d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453

Analysis

max time kernel
151s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
Size

342KB
MD5

8ef0b1a83ec9d4129f1573c40d632476
SHA1

2270286ceece24ce3b6ad74998110dfe7c52332e
SHA256

d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453
SHA512

5583d44e0587f5cbee4b8fe775b0ca5e37a925b05b2573ef416a7861d604ec21f5a66cae519ca15efea6d2e8ab16a22c06c1614f68fdf22a8222c512ba974068
SSDEEP

6144:VjluQoSiIo5RbU//+v5bleFjRH1dRKlBQI44nJ915qzSGnf+ly4:VEQoSmE/+v5bleFjRVDKsI44nB5q+Gny

Score

9^/10

persistence spyware stealer upx

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 5 IoCs

resource	yara_rule
behavioral1/memory/2452-55-0x0000000000400000-0x000000000041F000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2448-57-0x0000000000400000-0x000000000041F000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/1808-96-0x0000000000400000-0x000000000041F000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/1132-99-0x0000000000400000-0x000000000041F000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2452-104-0x0000000000400000-0x000000000041F000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 10 IoCs

resource	yara_rule
behavioral1/memory/1808-0-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/files/0x000700000001497e-5.dat	UPX
behavioral1/memory/1808-8-0x0000000004940000-0x000000000495F000-memory.dmp	UPX
behavioral1/memory/1132-11-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/memory/2452-55-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/memory/2448-57-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/memory/1808-96-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/memory/1132-99-0x0000000000400000-0x000000000041F000-memory.dmp	UPX
behavioral1/memory/1132-102-0x0000000004590000-0x00000000045AF000-memory.dmp	UPX
behavioral1/memory/2452-104-0x0000000000400000-0x000000000041F000-memory.dmp	UPX

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1808-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/files/0x000700000001497e-5.dat	upx
behavioral1/memory/1808-8-0x0000000004940000-0x000000000495F000-memory.dmp	upx
behavioral1/memory/1132-11-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2452-55-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/2448-57-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1808-96-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1132-99-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral1/memory/1132-102-0x0000000004590000-0x00000000045AF000-memory.dmp	upx
behavioral1/memory/2452-104-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\V:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\X:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\A:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\J:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\M:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\P:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\Q:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\R:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\T:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\U:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\B:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\G:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\I:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\K:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\L:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\N:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\O:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\Y:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\H:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\S:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\W:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File opened (read-only)	\??\Z:	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\trambling voyeur hole leather .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia bukkake hidden (Curtney).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\IME\shared\indian gang bang lingerie girls cock .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black animal gay public .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian catfight fishy .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\FxsTmp\black porn trambling licking hole 50+ (Jade).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\IME\shared\lingerie big hole penetration (Karin).zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian action xxx sleeping castration .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish kicking beast lesbian beautyfull .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish animal horse big (Melissa).mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\trambling masturbation cock boots .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\sperm full movie shower .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\american kicking xxx catfight glans hotel .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\italian cumshot beast [bangbus] feet young (Sarah).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian cumshot beast hot (!) .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files\DVD Maker\Shared\russian horse horse hidden penetration .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files\Windows Journal\Templates\japanese action fucking uncut circumcision .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black animal hardcore several models bondage (Ashley,Sylvia).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Google\Temp\black action hardcore hidden stockings .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\lingerie big glans mistress .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\swedish handjob blowjob [free] cock .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian animal sperm big cock (Ashley,Karin).mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files\Common Files\Microsoft Shared\italian beastiality bukkake [bangbus] feet bedroom .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian cumshot hardcore public hole .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\indian gang bang gay hot (!) black hairunshaved .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\british blowjob masturbation YEâPSè& (Ashley,Janette).mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\Temp\danish fetish trambling masturbation hole upskirt .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese horse sperm big (Janette).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\british fucking [milf] cock (Sonja,Sylvia).zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\beast full movie mature (Britney,Janette).mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\porn trambling full movie .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\asian beast uncut titts .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian horse bukkake masturbation .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish horse lesbian [milf] (Liz).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\SoftwareDistribution\Download\trambling masturbation 40+ .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\chinese lesbian [milf] mistress (Jenna,Jade).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\brasilian cum xxx full movie feet .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\japanese cumshot gay sleeping cock balls (Sarah).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\xxx [free] glans circumcision .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\horse beast girls .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian cumshot fucking catfight titts 50+ (Liz).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian porn blowjob girls mature .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\sperm catfight balls (Ashley,Sarah).zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\security\templates\swedish animal lingerie masturbation castration (Gina,Curtney).zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\nude beast voyeur glans (Kathrin,Samantha).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\norwegian gay [milf] hole stockings (Sylvia).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\gang bang fucking [free] (Melissa).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\mssrv.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\russian cum xxx girls girly .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cum lingerie [milf] .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cum xxx catfight titts boots (Sylvia).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lingerie sleeping cock circumcision .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\african sperm public .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\cum beast [milf] shoes .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\british bukkake girls cock .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia trambling girls cock beautyfull .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\gay girls feet YEâPSè& .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black animal blowjob hidden hole leather (Sarah).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\chinese hardcore full movie latex .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\bukkake hot (!) .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\chinese blowjob uncut .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\InstallTemp\french beast hidden feet black hairunshaved (Melissa).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian lingerie lesbian .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\blowjob [milf] shoes .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx public .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob girls blondie .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\danish porn xxx girls glans lady .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gang bang beast licking titts (Gina,Curtney).zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian fetish gay lesbian ejaculation .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\asian horse hot (!) .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\handjob blowjob sleeping titts fishy .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\animal lingerie [free] (Samantha).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\african horse voyeur cock balls .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\canadian blowjob [milf] feet (Jenna,Tatjana).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\tyrkish kicking bukkake girls hole ejaculation .mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\gang bang xxx [bangbus] balls .avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\nude beast sleeping .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\african sperm hidden granny .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\fetish xxx [bangbus] .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british beast [free] leather .zip.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\french trambling girls lady .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\lingerie several models circumcision .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\norwegian blowjob catfight sm .mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\french blowjob big high heels .rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american beastiality gay catfight (Jade).mpg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\action bukkake hidden (Melissa).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\black cumshot hardcore licking gorgeoushorny (Christine,Samantha).avi.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\nude xxx catfight (Jade).rar.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish animal hardcore hidden (Liz).mpeg.exe	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2448	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
2452	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1132	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	28
PID 1808 wrote to memory of 1132	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	28
PID 1808 wrote to memory of 1132	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	28
PID 1808 wrote to memory of 1132	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	28
PID 1132 wrote to memory of 2452	1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	29
PID 1132 wrote to memory of 2452	1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	29
PID 1132 wrote to memory of 2452	1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	29
PID 1132 wrote to memory of 2452	1132	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	29
PID 1808 wrote to memory of 2448	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	30
PID 1808 wrote to memory of 2448	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	30
PID 1808 wrote to memory of 2448	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	30
PID 1808 wrote to memory of 2448	1808	d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe	30

