9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
Size

1.3MB
MD5

bddfc1c8dbd2c4c220fbe40cafd0ddb6
SHA1

7840d05d1ff92bb28e93ff9d6358e4a5e94c1429
SHA256

9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d
SHA512

f917932840a0f386020bb9d986a6cc13753775881b92b04b94ee0bbf39242046c89a7492e6c99dd1f23960b566f21cbad823f999ea97b2537264e168371b238f
SSDEEP

24576:bSLrRUz7Om5pyc05RARLzOoa44xgj0ZO4R6z8sL4C068+kV/44wCrFfjKMdq:bVOGq5R+oFuk5VH/ljKOq

Score

9^/10

persistence spyware stealer upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral2/files/0x0012000000023877-5.dat	UPX

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\Control Panel\International\Geo\Nation	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2768-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x0012000000023877-5.dat	upx
behavioral2/memory/5160-11-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6132-124-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3548-139-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2768-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5160-197-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6132-201-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3548-202-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\L:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\N:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\Q:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\S:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\X:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\E:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\W:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\M:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\O:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\A:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\B:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\G:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\H:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\J:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\K:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\R:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\U:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\Z:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\P:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\T:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\V:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File opened (read-only)	\??\Y:	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\brasilian beastiality horse sleeping black hairunshaved .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish cum trambling masturbation titts .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\american fetish lesbian uncut mature .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\kicking lesbian masturbation (Curtney).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse masturbation (Tatjana).rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish cum hardcore masturbation femdom .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob [bangbus] stockings (Sonja,Jade).rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\System32\DriverStore\Temp\italian handjob fucking [milf] mistress .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish beastiality trambling [bangbus] .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish porn horse uncut 40+ .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian nude xxx several models feet YEâPSè& (Karin).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish action bukkake masturbation titts .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\brasilian porn xxx big .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\fucking girls (Liz).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish fetish beast masturbation .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU9848.tmp\tyrkish fetish gay big cock .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american cum blowjob lesbian titts .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie public titts bondage .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Google\Temp\black cumshot xxx several models feet balls (Melissa).zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian animal bukkake lesbian .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Google\Update\Download\american cumshot hardcore hot (!) glans swallow (Janette).zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Microsoft\Temp\indian porn trambling [free] titts 40+ (Karin).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american horse trambling several models hole .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake licking (Tatjana).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black gang bang trambling catfight cock (Ashley,Samantha).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lingerie full movie shoes .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking full movie cock .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black gang bang hardcore sleeping .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Common Files\microsoft shared\hardcore big .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian kicking blowjob big feet .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\danish horse horse hot (!) titts traffic .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\black gang bang trambling full movie .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\cumshot lesbian full movie black hairunshaved .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\xxx public (Karin).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish horse fucking several models mature .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\russian animal horse several models lady .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese animal gay [bangbus] fishy .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\animal horse licking glans (Jenna,Karin).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\italian fetish beast full movie wifey .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\gay sleeping cock (Kathrin,Samantha).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\brasilian gang bang fucking masturbation balls .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\horse big shower .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\asian beast sleeping cock ash (Jade).rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\fucking voyeur glans high heels .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian porn sperm [bangbus] titts sweet (Tatjana).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\hardcore licking feet YEâPSè& (Curtney).zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\british sperm [free] hole balls .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\norwegian beast [bangbus] hole penetration (Curtney).rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\french trambling uncut 40+ .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\bukkake catfight cock .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\action bukkake hidden upskirt .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\brasilian cum beast full movie glans penetration .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\lingerie public sm .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\beast hot (!) sweet (Sandy,Melissa).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\gay several models (Sylvia).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\asian lingerie hidden titts redhair .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\animal gay catfight (Samantha).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\french sperm hot (!) cock (Britney,Liz).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\porn gay [bangbus] hole .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\fucking [bangbus] titts latex .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese cumshot sperm [free] penetration .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\french trambling masturbation glans .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\chinese trambling sleeping hole young (Melissa).rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\malaysia beast hidden hairy .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german bukkake several models leather .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\fetish lesbian uncut glans .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\norwegian horse masturbation leather .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\swedish fetish lesbian [free] sweet (Kathrin,Sylvia).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\horse [bangbus] balls .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\malaysia sperm [milf] traffic .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\brasilian porn lingerie [free] (Tatjana).mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\german horse hidden hole .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot xxx licking (Karin).zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian gang bang bukkake [milf] cock ejaculation .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\malaysia hardcore big feet latex .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\german sperm licking .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\gay lesbian titts .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\french horse hidden .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\malaysia fucking [milf] mistress .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse girls shower .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\spanish lesbian voyeur feet .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\german hardcore girls .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\InstallTemp\cum beast catfight feet beautyfull .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling voyeur titts (Jenna,Jade).zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french lingerie big bondage (Britney,Janette).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\xxx [milf] mistress .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\brasilian fetish hardcore [milf] high heels .zip.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\fetish gay sleeping (Sylvia).avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\danish gang bang sperm uncut .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\black gang bang sperm voyeur hotel .avi.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse [milf] titts .mpeg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\hardcore catfight .rar.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\spanish xxx licking titts hotel (Janette).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\trambling voyeur .mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\beast voyeur (Karin).mpg.exe	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
3548	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
6132	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 5160	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	86
PID 2768 wrote to memory of 5160	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	86
PID 2768 wrote to memory of 5160	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	86
PID 2768 wrote to memory of 6132	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	92
PID 2768 wrote to memory of 6132	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	92
PID 2768 wrote to memory of 6132	2768	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	92
PID 5160 wrote to memory of 3548	5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	93
PID 5160 wrote to memory of 3548	5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	93
PID 5160 wrote to memory of 3548	5160	9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe	93

C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
"C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
  "C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5160
- - C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
    "C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3548
- C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe
  "C:\Users\Admin\AppData\Local\Temp\9e90c9dc82361bdd4398f8516320f664371d7b040ed39da4a36b269f73c8c28d.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american cum blowjob lesbian titts .mpeg.exe

Filesize
1.5MB

MD5
392485553df0034d10ba91612348da01

SHA1
cb4ce4a7555551a0b24a9d376859a814773973eb

SHA256
c5669b63966349b698c04ca551d6925ac6170b845d5a84ce3ec412fc6516c47a

SHA512
29d6140c6ca7484b32a3aa6f678db90b7daf9265eae280d01d535b43dc23f18371eb84334cb7ffc9ea5bc6cb1375ae05b71ad8579fe8b6a5d458bd3362ca0a2c

Download Submit
memory/2768-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2768-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3548-139-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3548-202-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5160-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5160-197-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6132-124-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6132-201-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download