Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    70s
  • max time network
    158s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31-03-2024 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53a139ef0f6f800b6a3754956978aef2eb8fe2a234355930af8d213c70effbc3.exe

  • Size

    203KB

  • MD5

    270a63cbb8bd0c8b1383667a43dee48c

  • SHA1

    43c3ac691834a1f60cbc40da1796650c4ad8ef64

  • SHA256

    53a139ef0f6f800b6a3754956978aef2eb8fe2a234355930af8d213c70effbc3

  • SHA512

    39cb957788e849e53d83af28174c001c18df8cc84900f544d7351580be07e24aad5c76114146df64e4c0ade0b7759b4e415fabf26b6a63ff9aea312420179588

  • SSDEEP

    3072:a/oto3wTvPkiobSODnloOhtuIbW9aBV8sGi1MdWJ:a/P3wTvPkiS5nCOvYgmsG

Score
10/10
dcratdjvugluptebasmokeloaderpub1backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealertrojanupx

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

djvu

C2

http://sajdfue.com/test1/get.php

Attributes
  • extension

    .vook

  • offline_id

    1eSPzWRaNslCgtjBZfL5pzvovoiaVI4IZSnvAwt1

  • payload_url

    http://sdfjhuz.com/dl/build2.exe

    http://sajdfue.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Do not ask assistants from youtube and recovery data sites for help in recovering your data. They can use your free decryption quota and scam you. Our contact is emails in this text document only. You can get and look video overview decrypt tool: https://wetransfer.com/downloads/3ed7a617738550b0a00c5aa231c0752020240316170955/d71ce1 Price of private key and decrypt software is $999. Discount 50% available if you contact us first 72 hours, that's price for you is $499. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0857PsawqS

rsa_pubkey.plain

Signatures

  • DcRat 4 IoCs

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Detected Djvu ransomware 9 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 10 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 7 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 61 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 49 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\53a139ef0f6f800b6a3754956978aef2eb8fe2a234355930af8d213c70effbc3.exe
    "C:\Users\Admin\AppData\Local\Temp\53a139ef0f6f800b6a3754956978aef2eb8fe2a234355930af8d213c70effbc3.exe"
    1⤵
    • DcRat
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4608
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E659.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4008
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
      2⤵
        PID:2752
    • C:\Users\Admin\AppData\Local\Temp\D89.exe
      C:\Users\Admin\AppData\Local\Temp\D89.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Users\Admin\AppData\Local\Temp\D89.exe
        C:\Users\Admin\AppData\Local\Temp\D89.exe
        2⤵
        • DcRat
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:4932
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\b20625b8-5763-487c-a8c4-2ef302df2099" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:4072
        • C:\Users\Admin\AppData\Local\Temp\D89.exe
          "C:\Users\Admin\AppData\Local\Temp\D89.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2076
          • C:\Users\Admin\AppData\Local\Temp\D89.exe
            "C:\Users\Admin\AppData\Local\Temp\D89.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Executes dropped EXE
            PID:3492
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 600
              5⤵
              • Program crash
              PID:2756
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3492 -ip 3492
      1⤵
        PID:664
      • C:\Users\Admin\AppData\Local\Temp\2EFC.exe
        C:\Users\Admin\AppData\Local\Temp\2EFC.exe
        1⤵
        • Executes dropped EXE
        PID:2392
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\31EB.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3092
        • C:\Windows\system32\reg.exe
          reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
          2⤵
            PID:2600
        • C:\Users\Admin\AppData\Local\Temp\4EDB.exe
          C:\Users\Admin\AppData\Local\Temp\4EDB.exe
          1⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1120
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -nologo -noprofile
            2⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1844
          • C:\Users\Admin\AppData\Local\Temp\4EDB.exe
            "C:\Users\Admin\AppData\Local\Temp\4EDB.exe"
            2⤵
            • Executes dropped EXE
            • Modifies data under HKEY_USERS
            • Suspicious use of WriteProcessMemory
            PID:3452
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -nologo -noprofile
              3⤵
              • Modifies data under HKEY_USERS
              PID:2268
            • C:\Windows\system32\cmd.exe
              C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
              3⤵
                PID:4832
                • C:\Windows\system32\netsh.exe
                  netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                  4⤵
                  • Modifies Windows Firewall
                  PID:3816
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                powershell -nologo -noprofile
                3⤵
                  PID:3796
                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                  powershell -nologo -noprofile
                  3⤵
                    PID:3616
                  • C:\Windows\rss\csrss.exe
                    C:\Windows\rss\csrss.exe
                    3⤵
                      PID:4184
                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        powershell -nologo -noprofile
                        4⤵
                          PID:2384
                        • C:\Windows\SYSTEM32\schtasks.exe
                          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                          4⤵
                          • DcRat
                          • Creates scheduled task(s)
                          PID:3340
                        • C:\Windows\SYSTEM32\schtasks.exe
                          schtasks /delete /tn ScheduledUpdate /f
                          4⤵
                            PID:3332
                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            powershell -nologo -noprofile
                            4⤵
                              PID:3528
                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              powershell -nologo -noprofile
                              4⤵
                                PID:2164
                              • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                4⤵
                                  PID:3796
                                • C:\Windows\SYSTEM32\schtasks.exe
                                  schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                  4⤵
                                  • DcRat
                                  • Creates scheduled task(s)
                                  PID:4556
                                • C:\Windows\windefender.exe
                                  "C:\Windows\windefender.exe"
                                  4⤵
                                    PID:4832
                                    • C:\Windows\SysWOW64\cmd.exe
                                      cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                      5⤵
                                        PID:5084
                                        • C:\Windows\SysWOW64\sc.exe
                                          sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                          6⤵
                                          • Launches sc.exe
                                          PID:2444
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                • Modifies Installed Components in the registry
                                • Enumerates connected drives
                                • Checks SCSI registry key(s)
                                • Modifies registry class
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                PID:1356
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                1⤵
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:5044
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:1968
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                1⤵
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:4760
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                1⤵
                                • Enumerates system info in registry
                                • Modifies Internet Explorer settings
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:3260
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                1⤵
                                  PID:244
                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                  1⤵
                                    PID:2364
                                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                    1⤵
                                      PID:2112
                                    • C:\Users\Admin\AppData\Roaming\vwuhtir
                                      C:\Users\Admin\AppData\Roaming\vwuhtir
                                      1⤵
                                        PID:2204
                                      • C:\Windows\windefender.exe
                                        C:\Windows\windefender.exe
                                        1⤵
                                          PID:4580
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3512
                                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                            1⤵
                                              PID:3556
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4576
                                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                1⤵
                                                  PID:4064
                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                  1⤵
                                                    PID:4656

