c185dc1d2638559add025bffdea21300deb49ae349f765907c448ae462280572

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14-01-2024 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59ead0fdcacaacb879aa061415d178d2.exe
Size

574KB
MD5

59ead0fdcacaacb879aa061415d178d2
SHA1

48ae83f639d541b611214a90945383d0c824e076
SHA256

c185dc1d2638559add025bffdea21300deb49ae349f765907c448ae462280572
SHA512

07077dba45abba4a9e447d53f19b585686bdfba241106aeb9efa8ad50de5bf74bcb3d22ad00c2eb95f96bb6ab07b89bfd694340707dcd04a73e0829ee797affc
SSDEEP

12288:+8CLq9EYaWWO8OxCO8Tah1HPLeFGDx6zZwcoxJWucL8E4IcWznIYq3jIYMBlz1:+879E32xcoQGDxBcuWuI48IDiz1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2528	win.exe

Drops file in System32 directory 43 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AD83BF3-B27C-11EE-A7D5-D2C28B9FE739}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4AD83BF1-B27C-11EE-A7D5-D2C28B9FE739}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4AD83BF1-B27C-11EE-A7D5-D2C28B9FE739}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AD83BFC-B27C-11EE-A7D5-D2C28B9FE739}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\win.exe	59ead0fdcacaacb879aa061415d178d2.exe
File opened for modification	C:\Windows\win.exe	59ead0fdcacaacb879aa061415d178d2.exe
File created	C:\Windows\win.DLL	win.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Flags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807010000000e0001001d000700180002000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Version = "*"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Connection Wizard	win.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate = 500f600d8946da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6405FA99-6923-410A-9EB3-CC230261C5ED}\72-05-15-b6-37-df	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Count = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time = e807010000000e0001001d000600de01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411357607"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-05-15-b6-37-df	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807010000000e0001001d000300d60300000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Version = "*"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2300000023000000430300007b020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Flags = "512"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Software\Microsoft\Internet Explorer	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName = "Bing"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Software	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Recovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Time = e807010000000e0001001d0000007d03	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6405FA99-6923-410A-9EB3-CC230261C5ED}	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807010000000e0001001d000300970302000000e11a542af65b6546a8a3cfa9672e4291644ea2ef78b0d01189e400c04fc9e26e	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6405FA99-6923-410A-9EB3-CC230261C5ED}\WpadDecisionReason = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2528	win.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE
820	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
820	IEXPLORE.EXE
820	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2528	win.exe
2528	win.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 820	2528	win.exe	17
PID 2528 wrote to memory of 820	2528	win.exe	17
PID 2528 wrote to memory of 820	2528	win.exe	17
PID 2528 wrote to memory of 820	2528	win.exe	17
PID 820 wrote to memory of 948	820	IEXPLORE.EXE	18
PID 820 wrote to memory of 948	820	IEXPLORE.EXE	18
PID 820 wrote to memory of 948	820	IEXPLORE.EXE	18
PID 820 wrote to memory of 2788	820	IEXPLORE.EXE	19
PID 820 wrote to memory of 2788	820	IEXPLORE.EXE	19
PID 820 wrote to memory of 2788	820	IEXPLORE.EXE	19
PID 820 wrote to memory of 2788	820	IEXPLORE.EXE	19

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\59ead0fdcacaacb879aa061415d178d2.exe
"C:\Users\Admin\AppData\Local\Temp\59ead0fdcacaacb879aa061415d178d2.exe"
1⤵
- Drops file in Windows directory
PID:2156

C:\Windows\win.exe
C:\Windows\win.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    PID:948
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:820 CREDAT:275457 /prefetch:2
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
d6f78684a61545ac17c13a3ee99c72e6

SHA1
49b942b3306c35581899c4961992fe6f5e84c992

SHA256
1b81a2e28e509072224b6619c831baa69f7b82ebc498d9711e303a2144b98ec2

SHA512
9c0e32ed961fec9f2d725f3f9589a7a96b9c330cbe1df314574584d1d5fd8d117b3f747f4079aaa036148cad8a3baa3f346c97e5cbaebff8448209f841c4110d

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2c41474a1c1cecd850020b2eb5ff969

