44b41286baf971b6fbb30ccbf30532065de8630233ce66991b287d7d82871b2b

Analysis

max time kernel
136s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BloxFlip-Predicator-V2--main/BloxFlip Predicator.exe
Size

16.7MB
MD5

adad1f90ebff8df5b12b81d9a2c4a6ab
SHA1

787491f2b69dd9b9f5a70fedf5227b6f3c317450
SHA256

84bb145d901c473b39f6d3affaf2c4791abb8431efdae9330ca80c03acb15dfa
SHA512

eb05a90cd19fd94acc5714c3915a405e5bd009a14d75ac65a3ef1d5924a5a6a3c65c6bf96d15ad67c4c25e86c93ebb35920c837525bee6c6bb7ac1a596475604
SSDEEP

393216:sHNkxjYSx8uP8/m3pDeEG2QJ+v8rRXJuzeJbwjmk:gixjYzKDGvJuyJbwjz

Score

7^/10

spyware stealer upx

Malware Config

Signatures

Drops startup file 2 IoCs

Processes:

BloxFlip Predicator.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BloxFlip Predicator.exe	BloxFlip Predicator.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BloxFlip Predicator.exe	BloxFlip Predicator.exe

Loads dropped DLL 52 IoCs

Processes:

BloxFlip Predicator.exe

pid	process
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI31642\python310.dll	upx
behavioral4/memory/1548-104-0x00007FFEFB5D0000-0x00007FFEFBA3E000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libffi-7.dll	upx
behavioral4/memory/1548-114-0x00007FFF0E470000-0x00007FFF0E47F000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_bz2.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_lzma.pyd	upx
behavioral4/memory/1548-126-0x00007FFF0ADC0000-0x00007FFF0ADD9000-memory.dmp	upx
behavioral4/memory/1548-127-0x00007FFF0AD90000-0x00007FFF0ADBD000-memory.dmp	upx
behavioral4/memory/1548-125-0x00007FFF0C9D0000-0x00007FFF0C9DD000-memory.dmp	upx
behavioral4/memory/1548-124-0x00007FFF0ADE0000-0x00007FFF0ADF9000-memory.dmp	upx
behavioral4/memory/1548-113-0x00007FFF0B110000-0x00007FFF0B134000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pyexpat.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_queue.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\win32api.pyd	upx
behavioral4/memory/1548-130-0x00007FFF0AD50000-0x00007FFF0AD84000-memory.dmp	upx
behavioral4/memory/1548-141-0x00007FFF0A530000-0x00007FFF0A5F1000-memory.dmp	upx
behavioral4/memory/1548-140-0x00007FFF0AC70000-0x00007FFF0ACA1000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pythoncom310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pywintypes310.dll	upx
behavioral4/memory/1548-136-0x00007FFF0ACB0000-0x00007FFF0ACDC000-memory.dmp	upx
behavioral4/memory/1548-135-0x00007FFF0C330000-0x00007FFF0C33D000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_sqlite3.pyd	upx
behavioral4/memory/1548-147-0x00007FFF0E480000-0x00007FFF0E49F000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\sqlite3.dll	upx
behavioral4/memory/1548-149-0x00007FFEFB460000-0x00007FFEFB5C9000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\psutil\_psutil_windows.cp310-win_amd64.pyd	upx
behavioral4/memory/1548-152-0x00007FFF0AFD0000-0x00007FFF0AFE8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_ssl.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libcrypto-1_1.dll	upx
behavioral4/memory/1548-157-0x00007FFF0AFA0000-0x00007FFF0AFCE000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libssl-1_1.dll	upx
behavioral4/memory/1548-163-0x00007FFEFB0E0000-0x00007FFEFB457000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_brotli.cp310-win_amd64.pyd	upx
behavioral4/memory/1548-170-0x00007FFEFB000000-0x00007FFEFB0DF000-memory.dmp	upx
behavioral4/memory/1548-162-0x00007FFF0AE00000-0x00007FFF0AEB7000-memory.dmp	upx
behavioral4/memory/1548-161-0x00007FFEFB5D0000-0x00007FFEFBA3E000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_hashlib.pyd	upx
behavioral4/memory/1548-174-0x00007FFF09E80000-0x00007FFF09E94000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\unicodedata.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_cffi_backend.cp310-win_amd64.pyd	upx
behavioral4/memory/1548-178-0x00007FFEFA2A0000-0x00007FFEFA3B8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_cbc.pyd	upx
behavioral4/memory/1548-198-0x00007FFF03C30000-0x00007FFF03C3E000-memory.dmp	upx
behavioral4/memory/1548-197-0x00007FFEFB460000-0x00007FFEFB5C9000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_ctr.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_ofb.pyd	upx
behavioral4/memory/1548-194-0x00007FFF08970000-0x00007FFF0897F000-memory.dmp	upx
behavioral4/memory/1548-200-0x00007FFF01BE0000-0x00007FFF01BF1000-memory.dmp	upx
behavioral4/memory/1548-214-0x00007FFEF9B00000-0x00007FFEF9E24000-memory.dmp	upx
behavioral4/memory/1548-213-0x00007FFEF9E30000-0x00007FFEF9E41000-memory.dmp	upx
behavioral4/memory/1548-215-0x00007FFF0AE00000-0x00007FFF0AEB7000-memory.dmp	upx
behavioral4/memory/1548-217-0x00007FFEF9970000-0x00007FFEF9AFE000-memory.dmp	upx
behavioral4/memory/1548-216-0x00007FFEFB0E0000-0x00007FFEFB457000-memory.dmp	upx
behavioral4/memory/1548-212-0x00007FFEFA090000-0x00007FFEFA0A5000-memory.dmp	upx
behavioral4/memory/1548-211-0x00007FFEFA190000-0x00007FFEFA1A1000-memory.dmp	upx
behavioral4/memory/1548-210-0x00007FFEFA1B0000-0x00007FFEFA1BE000-memory.dmp	upx
behavioral4/memory/1548-219-0x00007FFEF9590000-0x00007FFEF9968000-memory.dmp	upx
behavioral4/memory/1548-209-0x00007FFEFA1C0000-0x00007FFEFA1CE000-memory.dmp	upx
behavioral4/memory/1548-208-0x00007FFEFA1D0000-0x00007FFEFA1DF000-memory.dmp	upx
behavioral4/memory/1548-207-0x00007FFEFA1E0000-0x00007FFEFA1EE000-memory.dmp	upx
behavioral4/memory/1548-206-0x00007FFEFA1F0000-0x00007FFEFA1FF000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

