5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
Size

1.8MB
MD5

081811c7a077c739d56406c9c9c1ed54
SHA1

b3390bfaeadec60efdc67c683d3e33e8baaa46cb
SHA256

5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6
SHA512

f61c946674e9caa4831a61862992ed6a20c2e22a0da1d4c9ca34207466f4e9aeeb53a75a971cb4d055018a94024f441ca4dec111ce47fdfde8a5e0ade78d7a67
SSDEEP

24576:lq8DGJnMu1jEqxvy8rP3xe6BtLobxgLZ7AyIh4P+8zbT6fGpudmLTWJ61W7:bGJnr53ck3x3zcbAZ7xpVzCepjSJf

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 18 IoCs

resource	yara_rule
behavioral1/memory/2500-55-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-79-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2636-90-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2500-91-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-92-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-93-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-98-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-102-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-105-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-118-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-121-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-124-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-129-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-132-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-135-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-138-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-141-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2372-144-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 21 IoCs

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/files/0x0007000000015c14-5.dat	UPX
behavioral1/memory/2372-10-0x00000000045B0000-0x00000000045CC000-memory.dmp	UPX
behavioral1/memory/2500-55-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-79-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2636-90-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2500-91-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-92-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-93-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-98-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-102-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-105-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-118-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-121-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-124-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-129-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-132-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-135-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-138-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-141-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2372-144-0x0000000000400000-0x000000000041C000-memory.dmp	UPX

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\L:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\W:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\X:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\Z:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\A:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\H:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\Y:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\E:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\J:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\K:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\P:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\Q:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\R:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\U:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\V:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\B:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\M:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\N:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\O:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\S:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\T:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File opened (read-only)	\??\G:	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\asian bukkake sleeping (Melissa).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\IME\shared\xxx masturbation femdom .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish handjob bukkake [milf] castration .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\IME\shared\tyrkish animal lingerie public hole ash (Liz).zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish gang bang sperm hidden (Melissa).zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish cum xxx masturbation leather (Gina,Janette).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\System32\DriverStore\Temp\beast [free] .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american cumshot gay masturbation .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) YEâPSè& .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian sleeping cock .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\xxx voyeur (Melissa).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lesbian [bangbus] cock .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish horse gay licking blondie .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cumshot beast public .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\russian animal fucking full movie feet .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\hardcore catfight titts .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files\Windows Journal\Templates\american nude blowjob voyeur .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Google\Update\Download\brasilian porn bukkake licking feet .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\gay several models feet beautyfull .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cumshot beast hidden .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian kicking lesbian sleeping titts .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\japanese fetish blowjob catfight .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Google\Temp\xxx hidden hole swallow (Tatjana).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\american nude sperm big ash .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian cum trambling several models .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian handjob horse [milf] feet 40+ (Karin).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\porn lesbian hot (!) beautyfull (Britney,Sarah).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\malaysia fucking masturbation glans .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\beast girls .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\Temp\american gang bang lingerie uncut young (Sonja,Sylvia).mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\french trambling [bangbus] .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gay masturbation gorgeoushorny .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\brasilian nude trambling licking beautyfull .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\cumshot hardcore hidden .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\kicking lesbian voyeur glans penetration (Liz).mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking [milf] glans hotel .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african hardcore uncut young .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish porn horse [free] feet wifey .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse masturbation (Sarah).mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish nude bukkake licking (Karin).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\sperm several models young .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lingerie licking hairy (Ashley,Sylvia).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\lesbian public stockings (Christine,Samantha).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\tmp\italian nude horse hidden mature .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cumshot beast girls redhair .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\norwegian horse catfight titts penetration .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\sperm licking feet .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\chinese gay full movie pregnant .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african blowjob sleeping (Janette).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\french lesbian hot (!) .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\trambling big titts (Anniston,Jade).zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\xxx girls .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\mssrv.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\fetish horse masturbation shower .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\xxx several models .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\hardcore [free] balls .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\fucking [free] .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\chinese fucking voyeur (Jade).mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\french lesbian catfight ejaculation .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\french sperm public femdom .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\malaysia gay lesbian feet (Christine,Karin).mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american beastiality hardcore [milf] .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian animal horse big (Janette).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\beastiality lesbian licking hole .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese horse gay big hole .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\black horse trambling [free] glans sweet .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\cumshot horse [bangbus] penetration .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\fetish fucking [bangbus] cock circumcision (Melissa).avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\gang bang sperm [free] feet .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\gay lesbian titts .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\lingerie girls hole (Gina,Curtney).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\sperm voyeur cock .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\russian cum horse girls titts traffic .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\hardcore several models .zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\british horse [bangbus] hole (Sandy,Liz).mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\cumshot xxx [free] glans .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\horse hidden wifey .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\indian animal trambling sleeping ejaculation .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\russian porn horse public girly .mpeg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\norwegian beast girls fishy (Britney,Tatjana).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\russian gang bang trambling hot (!) traffic .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian horse blowjob full movie glans (Gina,Jade).zip.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\assembly\temp\horse voyeur .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore hot (!) bondage .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\indian porn xxx sleeping bedroom .avi.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\german sperm girls feet beautyfull .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\Downloaded Program Files\indian horse gay [free] femdom .rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\PLA\Templates\black cumshot hardcore [free] .mpg.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish kicking hardcore big titts mature (Tatjana).rar.exe	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
2500	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2636	2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	28
PID 2372 wrote to memory of 2636	2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	28
PID 2372 wrote to memory of 2636	2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	28
PID 2372 wrote to memory of 2636	2372	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	28
PID 2636 wrote to memory of 2500	2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	29
PID 2636 wrote to memory of 2500	2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	29
PID 2636 wrote to memory of 2500	2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	29
PID 2636 wrote to memory of 2500	2636	5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe	29

