.exe
1276	fun.exe
1992	fun.exe
2024	upx.exe
2248	fun.exe
1592	upx.exe
2680	fun.exe
1912	upx.exe
1128	fun.exe
1640	upx.exe
2420	upx.exe
2204	upx.exe

Loads dropped DLL 16 IoCs

pid	Process
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-4-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/2000-5-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/2000-14-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/2000-15-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/files/0x000b000000012274-53.dat	upx
behavioral1/files/0x000b000000012274-60.dat	upx
behavioral1/memory/2000-59-0x0000000004F10000-0x000000000508E000-memory.dmp	upx
behavioral1/files/0x000b000000012274-58.dat	upx
behavioral1/files/0x000b000000012274-55.dat	upx
behavioral1/memory/1928-62-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/1928-68-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/2000-70-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/files/0x000b000000012274-110.dat	upx
behavioral1/memory/2000-116-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/files/0x000b000000012274-112.dat	upx
behavioral1/memory/2824-124-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/files/0x0010000000016c3c-126.dat	upx
behavioral1/files/0x0010000000016c3c-120.dat	upx
behavioral1/files/0x000b000000012274-117.dat	upx
behavioral1/files/0x0010000000016c3c-127.dat	upx
behavioral1/memory/1276-128-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/2000-129-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/1276-130-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x0010000000016c3c-131.dat	upx
behavioral1/memory/1992-135-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000b000000012274-166.dat	upx
behavioral1/files/0x000b000000012274-172.dat	upx
behavioral1/memory/2000-173-0x0000000003A80000-0x0000000003BFE000-memory.dmp	upx
behavioral1/files/0x000b000000012274-168.dat	upx
behavioral1/memory/2024-181-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/2024-174-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/files/0x0010000000016c3c-183.dat	upx
behavioral1/memory/2000-184-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/2248-185-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x0010000000016c3c-188.dat	upx
behavioral1/files/0x000b000000012274-229.dat	upx
behavioral1/files/0x000b000000012274-225.dat	upx
behavioral1/files/0x000b000000012274-223.dat	upx
behavioral1/memory/1592-232-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/1592-237-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/files/0x000c000000016cb4-238.dat	upx
behavioral1/memory/2000-230-0x0000000003A80000-0x0000000003BFE000-memory.dmp	upx
behavioral1/memory/2000-239-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/files/0x000c000000016cb4-240.dat	upx
behavioral1/memory/2680-241-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/2680-242-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000c000000016cb4-255.dat	upx
behavioral1/files/0x000b000000012274-300.dat	upx
behavioral1/files/0x000b000000012274-296.dat	upx
behavioral1/files/0x000b000000012274-294.dat	upx
behavioral1/memory/1912-302-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/memory/1912-308-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/files/0x000b000000016cf0-304.dat	upx
behavioral1/files/0x000b000000016cf0-309.dat	upx
behavioral1/files/0x000b000000016cf0-310.dat	upx
behavioral1/memory/2000-311-0x0000000000400000-0x00000000004FA000-memory.dmp	upx
behavioral1/memory/1128-312-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/1128-313-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/files/0x000b000000016cf0-314.dat	upx
behavioral1/memory/2000-317-0x0000000003B80000-0x0000000003CFE000-memory.dmp	upx
behavioral1/files/0x000b000000012274-363.dat	upx
behavioral1/files/0x000b000000012274-365.dat	upx
behavioral1/memory/1640-372-0x0000000000400000-0x000000000057E000-memory.dmp	upx
behavioral1/files/0x000b000000012274-370.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 47 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_Classes\Local Settings	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Bat_To_Exe_Converter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Bat_To_Exe_Converter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Bat_To_Exe_Converter.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Bat_To_Exe_Converter.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Bat_To_Exe_Converter.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	Bat_To_Exe_Converter.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Bat_To_Exe_Converter.exe