14 discord.com
15 discord.com
23 discord.com
27 discord.com
28 raw.githubusercontent.com
29 raw.githubusercontent.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

21 api.ipify.org
22 api.ipify.org
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.

System Information Discovery
T1082

Processes:

WMIC.exe

pid process

4376 WMIC.exe
Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4156 PING.EXE

flow	ioc
14	discord.com
15	discord.com
23	discord.com
27	discord.com
28	raw.githubusercontent.com
29	raw.githubusercontent.com

flow	ioc
21	api.ipify.org
22	api.ipify.org

pid	process
4376	WMIC.exe

pid	process
4156	PING.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

BloxFlip Predicator.exepowershell.exe

pid	process
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
2372	powershell.exe
2372	powershell.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe
1548	BloxFlip Predicator.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BloxFlip Predicator.exepowershell.exeWMIC.exewmic.exe

description	pid	process
Token: SeDebugPrivilege	1548	BloxFlip Predicator.exe
Token: SeDebugPrivilege	2372	powershell.exe
Token: SeIncreaseQuotaPrivilege	1692	WMIC.exe
Token: SeSecurityPrivilege	1692	WMIC.exe
Token: SeTakeOwnershipPrivilege	1692	WMIC.exe
Token: SeLoadDriverPrivilege	1692	WMIC.exe
Token: SeSystemProfilePrivilege	1692	WMIC.exe
Token: SeSystemtimePrivilege	1692	WMIC.exe
Token: SeProfSingleProcessPrivilege	1692	WMIC.exe
Token: SeIncBasePriorityPrivilege	1692	WMIC.exe
Token: SeCreatePagefilePrivilege	1692	WMIC.exe
Token: SeBackupPrivilege	1692	WMIC.exe
Token: SeRestorePrivilege	1692	WMIC.exe
Token: SeShutdownPrivilege	1692	WMIC.exe
Token: SeDebugPrivilege	1692	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1692	WMIC.exe
Token: SeRemoteShutdownPrivilege	1692	WMIC.exe
Token: SeUndockPrivilege	1692	WMIC.exe
Token: SeManageVolumePrivilege	1692	WMIC.exe
Token: 33	1692	WMIC.exe
Token: 34	1692	WMIC.exe
Token: 35	1692	WMIC.exe
Token: 36	1692	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1692	WMIC.exe
Token: SeSecurityPrivilege	1692	WMIC.exe
Token: SeTakeOwnershipPrivilege	1692	WMIC.exe
Token: SeLoadDriverPrivilege	1692	WMIC.exe
Token: SeSystemProfilePrivilege	1692	WMIC.exe
Token: SeSystemtimePrivilege	1692	WMIC.exe
Token: SeProfSingleProcessPrivilege	1692	WMIC.exe
Token: SeIncBasePriorityPrivilege	1692	WMIC.exe
Token: SeCreatePagefilePrivilege	1692	WMIC.exe
Token: SeBackupPrivilege	1692	WMIC.exe
Token: SeRestorePrivilege	1692	WMIC.exe
Token: SeShutdownPrivilege	1692	WMIC.exe
Token: SeDebugPrivilege	1692	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1692	WMIC.exe
Token: SeRemoteShutdownPrivilege	1692	WMIC.exe
Token: SeUndockPrivilege	1692	WMIC.exe
Token: SeManageVolumePrivilege	1692	WMIC.exe
Token: 33	1692	WMIC.exe
Token: 34	1692	WMIC.exe
Token: 35	1692	WMIC.exe
Token: 36	1692	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4052	wmic.exe
Token: SeSecurityPrivilege	4052	wmic.exe
Token: SeTakeOwnershipPrivilege	4052	wmic.exe
Token: SeLoadDriverPrivilege	4052	wmic.exe
Token: SeSystemProfilePrivilege	4052	wmic.exe
Token: SeSystemtimePrivilege	4052	wmic.exe
Token: SeProfSingleProcessPrivilege	4052	wmic.exe
Token: SeIncBasePriorityPrivilege	4052	wmic.exe
Token: SeCreatePagefilePrivilege	4052	wmic.exe
Token: SeBackupPrivilege	4052	wmic.exe
Token: SeRestorePrivilege	4052	wmic.exe
Token: SeShutdownPrivilege	4052	wmic.exe
Token: SeDebugPrivilege	4052	wmic.exe
Token: SeSystemEnvironmentPrivilege	4052	wmic.exe
Token: SeRemoteShutdownPrivilege	4052	wmic.exe
Token: SeUndockPrivilege	4052	wmic.exe
Token: SeManageVolumePrivilege	4052	wmic.exe
Token: 33	4052	wmic.exe
Token: 34	4052	wmic.exe
Token: 35	4052	wmic.exe

