c676a0fe692c2f8293a660ec164efa020b3d5544d71239fd0347a3ff714a5b6f

Analysis

max time kernel
151s
max time network
155s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
Size

4.8MB
MD5

17f8ee107d2f68c98c01fb57879f30b0
SHA1

a3dd0810f25c4e8ba33ad4d99d987fb025189218
SHA256

c676a0fe692c2f8293a660ec164efa020b3d5544d71239fd0347a3ff714a5b6f
SHA512

9c454cb996858c722da26a5c9e50e83e53b9f8a28a3e8ff4739e682bb490c27051abe4dda7e99dd54bbb47b958768084cd257c4e99e270263c73d469849878b7
SSDEEP

98304:9/I3Njo7b9sogJNDYl5VZ43sWx28dh7/1FgpGBOguYxScKGf+V+QB:Yo7+1slwsWx28b7Pu4+j

Score

7^/10

bootkit persistence spyware stealer upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2728	cmd.exe

Executes dropped EXE 6 IoCs

pid	Process
2808	svchost.exe
2620	svchost.exe
2660	svchost.exe
2564	svchost.exe
524	svchost.exe
756	svchost.exe

Loads dropped DLL 7 IoCs

pid	Process
1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
2808	svchost.exe
2808	svchost.exe
2808	svchost.exe
2808	svchost.exe
2808	svchost.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/756-104-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-103-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-102-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-100-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-97-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-95-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/756-997-0x0000000000400000-0x00000000004F8000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	svchost.exe

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 2808 set thread context of 2620	2808	svchost.exe	31
PID 2808 set thread context of 2660	2808	svchost.exe	32
PID 2808 set thread context of 2564	2808	svchost.exe	33
PID 2808 set thread context of 524	2808	svchost.exe	34
PID 2808 set thread context of 756	2808	svchost.exe	35

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{449CE8E1-34DF-11EF-A3C1-4A2B752F9250} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425693770"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000eb5218471c360d0aedd0e10094b0acb567f67be3e66e4ae3adf276d22b331c0000000000e8000000002000020000000ae2bbcfce9144e3ee0c1f4d73d9a3cfe56d94e01b57870901490e6cdb7e141082000000019057b29de14924958f864bd7c8fe3aa565a4592fcd24473a31ac018e1f133c540000000219b55462f854b81c992f3cd132a0d185846f75081db45f04588db52f55a1cacc74ac4d6f6221293e6acc78fda85922a89ed4769da068610c2269de0030c8554	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00ec910ecc8da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bbd20c38820b88e4f185d5aab155ef6c5373b7ad93947cb4833cde88169a2c86000000000e80000000020000200000000633a520e4ce743bbadd61b13eaca66c58127e0eecdb179c7b449a40752adad990000000be7a84adb5c34742b5616080566e9987f6a0b0265892cbcfdf0efa289394da3724bea3e29471fe7afbcb299477ffc345da50575dbecfe6abd14016fe140b89c1036fe1dece455ce6c73357f012a7939d1deb31b1a6fb3e16cd6275596b5ef9ed9fc23050d18b894a691466a1ff42efdb1184321077f6015650456819603f22c22b562f94abf4d712da96291e5aed731a4000000056317a80924c2405b82af8b51192493bbba1bd8a951ce8dafb1169e68e2503b20e9adb0000bf506b1b49175e216351f256ee4a6b5349841430f09ebdd61c8d64	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
1008	iexplore.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
1008	iexplore.exe
1008	iexplore.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe
756	svchost.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
Token: SeDebugPrivilege	2808	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1008	iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
2808	svchost.exe
1008	iexplore.exe
1008	iexplore.exe
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2808	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	28
PID 1152 wrote to memory of 2808	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	28
PID 1152 wrote to memory of 2808	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	28
PID 1152 wrote to memory of 2808	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	28
PID 1152 wrote to memory of 2728	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	29
PID 1152 wrote to memory of 2728	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	29
PID 1152 wrote to memory of 2728	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	29
PID 1152 wrote to memory of 2728	1152	17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe	29
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2620	2808	svchost.exe	31
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2660	2808	svchost.exe	32
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 2564	2808	svchost.exe	33
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 524	2808	svchost.exe	34
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2808 wrote to memory of 756	2808	svchost.exe	35
PID 2564 wrote to memory of 1008	2564	svchost.exe	36
PID 2564 wrote to memory of 1008	2564	svchost.exe	36
PID 2564 wrote to memory of 1008	2564	svchost.exe	36
PID 2564 wrote to memory of 1008	2564	svchost.exe	36
PID 1008 wrote to memory of 2024	1008	iexplore.exe	37
PID 1008 wrote to memory of 2024	1008	iexplore.exe	37
PID 1008 wrote to memory of 2024	1008	iexplore.exe	37
PID 1008 wrote to memory of 2024	1008	iexplore.exe	37
PID 1008 wrote to memory of 2636	1008	iexplore.exe	39
PID 1008 wrote to memory of 2636	1008	iexplore.exe	39

