dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d

Analysis

max time kernel
48s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 03:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
Size

383KB
MD5

9aa44e4256e2346eeafea91e8677d715
SHA1

066d210939354d3cce8abaedaabfd33509054a7d
SHA256

dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d
SHA512

0f7e7642a8f55dcce38b84bc5165b496ae418775d172714119ffc752609f5e89ab9ccb360bf5300308dee40b689bac8c6f9443936dd5c36121c89c2f1fdde559
SSDEEP

6144:9rTfUHeeSKOS9ccFKk3Y9t9Yivv8H4DqrOejMUH+13:9n8yN0Mr81Z5Q3

Score

9^/10

persistence

Malware Config

Signatures

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3176-0-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/3176-1-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/files/0x0008000000023254-5.dat	UPX
behavioral2/memory/4644-7-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/3176-9-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-10-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/3176-11-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-15-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-16-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/712-23-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1076-26-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4208-30-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1076-29-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/5100-33-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4208-32-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/5100-36-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2728-37-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4576-39-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2728-40-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-41-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4488-45-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4576-44-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4488-47-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4696-48-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4696-51-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2100-52-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2100-53-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2664-55-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2532-59-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2532-61-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1828-62-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/files/0x0004000000009f86-64.dat	UPX
behavioral2/memory/4644-66-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1688-70-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2240-73-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4524-77-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1656-79-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-80-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1656-83-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1360-84-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1324-89-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1360-88-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1324-92-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2180-93-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2096-95-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2180-94-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2096-98-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/712-99-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/712-101-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4644-104-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2996-106-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/2928-111-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1980-112-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4388-116-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/1980-115-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/8-118-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4388-119-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/8-122-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/3788-123-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/3788-125-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/832-126-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/832-129-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4320-130-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX
behavioral2/memory/4320-131-0x0000000000400000-0x00000000016A8000-memory.dmp	UPX

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Isass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Isass.exe

Executes dropped EXE 3 IoCs

pid	Process
4644	Isass.exe
712	Isass.exe
4208	Isass.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe"	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Users\\Public\\Microsoft Build\\Isass.exe"	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
4644	Isass.exe
4644	Isass.exe
712	Isass.exe
712	Isass.exe
712	Isass.exe
712	Isass.exe
712	Isass.exe
712	Isass.exe
1076	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
1076	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
4208	Isass.exe
4208	Isass.exe
4208	Isass.exe
4208	Isass.exe
4208	Isass.exe
4208	Isass.exe
5100	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
5100	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4644	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	92
PID 3176 wrote to memory of 4644	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	92
PID 3176 wrote to memory of 4644	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	92
PID 3176 wrote to memory of 712	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	95
PID 3176 wrote to memory of 712	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	95
PID 3176 wrote to memory of 712	3176	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	95
PID 712 wrote to memory of 1076	712	Isass.exe	96
PID 712 wrote to memory of 1076	712	Isass.exe	96
PID 712 wrote to memory of 1076	712	Isass.exe	96
PID 1076 wrote to memory of 4208	1076	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	97
PID 1076 wrote to memory of 4208	1076	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	97
PID 1076 wrote to memory of 4208	1076	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	97
PID 4208 wrote to memory of 5100	4208	Isass.exe	99
PID 4208 wrote to memory of 5100	4208	Isass.exe	99
PID 4208 wrote to memory of 5100	4208	Isass.exe	99
PID 5100 wrote to memory of 2728	5100	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	100
PID 5100 wrote to memory of 2728	5100	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	100
PID 5100 wrote to memory of 2728	5100	dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe	100

C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
"C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Users\Public\Microsoft Build\Isass.exe
  "C:\Users\Public\Microsoft Build\Isass.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4644
- C:\Users\Public\Microsoft Build\Isass.exe
  "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:712
- - C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
    "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1076
  - - C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:5100
      - C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        7⤵
        
        PID:4576
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        9⤵
        
        PID:4696
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        11⤵
        
        PID:2664
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        12⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        13⤵
        
        PID:1828
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        15⤵
        
        PID:2240
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        16⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        17⤵
        
        PID:1656
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        18⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        19⤵
        
        PID:1324
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        20⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        21⤵
        
        PID:2096
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        22⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        23⤵
        
        PID:2996
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        24⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        25⤵
        
        PID:1980
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        26⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        27⤵
        
        PID:8
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        28⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        29⤵
        
        PID:832
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        30⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        31⤵
        
        PID:3732
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        32⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        33⤵
        
        PID:1432
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        34⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        35⤵
        
        PID:2116
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        36⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        37⤵
        
        PID:1340
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        38⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        39⤵
        
        PID:4348
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        40⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        41⤵
        
        PID:4964
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        42⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        43⤵
        
        PID:4036
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        44⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        45⤵
        
        PID:2364
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        46⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        47⤵
        
        PID:3672
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        48⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        49⤵
        
        PID:4496
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        50⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        51⤵
        
        PID:2572
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        52⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        53⤵
        