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Reconnaissance

                                                  Resource Development

                                                  Initial Access

                                                  Execution

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Persistence

                                                  Boot or Logon Autostart Execution

                                                  2
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  2
                                                  T1547.001

                                                  Create or Modify System Process

                                                  1
                                                  T1543

                                                  Windows Service

                                                  1
                                                  T1543.003

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Privilege Escalation

                                                  Boot or Logon Autostart Execution

                                                  2
                                                  T1547

                                                  Registry Run Keys / Startup Folder

                                                  2
                                                  T1547.001

                                                  Create or Modify System Process

                                                  1
                                                  T1543

                                                  Windows Service

                                                  1
                                                  T1543.003

                                                  Scheduled Task/Job

                                                  1
                                                  T1053

                                                  Defense Evasion

                                                  File and Directory Permissions Modification

                                                  1
                                                  T1222

                                                  Impair Defenses

                                                  1
                                                  T1562

                                                  Disable or Modify System Firewall

                                                  1
                                                  T1562.004

                                                  Modify Registry

                                                  3
                                                  T1112

                                                  Credential Access

                                                  Unsecured Credentials

                                                  3
                                                  T1552

                                                  Credentials In Files

                                                  3
                                                  T1552.001

                                                  Discovery

                                                  Peripheral Device Discovery

                                                  2
                                                  T1120

                                                  Query Registry

                                                  5
                                                  T1012

                                                  System Information Discovery

                                                  4
                                                  T1082

                                                  Lateral Movement

                                                  Collection

                                                  Data from Local System

                                                  3
                                                  T1005

                                                  Command and Control

                                                  Web Service

                                                  1
                                                  T1102

                                                  Exfiltration

                                                  Impact

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\start.bin
                                                    Filesize

                                                    4KB

                                                    MD5

                                                    0859f9c8ede657ab23897ae8bb391edb

                                                    SHA1

                                                    6db6688486d810ea7d4708ec670ff9e640909ddd

                                                    SHA256

                                                    8c0c55bdd1ac9a65a444892d466743b6b1178351374078b3a5483e51d8f2028f

                                                    SHA512

                                                    1e1aaef25928fdfe914df3cdd34358075eec6f846991d997823280d6fb6752898a2c87c7fde65473992689e79a8729571897c3bf499272c96355883b292c1631

