bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-04-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
Size

325KB
MD5

aa825aeda3ba7f05912216534306711d
SHA1

458d52a9d27d995092af27001cb6d6e0760cdecb
SHA256

bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1
SHA512

f5c7bb3e84d9ff34b93ca4fb133beb84664ddb228077a3f02fe2ed9eabd604e22f2a2c8349432b8f88d4ba8838237f3430da9bc8511cd0f33e2f65e5a578a0fb
SSDEEP

6144:tjluQoSDIo5R4nM/40yJNvtIOciH8kRbQSEfOeSEcyj0kJ7QC/ozzAXA9sGJZ4rN:tEQoS9qhTLcnklQSExSE5bJQv/isJOrN

Score

9^/10

persistence spyware stealer upx

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 18 IoCs

resource	yara_rule
behavioral1/memory/2472-64-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2608-88-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-91-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2472-100-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2608-101-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-102-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-107-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-110-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-113-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-118-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-121-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-124-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-127-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-130-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-133-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-136-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-139-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2936-142-0x0000000000400000-0x000000000041D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 20 IoCs

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/files/0x0007000000014817-5.dat	UPX
behavioral1/memory/2472-64-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2608-88-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-91-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2472-100-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2608-101-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-102-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-107-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-110-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-113-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-118-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-121-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-124-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-127-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-130-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-133-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-136-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-139-0x0000000000400000-0x000000000041D000-memory.dmp	UPX
behavioral1/memory/2936-142-0x0000000000400000-0x000000000041D000-memory.dmp	UPX

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/files/0x0007000000014817-5.dat	upx
behavioral1/memory/2472-64-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2608-88-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-91-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2472-100-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2608-101-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-102-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-107-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-110-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-113-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-118-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-121-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-127-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-130-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-133-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-136-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2936-142-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\L:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\O:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\Y:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\A:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\N:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\T:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\U:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\W:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\Z:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\X:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\B:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\H:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\M:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\Q:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\S:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\V:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\E:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\G:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\J:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\K:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\P:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File opened (read-only)	\??\R:	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\sperm public wifey (Anniston,Sarah).mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay full movie (Melissa).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob licking titts latex .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian handjob beast catfight ash (Sonja,Sylvia).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\FxsTmp\xxx full movie .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\IME\shared\danish kicking blowjob sleeping castration .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\FxsTmp\fetish sperm several models titts sweet (Sarah).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\IME\shared\trambling girls .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish beastiality bukkake [milf] titts femdom (Melissa).mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian horse beast voyeur titts .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\russian fetish horse catfight titts .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast several models (Melissa).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\lingerie [bangbus] wifey (Jenna,Janette).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\danish gang bang lesbian sleeping castration .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\lesbian [free] penetration .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian action trambling licking feet .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian fetish bukkake lesbian hole sweet (Karin).mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast lesbian 40+ .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\gay public .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Google\Temp\trambling sleeping pregnant .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian gang bang xxx masturbation .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\hardcore several models glans (Britney,Karin).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files\Windows Journal\Templates\hardcore masturbation traffic .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese kicking lesbian licking feet balls .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish handjob fucking hot (!) .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\security\templates\lingerie full movie glans penetration .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\danish animal lesbian uncut fishy .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese beast [bangbus] hole mature .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\norwegian gay [bangbus] bondage (Sonja,Samantha).rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\russian cumshot lesbian [milf] (Curtney).rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast several models hotel .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\fetish hardcore big castration .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black handjob horse girls feet .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\german xxx lesbian stockings .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse [bangbus] titts .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\french gay [milf] .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\black handjob trambling full movie ìï .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\german horse sleeping glans bedroom (Curtney).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black fetish fucking big pregnant .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\russian kicking gay girls cock .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian porn xxx catfight penetration .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian sleeping .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\malaysia blowjob hidden (Curtney).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\malaysia bukkake [free] .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\sperm voyeur .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish action beast [free] Ôë .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\Downloaded Program Files\horse girls balls .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\french beast full movie (Janette).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\SoftwareDistribution\Download\japanese porn lingerie public titts blondie .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\chinese horse catfight (Melissa).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\african hardcore big .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\action blowjob full movie traffic .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\black animal sperm girls hole .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\tmp\danish gang bang beast licking ash (Christine,Jade).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian bukkake [milf] .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\cumshot xxx public (Jade).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\black cum beast [bangbus] glans .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\sperm [milf] (Karin).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\japanese gang bang hardcore [bangbus] feet gorgeoushorny .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\british beast lesbian (Curtney).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\tyrkish animal blowjob lesbian .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\handjob lingerie full movie cock penetration (Karin).mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\japanese beastiality gay [bangbus] glans .mpeg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\Temp\xxx big ìï .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\sperm sleeping balls .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\black porn horse full movie feet stockings .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\trambling [free] titts pregnant .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse hot (!) hairy (Christine,Jade).mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\canadian lesbian [milf] (Sarah).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\animal beast public titts (Anniston,Melissa).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\malaysia bukkake licking fishy .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\temp\horse public cock latex .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\fetish blowjob catfight pregnant .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\gang bang trambling catfight glans YEâPSè& (Sarah).mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\british lesbian big granny .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\handjob lesbian masturbation feet redhair .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\blowjob public (Liz).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\handjob lesbian public cock bondage .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\InstallTemp\black gang bang hardcore uncut ìï .zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\horse uncut (Karin).mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian horse sperm lesbian shoes .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\mssrv.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish cum hardcore full movie hole beautyfull .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\gang bang hardcore several models wifey .mpg.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\beastiality lesbian lesbian sweet .avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\trambling hidden boots .rar.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\action bukkake [milf] (Curtney).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\japanese cum xxx [free] glans shoes (Jade).zip.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\british horse several models cock (Sonja,Jade).avi.exe	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
2608	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2472	2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	28
PID 2936 wrote to memory of 2472	2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	28
PID 2936 wrote to memory of 2472	2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	28
PID 2936 wrote to memory of 2472	2936	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	28
PID 2472 wrote to memory of 2608	2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	29
PID 2472 wrote to memory of 2608	2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	29
PID 2472 wrote to memory of 2608	2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	29
PID 2472 wrote to memory of 2608	2472	bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe	29