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

BloxFlip Predicator.exeBloxFlip Predicator.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 3164 wrote to memory of 1548	3164	BloxFlip Predicator.exe	BloxFlip Predicator.exe
PID 3164 wrote to memory of 1548	3164	BloxFlip Predicator.exe	BloxFlip Predicator.exe
PID 1548 wrote to memory of 3852	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 3852	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 3052	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 3052	1548	BloxFlip Predicator.exe	cmd.exe
PID 3852 wrote to memory of 3468	3852	cmd.exe	netsh.exe
PID 3852 wrote to memory of 3468	3852	cmd.exe	netsh.exe
PID 3052 wrote to memory of 2372	3052	cmd.exe	powershell.exe
PID 3052 wrote to memory of 2372	3052	cmd.exe	powershell.exe
PID 1548 wrote to memory of 3752	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 3752	1548	BloxFlip Predicator.exe	cmd.exe
PID 3752 wrote to memory of 1692	3752	cmd.exe	WMIC.exe
PID 3752 wrote to memory of 1692	3752	cmd.exe	WMIC.exe
PID 1548 wrote to memory of 4052	1548	BloxFlip Predicator.exe	wmic.exe
PID 1548 wrote to memory of 4052	1548	BloxFlip Predicator.exe	wmic.exe
PID 1548 wrote to memory of 2680	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 2680	1548	BloxFlip Predicator.exe	cmd.exe
PID 2680 wrote to memory of 4376	2680	cmd.exe	WMIC.exe
PID 2680 wrote to memory of 4376	2680	cmd.exe	WMIC.exe
PID 1548 wrote to memory of 1524	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 1524	1548	BloxFlip Predicator.exe	cmd.exe
PID 1524 wrote to memory of 1520	1524	cmd.exe	WMIC.exe
PID 1524 wrote to memory of 1520	1524	cmd.exe	WMIC.exe
PID 1548 wrote to memory of 4816	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 4816	1548	BloxFlip Predicator.exe	cmd.exe
PID 4816 wrote to memory of 4224	4816	cmd.exe	WMIC.exe
PID 4816 wrote to memory of 4224	4816	cmd.exe	WMIC.exe
PID 1548 wrote to memory of 2176	1548	BloxFlip Predicator.exe	cmd.exe
PID 1548 wrote to memory of 2176	1548	BloxFlip Predicator.exe	cmd.exe
PID 2176 wrote to memory of 4156	2176	cmd.exe	PING.EXE
PID 2176 wrote to memory of 4156	2176	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\BloxFlip-Predicator-V2--main\BloxFlip Predicator.exe
"C:\Users\Admin\AppData\Local\Temp\BloxFlip-Predicator-V2--main\BloxFlip Predicator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Users\Admin\AppData\Local\Temp\BloxFlip-Predicator-V2--main\BloxFlip Predicator.exe
  "C:\Users\Admin\AppData\Local\Temp\BloxFlip-Predicator-V2--main\BloxFlip Predicator.exe"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3852
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3052
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic os get Caption"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic os get Caption
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1692
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get Name
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      PID:4376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get totalphysicalmemory
      4⤵
      PID:1520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:4224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ping localhost -n 3 > NUL && del /F "C:\Users\Admin\AppData\Local\Temp\BloxFlip-Predicator-V2--main\BloxFlip Predicator.exe""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Windows\system32\PING.EXE
      ping localhost -n 3
      4⤵
      Runs ping.exe
      PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\XkSYEsW1Kx\Browser\cc's.txt

Filesize
91B

MD5
5aa796b6950a92a226cc5c98ed1c47e8

SHA1
6706a4082fc2c141272122f1ca424a446506c44d

SHA256
c4c83da3a904a4e7114f9bd46790db502cdd04800e684accb991cd1a08ee151c

SHA512
976f403257671e8f652bf988f4047202e1a0fd368fdb2bab2e79ece1c20c7eb775c4b3a8853c223d4f750f4192cd09455ff024918276dc1dd1442fa3b36623ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\XkSYEsW1Kx\Browser\history.txt

Filesize
23B

MD5
5638715e9aaa8d3f45999ec395e18e77

SHA1
4e3dc4a1123edddf06d92575a033b42a662fe4ad

SHA256
4db7f6559c454d34d9c2d557524603c3f52649c2d69b26b6e8384a3d179aeae6

SHA512
78c96efab1d941e34d3137eae32cef041e2db5b0ebbf883e6a2effa79a323f66e00cfb7c45eb3398b3cbd0469a2be513c3ff63e5622261857eefc1685f77f76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_cbc.pyd

Filesize
14KB

MD5
6847f28422f0ad239a6e90f6e9fff86b

SHA1
63c326a761e02c8b54732883dea6fd21b30fa130

SHA256
3016df8ffbf323b38c42b9246ffde7e4f8ceecfc0d43bc6491fdc713bd280fa3

SHA512
2059522c78c91098b18e3c4b913eea89eefe32565a04ec1b8527736b6f641a33ca84bf13d1313febf3dec9d8fed8ec7a6ddc123187b6dacb63872d4719bf5a7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_cfb.pyd

Filesize
14KB

MD5
9f6beb8bf4ca203eccbfd67676519414

SHA1
a3dd7b81856114edea34533a9b1301b74ec72ffb

SHA256
1ee1f47a910d9347b0e1a0f7004dcc7973aad81cc03e0e00e4c78d4cdb193bd6

SHA512
d38d42e37992365c004f25c4bdd667c2479394ff695ee465bf7ab5473a8beba29bf6789cf373bebed840323c65ed2ccc81254ff31e3a71f795d9ec77507be760