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Packages\microsoftwindows.client.cbs_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
                                                    Filesize

                                                    313B

                                                    MD5

                                                    9e2894966f23deadb4f3dc16bd232322

                                                    SHA1

                                                    2271443489989974f804460fbf151acc783e3853

                                                    SHA256

                                                    1fd75c18f6137dac09c56d8cc27d655a576860eea3405533f3334a230989d078

                                                    SHA512

                                                    6c73acf7fb52fdb3b9bd96e5b509826e3ffc794227225f2d12c83b1cde830f4c889f34f68c17408da656745a06d1e77c0d94133dc575ce05462383ce3e991610

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Packages\microsoftwindows.client.cbs_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
                                                    Filesize

                                                    404B

                                                    MD5

                                                    c60e809c1070072a64737557b93d7ff5

                                                    SHA1

                                                    4207db39d6164450d45dd2c88ddc8acfa2c47a34

                                                    SHA256

                                                    12adf8e44cb8c444d63fc914b2eee71b01825ddc986740e621b7956e565a8606

                                                    SHA512

                                                    a3a11bb3d65c00357feb17b465250d3bd154a8ef9e3f799efdaa6be66df79c7ba8151bb5212004b8b9eb85821ca5af23f7e1614ccfbfb95459672537772bb7f3

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Packages\microsoftwindows.client.cbs_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H1DQ8FR6\www.bing[1].xml
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    095cfbc78e308a8aa55a832d9773c990

                                                    SHA1

                                                    4f63c233a19d23aa1674c278008286ab40cfae24

                                                    SHA256

                                                    b64d58ececb805b1fcb8298bf8e20e3a3d26148b48a3cf32475d1e511ff12c01

                                                    SHA512

                                                    b0dbac4c1956a07846ed7734cb207166b7372fdb38c54b97a6c8f62afe17ee8b08523cd4c00e554a581f730f9b8ce51fccaf0eb66e922285f4dd38baa1b4244a

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\2EFC.exe
                                                    Filesize

                                                    6.5MB

                                                    MD5

                                                    9e52aa572f0afc888c098db4c0f687ff

                                                    SHA1

                                                    ef7c2bb222e69ad0e10c8686eb03dcbee7933c2b

                                                    SHA256

                                                    4a40f9d491f09521f4b0c6076a0eb488f6d8e1cf4b67aa6569c2ccce13556443

                                                    SHA512

                                                    d0991e682ae8c954721e905753b56c01f91b85313beb9996331793c3efa8acc13d574ef5ba44853ecc3e05822931ed655bad1924fa11b774a43e015f42185f62

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\4EDB.exe
                                                    Filesize

                                                    4.2MB

                                                    MD5

                                                    f20545112aac4d388966aa18162768b2

                                                    SHA1

                                                    9d2c872f30d402e467128dbcada3c69361a2909b

                                                    SHA256

                                                    0958e59de7186b792e95f1f2c727317fe901cec23b17ec77704092572315f57c

                                                    SHA512

                                                    f558402740241801ef3ab00ca8e84686743836d0ae6787d5e9b09000d4417e44b6b35181a0c57e85533f404d1720fc73f8a9b34a0653337f03e53ac5f7ad43ad

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\D89.exe
                                                    Filesize

                                                    767KB

                                                    MD5

                                                    215c8bca7aa1973d55402017dc00def4

                                                    SHA1

                                                    3285e710e81d262462daf4d5b267f9e6a6050545

                                                    SHA256

                                                    3ceb4bd84e569281413cc15f67fca395a799dc41293f5e7b047c5c632d09f81b

                                                    SHA512

                                                    3c58adc18abb4f93dcd30383f6bfc7e7306ee543c9bd38b80a8f0dbec6ed4d6dab6749ec87ea80d8475c1dcd8f4b10a74c8e8957ddebaa5322b4fea8a747cfb4

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\E659.bat
                                                    Filesize

                                                    77B

                                                    MD5

                                                    55cc761bf3429324e5a0095cab002113

                                                    SHA1

                                                    2cc1ef4542a4e92d4158ab3978425d517fafd16d

                                                    SHA256

                                                    d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

                                                    SHA512

                                                    33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_an1rhurr.dbr.ps1
                                                    Filesize

                                                    60B

                                                    MD5

                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                    SHA1

                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                    SHA256

                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                    SHA512

                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                                    Filesize

                                                    281KB

                                                    MD5

                                                    d98e33b66343e7c96158444127a117f6

                                                    SHA1

                                                    bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                                                    SHA256