SHA1
db1624c121b5848410df9264373c55051411797b

SHA256
beebc84964a33751d9f6b50b8a8ea6c70626bc20a3d2d6b79ab959bad41f834c

SHA512
a477c9bed654cfdb8609437d7a00702589a16a3c1f21bc1ee2595a718268b7277c682c973bc763af60ab05d20fd98e382475e92e134d6b7c28ad876a2672ef91

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42e3e489d11411977d92113b0f13c4ba

SHA1
27b8501281adffc7f7d0c6abe0740afd887caadd

SHA256
36eae30c9c5001e1d6770d4ca80ff926f5111bab0a387f1709554394f657db9d

SHA512
090528b7ded3ad3924e051b0f213b0885da3f643541786b2f958b09e6b96cafc3a9c7d270e9ab4542eb63ad4dfa7047490e988717f118fac00a853b3d0da52ca

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
990fa060680d7d6b62485e64aeb8855a

SHA1
88ef79910789776743515ccb22b09f22686e7a37

SHA256
039cdb38df017297888613e4cd172aa6b17a81c7e47350f9dfb8336456cc2a84

SHA512
17235f883097caa25a875c49d793a5da6507e04f96422be3c6da4ed019a37bffd68c2ff28c665dce7c79ae5a8878ea3611384dcdca1eea9f6125aeef1fa08872

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c91f1519315c5fd9315218518c255090

SHA1
c22a3a3f95aca5bba7d873ebf635d63861dca707

SHA256
23d8287ad8fcc748f5a25cead0f7dd721d693ced5f0c01772e671917f9c29431

SHA512
f6e82339c8b929a0d17e8d39380ba5f171eebca974960e36aae0608ad6df24f3b47c01e3103e08465b6222616a14f9c7a22298c4f132e65f78c8bbc57d07dc2c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75848d80496a8ad61a4d16670e3bfcab

SHA1
43a429790a35bf0f919ea27a84f7bc18b537e532

SHA256
fa9e427125da0df822f19d221f702bc2526dabe017cf42949cdd366581004841

SHA512
7f3d3a0fb8c1a30a095a8bec1638b17a993d57054bcd60e15a40726af625acc93c7deb9fb28b8f1ea872ccf29b2f669da8e7ec91d4022be3a8e20a81c2b156b6

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ccc3b7039ef01812333e3e2cfb392f8

SHA1
bad5ed03e104d060fbb1e2257da8a3931990efd2

SHA256
8b12ff3774ed497b2b54f7fb203687eef8200a4239b3ecf9adf004c14741f8f7

SHA512
54448e2128e8d6cac9c4c9946693125672fb15405c29c7f568c2df7db455d992a08e8da2536ee1c0f43f6c83ae9743de2730b60b41ec28fda4bc89eab2c504e2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37b0d391ee1ec1cc563b8332abe11416

SHA1
36e30b26202d65fe019259a020e063b46dab42c7

SHA256
6fa2ea1c1d9a16c6785e1113a30e43a28d4691649cf345b48cb0d9b5ed34b6b1

SHA512
08e100ce00103fc8fafae67035bb7da3dee9da05495487ed12359b1af394422e4c25bff0adf8398e8f670b4da6ea0ce77d25123e666ea808a85ccf5599045b60

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
581b4412018ea8e1384724d875d10427

SHA1
1b686afab4a786e4c228ddf3725a42cef617b51b

SHA256
1ba30392bd9ef41ad43719389a7451648d83786669fceace6f65ac8eb4d736f4

SHA512
65a7f4fa9a3e5a44a77e2dc3f7be5b6f5435ff9fdf26c0cb8ac947499c7e186c2ff6d5b7c998de595e9e01e2311d3b354a071f95be53c59094ed07b975aee8aa

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01befb8919975a27496655ebc79f74f5

SHA1
67dbc66fe50f04c143a90467d815a1d323df5b31

SHA256
616531a49d97adbac2efe1557c3903af2f3402be5b74f26ed04d3f8bfefbd888

SHA512
f739fe2dfb42c1096fe7a6519fbf81ac59de12140855ce676c2c042ffb883308f96bc19e74ed9915f8482a8f4836d756f1384dcb44eb60ed5733f46cbd217c43

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73bd0a75d2e06db97c6fd0186af2f2f4