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_ctr.pyd

Filesize
15KB

MD5
a3a4bcec135db4b345d120eb269720ca

SHA1
a57136461a948fbfcbdc7879f383b97d123f00a6

SHA256
f9ac6d17dbea892b3ca4b27780d1349469b50b702f40499f56fd1ebbdd937a93

SHA512
f9ec0109047d14761674b23530c07e59db3f3130a140feddcdc944bfe259eda1b96553062c7e00e2e5f3fdcab685a5c63e8d71ce6134f1c8409f65450ad8e39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_ecb.pyd

Filesize
13KB

MD5
022b5ed08da6b5c0a0de2fc021746211

SHA1
1b1dcb3e5fa89ee3e890241b1c54c00a4ab6e64a

SHA256
e8e4892c9a8e1c51ab4053adc16c9204ccd0948c463aec0f8b7ce5b8d2a61a43

SHA512
fc36c3aaf903873c1b14a053e760e8f9645d95fd4a17d9fd5fc48d14fec888b20ff43ed217b70d505a6513d6ad9b7d37bd977985e93046a465570fc9b0377eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\Crypto\Cipher\_raw_ofb.pyd

Filesize
14KB

MD5
beba958376afbd45d6f36d4cf1898dda

SHA1
73b810fea22e27085b9977bdb19d0a0215582829

SHA256
c81e2557217245a4ffd6cf9449202d61ac44ceed4df23b8d04d013dfc77a824c

SHA512
66cf486f291ef0217d7a84fc423bde6957c2930a472fb69717cbd78e0e665c726083d73b63a7b618a9ad35331e28a13676a805a39527ebd75f608881a3daacc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\MSVCP140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_brotli.cp310-win_amd64.pyd

Filesize
291KB

MD5
e2768491905f628a7bd1e668b469808d

SHA1
b3b4144927a6f354c9230e4609f5d8ec2fa5b25d

SHA256
80c2325dcd06e4a5c0b493d78bc7aa288a865e35487ae8262899a7c9c4fdb991

SHA512
058ef4687ec03c76b9afd0a297c0a0e64931d40259cc19d94cc974141d9107a934d0d3b9f6c6a1a2606d31c6bd23a5a6d2a4f0aa596e37890150d0d921b2f3a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_bz2.pyd

Filesize
46KB

MD5
f5f4d231a7c611f417d4541c1aae4c10

SHA1
f0c7b2073568bd1b4d4a68c68e397d1c4c0de5d4

SHA256
fe3ececf82cdd471e61ac61923b7ecf9cf4df8f3a1116e8cf3a282d8d065df3a

SHA512
a31075c212f26f8be0598aecf44f936cf507f229c500f823951cd902fe03c2dc8cf66295a823c463299bae6a52117feb45dda1983ab0867df148daf327403fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
cfee816d52c1e7bb794176b1b09ff67d

SHA1
d794ea089663f12fdff6ea46e3b781adfc709c85

SHA256
3450bb88d5fb62decaacbff64e31f12a1bb547de39328a28cd31fb7f4f65f3ca

SHA512
b4f1f164e1cba5fa2dc2c4c6c581f316d3d6ae5dd06bada923e5ce4f0dde091b1c65f14f38b8f37e929f62e241105a5bc67a13b6b24977ecb23231824014dc6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_ctypes.pyd

Filesize
56KB

MD5
b8887b1c0030c9b63028d493dde34d74

SHA1
b03c6444c1842dadccfd9b4054d34929dbccdf04

SHA256
47b601a4354fde1024b732d220631f09fda9c1820a2a65c15c02a0b066deb278

SHA512
846fb6319085e53d3c768c82248b65e516818e8c3e0e697e0bf77f589d4125d8387617e4e88e83e871ab4a483293036954df8c33539f7dba7ff35451eb3e9c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_hashlib.pyd

Filesize
33KB

MD5
ed2f19b39c926534a3f66804a72b0d53

SHA1
fca2296347f7dcd436a286f1e908988b0c43d2d5

SHA256
ebb44a13a343af88883fe3048437c7c6934f22126129086f6e386eaf59b746b8

SHA512
a3b5e39227f912b199b6332484a64dc83745768362a1e8c790396c50dae8fc51350263e7f4349595ed774f48f9e3e3cf57cef4de91348f1701d4fcd0a01ccee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_lzma.pyd

Filesize
84KB

MD5
5aec5d1bd3108bf7cd556ac901389b8c

SHA1
7e09948cabbb4b4af1bf1c72d8c7aa3afc23183e

SHA256
b3522206bf15f7fb7f649c8e1e8edbb1a0b58bce997d4f88d0878ca77c85d12e

SHA512
4a8c47f17d2799080e9acc1c99ca8706b8cc29ab6e91ee7d9c7a0b5ff0f191311ba4a5963a7f4b5ef0038076ad5830e4347b475dbccab3939f8a6e0c1cd8e4be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_queue.pyd

Filesize
24KB

MD5
ed684af77b17b6166ea94cb4c9831908

SHA1
db77252fd37079020b4fee9d68ea1fabf900b06c

SHA256
93104cd9274050d69ab7c1d1fbfc847e07a1faf9d392f5b46b2e40f1dca9bcf4

SHA512
306bb228d9cf4f9aafaf8c6e10fb5ee60fc21e8f7b05d43dab4e82c2d0852ab5d6d266303cebc51d75557aea09e30386a6197ad8b09f9f02b5d5715411feb499

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_socket.pyd

Filesize
41KB

MD5
83fa71bcfcdd78e9b21e4c002af9db47

SHA1
7bb246c21fac4d125942c0b017763595e475936b

SHA256
7d16e42e65c99fe3ae755045c1e4abd049bfd7e6f4ee7f366b776b365d82f2a2

SHA512
f02209e669cd0fe72cd2d8060f34a1ad559413179acab80769db026203b614b8b3415612831f89c11bd86bd00dbd91f8b04fd6d4f276311f09ba0877e6bc81cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_sqlite3.pyd