Opens file in notepad (likely ransom note) 5 IoCs

ransomware

pid	Process
2672	NOTEPAD.EXE
2072	NOTEPAD.EXE
3032	NOTEPAD.EXE
2264	NOTEPAD.EXE
1812	NOTEPAD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2000	Bat_To_Exe_Converter.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	Bat_To_Exe_Converter.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe
2000	Bat_To_Exe_Converter.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1928	2000	Bat_To_Exe_Converter.exe	35
PID 2000 wrote to memory of 1928	2000	Bat_To_Exe_Converter.exe	35
PID 2000 wrote to memory of 1928	2000	Bat_To_Exe_Converter.exe	35
PID 2000 wrote to memory of 1928	2000	Bat_To_Exe_Converter.exe	35
PID 2000 wrote to memory of 2824	2000	Bat_To_Exe_Converter.exe	36
PID 2000 wrote to memory of 2824	2000	Bat_To_Exe_Converter.exe	36
PID 2000 wrote to memory of 2824	2000	Bat_To_Exe_Converter.exe	36
PID 2000 wrote to memory of 2824	2000	Bat_To_Exe_Converter.exe	36
PID 2000 wrote to memory of 2024	2000	Bat_To_Exe_Converter.exe	42
PID 2000 wrote to memory of 2024	2000	Bat_To_Exe_Converter.exe	42
PID 2000 wrote to memory of 2024	2000	Bat_To_Exe_Converter.exe	42
PID 2000 wrote to memory of 2024	2000	Bat_To_Exe_Converter.exe	42
PID 2000 wrote to memory of 1592	2000	Bat_To_Exe_Converter.exe	46
PID 2000 wrote to memory of 1592	2000	Bat_To_Exe_Converter.exe	46
PID 2000 wrote to memory of 1592	2000	Bat_To_Exe_Converter.exe	46
PID 2000 wrote to memory of 1592	2000	Bat_To_Exe_Converter.exe	46
PID 2000 wrote to memory of 1912	2000	Bat_To_Exe_Converter.exe	51
PID 2000 wrote to memory of 1912	2000	Bat_To_Exe_Converter.exe	51
PID 2000 wrote to memory of 1912	2000	Bat_To_Exe_Converter.exe	51
PID 2000 wrote to memory of 1912	2000	Bat_To_Exe_Converter.exe	51
PID 2580 wrote to memory of 2820	2580	cmd.exe	64
PID 2580 wrote to memory of 2820	2580	cmd.exe	64
PID 2580 wrote to memory of 2820	2580	cmd.exe	64
PID 2000 wrote to memory of 1640	2000	Bat_To_Exe_Converter.exe	66
PID 2000 wrote to memory of 1640	2000	Bat_To_Exe_Converter.exe	66
PID 2000 wrote to memory of 1640	2000	Bat_To_Exe_Converter.exe	66
PID 2000 wrote to memory of 1640	2000	Bat_To_Exe_Converter.exe	66
PID 2000 wrote to memory of 2420	2000	Bat_To_Exe_Converter.exe	67
PID 2000 wrote to memory of 2420	2000	Bat_To_Exe_Converter.exe	67
PID 2000 wrote to memory of 2420	2000	Bat_To_Exe_Converter.exe	67
PID 2000 wrote to memory of 2420	2000	Bat_To_Exe_Converter.exe	67
PID 2000 wrote to memory of 2204	2000	Bat_To_Exe_Converter.exe	69
PID 2000 wrote to memory of 2204	2000	Bat_To_Exe_Converter.exe	69
PID 2000 wrote to memory of 2204	2000	Bat_To_Exe_Converter.exe	69
PID 2000 wrote to memory of 2204	2000	Bat_To_Exe_Converter.exe	69

C:\Users\Admin\AppData\Local\Temp\Bat_To_Exe_Converter.exe
"C:\Users\Admin\AppData\Local\Temp\Bat_To_Exe_Converter.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe
  "C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe" --lzma --best "C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp"
  2⤵
  - Executes dropped EXE
  PID:2204

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:3032

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2792

C:\Users\Admin\Desktop\fun.exe
"C:\Users\Admin\Desktop\fun.exe"
1⤵
- Executes dropped EXE
PID:1276

C:\Users\Admin\Desktop\fun.exe
"C:\Users\Admin\Desktop\fun.exe"
1⤵
- Executes dropped EXE
PID:1992

C:\Users\Admin\Desktop\fun.exe
"C:\Users\Admin\Desktop\fun.exe"
1⤵
- Executes dropped EXE
PID:2248

C:\Users\Admin\Desktop\fun.exe
"C:\Users\Admin\Desktop\fun.exe"
1⤵
- Executes dropped EXE
PID:2680

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:2264

C:\Users\Admin\Desktop\fun.exe
"C:\Users\Admin\Desktop\fun.exe"
1⤵
- Executes dropped EXE
PID:1128

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\fun.bat" "
1⤵
PID:2208

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:1812

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\fun.bat" "
1⤵
PID:1548

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:2672

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Desktop\fun.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2820

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2312

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\fun.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX18D7.tmp