        PID:468
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        54⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        55⤵
        
        PID:4556
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        56⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        57⤵
        
        PID:1384
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        58⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        59⤵
        
        PID:4548
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        60⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        61⤵
        
        PID:4460
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        62⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        63⤵
        
        PID:1628
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        64⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        65⤵
        
        PID:1588
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        66⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        67⤵
        
        PID:2400
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        68⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        69⤵
        
        PID:2072
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        70⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        71⤵
        
        PID:3304
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        72⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        73⤵
        
        PID:560
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        74⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        75⤵
        
        PID:3216
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        76⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        77⤵
        
        PID:2668
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        78⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        79⤵
        
        PID:2320
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        80⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        81⤵
        
        PID:1576
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        82⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe"
        83⤵
        
        PID:2672
        
        C:\Users\Public\Microsoft Build\Isass.exe
        
        "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\dfcf9e4b6411b4beacf338fcd81617f745e4bfe61b2aa2cf76ee300ce75b849d.exe
        84⤵
        
        PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Microsoft Build\Isass.exe

Filesize
211KB

MD5
fa21945a1a213345f02b7dcb73784434

SHA1
ef8dd74b7f18c8f8cef892775f94b74dbad3963f

SHA256
29b95c499c6ae66af900d4e6ded43b210eb2551fba48e4da0c4694753bb7654e

SHA512
2df88f029695e59e2d9d213ad37f4b0056347a2dad20e1c0ed1466d7cb008bb0c00ce0cb45fceb8ac5ec8102c96efb5e2f4e9803066e322b9f02db18c3dab20e

Download Submit
C:\odt\office2016setup.exe

Filesize
5.3MB

MD5
e67564bb7e155389aaca539304c725cc

SHA1
a64078cfd34547c6fddb7bef019db76fe1c79da0

SHA256
e55c74558612845278e5803793ef0c6d60c30202f643089d43c0bd3afdf426ca

SHA512
780c9d91baeb8d5e8255f541fd799f0facaa0ab2e129ef946f4dc46c06f7fd3181dcc89e3628b76357ff0d9358004e6a615321e79dbb7aa0a161e11df5620524

Download Submit
memory/8-118-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/8-120-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/8-122-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/436-152-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/712-23-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/712-101-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/712-100-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/712-99-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/712-24-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/832-127-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/832-126-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/832-129-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1076-26-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1076-27-0x0000000003B10000-0x0000000003B11000-memory.dmp

Filesize
4KB

Download
memory/1076-29-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1324-92-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1324-90-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/1324-89-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1340-165-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1360-88-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1360-84-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1360-85-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1384-184-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1432-150-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1656-79-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1656-81-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/1656-83-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1688-70-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1688-71-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1796-198-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1828-62-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1828-63-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1980-112-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1980-115-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/1980-113-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/2096-96-0x0000000001C00000-0x0000000001C01000-memory.dmp

Filesize
4KB

Download
memory/2096-95-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2096-98-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2100-52-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2100-53-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2100-54-0x0000000003B20000-0x0000000003B21000-memory.dmp

Filesize
4KB

Download
memory/2116-156-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2128-136-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2128-143-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2180-93-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2180-94-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2240-73-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2240-75-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/2364-195-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2532-61-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2532-59-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2532-60-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2664-56-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2664-55-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2728-38-0x0000000001A70000-0x0000000001A71000-memory.dmp

Filesize
4KB

Download
memory/2728-37-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2728-40-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2928-111-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/2928-108-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2996-102-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/2996-106-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3176-0-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3176-12-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

Filesize
4KB

Download
memory/3176-11-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3176-9-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3176-2-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

Filesize
4KB

Download
memory/3176-1-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3320-162-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3624-178-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3720-172-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3732-134-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3732-132-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3788-124-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/3788-123-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/3788-125-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4208-30-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4208-31-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/4208-32-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4320-131-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4320-133-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/4320-130-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4348-170-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4388-119-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4388-117-0x0000000003B20000-0x0000000003B21000-memory.dmp

Filesize
4KB

Download
memory/4388-116-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4464-167-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4488-45-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4488-47-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4488-46-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/4524-77-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4524-76-0x0000000001A10000-0x0000000001A11000-memory.dmp

Filesize
4KB

Download
memory/4576-39-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4576-42-0x00000000019F0000-0x00000000019F1000-memory.dmp

Filesize
4KB

Download
memory/4576-44-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-158-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-16-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-138-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-7-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-145-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-8-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/4644-104-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-190-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-66-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-41-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-80-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-10-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4644-15-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4696-48-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4696-51-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/4696-49-0x0000000001B50000-0x0000000001B51000-memory.dmp

Filesize
4KB

Download
memory/4964-175-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/5100-33-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download
memory/5100-34-0x0000000001A60000-0x0000000001A61000-memory.dmp

Filesize
4KB

Download
memory/5100-36-0x0000000000400000-0x00000000016A8000-memory.dmp

Filesize
18.7MB

Download