Filesize
48KB

MD5
bc8a7ed0a49a3c7cfee84692b236914b

SHA1
ba4a07b4d3f303a90a60bc8b9cfc0984fb14f32b

SHA256
4c4556f046de77ec05804eb54c3ef15d5b284d360199432379a3b87b25dba2fd

SHA512
587ff5b6777c663ae5a08fc73ffc46ef5bcff25d35b39c16f94bc4ec6f21f0b18840b6c49d83e5e99d2d550bcdafe00e981f2b5ee2e7309384728b1a66b5a789

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\_ssl.pyd

Filesize
60KB

MD5
91bcf19bbbfdc276520072f276eef11e

SHA1
3627bffb0cfa326609b16cb0d4effc5fcdf06025

SHA256
b89b461de18660dd2ab94ab271833894c8a518252b2002096ef8eea8ee07168d

SHA512
06498e9ca0169e02d65823498b5bd7478a630c3fde23acf11fee94947d703c72b2ce1531b5c46cdaa95b93c66b9c314113dd348f8c37eda84510a4078a27a2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\base_library.zip

Filesize
1.0MB

MD5
5a7ad03e447e3014098e1ea976755631

SHA1
cae644c80426d524dc561f3d9eff88d4568982c7

SHA256
881c3f379f4f209365730e0ae77b40e2b38e408a6bdb570b5148841a9a76fcf5

SHA512
0543b2093e544ae1ecc7d688eb6e0de19989c171ce4debf57cc0615a502e105cdd72d3154e4095fc9d58baa3fb0a8be8a8e5b250048331c597c1bb0f52684eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libcrypto-1_1.dll

Filesize
1.1MB

MD5
205412dc7f3cd894644a96e97e1a3cb8

SHA1
e80a8254a3a4d7db7d3db5b18640db34c0648d3e

SHA256
adebe92032896cc3eab9d28563b129ad6910ee368dcb98997c742b4054716be9

SHA512
22535daaa0704e3158d03f6f2890c4f6a08c3d6ca4593d9bdf4fc437b06cb03fc383d18cf9b99a230c29d36929e69bda89c558e2c09ff3ea6bfbf4b4cdad65c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libffi-7.dll

Filesize
23KB

MD5
ce7d4f152de90a24b0069e3c95fa2b58

SHA1
98e921d9dd396b86ae785d9f8d66f1dc612111c2

SHA256
85ac46f9d1fd15ab12f961e51ba281bff8c0141fa122bfa21a66e13dd4f943e7

SHA512
7b0a1bd9fb5666fe5388cabcef11e2e4038bbdb62bdca46f6e618555c90eb2e466cb5becd7773f1136ee929f10f74c35357b65b038f51967de5c2b62f7045b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\libssl-1_1.dll

Filesize
200KB

MD5
d879b60a4500e5a7d1779d20e43a8edc

SHA1
730a6625745639073565d66530335aae30934cbf

SHA256
7245ff47c2e6e39d06935060fb045c688eb8c170bfdeb0174954c0c65055923c

SHA512
fa0f0b4d42b16fbb44f0c2c0c9ad60985be796b8838217a9d756e918e17c73ffefff9353f6fa4f9ba7066a5019a888a3d2399c10b21a4079df1667e1c6df2073

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\psutil\_psutil_windows.cp310-win_amd64.pyd

Filesize
31KB

MD5
7e6f79940d16cdc62ff5a9bf34ea2276

SHA1
eddebd744a645c94d623ed4acb6f6b573092f34d

SHA256
a726128b792f53a6aec60bc4334eba82ab0ef59c37b62901baf9c9642215b50d

SHA512
2c602b76c6569742ee982119418bfd4d3eecc8ac78cf85a0273c4aa1d192717652d149003bc24643e5b284f0bc611652e3bbae6e1fdc66409958377b27ecc266

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pyexpat.pyd

Filesize
86KB

MD5
10c4820724f7b0fa464df3e6a36c1eea

SHA1
4097db74881da30b69649a42d7d6500a0a42fea3

SHA256
6913e32071732bbee437507457ac6517d07afa01848ed680e838b898d63beabb

SHA512
2edb9651548ecfab23d6502b3e9497a6d5f7af0e0e820054748e4d23a069e6870ef335048aa586d0f3e3c1e4fdec530dae071fe1b400fc2f0bbc756c177d4fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\python3.DLL

Filesize
63KB

MD5
07bd9f1e651ad2409fd0b7d706be6071

SHA1
dfeb2221527474a681d6d8b16a5c378847c59d33

SHA256
5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5

SHA512
def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\python310.dll

Filesize
1.4MB

MD5
dccf77f6ab7c6600e8b46280020b7902

SHA1
fd50cdf5dcfa34146fb82820fcc680c26b7aa64f

SHA256
f33ed93ae4b6011c8be2802304a759a5d2de8fd14c5dc34d0232aa4f8389766b

SHA512
42656f0f7e62454a763aa665cd31025a6bc4fb3802da4d4e3e151e2ffde3a651afce2d5e56b16c3e8215057c260248e683968d57940ff789f97ffb2d840b9a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pythoncom310.dll

Filesize
194KB

MD5
4024187eadb7d625ea250d43bfcac865

SHA1
2dac09860dde17cb921dfbc5b251741aee6545f7

SHA256
7ec859ee7c23d6c7855b611e58afce12ef707c611067ed2fc43832cdf999c952

SHA512
75d1a1a7da8b99302b7947ac9dcea12ca112fa183030172f10c141de03b7fc527eec9858ec08acddf6b0678ef0b0e177cd676bfddfbe5b914ee113a32d03fdd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\pywintypes310.dll

