909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee

Analysis

max time kernel
4s
max time network
156s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
Size

237KB
MD5

de72eaff0635576ed1f01136f7cf5ab1
SHA1

cd7e192cd81d6f579e76425e35a5a3875bbc9b6f
SHA256

909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee
SHA512

4f0e611049f96b747e202fb566d81b5b2ffc70a2c6d76f22207a0540979a706404b2045ad4d64e410cd3d84c0b2b09fcb6900130969ef6342824c80e72c36a77
SSDEEP

3072:ZYUb5QoJ4g+Ri+Zj6Iz1ZdW4SrO7FSVaV:ZY7xh6SZI4z7FSVaV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	wdlalbdij.exe

Loads dropped DLL 4 IoCs

pid	Process
2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wdlalbdij.exe	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
File opened for modification	C:\Windows\SysWOW64\wdlalbdij.exe	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
File created	C:\Windows\SysWOW64\wwn.exe	wdlalbdij.exe
File opened for modification	C:\Windows\SysWOW64\wwn.exe	wdlalbdij.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3008	524	WerFault.exe	222

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3032	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	28
PID 2696 wrote to memory of 3032	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	28
PID 2696 wrote to memory of 3032	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	28
PID 2696 wrote to memory of 3032	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	28
PID 2696 wrote to memory of 2664	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	29
PID 2696 wrote to memory of 2664	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	29
PID 2696 wrote to memory of 2664	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	29
PID 2696 wrote to memory of 2664	2696	909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe	29

C:\Users\Admin\AppData\Local\Temp\909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe
"C:\Users\Admin\AppData\Local\Temp\909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\wdlalbdij.exe
  "C:\Windows\system32\wdlalbdij.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3032
- - C:\Windows\SysWOW64\wwn.exe
    "C:\Windows\system32\wwn.exe"
    3⤵
    PID:2492
  - - C:\Windows\SysWOW64\wmmhho.exe
      "C:\Windows\system32\wmmhho.exe"
      4⤵
      PID:1656
    - - C:\Windows\SysWOW64\wbxjttn.exe
        
        "C:\Windows\system32\wbxjttn.exe"
        5⤵
        
        PID:1620
      - C:\Windows\SysWOW64\wagyf.exe
        
        "C:\Windows\system32\wagyf.exe"
        6⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\wcyvqac.exe
        
        "C:\Windows\system32\wcyvqac.exe"
        7⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\wqdrhoa.exe
        
        "C:\Windows\system32\wqdrhoa.exe"
        8⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\wch.exe
        
        "C:\Windows\system32\wch.exe"
        9⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\wjb.exe
        
        "C:\Windows\system32\wjb.exe"
        10⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\wutv.exe
        
        "C:\Windows\system32\wutv.exe"
        11⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\wmwqcb.exe
        
        "C:\Windows\system32\wmwqcb.exe"
        12⤵
        
        PID:768
        
        C:\Windows\SysWOW64\wdantqvcx.exe
        
        "C:\Windows\system32\wdantqvcx.exe"
        13⤵
        
        PID:944
        
        C:\Windows\SysWOW64\wbiegk.exe
        
        "C:\Windows\system32\wbiegk.exe"
        14⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\wualh.exe
        
        "C:\Windows\system32\wualh.exe"
        15⤵
        
        PID:436
        
        C:\Windows\SysWOW64\wonowumef.exe
        
        "C:\Windows\system32\wonowumef.exe"
        16⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\wdf.exe
        
        "C:\Windows\system32\wdf.exe"
        17⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\wowp.exe
        
        "C:\Windows\system32\wowp.exe"
        18⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\wdlvxrql.exe
        
        "C:\Windows\system32\wdlvxrql.exe"
        19⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\wpn.exe
        
        "C:\Windows\system32\wpn.exe"
        20⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\wvh.exe
        
        "C:\Windows\system32\wvh.exe"
        21⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\wgj.exe
        
        "C:\Windows\system32\wgj.exe"
        22⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\wym.exe
        
        "C:\Windows\system32\wym.exe"
        23⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\wpovmo.exe
        
        "C:\Windows\system32\wpovmo.exe"
        24⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\wicyc.exe
        
        "C:\Windows\system32\wicyc.exe"
        25⤵
        
        PID:1184
        
        C:\Windows\SysWOW64\wxtjmgu.exe
        
        "C:\Windows\system32\wxtjmgu.exe"
        26⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\wjtbsblbh.exe
        