C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
"C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
  "C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
    "C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2452
- C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe
  "C:\Users\Admin\AppData\Local\Temp\d83696968dd8bfc03b32fcab6ccd04fe703dbecfe0e90023d13800c937cd0453.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm full movie shower .mpeg.exe

Filesize
1.1MB

MD5
cadf43e4bdab31ad1970dca064a7459d

SHA1
d0f776b839f863eeaec5d5be212011e3f6d8c194

SHA256
7550d0d3a62a6dd2adc80b293864e0de2282d8f37da3e7bd992c421bae243365

SHA512
09a971a7fea9f29dfaa4988e471adfa169bfac09d0879e87fa8c5f0ce5db48c542be4b97e4157e86c9f4bbab37c95bf1b363f5fab04a730b58cc543121ddb6ee

Download Submit
C:\debug.txt

Filesize
183B

MD5
4b12804612477e985e7f8adfcca1f1da

SHA1
798c176a53d521f68afbe081461cba0565aa2572

SHA256
99cb7ef9536f882a46289162010ee5c09919467b332869fc9e7e1b8ecaf7139c

SHA512
b964fa15832a7be355ab9a9b9adf4a0bc1360e3c32e5e2e3ba456c25cd5d93b89c75b266ce2c26e9bac42d0af4d8c0b5d627c34090d9cddecd8f69a3d962e2ec

Download Submit
memory/1132-11-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1132-99-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1132-102-0x0000000004590000-0x00000000045AF000-memory.dmp

Filesize
124KB

Download
memory/1808-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1808-8-0x0000000004940000-0x000000000495F000-memory.dmp

Filesize
124KB

Download
memory/1808-56-0x0000000004950000-0x000000000496F000-memory.dmp

Filesize
124KB

Download
memory/1808-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2448-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2452-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2452-104-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download