Filesize
64KB

MD5
d1aa12d91042a1fcb47663772bc90fca

SHA1
a9e66066f86590c41e670869d029ccb6a26bfba0

SHA256
e0e7a10647624eeb39a19b660fb807dd77d788d0706c6c6eaad9eb55a9cbc634

SHA512
caff7f6ca7a53c1d35bd51c6197cb43b85e55ca806d1576a0fbe4fd34b6139c4b5eaaf5514fd057f277848c8e2c61b521cd1407876d00039d4aa981b5e56c8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\select.pyd

Filesize
24KB

MD5
e29fac3a4f749e4d49cca9c443a67997

SHA1
dcb985390615076e0a7e58dd494c2944c2164fbc

SHA256
6b4527434453393834c7e2701321a913d93ad747b3eebb8c3788d9a92576e00e

SHA512
b53d500e95ed5d62c597f6af2940854eae67f28d49d0c9b1ab7c978ff66dd25fd30c3c20bd59d716ad546bdc66309bff50663874cf39eec9bbb70c82f6037dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\sqlite3.dll

Filesize
605KB

MD5
f1262fa91f96f16a50410c1ea489c4ca

SHA1
3de007af0ae3c22d40d7d20f46d76a7d66fd3948

SHA256
b06d9310a46ac6ef1c6be6536fd794279790686a791b86f830abed00de2ccb5d

SHA512
9ce16f89d3eb953b92fade0eff19f28f0d5023a38bf6a7ceae68b3d28b6e9c2b93a5b82828ad8fe3b96e500010a6f39c7b728b2580f2a56b37d6f4b570ddbfa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\unicodedata.pyd

Filesize
288KB

MD5
3f17464857c1d6fc317dd37ac60f33e3

SHA1
565fa2cf2fab407fe3fbfa4c49af43efada051a5

SHA256
60f811169ca85973b5253d3c5eebad20fd0b1285d7a9f1f309242cf7f2f37e24

SHA512
7fad688708762c974e043731fc92da2c0ee1e2b1f44c41cce65beae63d13c97f1216d389b14836217cab6701d550aae21c88b94a34a1c3ab3af4f601178fe1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI31642\win32api.pyd

Filesize
48KB

MD5
a5badbe975f6a2a7ee7a5afc14b51a00

SHA1
5664bac330df2e9d20d61b6e82cd201981703384

SHA256
7dc08e77f9a2e7b8c40179c4a0b1ee07c55f31fb3868e279710fe5082f35c79b

SHA512
c42f42680ef1606220da5a7719681878d60c5d9892362ec0744fdf9c4461e678843ec0a7a2fc362c192b3f6f14ed0017745a8842dc107c63c336b15a436ba5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d2vyzga1.hlo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1548-206-0x00007FFEFA1F0000-0x00007FFEFA1FF000-memory.dmp