SHA1
5c172b70c662d6722b75d02a3b3cfdf158bd7346

SHA256
baff418592f3270a5c56042492948ad36bba423fe6aaa22cbf4fa99e3b7a040a

SHA512
cf9042e110515efc07119963a4c38249eb090f3f91f1000ed652fed3fbe3657979100828e5c77bcef9a50720f0a7e86d5fec00099c177bf59bd0df8870daa55b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a812615de239c0a0fec55240952d8b1d

SHA1
68834af69d9bba940fce33dcab99b7763953ec3b

SHA256
51057aff95dd44455972fd5911e36a6ea3d3fb7dd18fe25a187a25abf7054f23

SHA512
5b5f346a5ac7902ee07caa07729e810b901406e416d36d33e1e696dda2593ba531443d41a2f257789a71a94fe81f558494f8e0bb3b43476001750f950887c5d5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dc3b864aa960606e8885f15a4c1ad05

SHA1
145a6fa5cab7d32f315916952f188e6413300e8a

SHA256
8e45ca66de51f923960ee12f1cb9266a60374e163ad6cee989f0cd08e669edfb

SHA512
b4aea512edc6fa86c0df3202f61814f84aa0c843ad509eda1b2ec0658d58bf4b9e4f324c7b8f51480dbda4f1594c2c1c42ef002736b9ba5b634e6b9c8d9525dd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b5c55fc05074b4a0d6910e62296a14ad

SHA1
da873e43956ec823c3a9f02f007a4d97276ac236

SHA256
f66d772bac9f01870527787d69a6d669610456ccee51813e8976327bc5196b2a

SHA512
d3e7dc635e625173c4afb89f67004d78eb316a14d42d24acb3b52067d86591217df05c80be938df04bc88a2477027f1768866e9645abd01f5f7b8b5fa380f666

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\Tar1C48.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit
C:\Windows\Temp\wwwEB0.tmp

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
C:\Windows\Temp\wwwEB1.tmp

Filesize
216B

MD5
2ce792bc1394673282b741a25d6148a2

SHA1
5835c389ea0f0c1423fa26f98b84a875a11d19b1

SHA256
992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

SHA512
cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

Download Submit
C:\Windows\win.DLL

Filesize
45KB

MD5
3766ed0f5b4dc8954e785589999eb963

SHA1
45acb6401d6dec6cb2cc10351b3f45f99af991c3

SHA256
bfd74ed6fd1e3169c152d5dccda5a68e8389ce66e140af1edcc5f6d5afe636d2

SHA512
0a5a578e8f4b0da148b5a45c2c87de60d7980b37374f93b170dee3905c5bb348d3eae0c5c254ae09e9beb3f83e3c3c37bf90e84e41d9589d6e3c6517a0ffa61a

Download Submit
C:\Windows\win.exe

Filesize
56KB

MD5
d1e551ed5c74b9eac6ef45f436c17e39

SHA1
5161558c3696f47dd5b5acca23ad4cd5d40c5541

SHA256
a0935debcd13fa7782748d128080519b65171294fb113e4728b2124a64eaf3b6

SHA512
5aac349326b689664ba150da2bd340306eb1b7c555379deae04bb68f342a67b5603cba69938797c3e5fec96424dfadf3fa8edb079c9b57ad4ab830e284fbb33b

Download Submit
memory/2156-46-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-26-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-63-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-61-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-60-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-59-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-58-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-57-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-55-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-54-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-52-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-51-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-50-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-62-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-56-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-49-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-99-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/2156-48-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-47-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-53-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-44-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-43-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-41-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-39-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-37-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-36-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-35-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-34-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-33-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-32-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-29-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-28-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-27-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-64-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-25-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-17-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-16-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-15-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-14-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-13-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-7-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2156-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2156-5-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2156-4-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2156-2-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2156-45-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-42-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-40-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-38-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-31-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-30-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-18-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-19-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-21-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-22-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-0-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/2156-23-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-24-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-1-0x0000000000360000-0x00000000003B4000-memory.dmp

Filesize
336KB

Download
memory/2156-20-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-8-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2156-12-0x0000000003280000-0x0000000003380000-memory.dmp

Filesize
1024KB

Download
memory/2156-9-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2156-10-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2156-11-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2528-867-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/2528-646-0x0000000003760000-0x0000000003831000-memory.dmp

Filesize
836KB

Download