                                                    5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                                                    SHA512

                                                    705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                                                    Download Submit
                                                  • C:\Users\Admin\AppData\Roaming\vwuhtir
                                                    Filesize

                                                    203KB

                                                    MD5

                                                    270a63cbb8bd0c8b1383667a43dee48c

                                                    SHA1

                                                    43c3ac691834a1f60cbc40da1796650c4ad8ef64

                                                    SHA256

                                                    53a139ef0f6f800b6a3754956978aef2eb8fe2a234355930af8d213c70effbc3

                                                    SHA512

                                                    39cb957788e849e53d83af28174c001c18df8cc84900f544d7351580be07e24aad5c76114146df64e4c0ade0b7759b4e415fabf26b6a63ff9aea312420179588

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    ac4917a885cf6050b1a483e4bc4d2ea5

                                                    SHA1

                                                    b1c0a9f27bd21c6bbb8e9be70db8777b4a2a640f

                                                    SHA256

                                                    e39062a62c3c7617feeeff95ea8a0be51104a0d36f46e44eea22556fda74d8d9

                                                    SHA512

                                                    092c67a3ecae1d187cad72a8ea1ea37cb78a0cf79c2cd7fb88953e5990669a2e871267015762fd46d274badb88ac0c1d73b00f1df7394d89bed48a3a45c2ba3d

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    e9324bc33c8a76a98f8253d3927fa19b

                                                    SHA1

                                                    4db022eb8b92560fc6340d4a682c159cdd16c0ba

                                                    SHA256

                                                    83cc474b6172e70ce7d574751e64e8a43ee942fefa5f49a386264f27fdd33ffa

                                                    SHA512

                                                    efa3ab9fb395743054fbd673ca4f141a26262477f39f793962c7e4b96278e4219afa664e49a630ee89c1f49adf493aa62c729337249410d819d2c2e484aa6c1a

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    18aa41a547ce11306d46b8382a8a61be

                                                    SHA1

                                                    b6ee9e1b6528a953cb771a35087b08e3debcffc6

                                                    SHA256

                                                    8fa23df56f499b0cdd80cf82c24f24f76310ab77ef7796aafbf679ae9759dd00

                                                    SHA512

                                                    3e56a9b01872731af96cffafb62d5389c5b767d0aee4fa49400dab1e324f63185be167c18c88ddd6ed06d38206a057c88d4cad7b9d954775cce392e01eb44e01

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    984f9b9625dbe1390447f61ab4b6333e

                                                    SHA1

                                                    df9476dae2c27e8fb65d4fdcbcb15ffcad2097b9

                                                    SHA256

                                                    95a44469d84aa41751a8db56ce6e8bf6c9e70ad95b4ff9f57260b83c23f8e22d

                                                    SHA512

                                                    1d19108f9302a0fedc37793673bc975c0fccd56b5356e80785ff0317b5e5a03a7b9e9dac53a3aa0aa70e56997be1ba2fa47956e230a3550f4fc753f7f63f1027

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    8ae7aec19bbc742083f8e9b064a0498b

                                                    SHA1

                                                    38010e90274b2235ed4d3320679f239e5f3e1efd

                                                    SHA256

                                                    030eb06c5f1190a1e8280170473c16707aac80dbd4388babc2abcaa824e577ed

                                                    SHA512

                                                    a4a39449d0b7983b539d7911c0724598ca74a471fe04a22fccda609073f481fccd99b6e02e9ce439b0ef6fe0f76a1c4469012be4fdf2b9c3023bfdfc0919cb98

                                                    Download Submit
                                                  • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                    Filesize

                                                    19KB

                                                    MD5

                                                    d389bb3598378735ce574abc3eeaf1ab

                                                    SHA1

                                                    7b3e78e173997a6c3392e3ded70f354c1841e920

                                                    SHA256

                                                    61e88e32f2855278e70eac5ae684b2cc50239347ae2aedb73032d3233353ba98

                                                    SHA512

                                                    cf337c746ffc882ffbbc400948e64b72586aa8883c4591a5747b85f13054e34d4cb67f797a893a91cb2f5e85fca7ca5ae4a0e6ecdbd8c4e515ae32709917737f

                                                    Download Submit
                                                  • C:\Windows\windefender.exe
                                                    Filesize

                                                    2.0MB

                                                    MD5

                                                    8e67f58837092385dcf01e8a2b4f5783

                                                    SHA1

                                                    012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                                    SHA256