Filesize
60KB

Download
memory/1548-230-0x00007FFEFA100000-0x00007FFEFA12B000-memory.dmp

Filesize
172KB

Download
memory/1548-163-0x00007FFEFB0E0000-0x00007FFEFB457000-memory.dmp

Filesize
3.5MB

Download
memory/1548-164-0x000002E93CD40000-0x000002E93D0B7000-memory.dmp

Filesize
3.5MB

Download
memory/1548-152-0x00007FFF0AFD0000-0x00007FFF0AFE8000-memory.dmp

Filesize
96KB

Download
memory/1548-149-0x00007FFEFB460000-0x00007FFEFB5C9000-memory.dmp

Filesize
1.4MB

Download
memory/1548-147-0x00007FFF0E480000-0x00007FFF0E49F000-memory.dmp

Filesize
124KB

Download
memory/1548-170-0x00007FFEFB000000-0x00007FFEFB0DF000-memory.dmp

Filesize
892KB

Download
memory/1548-162-0x00007FFF0AE00000-0x00007FFF0AEB7000-memory.dmp

Filesize
732KB

Download
memory/1548-161-0x00007FFEFB5D0000-0x00007FFEFBA3E000-memory.dmp

Filesize
4.4MB

Download
memory/1548-135-0x00007FFF0C330000-0x00007FFF0C33D000-memory.dmp

Filesize
52KB

Download
memory/1548-174-0x00007FFF09E80000-0x00007FFF09E94000-memory.dmp

Filesize
80KB

Download
memory/1548-136-0x00007FFF0ACB0000-0x00007FFF0ACDC000-memory.dmp

Filesize
176KB

Download
memory/1548-140-0x00007FFF0AC70000-0x00007FFF0ACA1000-memory.dmp

Filesize
196KB

Download
memory/1548-178-0x00007FFEFA2A0000-0x00007FFEFA3B8000-memory.dmp

Filesize
1.1MB

Download
memory/1548-141-0x00007FFF0A530000-0x00007FFF0A5F1000-memory.dmp

Filesize
772KB

Download
memory/1548-198-0x00007FFF03C30000-0x00007FFF03C3E000-memory.dmp

Filesize
56KB

Download
memory/1548-197-0x00007FFEFB460000-0x00007FFEFB5C9000-memory.dmp

Filesize
1.4MB

Download
memory/1548-130-0x00007FFF0AD50000-0x00007FFF0AD84000-memory.dmp

Filesize
208KB

Download
memory/1548-113-0x00007FFF0B110000-0x00007FFF0B134000-memory.dmp

Filesize
144KB

Download
memory/1548-194-0x00007FFF08970000-0x00007FFF0897F000-memory.dmp

Filesize
60KB

Download
memory/1548-200-0x00007FFF01BE0000-0x00007FFF01BF1000-memory.dmp

Filesize
68KB

Download
memory/1548-214-0x00007FFEF9B00000-0x00007FFEF9E24000-memory.dmp

Filesize
3.1MB

Download
memory/1548-213-0x00007FFEF9E30000-0x00007FFEF9E41000-memory.dmp

Filesize
68KB

Download
memory/1548-215-0x00007FFF0AE00000-0x00007FFF0AEB7000-memory.dmp

Filesize
732KB

Download
memory/1548-217-0x00007FFEF9970000-0x00007FFEF9AFE000-memory.dmp

Filesize
1.6MB

Download
memory/1548-216-0x00007FFEFB0E0000-0x00007FFEFB457000-memory.dmp

Filesize
3.5MB

Download
memory/1548-212-0x00007FFEFA090000-0x00007FFEFA0A5000-memory.dmp

Filesize
84KB

Download
memory/1548-211-0x00007FFEFA190000-0x00007FFEFA1A1000-memory.dmp

Filesize
68KB

Download
memory/1548-210-0x00007FFEFA1B0000-0x00007FFEFA1BE000-memory.dmp

Filesize
56KB

Download
memory/1548-219-0x00007FFEF9590000-0x00007FFEF9968000-memory.dmp

Filesize
3.8MB

Download
memory/1548-218-0x000002E93CD40000-0x000002E93D0B7000-memory.dmp

Filesize
3.5MB

Download
memory/1548-209-0x00007FFEFA1C0000-0x00007FFEFA1CE000-memory.dmp

Filesize
56KB

Download
memory/1548-208-0x00007FFEFA1D0000-0x00007FFEFA1DF000-memory.dmp

Filesize
60KB

Download
memory/1548-207-0x00007FFEFA1E0000-0x00007FFEFA1EE000-memory.dmp

Filesize
56KB

Download
memory/1548-124-0x00007FFF0ADE0000-0x00007FFF0ADF9000-memory.dmp

Filesize
100KB

Download
memory/1548-205-0x00007FFEFA200000-0x00007FFEFA210000-memory.dmp

Filesize
64KB

Download
memory/1548-204-0x00007FFEFA210000-0x00007FFEFA222000-memory.dmp

Filesize
72KB

Download
memory/1548-203-0x00007FFEFA230000-0x00007FFEFA240000-memory.dmp

Filesize
64KB

Download
memory/1548-202-0x00007FFEFA240000-0x00007FFEFA250000-memory.dmp

Filesize
64KB

Download
memory/1548-201-0x00007FFEFA250000-0x00007FFEFA25F000-memory.dmp

Filesize
60KB

Download
memory/1548-199-0x00007FFF0AFA0000-0x00007FFF0AFCE000-memory.dmp

Filesize
184KB

Download
memory/1548-193-0x00007FFF0E480000-0x00007FFF0E49F000-memory.dmp

Filesize
124KB

Download
memory/1548-125-0x00007FFF0C9D0000-0x00007FFF0C9DD000-memory.dmp

Filesize
52KB

Download
memory/1548-190-0x00007FFF08980000-0x00007FFF0898E000-memory.dmp

Filesize
56KB

Download
memory/1548-189-0x00007FFF0A410000-0x00007FFF0A41F000-memory.dmp

Filesize
60KB

Download
memory/1548-188-0x00007FFEFA260000-0x00007FFEFA298000-memory.dmp

Filesize
224KB

Download
memory/1548-187-0x00007FFF0A530000-0x00007FFF0A5F1000-memory.dmp

Filesize
772KB

Download
memory/1548-184-0x00007FFF0AC70000-0x00007FFF0ACA1000-memory.dmp

Filesize
196KB

Download
memory/1548-127-0x00007FFF0AD90000-0x00007FFF0ADBD000-memory.dmp

Filesize
180KB

Download
memory/1548-177-0x00007FFF0ACB0000-0x00007FFF0ACDC000-memory.dmp

Filesize
176KB

Download
memory/1548-220-0x00007FFEFB000000-0x00007FFEFB0DF000-memory.dmp

Filesize
892KB

Download
memory/1548-221-0x00007FFEFA130000-0x00007FFEFA13A000-memory.dmp

Filesize