        "C:\Windows\system32\wjtbsblbh.exe"
        27⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\wulqlv.exe
        
        "C:\Windows\system32\wulqlv.exe"
        28⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\wonjtb.exe
        
        "C:\Windows\system32\wonjtb.exe"
        29⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\wex.exe
        
        "C:\Windows\system32\wex.exe"
        30⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\wkmlkbpu.exe
        
        "C:\Windows\system32\wkmlkbpu.exe"
        31⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\wbyjhx.exe
        
        "C:\Windows\system32\wbyjhx.exe"
        32⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\wlcigtdk.exe
        
        "C:\Windows\system32\wlcigtdk.exe"
        33⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\wgnal.exe
        
        "C:\Windows\system32\wgnal.exe"
        34⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\wruexu.exe
        
        "C:\Windows\system32\wruexu.exe"
        35⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\wiilu.exe
        
        "C:\Windows\system32\wiilu.exe"
        36⤵
        
        PID:108
        
        C:\Windows\SysWOW64\wpnwokmlb.exe
        
        "C:\Windows\system32\wpnwokmlb.exe"
        37⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\wjoowpmm.exe
        
        "C:\Windows\system32\wjoowpmm.exe"
        38⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\wdg.exe
        
        "C:\Windows\system32\wdg.exe"
        39⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\wsudwi.exe
        
        "C:\Windows\system32\wsudwi.exe"
        40⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\whlohvyw.exe
        
        "C:\Windows\system32\whlohvyw.exe"
        41⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\wekkmxxk.exe
        
        "C:\Windows\system32\wekkmxxk.exe"
        42⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\wcnynuda.exe
        
        "C:\Windows\system32\wcnynuda.exe"
        43⤵
        
        PID:556
        
        C:\Windows\SysWOW64\wvkcfjk.exe
        
        "C:\Windows\system32\wvkcfjk.exe"
        44⤵
        
        PID:524
        
        C:\Windows\SysWOW64\wgdqygte.exe
        
        "C:\Windows\system32\wgdqygte.exe"
        45⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\wvgnots.exe
        
        "C:\Windows\system32\wvgnots.exe"
        46⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\wcyrkbvc.exe
        
        "C:\Windows\system32\wcyrkbvc.exe"
        47⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\wvbjsfxc.exe
        
        "C:\Windows\system32\wvbjsfxc.exe"
        48⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\wkdgkuv.exe
        
        "C:\Windows\system32\wkdgkuv.exe"
        49⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\wdrusegvi.exe
        
        "C:\Windows\system32\wdrusegvi.exe"
        50⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\wimnuilod.exe
        
        "C:\Windows\system32\wimnuilod.exe"
        51⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\wye.exe
        
        "C:\Windows\system32\wye.exe"
        52⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\wbjgwjl.exe
        
        "C:\Windows\system32\wbjgwjl.exe"
        53⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\wlbiiitgp.exe
        
        "C:\Windows\system32\wlbiiitgp.exe"
        54⤵
        
        PID:808
        
        C:\Windows\SysWOW64\wdolx.exe
        
        "C:\Windows\system32\wdolx.exe"
        55⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\wxgrytvi.exe
        
        "C:\Windows\system32\wxgrytvi.exe"
        56⤵
        
        PID:268
        
        C:\Windows\SysWOW64\wfymbwbc.exe
        
        "C:\Windows\system32\wfymbwbc.exe"
        57⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\wcljh.exe
        
        "C:\Windows\system32\wcljh.exe"
        58⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\wneyaqa.exe
        
        "C:\Windows\system32\wneyaqa.exe"
        59⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\wqomv.exe
        
        "C:\Windows\system32\wqomv.exe"
        60⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\wahbou.exe
        
        "C:\Windows\system32\wahbou.exe"
        61⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\wqynahrp.exe
        
        "C:\Windows\system32\wqynahrp.exe"
        62⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\wxckaxem.exe
        
        "C:\Windows\system32\wxckaxem.exe"
        63⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\wpedjefl.exe
        
        "C:\Windows\system32\wpedjefl.exe"
        64⤵
        
        PID:524
        
        C:\Windows\SysWOW64\wfhyarc.exe
        
        "C:\Windows\system32\wfhyarc.exe"
        65⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\wvrwf.exe
        
        "C:\Windows\system32\wvrwf.exe"
        66⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\wyyjjoyk.exe
        
        "C:\Windows\system32\wyyjjoyk.exe"
        67⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\wqccqubk.exe
        
