6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
Size

654KB
MD5

25efbc17a60e994c395985f89e4f41ff
SHA1

49578abd7cbf3f462f8a91969dc25e6c6a87a91d
SHA256

6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143
SHA512

d0a8b93313ac8fe2d66219359323c802043a78caefba89fb25c1449ed5b1d460591ba010951944bb936a82b74047418b07ca400b93346297e0f5d930de7a2902
SSDEEP

12288:lXa8slsIM3JhoITKyYBS3zTlTk7GoiQ7ONRhO57oTtCUD5NinT08pI6qEyov:lq8K4JQy++Nk73ZORhs7oTtCUGnT021l

Score

9^/10

persistence spyware stealer

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 19 IoCs

resource	yara_rule
behavioral1/memory/2972-84-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2688-91-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-95-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2972-104-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2688-105-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-106-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-107-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-112-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-115-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-118-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-123-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-126-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-129-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-132-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-135-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-138-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-141-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-144-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames
behavioral1/memory/2016-147-0x0000000000400000-0x000000000041C000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

UPX dump on OEP (original entry point) 22 IoCs

resource	yara_rule
behavioral1/memory/2016-0-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/files/0x0007000000014c25-5.dat	UPX
behavioral1/memory/2016-83-0x0000000004C90000-0x0000000004CAC000-memory.dmp	UPX
behavioral1/memory/2972-84-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2688-91-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-95-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2972-104-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2688-105-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-106-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-107-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-112-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-115-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-118-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-123-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-126-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-129-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-132-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-135-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-138-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-141-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-144-0x0000000000400000-0x000000000041C000-memory.dmp	UPX
behavioral1/memory/2016-147-0x0000000000400000-0x000000000041C000-memory.dmp	UPX

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\N:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\O:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\Q:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\U:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\A:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\E:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\I:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\V:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\W:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\Z:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\G:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\K:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\S:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\T:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\Y:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\B:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\H:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\L:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\X:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\J:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\P:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File opened (read-only)	\??\R:	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish nude sperm uncut titts .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish handjob fucking hidden hole shoes .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\IME\shared\beast full movie hole .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\config\systemprofile\japanese beastiality horse big glans bedroom .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking lesbian (Samantha).rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\IME\shared\beast catfight (Jade).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish animal gay [milf] (Samantha).rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\FxsTmp\handjob blowjob lesbian (Tatjana).zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black fetish beast sleeping bondage .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian nude lingerie lesbian mature .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Journal\Templates\sperm voyeur glans lady .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish cum horse masturbation boots .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black beastiality sperm [milf] .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse catfight penetration .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\sperm full movie blondie .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\tyrkish handjob blowjob several models black hairunshaved .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian animal trambling sleeping .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\american nude lingerie catfight YEâPSè& .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\gay big sm .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files\Common Files\Microsoft Shared\black action horse lesbian feet .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files\DVD Maker\Shared\tyrkish kicking blowjob licking titts young (Curtney).rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie catfight glans (Sonja,Janette).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black porn xxx sleeping granny .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black animal horse sleeping glans lady (Karin).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\hardcore catfight granny .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian fetish lingerie lesbian bondage .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\norwegian blowjob sleeping penetration (Kathrin,Melissa).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\indian beastiality bukkake several models .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\german beast big .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese nude trambling hot (!) (Janette).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian sperm [milf] (Samantha).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\horse bukkake licking (Curtney).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\beast uncut swallow .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast masturbation hole .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beast hot (!) titts upskirt (Karin).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\brasilian cum xxx sleeping feet leather (Tatjana).rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\spanish lesbian uncut hairy .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese bukkake uncut .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\swedish horse gay girls hole blondie (Melissa).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish fetish beast sleeping hole upskirt .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\american cumshot sperm hidden bedroom .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\SoftwareDistribution\Download\american kicking bukkake voyeur .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\chinese bukkake uncut .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian fucking lesbian titts (Sonja,Jade).rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\hardcore several models 40+ .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\tmp\american nude bukkake licking ash .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\horse blowjob uncut traffic (Sandy,Melissa).zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\brasilian kicking lingerie full movie YEâPSè& (Sonja,Janette).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling full movie titts .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\animal bukkake masturbation beautyfull .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\security\templates\russian kicking bukkake [free] feet lady (Curtney).zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beastiality horse [bangbus] 40+ .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\nude bukkake sleeping .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\norwegian lingerie licking titts hotel (Curtney).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish porn fucking [bangbus] leather .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beastiality xxx big feet 50+ .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\lingerie catfight .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling voyeur boots .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\indian gang bang lingerie big .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\canadian bukkake lesbian .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\asian beast public titts sm .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\action lingerie hot (!) feet .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\animal beast big 40+ .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\horse voyeur .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\animal gay girls titts upskirt (Tatjana).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\trambling sleeping young .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian beastiality blowjob public feet pregnant .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\cumshot lingerie hidden shoes .rar.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\spanish sperm licking glans .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia hardcore girls high heels .zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\action gay lesbian titts femdom (Janette).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\italian gang bang hardcore girls glans sweet .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\russian kicking lingerie licking .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot hardcore full movie girly (Ashley,Janette).mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\malaysia blowjob uncut bedroom .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\cumshot fucking [bangbus] black hairunshaved .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\horse full movie (Karin).mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian handjob bukkake catfight hole granny .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\assembly\temp\tyrkish cum trambling several models titts .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish fetish lesbian voyeur ejaculation (Britney,Melissa).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\gay girls .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian gay big titts shoes (Sylvia).mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\handjob horse [milf] .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\beastiality horse [free] titts traffic (Samantha).avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\danish horse fucking several models .mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese cumshot blowjob catfight hole .mpg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\british horse lesbian gorgeoushorny (Anniston,Melissa).mpeg.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\canadian blowjob voyeur wifey .avi.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
File created	C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\asian gay catfight (Janette).zip.exe	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
2688	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2972	2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	28
PID 2016 wrote to memory of 2972	2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	28
PID 2016 wrote to memory of 2972	2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	28
PID 2016 wrote to memory of 2972	2016	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	28
PID 2972 wrote to memory of 2688	2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	29
PID 2972 wrote to memory of 2688	2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	29
PID 2972 wrote to memory of 2688	2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	29
PID 2972 wrote to memory of 2688	2972	6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe	29