                                                    166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                                    SHA512

                                                    40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                                                    Download Submit
                                                  • memory/244-391-0x000002A032440000-0x000002A032460000-memory.dmp
                                                    Filesize

                                                    128KB

                                                    Download
                                                  • memory/1120-333-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/1120-325-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/1356-571-0x0000000002EF0000-0x0000000002F06000-memory.dmp
                                                    Filesize

                                                    88KB

                                                    Download
                                                  • memory/2076-43-0x00000000049A0000-0x0000000004A34000-memory.dmp
                                                    Filesize

                                                    592KB

                                                    Download
                                                  • memory/2112-462-0x0000027674440000-0x0000027674460000-memory.dmp
                                                    Filesize

                                                    128KB

                                                    Download
                                                  • memory/2204-574-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/2392-74-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-119-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-72-0x00000000002F0000-0x0000000000FD5000-memory.dmp
                                                    Filesize

                                                    12.9MB

                                                    Download
                                                  • memory/2392-73-0x0000000003270000-0x0000000003271000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-60-0x00000000002F0000-0x0000000000FD5000-memory.dmp
                                                    Filesize

                                                    12.9MB

                                                    Download
                                                  • memory/2392-75-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-77-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-76-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-78-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-79-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-80-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-81-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-82-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-83-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-84-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-85-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-87-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-89-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-88-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-86-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-91-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-92-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-90-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-93-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-95-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-97-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-96-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-98-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-94-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-99-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-100-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-101-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-103-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-104-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-105-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-106-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-107-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-109-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-110-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-111-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-112-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-114-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-115-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-116-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-117-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-71-0x0000000003250000-0x0000000003251000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-120-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-121-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-122-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-118-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-113-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-108-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-102-0x0000000003D90000-0x0000000003E90000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/2392-123-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-124-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-125-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-127-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-126-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-128-0x0000000003E90000-0x0000000003ED0000-memory.dmp
                                                    Filesize

                                                    256KB

                                                    Download
                                                  • memory/2392-68-0x0000000003230000-0x0000000003231000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-65-0x0000000001700000-0x0000000001701000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-70-0x0000000003240000-0x0000000003241000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-69-0x00000000002F0000-0x0000000000FD5000-memory.dmp
                                                    Filesize

                                                    12.9MB

                                                    Download
                                                  • memory/2392-67-0x0000000003220000-0x0000000003221000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/2392-66-0x0000000001710000-0x0000000001711000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/3052-21-0x0000000004C30000-0x0000000004D4B000-memory.dmp
                                                    Filesize

                                                    1.1MB

                                                    Download
                                                  • memory/3052-20-0x0000000004B90000-0x0000000004C30000-memory.dmp
                                                    Filesize

                                                    640KB

                                                    Download
                                                  • memory/3268-250-0x0000000002670000-0x0000000002671000-memory.dmp
                                                    Filesize

                                                    4KB

                                                    Download
                                                  • memory/3268-4-0x0000000002730000-0x0000000002746000-memory.dmp
                                                    Filesize

                                                    88KB

                                                    Download
                                                  • memory/3452-500-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/3452-396-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/3452-468-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/3452-494-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/3492-46-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/3492-47-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/3492-49-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/3556-643-0x0000015FEB0E0000-0x0000015FEB100000-memory.dmp
                                                    Filesize

                                                    128KB

                                                    Download
                                                  • memory/4184-613-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/4184-644-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/4184-622-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/4184-578-0x0000000000400000-0x0000000003125000-memory.dmp
                                                    Filesize

                                                    45.1MB

                                                    Download
                                                  • memory/4580-641-0x0000000000400000-0x00000000008DF000-memory.dmp
                                                    Filesize

                                                    4.9MB

                                                    Download
                                                  • memory/4608-2-0x0000000002380000-0x000000000238B000-memory.dmp
                                                    Filesize

                                                    44KB

                                                    Download
                                                  • memory/4608-1-0x0000000000750000-0x0000000000850000-memory.dmp
                                                    Filesize

                                                    1024KB

                                                    Download
                                                  • memory/4608-5-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4608-3-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4832-621-0x0000000000400000-0x00000000008DF000-memory.dmp
                                                    Filesize

                                                    4.9MB

                                                    Download
                                                  • memory/4932-40-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4932-22-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4932-24-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4932-25-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download
                                                  • memory/4932-26-0x0000000000400000-0x0000000000537000-memory.dmp
                                                    Filesize

                                                    1.2MB

                                                    Download