        "C:\Windows\system32\wqccqubk.exe"
        68⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\wgtnbi.exe
        
        "C:\Windows\system32\wgtnbi.exe"
        69⤵
        
        PID:456
        
        C:\Windows\SysWOW64\wirs.exe
        
        "C:\Windows\system32\wirs.exe"
        70⤵
        
        PID:952
        
        C:\Windows\SysWOW64\wtyxssplk.exe
        
        "C:\Windows\system32\wtyxssplk.exe"
        71⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\woghurc.exe
        
        "C:\Windows\system32\woghurc.exe"
        72⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\wwkbbfe.exe
        
        "C:\Windows\system32\wwkbbfe.exe"
        73⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\wxnkhoro.exe
        
        "C:\Windows\system32\wxnkhoro.exe"
        74⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\wirkil.exe
        
        "C:\Windows\system32\wirkil.exe"
        75⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\wiopng.exe
        
        "C:\Windows\system32\wiopng.exe"
        76⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wirkil.exe"
        76⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxnkhoro.exe"
        75⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwkbbfe.exe"
        74⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woghurc.exe"
        73⤵
        
        PID:328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtyxssplk.exe"
        72⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wirs.exe"
        71⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgtnbi.exe"
        70⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqccqubk.exe"
        69⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyyjjoyk.exe"
        68⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvrwf.exe"
        67⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfhyarc.exe"
        66⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpedjefl.exe"
        65⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 804
        65⤵
        Program crash
        
        PID:3008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxckaxem.exe"
        64⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqynahrp.exe"
        63⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wahbou.exe"
        62⤵
        
        PID:960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqomv.exe"
        61⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wneyaqa.exe"
        60⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcljh.exe"
        59⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfymbwbc.exe"
        58⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxgrytvi.exe"
        57⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdolx.exe"
        56⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlbiiitgp.exe"
        55⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbjgwjl.exe"
        54⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wye.exe"
        53⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wimnuilod.exe"
        52⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdrusegvi.exe"
        51⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkdgkuv.exe"
        50⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvbjsfxc.exe"
        49⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcyrkbvc.exe"
        48⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvgnots.exe"
        47⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgdqygte.exe"
        46⤵
        
        PID:608
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvkcfjk.exe"
        45⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcnynuda.exe"
        44⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wekkmxxk.exe"
        43⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whlohvyw.exe"
        42⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsudwi.exe"
        41⤵
        
        PID:812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdg.exe"
        40⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjoowpmm.exe"
        39⤵
        
        PID:292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpnwokmlb.exe"
        38⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiilu.exe"
        37⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wruexu.exe"
        36⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgnal.exe"
        35⤵
        
        PID:980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlcigtdk.exe"
        34⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbyjhx.exe"
        33⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkmlkbpu.exe"
        32⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wex.exe"
        31⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wonjtb.exe"
        30⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wulqlv.exe"
        29⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjtbsblbh.exe"
        28⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxtjmgu.exe"
        27⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wicyc.exe"
        26⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpovmo.exe"
        25⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wym.exe"
        24⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgj.exe"
        23⤵
        
        PID:636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvh.exe"
        22⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpn.exe"
        21⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdlvxrql.exe"
        20⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wowp.exe"
        19⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdf.exe"
        18⤵
        
        PID:576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wonowumef.exe"
        17⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wualh.exe"
        16⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbiegk.exe"
        15⤵
        
        PID:580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdantqvcx.exe"
        14⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmwqcb.exe"
        13⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wutv.exe"
        12⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjb.exe"
        11⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wch.exe"
        10⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqdrhoa.exe"
        9⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcyvqac.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wagyf.exe"
        7⤵
        
        PID:3004
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbxjttn.exe"
        6⤵
        
        PID:2740
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmmhho.exe"
        5⤵
        
        PID:1148
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwn.exe"
      4⤵
      PID:2560
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdlalbdij.exe"
    3⤵
    PID:2396
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\909733eb574e6b30a85665c93b751221e22b0ae5e9e7178f1c93ee838ee3f4ee.exe"
  2⤵
  - Deletes itself
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\install[2].htm

Filesize
7KB

MD5
9463ba07743e8a9aca3b55373121b7c5

SHA1
4fdd121b2d2afd98881ab4cdb2d2a513ff5bb26f

SHA256
d5319a00eb7542e02c1e76cb20e2073c0411cd918e32094bc66f9147a0bfae6d

SHA512
6a1a97f37a5e607a3dc7f5fae343911a7f75d371a34ec27deb2971ee47388891f001d80959d37609d1c909af1674b4962da739e8a2cfce07e3d2ce6abf0c6ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HPGMAOG0.txt