C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
"C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
  "C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe
    "C:\Users\Admin\AppData\Local\Temp\6c6954a315036c806669a9370b9468352cfe1ea763bfec27a9070467ab520143.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows Sidebar\Shared Gadgets\black animal horse sleeping glans lady (Karin).avi.exe

Filesize
535KB

MD5
1736153109d5753264a3df05a621f71a

SHA1
dd342c72f9c0572e6720d1cea04c3dfb5945a84a

SHA256
81152bbb395d9114f30f2e1260f22c223cae702f24c0c5d0c4a8882fbf070144

SHA512
5dcd71f591496036ba922c10c27966656dfee758034a7fd89f8d115ba5f189598fcc255e76c4bc990d66e6d85380f1dcfab443f97648701e1be63458a80ffa68

Download Submit
C:\debug.txt

Filesize
183B

MD5
9ea8bbb049d3057be7ff4d8094044e71

SHA1
3772d134d65c8a5a49d2301d5902f1963fbe685c

SHA256
48b0664dff21b294f594ebdee3c190d8a2c69e49ba8cad564a3a1b26e5bda797

SHA512
34fa4ace23c5647d9b9c85e7007a08c3bf671589a46bcd1d37501f9aed7dc06ff207f66b7fe0c441e8aace2ecf9114fb7bbcb7640ab13ff05d84297a99b9ebd7

Download Submit
memory/2016-108-0x0000000004C90000-0x0000000004CAC000-memory.dmp

Filesize
112KB

Download
memory/2016-126-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-144-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-95-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-83-0x0000000004C90000-0x0000000004CAC000-memory.dmp

Filesize
112KB

Download
memory/2016-138-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-135-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-106-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-107-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-147-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-141-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-118-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-115-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-123-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2016-129-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2688-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2688-91-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2972-84-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2972-104-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2972-111-0x0000000001ED0000-0x0000000001EEC000-memory.dmp

Filesize
112KB

Download
memory/2972-90-0x0000000001ED0000-0x0000000001EEC000-memory.dmp

Filesize
112KB

Download