40KB

Download
memory/1548-157-0x00007FFF0AFA0000-0x00007FFF0AFCE000-memory.dmp

Filesize
184KB

Download
memory/1548-284-0x00007FFEFB000000-0x00007FFEFB0DF000-memory.dmp

Filesize
892KB

Download
memory/1548-126-0x00007FFF0ADC0000-0x00007FFF0ADD9000-memory.dmp

Filesize
100KB

Download
memory/1548-114-0x00007FFF0E470000-0x00007FFF0E47F000-memory.dmp

Filesize
60KB

Download
memory/1548-104-0x00007FFEFB5D0000-0x00007FFEFBA3E000-memory.dmp

Filesize
4.4MB

Download
memory/1548-262-0x00007FFEF9E70000-0x00007FFEF9EB2000-memory.dmp

Filesize
264KB

Download
memory/1548-261-0x00007FFF0A410000-0x00007FFF0A41F000-memory.dmp

Filesize
60KB

Download
memory/1548-260-0x00007FFEFA260000-0x00007FFEFA298000-memory.dmp

Filesize
224KB

Download
memory/1548-266-0x00007FFEFB5D0000-0x00007FFEFBA3E000-memory.dmp

Filesize
4.4MB

Download
memory/1548-277-0x00007FFF0A530000-0x00007FFF0A5F1000-memory.dmp

Filesize
772KB

Download
memory/1548-305-0x00007FFEFB0E0000-0x00007FFEFB457000-memory.dmp

Filesize
3.5MB

Download
memory/1548-316-0x00007FFEFA1B0000-0x00007FFEFA1BE000-memory.dmp

Filesize
56KB

Download
memory/1548-323-0x00007FFEFA130000-0x00007FFEFA13A000-memory.dmp

Filesize
40KB

Download
memory/1548-322-0x00007FFEF9590000-0x00007FFEF9968000-memory.dmp

Filesize
3.8MB

Download
memory/1548-321-0x00007FFEF9970000-0x00007FFEF9AFE000-memory.dmp

Filesize
1.6MB

Download
memory/1548-320-0x00007FFEF9B00000-0x00007FFEF9E24000-memory.dmp

Filesize
3.1MB

Download
memory/1548-319-0x00007FFEF9E30000-0x00007FFEF9E41000-memory.dmp

Filesize
68KB

Download
memory/1548-318-0x00007FFEFA090000-0x00007FFEFA0A5000-memory.dmp

Filesize
84KB

Download
memory/1548-317-0x00007FFEFA190000-0x00007FFEFA1A1000-memory.dmp

Filesize
68KB

Download
memory/1548-315-0x00007FFEFA1C0000-0x00007FFEFA1CE000-memory.dmp

Filesize
56KB

Download
memory/1548-314-0x00007FFEFA1D0000-0x00007FFEFA1DF000-memory.dmp

Filesize
60KB

Download
memory/1548-313-0x00007FFEFA1E0000-0x00007FFEFA1EE000-memory.dmp

Filesize
56KB

Download
memory/1548-312-0x00007FFEFA1F0000-0x00007FFEFA1FF000-memory.dmp

Filesize
60KB

Download
memory/1548-311-0x00007FFEFA200000-0x00007FFEFA210000-memory.dmp

Filesize
64KB

Download
memory/1548-310-0x00007FFEFA210000-0x00007FFEFA222000-memory.dmp

Filesize
72KB

Download
memory/1548-309-0x00007FFEFA230000-0x00007FFEFA240000-memory.dmp

Filesize
64KB

Download
memory/1548-308-0x00007FFEFA240000-0x00007FFEFA250000-memory.dmp

Filesize
64KB

Download
memory/1548-307-0x00007FFEFA250000-0x00007FFEFA25F000-memory.dmp

Filesize
60KB

Download
memory/1548-306-0x00007FFF01BE0000-0x00007FFF01BF1000-memory.dmp

Filesize
68KB

Download
memory/1548-304-0x00007FFF0AE00000-0x00007FFF0AEB7000-memory.dmp

Filesize
732KB

Download
memory/1548-303-0x00007FFF0AFA0000-0x00007FFF0AFCE000-memory.dmp

Filesize
184KB

Download
memory/1548-302-0x00007FFF0AFD0000-0x00007FFF0AFE8000-memory.dmp

Filesize
96KB

Download
memory/1548-301-0x00007FFF03C30000-0x00007FFF03C3E000-memory.dmp

Filesize
56KB

Download
memory/1548-300-0x00007FFF08970000-0x00007FFF0897F000-memory.dmp

Filesize
60KB

Download
memory/1548-299-0x00007FFF08980000-0x00007FFF0898E000-memory.dmp

Filesize
56KB

Download
memory/1548-298-0x00007FFF0AC70000-0x00007FFF0ACA1000-memory.dmp

Filesize
196KB

Download
memory/1548-297-0x00007FFF0ACB0000-0x00007FFF0ACDC000-memory.dmp

Filesize
176KB

Download
memory/1548-296-0x00007FFF0C330000-0x00007FFF0C33D000-memory.dmp

Filesize
52KB

Download
memory/1548-295-0x00007FFF0AD50000-0x00007FFF0AD84000-memory.dmp

Filesize
208KB

Download
memory/1548-294-0x00007FFF0AD90000-0x00007FFF0ADBD000-memory.dmp

Filesize
180KB

Download
memory/1548-293-0x00007FFF0ADC0000-0x00007FFF0ADD9000-memory.dmp

Filesize
100KB

Download
memory/1548-292-0x00007FFF0C9D0000-0x00007FFF0C9DD000-memory.dmp

Filesize
52KB

Download
memory/1548-291-0x00007FFF0ADE0000-0x00007FFF0ADF9000-memory.dmp

Filesize
100KB

Download
memory/1548-290-0x00007FFF0E470000-0x00007FFF0E47F000-memory.dmp

Filesize
60KB

Download
memory/1548-289-0x00007FFF0B110000-0x00007FFF0B134000-memory.dmp

Filesize
144KB

Download
memory/1548-288-0x00007FFF0A410000-0x00007FFF0A41F000-memory.dmp

Filesize
60KB

Download
memory/1548-287-0x00007FFEFA260000-0x00007FFEFA298000-memory.dmp

Filesize
224KB

Download
memory/1548-286-0x00007FFEFA2A0000-0x00007FFEFA3B8000-memory.dmp

Filesize
1.1MB

Download
memory/1548-285-0x00007FFF09E80000-0x00007FFF09E94000-memory.dmp

Filesize
80KB

Download
memory/1548-279-0x00007FFEFB460000-0x00007FFEFB5C9000-memory.dmp

Filesize
1.4MB

Download
memory/1548-278-0x00007FFF0E480000-0x00007FFF0E49F000-memory.dmp

Filesize
124KB

Download
memory/2372-240-0x000001AB1C070000-0x000001AB1C092000-memory.dmp

Filesize
136KB

Download