Filesize
99B

MD5
e7b3dc0820f80475c8532ed5aa614459

SHA1
e8fdb312c082a669ff4e67916e29dec01caea84b

SHA256
445a7a766ee01e9ed68290758df0ccd19b7012f934bdd5ee9bd9fb130d5d01a1

SHA512
7f4371c63156ffc5046d3b4f7f71684e373ada4f8babc5c5aadf1a7f08e5d5d7f286a8dcbf06e84fa8a799ce77c2d54a2082df78b24dc946fc7e8c9a13769f1a

Download Submit
C:\Windows\SysWOW64\wdlalbdij.exe

Filesize
237KB

MD5
6eef6f1cd6cced09f0430b9c997cf424

SHA1
4e28c5f1cdd5cf311c8a15e0e27ad0877a5c4c5a

SHA256
c494b0e2ff4335d7a4944e319ad37e7bae6c2d1463c57eae83af7038cd853c68

SHA512
ef18d5f639745fd7f1774cedce73ee7a7fb98e10bf2041dc90db2ee7d46db5115b7789a2ed5420605557e438ce784f322b9df5b64b4b37071e98ed4859f7af27

Download Submit
\Windows\SysWOW64\wagyf.exe

Filesize
238KB

MD5
ab65970f835511b2be914c9146015650

SHA1
e90560384d554911eb39d9ab0f16f5750ce16765

SHA256
3750c41d3e16afa30c60394f6e0b15fe62ec4b84cbf5aa080380c9988a989418

SHA512
21878f9d3dbd2602cd9a51bee0f85a09c7f081e542534da64d14e901f1ef58977509efdcdd55de9ba4edf5a76916d75428c72c877e9bbb3cf6d9feb2d8136ae2

Download Submit
\Windows\SysWOW64\wbxjttn.exe

Filesize
238KB

MD5
a6efa3595f7539cbefd966953f02d1a4

SHA1
70a4c787ee3bb16a59d0dc6aae5795d3d392b5dc

SHA256
4716f0a8568636b22a063824681efcbbf5dd0f0affffcd469536c83302a05086

SHA512
76cff27d4406c149a4acdde1822ab3d127a679b19646892bbb9ddc6ab596da5b2aeb0bb81db60b04376773dc1044e3a9ed8315945754fb6dd5423492b651194e

Download Submit
\Windows\SysWOW64\wch.exe

Filesize
238KB

MD5
64cf55c4de1da529b5b5d8b68dde5d5e

SHA1
ab0a51437a0401c74a8fa7e95b1a904c8e8e5455

SHA256
555c834b51f4703c4b8452df3521e6e5de718f6259b1254765b308ccfe469c99

SHA512
0cbf261c2c89061670d085d636f92109e1f5dc518c7d4946a5b0ea02e6d81925fd13f26dfed775073c4aba627ecb795d5a090b3d578673402e84c3197694c01c

Download Submit
\Windows\SysWOW64\wcyvqac.exe

Filesize
238KB

MD5
a17ded0d1a3a1ad2d9cb7b6b8a0a7bfe

SHA1
28b6ae7ea05d05deddc989b7585cb3e005ada99e

SHA256
04573a9b1a153c9f89891d289a8f32672bbad475669f80c42e58d7d219df66be

SHA512
edb91a59732e4ac269f2356e40eb800970421212c6d93de2694b428a8cbbdbc396c1c2a0b0fa4b12851757c218293b7db8007c3656c01530caf5f81598f79b90

Download Submit
\Windows\SysWOW64\wjb.exe

Filesize
238KB

MD5
ef148ef32a8bb12464cc0ef6b9268731

SHA1
b02d8bdef9367aae48fe90eb617679457e412249

SHA256
1500c7db8d1f00eac11a3c85bfdf41fe5d3810422db691f9840ae3b7c601d10d

SHA512
c9decf5b71e54e26e010edcbd9b93060185eda0684b8d8e00029143b4864f9e58f5f49a4aedeca63a0283e34272a9065a0f6ac6f2cfd1a530ae12234abc1c06e