C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
"C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
  "C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe
    "C:\Users\Admin\AppData\Local\Temp\bda132bb24f3aff0797c21f54e8174ecde22abb2aa14215c58932755385f18d1.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\japanese kicking lesbian licking feet balls .rar.exe

Filesize
1.2MB

MD5
977c1bf00608cf8d2a5d37424177cf0b

SHA1
24bb741bd5a4dc6eb3f943700f63d3f80b5cf387

SHA256
110ae60b23c25defb29493d4457a63b723e48d0bbca9ca8807f03f7bb51336f2

SHA512
e9abcae531cd92e5ac048516673d319e54a764c658afda621c5273c98b7ade2a5396aace680b7b7f46b56184dcdd6c249a22984c21747b6660e0e5a3c21dda98

Download Submit
C:\debug.txt

Filesize
183B

MD5
cf5491dd6aed72d12a72cb08a57940b7

SHA1
2c7ce08215bf2fba6af571a6b9fd57881ef29464

SHA256
4bc23c961eb46d04238ede60260f2957f32955b5793347e2ec1bd937e10f9d6b

SHA512
75ad448d806e8cdfd87355fab195e13da94c79a4e012e3217d8ee3159e5a9d9c6c68a21663da3350549cc4d1e2e8511cdf4d908b8aa56d6c909ae2726c6d935e

Download Submit
memory/2472-100-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-106-0x00000000045C0000-0x00000000045DD000-memory.dmp

Filesize
116KB

Download
memory/2472-64-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2472-87-0x00000000045C0000-0x00000000045DD000-memory.dmp

Filesize
116KB

Download
memory/2608-88-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2608-101-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-91-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-121-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-102-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-105-0x00000000056C0000-0x00000000056DD000-memory.dmp

Filesize
116KB

Download
memory/2936-63-0x00000000056C0000-0x00000000056DD000-memory.dmp

Filesize
116KB

Download
memory/2936-107-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-110-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-113-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-118-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-127-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-130-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2936-142-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download