Filesize
35KB

MD5
0bf109d2d6331cf428dd40ffd648f71f

SHA1
10a46dc3d77b03dfe59433cee3c1d36a8a08c1f8

SHA256
bafc74f0b8e2a0b9f8cd5854243e5c4043732e4f4104e70a4e5ac56c229a2e7d

SHA512
e9c07f135e90f8dedbe524bdf1a62b1aea7723e20d710c26d979616f3ba8e3f6f68f01cd67f9819eab52a6a4651b9063a00a325e1da3db61101fbc71d39bebbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX3A8B.tmp

Filesize
34KB

MD5
621a10d3c93442866a7450d02ab3a5db

SHA1
2aab4d8e8bd828399af965f2998c87cceb86dd40

SHA256
4846d48597ae3822427a0d0709ee8228ca7d8f42bef385c1c95249370de613a4

SHA512
805c864d3208327100ead05a7d1c83222998e7c020d9c56d3ac177f13745bceb3d04c85e9ae4f30a942ee072da5ca125993fc4166522365c66b8a8c5d537438a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCX729E.tmp

Filesize
34KB

MD5
2440505843e4f48090c02279a15c45e4

SHA1
dbdebb359fed4b42b27b73e3f05353c8d0d37fc3

SHA256
6eb43b5174debeb8a8e6b9b33a1bc00f4779317aad9463affa132874f4022d19

SHA512
862e5eabe56011cdd5820f933d66fd86950b83ba876b7ba4d0e71e21ff834c11c7aa6ee832b53c6c3a61d78dd626bffc0446943b715235b02c159f336d6be575

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXA350.tmp

Filesize
35KB

MD5
d2983a8ce29b8f10ec9d89e433dae100

SHA1
97d43cac5d5a46df7df2eda55bdfe4d42aed45af

SHA256
e47e0869b1473bac1eb1cb9ef6fa8c4c0ead30c08bf7031468bc919c7a7d4470

SHA512
ac2fdcfff99d51ee8d62306bc069dee256148f85f3ef82621f1dc6055fc821e95d03db9ddeb9ac03d4cf1a09532e1a093b34185c5bacfb0f75b245be30b92e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXA3BF.tmp

Filesize
35KB

MD5
c16b92e31c8b62af0ffa58cd2c6e74a1

SHA1
8b29c8dfa14c18f17fcab6f6d5ba449e9295f0bb

SHA256
2abb11ce899a391bc821b539b18f106de65502597712d2fca0aedb7dc27909fb

SHA512
dd38417b847a06a3ad428e4f85a6d4747384725f97ad3399c042098d39ab5ee85535c479fe016166d79f389b951447fbb0acc4d775abc94be920fbb8b9f4978e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXA3C0.tmp

Filesize
36KB

MD5
98ea2f1e6410e0ec6bb98b5646258b53

SHA1
9f5cc5d183e5262679fe066c9dc66a9bee3c97d0

SHA256
0cfc3d40c7b36550abbf691539e6c9c51d0bd9eb1de35a582baf05966bfecb5b

SHA512
e3264e63d651186ea4ad80a3519c8535813142b502b2fdff18815bdb97b3be8b94bd807ae06e3e79d3fa5b4e66561685cdfddef488c6d607e4919cf581dbbb88

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB867.tmp

Filesize
34KB

MD5
5c81ca19ab8a95f3f93425469adf9b9b

SHA1
155b1c3b1854ede31ae6303cc247a7efaf9a86ae

SHA256
2fa22fd606f08827257be9573587e10d940aa6a68ad9afc5a44278ed4278e91c

SHA512
576c82d0876329b811382d8a03129dc1ffdca766eead777c58aca879c4b7101a2b7366d781514a21640ded7316d3ca9bd224645146757d3b77628a3c3c212bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB8E6.tmp

Filesize
35KB

MD5
917803c6dfd403c09239b85821401559

SHA1
cced8d30570413105aab8de966384fb0f2648c6a

SHA256
fa25f3296389e6af7d3bfeab929c015295ddaf995c16c18c62897ea1b83ff0cc

SHA512
b5b2fdf71b9559d275c64409829fdb8c7546ce0eee4dc01a66c3f539d0df0019d6f17a1e9bc4fa3fc6940cafe8f5c8e35b11e81e1dfc862a1505e741327a0a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RCXB8E7.tmp