Download Submit
\Windows\SysWOW64\wmmhho.exe

Filesize
237KB

MD5
1eebee59e4d682f4471759193a7b2aec

SHA1
f6b60b1086b7d183a099b1b0de652ec0a9374744

SHA256
5a4106b0c7a476e6e2b13f6127282ca60433399f6f3dff480f23202b6a287977

SHA512
ada0cef1bbff726142fbd312be10216c4581c5a058ed4eb91cc119d82c5004b7bc43f95bcc50bb4b314ed30046ff04514707bf13df9692cfc9b647a117f6cd42

Download Submit
\Windows\SysWOW64\wmwqcb.exe

Filesize
238KB

MD5
ef16cd49363b9a9b930638d14df7fe6f

SHA1
d13f491957af4c9f921b31df48487d60032fe225

SHA256
1130193be94be6dc8919f82328fc98c39aa8eb7fefbfcc4178fd32cebdd1d054

SHA512
72bdcf1bd44cb0629409585a7eb42a15208effe455e156b165191f3ca5842de7a3b9a3454feddaff52d9e81cd2c0ff3b08f8f1c0e1b87518dffdf739cb26f89d

Download Submit
\Windows\SysWOW64\wqdrhoa.exe

Filesize
238KB

MD5
6b3cf4393394ca26a6b4b1cf4f5cb6eb

SHA1
b7556006d224ac9b2d810c1db8e16e3380e42a93

SHA256
03a01de469919ac945e3364791ec31c20ef14d69dcbd4c86e5e023843a5c6aa7

SHA512
b81446fdcbed3685349d01c6e4dfe36d31b6815399be79754dd75f5bff9a6646005e0890dc07544487bf51fdbc711950c4331afc23e9366543fcd88046120ff3

Download Submit
\Windows\SysWOW64\wutv.exe

Filesize
238KB

MD5
12006f6b3a3a8478dbf7b404f5873402

SHA1
6e990ec7eae0a84c8e5e878e31a3231fc4c9621c

SHA256
7bef63f5978af218af8e651b23a9cde83efbbacf42685059d7bde970808764e3

SHA512
57db9e87cda4c1ce6bd95bcf21d6323075ba661f6b4cb6fcfb81dcc271a0c3015de7847e34be15e0466851a3cd4f2c66455d1cf2c68b1059ca17f19012bec339

Download Submit
\Windows\SysWOW64\wwn.exe

Filesize
237KB

MD5
9ba49804686ca5028d32da8f1012999c

SHA1
30a0901017547e01a828b90e099cf2fd6f867cce

SHA256
6e4cf88eb632ee2c3505d7fb901bee083e40b14fdb08f7fe27e1e535a287a10f

SHA512
a3a03dc65d4bfbb2f086852a2cd825485b009dc4a5c48e06c273e8958af87385b97ade59a7225c789acabb74cb08211abc644530f629e6f664b732890b12047f

Download Submit
memory/436-280-0x0000000003220000-0x0000000003237000-memory.dmp

Filesize
92KB

Download
memory/436-285-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/768-236-0x00000000038E0000-0x00000000038F7000-memory.dmp

Filesize
92KB

Download
memory/768-228-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/768-243-0x00000000038E0000-0x00000000038F7000-memory.dmp

Filesize
92KB

Download
memory/768-244-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/768-242-0x00000000038E0000-0x00000000038F7000-memory.dmp

Filesize
92KB

Download
memory/944-256-0x0000000003EA0000-0x0000000003EB7000-memory.dmp

Filesize
92KB

Download
memory/944-257-0x0000000003EB0000-0x0000000003EC7000-memory.dmp

Filesize
92KB

Download
memory/944-258-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1184-421-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/1184-408-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1184-422-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/1184-424-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1248-354-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1248-367-0x0000000003C60000-0x0000000003C77000-memory.dmp

Filesize
92KB

Download
memory/1248-368-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1476-165-0x0000000003D70000-0x0000000003D87000-memory.dmp

Filesize
92KB

Download
memory/1476-163-0x0000000003D60000-0x0000000003D77000-memory.dmp

Filesize
92KB

Download
memory/1476-164-0x0000000003D70000-0x0000000003D87000-memory.dmp

Filesize
92KB

Download
memory/1476-145-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1476-167-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1620-266-0x00000000032D0000-0x00000000032E7000-memory.dmp

Filesize
92KB

Download
memory/1620-101-0x0000000003430000-0x0000000003447000-memory.dmp

Filesize
92KB

Download
memory/1620-100-0x0000000003430000-0x0000000003447000-memory.dmp

Filesize
92KB

Download
memory/1620-81-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1620-271-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1620-93-0x00000000033D0000-0x00000000033E7000-memory.dmp