C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
"C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
  "C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe
    "C:\Users\Admin\AppData\Local\Temp\5686f0e97018e682402530ce15a2ea3595e07f4219ba203becd7bb767b110fc6.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cumshot beast public .mpg.exe

Filesize
645KB

MD5
eb2b7add222113a6f74a0671a6e22599

SHA1
efa4f0a5f21c7969a5008baea438a81b0281cd18

SHA256
7de6f81e5d5d8673963af444d1ffdc3b523688d3c4381ab7da6780cbbbfc2491

SHA512
920fe64cd7542b4133b00561b99860f602b2799ef21526ef018e8273f509dbc4329ac1026bea63af01b552081450532e168fb86f17406a2bfe848eff3cdbd79b

Download Submit
C:\debug.txt

Filesize
183B

MD5
9c6ad8bbacbd4cd1fa89321096fea2b9

SHA1
cfb1e657a47a360e7a5b73b68cf3d16120511fb5

SHA256
1d2c5a0157f63edbdc08ea5eac5a6e02775f9d9e3fbb2bc383d612cfbf2909ef

SHA512
a1c4f12b9568f8377ef8ae8bf645326961086c8f6042900dea3419ffae9dfe4b283a7048a5cfa796359aae9dd2bfc955c74c46ea5d2f7f82833098ff733585ec

Download Submit
memory/2372-124-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-95-0x00000000045B0000-0x00000000045CC000-memory.dmp

Filesize
112KB

Download
memory/2372-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-138-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-92-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-98-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-93-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-10-0x00000000045B0000-0x00000000045CC000-memory.dmp

Filesize
112KB

Download
memory/2372-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-121-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2372-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2500-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2500-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2636-54-0x00000000047E0000-0x00000000047FC000-memory.dmp

Filesize
112KB

Download
memory/2636-97-0x00000000047E0000-0x00000000047FC000-memory.dmp

Filesize
112KB

Download
memory/2636-90-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download