Filesize
35KB

MD5
299e59b1be8fb3e11ee9edf2d00bfb5c

SHA1
f622521b5ec6b8d4357801bdcdb3193abc8a26c1

SHA256
246755afd534ab3d1fba7a9d7a38537c19e63fc2902e7f6fa41ceea85afa6871

SHA512
a8e655dd2f3db382ee57278e2c036fa2e2ba403dbbcff9914cc6eb08ab169005fade54da405348b96ff3c953d0acd2087feec56541511c24662876e0cc34c23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
35KB

MD5
edd693057bd90ba26d6825c5a0e5d764

SHA1
5a96046250e2e78f259c3897b0bf305fba096d5c

SHA256
3cacb1da690fb6dd09796c8157c95502f8b4c0bd5eb7bf046c6945fb2f53c953

SHA512
eacc108c73ec5e27acf22886f28fd9adbb0f58742439b00321bd221085782b9b12996cd2a24b257cb3597a5763bd4f41b4a566443b7046cdf68599b2b8eebe86

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
35KB

MD5
edd693057bd90ba26d6825c5a0e5d764

SHA1
5a96046250e2e78f259c3897b0bf305fba096d5c

SHA256
3cacb1da690fb6dd09796c8157c95502f8b4c0bd5eb7bf046c6945fb2f53c953

SHA512
eacc108c73ec5e27acf22886f28fd9adbb0f58742439b00321bd221085782b9b12996cd2a24b257cb3597a5763bd4f41b4a566443b7046cdf68599b2b8eebe86

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
35KB

MD5
edd693057bd90ba26d6825c5a0e5d764

SHA1
5a96046250e2e78f259c3897b0bf305fba096d5c

SHA256
3cacb1da690fb6dd09796c8157c95502f8b4c0bd5eb7bf046c6945fb2f53c953

SHA512
eacc108c73ec5e27acf22886f28fd9adbb0f58742439b00321bd221085782b9b12996cd2a24b257cb3597a5763bd4f41b4a566443b7046cdf68599b2b8eebe86

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
35KB

MD5
edd693057bd90ba26d6825c5a0e5d764

SHA1
5a96046250e2e78f259c3897b0bf305fba096d5c

SHA256
3cacb1da690fb6dd09796c8157c95502f8b4c0bd5eb7bf046c6945fb2f53c953

SHA512
eacc108c73ec5e27acf22886f28fd9adbb0f58742439b00321bd221085782b9b12996cd2a24b257cb3597a5763bd4f41b4a566443b7046cdf68599b2b8eebe86

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
34KB

MD5
d2d1641a86d6a535b3822970b05f11af

SHA1
2b3e160b08a411a90f115fab715a16786b564184

SHA256
00c16a8578cf71d02632809858ae900471b292c4ab63cd13464bd80f587b81a6

SHA512
4f9538a908128a2f88ce32ca12b9fba9eb66c616f94af2931f0659ce77893aba655844869da0abb7cf0017b8789b806a10eebcf52e8a1619ad8649ecfa7e2595

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.tmp

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.upx

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\AppData\Local\Temp\exeA48A.upx

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
C:\Users\Admin\Desktop\fun.bat

Filesize
35B

MD5
4a4b1c3b6285bb454b12db38574d3d9b

SHA1
1004e32d49fdaf0df6579f64ba8a4e24d2d0adc8

SHA256
f0a12829eaa716b8dcbd37ea5f5dce756b27f77d2236ea0c56bdb071e35eb9fe

SHA512
2c8427c8e1f19ef7c8b4141b168dbecccf5c0abb507013bd1608093abbf62a422876896a1b416ee0413153af328299f9a7ee917acb5366dc43efa0cff087157a

Download Submit
C:\Users\Admin\Desktop\fun.bat

Filesize
16B

MD5
ff9aac9ad63221ae00e93a4226e8d538

SHA1
cdd35e4849a26e55fcd393ee478ec73b6c3086b1

SHA256
4ed2360c474da2cd937cd9ca8e7d501afc95e59e20386ad88db18b32ce572621

SHA512
a564594cd1fc7e7e535f5832b2ea4ad10e3da32c073164445811a46a0d3c717de155d8e664f119cf871db55dc24d62465e94c638e0675ec942b0f56e7b3998fa

Download Submit
C:\Users\Admin\Desktop\fun.bat

Filesize
44B

MD5
eb3172a4f2b55f77703c07016b18ad98

SHA1
4f754ac814f5ba616948161c223293379ca8d1a8

SHA256
2ef3d3d67f3ed58a1693c3778032c635c501e5f7e8c6f1c39e578594f6ecce20

SHA512
e895ae1faba45215001a9bbf3cb0f2cfe1ef5b67011b123ff926c067c7745f2162e31394160c7a8b937757788982b7d8fb2836cd905b4785c85a48eca9d7bdea