Filesize
92KB

Download
memory/1620-105-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1632-409-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1632-407-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/1632-395-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1656-79-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/1656-83-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1656-78-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/1692-382-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1692-377-0x0000000003DA0000-0x0000000003DB7000-memory.dmp

Filesize
92KB

Download
memory/1944-307-0x0000000003AB0000-0x0000000003AC7000-memory.dmp

Filesize
92KB

Download
memory/1944-313-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1992-125-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1992-143-0x0000000003D70000-0x0000000003D87000-memory.dmp

Filesize
92KB

Download
memory/1992-147-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2052-312-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2052-322-0x0000000003670000-0x0000000003687000-memory.dmp

Filesize
92KB

Download
memory/2052-326-0x0000000003670000-0x0000000003687000-memory.dmp

Filesize
92KB

Download
memory/2052-327-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2316-450-0x0000000003C70000-0x0000000003C87000-memory.dmp

Filesize
92KB

Download
memory/2316-449-0x0000000003C60000-0x0000000003C77000-memory.dmp

Filesize
92KB

Download
memory/2316-451-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2488-227-0x0000000003D00000-0x0000000003D17000-memory.dmp

Filesize
92KB

Download
memory/2488-225-0x0000000003D00000-0x0000000003D17000-memory.dmp

Filesize
92KB

Download
memory/2488-226-0x0000000003CF0000-0x0000000003D07000-memory.dmp

Filesize
92KB

Download
memory/2488-229-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2488-208-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2492-58-0x0000000003170000-0x0000000003187000-memory.dmp

Filesize
92KB

Download
memory/2492-59-0x0000000003180000-0x0000000003197000-memory.dmp

Filesize
92KB

Download
memory/2492-61-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2540-205-0x0000000003EA0000-0x0000000003EB7000-memory.dmp

Filesize
92KB

Download
memory/2540-206-0x0000000003EB0000-0x0000000003EC7000-memory.dmp

Filesize
92KB

Download
memory/2540-209-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2604-189-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2604-179-0x0000000003B40000-0x0000000003B57000-memory.dmp

Filesize
92KB

Download
memory/2604-180-0x0000000003B40000-0x0000000003B57000-memory.dmp

Filesize
92KB

Download
memory/2604-186-0x0000000003C40000-0x0000000003C57000-memory.dmp

Filesize
92KB

Download
memory/2628-463-0x0000000003EA0000-0x0000000003EB7000-memory.dmp

Filesize
92KB

Download
memory/2628-466-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2628-464-0x0000000003FB0000-0x0000000003FC7000-memory.dmp

Filesize
92KB

Download
memory/2696-18-0x0000000003D70000-0x0000000003D87000-memory.dmp

Filesize
92KB

Download
memory/2696-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2696-22-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2696-19-0x0000000003D70000-0x0000000003D87000-memory.dmp

Filesize
92KB

Download
memory/2696-11-0x0000000003C60000-0x0000000003C77000-memory.dmp

Filesize
92KB

Download
memory/2716-123-0x0000000003A80000-0x0000000003A97000-memory.dmp

Filesize
92KB

Download
memory/2716-103-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2716-127-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2716-122-0x0000000003A80000-0x0000000003A97000-memory.dmp

Filesize
92KB

Download
memory/2716-121-0x0000000003A80000-0x0000000003A97000-memory.dmp

Filesize
92KB

Download
memory/2728-394-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2728-381-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2744-353-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/2744-355-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2796-436-0x0000000003430000-0x0000000003447000-memory.dmp

Filesize
92KB

Download
memory/2796-423-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2796-437-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2828-340-0x0000000003780000-0x0000000003797000-memory.dmp

Filesize
92KB

Download
memory/2828-341-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2828-336-0x0000000003780000-0x0000000003797000-memory.dmp

Filesize
92KB

Download
memory/2924-465-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2924-475-0x0000000003BB0000-0x0000000003BC7000-memory.dmp

Filesize
92KB

Download
memory/2924-479-0x0000000003BC0000-0x0000000003BD7000-memory.dmp

Filesize
92KB

Download
memory/3008-299-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3008-284-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3008-298-0x0000000003C60000-0x0000000003C77000-memory.dmp

Filesize
92KB

Download
memory/3008-290-0x0000000003C60000-0x0000000003C77000-memory.dmp

Filesize
92KB

Download
memory/3032-39-0x00000000030E0000-0x00000000030F7000-memory.dmp

Filesize
92KB

Download
memory/3032-41-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download