be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
Size

399KB
MD5

4370a4f6b3743b078828208bc9b4c858
SHA1

c626f8a27836e88b6ef96fe5430fa4b3ce3d0a40
SHA256

be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7
SHA512

9e24f9a0f4c287c6450af6e803cb1e70a7ddc8026a37648ad817fff26ca2f2e49b5ab34a2b280734ff8eaea85e3fdac015a69b4feaa2d8da33bc9af7db2d344f
SSDEEP

6144:bjluQoSsqaxIo5R4nM/pE+lHZoVHQ8TZWm6g4ziLxqJyj4BkKBG8Q++jXhHGF/KY:bEQoSx0qYG14g2QqJe4BkKBJEY/svTk

Score

9^/10

persistence spyware stealer upx

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
behavioral1/memory/2892-87-0x0000000000400000-0x0000000000429000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 5 IoCs

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x0000000000429000-memory.dmp	UPX
behavioral1/files/0x0007000000016a28-5.dat	UPX
behavioral1/memory/2064-76-0x0000000004900000-0x0000000004929000-memory.dmp	UPX
behavioral1/memory/2476-77-0x0000000000400000-0x0000000000429000-memory.dmp	UPX
behavioral1/memory/2892-87-0x0000000000400000-0x0000000000429000-memory.dmp	UPX

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x0007000000016a28-5.dat	upx
behavioral1/memory/2064-76-0x0000000004900000-0x0000000004929000-memory.dmp	upx
behavioral1/memory/2476-77-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2892-87-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\L:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\U:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\X:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\Y:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\B:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\J:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\K:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\M:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\R:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\S:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\E:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\H:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\I:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\Q:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\V:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\W:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\Z:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\G:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\N:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\O:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\P:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File opened (read-only)	\??\T:	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay beastiality catfight feet \× .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian sperm [free] .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\action lesbian ejaculation .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\british fucking horse hot (!) cock (Sonja,Samantha).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast girls circumcision (Kathrin).avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\IME\shared\asian kicking [milf] shoes .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\french hardcore [bangbus] penetration .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish bukkake hidden boobs mature .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\IME\shared\porn hidden .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fucking voyeur .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake [free] shoes .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\british cumshot beastiality hot (!) ejaculation .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Google\Update\Download\gang bang beast [free] fishy .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian handjob horse [milf] fishy .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\cum licking glans .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files\DVD Maker\Shared\spanish hardcore hot (!) .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\nude licking young .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\action uncut .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black lesbian kicking girls .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\norwegian gang bang lingerie licking .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian kicking beast several models hole circumcision .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files\Windows Journal\Templates\spanish cum lesbian swallow .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\handjob cum public .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\american kicking fetish catfight cock stockings (Sylvia,Jenna).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\american blowjob nude [milf] (Christine,Tatjana).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\nude lingerie voyeur glans boots .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\british action handjob full movie vagina 50+ .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\brasilian fucking catfight bondage (Kathrin).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\fucking uncut .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\sperm big feet bedroom (Curtney).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black sperm fucking [free] ash ¼ç .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french gay sleeping .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse public ìï (Janette).mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cum trambling uncut latex (Sarah,Samantha).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\russian animal gang bang uncut cock redhair (Britney).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish trambling lingerie masturbation (Christine).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\asian lesbian lingerie sleeping hole swallow .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\african lingerie several models .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\brasilian lesbian licking .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\asian horse lingerie several models shower .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia nude public feet .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\danish hardcore kicking catfight .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\PLA\Templates\japanese xxx sperm uncut stockings .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\nude [bangbus] black hairunshaved .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\british kicking catfight redhair .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\german sperm cumshot big girly (Tatjana).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\beast lingerie [bangbus] boobs ìï .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum cumshot big upskirt .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian fetish gang bang voyeur ash .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\handjob horse hot (!) (Sonja).avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese cumshot kicking lesbian (Jade,Tatjana).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\cumshot xxx [bangbus] sweet .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\porn [milf] .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\lingerie handjob catfight ìï .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german trambling gang bang several models sweet (Sandy).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\kicking public granny (Britney,Janette).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\hardcore licking boots .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\malaysia handjob catfight hairy .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\action full movie blondie (Sandy).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\cum [milf] .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish kicking horse voyeur hotel .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\cumshot sleeping hotel .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\brasilian animal big .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\swedish beastiality action hot (!) .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\african action licking ìï (Janette).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\hardcore nude lesbian leather .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\black horse blowjob [free] .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\french fetish [milf] (Sonja).avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\handjob cumshot [milf] titts .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian cumshot licking feet girly .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\norwegian fucking cumshot full movie bondage .mpg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\asian gay public balls .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\kicking sleeping vagina blondie .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\handjob uncut ash (Jade,Karin).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian action sleeping swallow .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\temp\malaysia hardcore fetish hot (!) hairy .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\black fetish handjob voyeur .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\InstallTemp\beastiality full movie (Sarah).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\japanese sperm lingerie [free] sm .rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\beastiality hardcore public titts latex (Janette).zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\gang bang fucking hot (!) vagina .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian blowjob licking hole boots (Sandy).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\russian handjob several models beautyfull (Christine).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\italian beast lesbian boots .mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\black cum bukkake catfight feet .zip.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\fetish sleeping (Tatjana).rar.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore action girls (Samantha,Kathrin).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\Downloaded Program Files\cum girls swallow (Britney).mpeg.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german porn big hairy .avi.exe	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
2892	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2476	2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	28
PID 2064 wrote to memory of 2476	2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	28
PID 2064 wrote to memory of 2476	2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	28
PID 2064 wrote to memory of 2476	2064	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	28
PID 2476 wrote to memory of 2892	2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	29
PID 2476 wrote to memory of 2892	2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	29
PID 2476 wrote to memory of 2892	2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	29
PID 2476 wrote to memory of 2892	2476	be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe	29

C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
"C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
  "C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe
    "C:\Users\Admin\AppData\Local\Temp\be57f12d66f6abfa0c71c5ea3ca0517e6103ab4e9f35ea0df07fb0980d9c6ad7.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake [free] shoes .avi.exe

Filesize
425KB

MD5
a591a90da54f412faaa836ffa7347ee2

SHA1
d264d6fbd3177ae02e294ec83fe9732e6a73e43d

SHA256
132636e32426c6ca8de371c22a563d5bcadd50b3d818ea3f4711e96a338eaa9b

SHA512
b783c8730690e8e0f28a22b1ebcb37848ff0fbf1c6d5fdd43527492f2767697eb7ca5d03a11851491a03927a84ec2473e8a82c8727c74a8cc872ef0832381dc5

Download Submit
C:\debug.txt

Filesize
183B

MD5
ff3361d6c43f587d969df393b77e8eb0

SHA1
a3579c79bf97b1912974a3969214b66b15cce18d

SHA256
0cf1649c1466e166f27c6591304283c01f2e1889cc3c678acf8d6aff14b3d998

SHA512
d81d41728575c23cc1ba862db9bb61d5b5455e6eb41d29590bb0de1a350d71e5ac9159f4241cfe2c1dcadac58f668ed7f308c1e5bde4b4a9ea6a9b96bf2fbede

Download Submit
memory/2064-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2064-76-0x0000000004900000-0x0000000004929000-memory.dmp

Filesize
164KB

Download
memory/2476-77-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2476-86-0x00000000007D0000-0x00000000007F9000-memory.dmp

Filesize
164KB

Download
memory/2892-87-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download