Download Submit
C:\Users\Admin\Desktop\fun.bat

Filesize
50B

MD5
a597f69e7d82bde314e42595933cfaea

SHA1
9af79022b781447f7bca9cf477c5d97f5fab8e38

SHA256
d2d90bb90e8e1bc3133a566b9d1e8b2ad1d70428c2fe3eb32c4536ff97f4124b

SHA512
450e08b30364958c3056df82a3ef8dbc80a9797c13d380eff87765193a9def02ee6d6f0ada75ba86620597304c0de4528f8f25aeca45104d10c197913683a2e1

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
20KB

MD5
fbc8d470398b6e46ad257f077bd691f0

SHA1
c916f5fd2775e618a872e63dc971ade26678f1b7

SHA256
f32ae244b5b350a5b21526c3aea049d0a06b0d4634abd67106c1fc91e636d595

SHA512
7febc4067fc14603e664f234c98b1d4adf6798ce29ddc5e5c5a64fb3ad5914340e27cd30d8fbd954c7dd3fc69a43d6f1d3f2b528b83077d3dab78cca1cb80592

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
C:\Users\Admin\Desktop\fun.exe

Filesize
21KB

MD5
f866723f7256ecaa34cde71cf36f36ce

SHA1
733e0e8186501052c0a6c059087a9bc1714cb03f

SHA256
48bd28b509ad4bffa0543f2dcf4a0981300aee270dc333524d2401943352dba4

SHA512
1fb2df8120335618897ac26e7a13d28278fe5ccdbc8af6a973bf23a2e7abfb1fe5a2762a4ec9faf1bdb63fa7624be794239539195721f52b7b61240bddc99696

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
\Users\Admin\AppData\Local\Temp\A489.tmp\upx.exe

Filesize
283KB

MD5
308f709a8f01371a6dd088a793e65a5f

SHA1
a07c073d807ab0119b090821ee29edaae481e530

SHA256
c0f9faffdf14ab2c853880457be19a237b10f8986755f184ecfe21670076cb35

SHA512
c107f1af768d533d02fb82ae2ed5c126c63b53b11a2e5a5bbf45e396cb7796ca4e7984ce969b487ad38d817f4d4366e7953fb555b279aa019ffb5d1bbba57e28

Download Submit
memory/1128-312-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1128-313-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1276-128-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1276-130-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1592-232-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1592-237-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1640-378-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1640-372-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1912-302-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1912-308-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1928-62-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1928-68-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/1992-135-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2000-125-0x00000000049F0000-0x0000000004B6E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-15-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-301-0x0000000003B80000-0x0000000003CFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-119-0x00000000049F0000-0x0000000004B6E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-70-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-69-0x0000000004F10000-0x000000000508E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-59-0x0000000004F10000-0x000000000508E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-311-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-184-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-187-0x0000000003A80000-0x0000000003BFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-5-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-316-0x0000000003B80000-0x0000000003CFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-317-0x0000000003B80000-0x0000000003CFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-230-0x0000000003A80000-0x0000000003BFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-4-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-466-0x0000000005220000-0x000000000539E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-239-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-478-0x0000000005220000-0x000000000539E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-11-0x0000000004540000-0x0000000004541000-memory.dmp

Filesize
4KB

Download
memory/2000-369-0x0000000003C80000-0x0000000003DFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-182-0x0000000003A80000-0x0000000003BFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-116-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-133-0x00000000049F0000-0x0000000004B6E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-16-0x0000000004540000-0x0000000004541000-memory.dmp

Filesize
4KB

Download
memory/2000-134-0x00000000049F0000-0x0000000004B6E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-379-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-173-0x0000000003A80000-0x0000000003BFE000-memory.dmp

Filesize
1.5MB

Download
memory/2000-129-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-72-0x0000000004F10000-0x000000000508E000-memory.dmp

Filesize
1.5MB

Download
memory/2000-12-0x0000000004560000-0x0000000004562000-memory.dmp

Filesize
8KB

Download
memory/2000-429-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-14-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2000-428-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2024-181-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2024-174-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2204-479-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2204-469-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2248-185-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2420-427-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2420-420-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/2680-242-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2680-241-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2824-124-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download