C:\Users\Admin\AppData\Local\Temp\17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\17f8ee107d2f68c98c01fb57879f30b0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\appdata\local\temp\svchost.exe
  "C:\Users\Admin\appdata\local\temp\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\appdata\local\temp\svchost.exe
    "C:\Users\Admin\appdata\local\temp\svchost.exe" c:\users\admin\appdata\local\temp\svchost.exe
    3⤵
    - Executes dropped EXE
    PID:2620
- - C:\Users\Admin\appdata\local\temp\svchost.exe
    "C:\Users\Admin\appdata\local\temp\svchost.exe" c:\users\admin\appdata\local\temp\svchost.exe
    3⤵
    - Executes dropped EXE
    PID:2660
- - C:\Users\Admin\appdata\local\temp\svchost.exe
    "C:\Users\Admin\appdata\local\temp\svchost.exe" c:\users\admin\appdata\local\temp\svchost.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      4⤵
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1008
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:275457 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2024
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:537610 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2636
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:3159060 /prefetch:2
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2356
- - C:\Users\Admin\appdata\local\temp\svchost.exe
    "C:\Users\Admin\appdata\local\temp\svchost.exe" c:\users\admin\appdata\local\temp\svchost.exe
    3⤵
    - Executes dropped EXE
    PID:524
- - C:\Users\Admin\appdata\local\temp\svchost.exe
    "C:\Users\Admin\appdata\local\temp\svchost.exe" c:\users\admin\appdata\local\temp\svchost.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:756
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\melt.bat
  2⤵
  - Deletes itself
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
7e250836ea2068897565c67a91577415

SHA1
ddd0efc69cadc73cd549ecebb52aa1d08fa4677f

SHA256
1cdeb466188b358f5e5bbeb71872081cf27b5c3a8fd953451a5150c13e695ba1

SHA512
b6bd93a647d6ccb33b18e9f39ce817a0241b8c884ff5f718599d5b3ea34af40386445206709f47f10c48ad8b2750589b0ec4f896a1401e708e129d72a5de7f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18b44609f6a5d1eeb3e9f79a8f896c9c

SHA1
7733674f6480c2ea3f3ef67757e77eafd1857e8e

SHA256
02793dbb75165d1116fe232a15496f7c59ec8a388e0baf048746035e9470d5c5

SHA512
f8e56bb4088fd108cc95183fc83106c9b7822fd0fd5d5d961bc71970c43450a8d6baa2d50b646041840f58ed5961815616900860f5bf697419b62e81780e4ebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c688be90c510aa02e7cc838d304be0b

SHA1
f4158f7043907b1b9f1aa66a482f6766596bf93a

SHA256
0eb6a9634de37c18e8cd746a5d1b2c4920ae6e48ed63b5ff6fbc5e5e013d0914

SHA512
10eb7d1fef43d96a506661cf0795b5c4f65359886aa0c923cb4df73eba4dda8882b4e15adb21ec8102850b423ec6e2ba78b4c4014dbd59efd67fbe09111305bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5c61f27615dfabc5aac81f68ec9a17b

SHA1
e2e116d0a1f2e8b5dcc3e4646d66584c73859b1b

SHA256
4b1aa9ff14ff9d87c4e49e7b8cd8c45752aa4c316e06693cd1472a367a38cd9e

SHA512
bcad18942aecfa0acc5667fd152d2a5ea994103cd3250311c9f80b20948b9960b5ba3fd77283681c655ecbd9b72cc0476119dafc80d168fd77b8ee8fc216d02c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e649876cb6b6d77a054d30543f53220

SHA1
c6f90e2b5272afa7de87eeb01b6f481983177074

SHA256
e61741ca69c7a27b8cb9016afb5fe58fb7c17bdaef12ac65f9c4b55b6f3864fa

SHA512
181569723071c498c7c90d845fc6b8a6e475302aa461a354134b6f2a4b69c9c620479ffa8ad82f13b194f8cf60930c940fb38438ffbdd092a08032b8f1566fc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
579f77e296d0b97b7d5bd6d211f6d3b2

SHA1
d8903d4a1c8d41977dec265fed82893f1911c3df

SHA256
6067826348a18346d5050724c660e7d367ff40fc3597ac50e9d19e6b8e309908

SHA512
b8fdbe6753a6c08b0dca3f7a80c132d4b3d300659bc415059325e18d202b7b340d0eb48cb4d01d917e21098d7b1b672651c24acd6624c87f474b379f48153a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfaf48a85ea741509f9412a94daa7b00

SHA1
139fbff8ffed4e74f77bfb605633ff149871ea3d

SHA256
5891c60d497901d432f8771fa8a280ab1af5de97ac553c3be25b62ef22c912c3

SHA512
3c52028953aba55e657e6b53e5ca86807255dfbfac0a5cd5dc74c5ace32198c6d74c957e517efb8ef2e98d60c24b2617c82b182ab22f7781c840793992562056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30e56d89fa4ef65bf2c3c64befd65daa

SHA1
9464b7e6b4d8b2750533abc54b018691d4afb1b7

SHA256
8800b5023d0a171ea69c09bb85620f95f99d448d4f7c93834b7806c5d19acbd7

SHA512
be4dc03fcdc4ceb3331fe1cfb794ed7d2b307c080f5dfc40794284d682a28bc927f217cba653221309094f3215209fab75de391c67c87ba1b5da2456def60cc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbb38bf3018d35a470d28f8b91198d27

SHA1
57e4c69b761a02718c59dbabc517d85e89fe9cfb

SHA256
19a4a09cc65a00491e5a91ddaf65b519c617b06556106dae4e03d356c27e6586

SHA512
d9bdfb1a1328de6120c07cad04ebc2a3150548153d2ca5037418d2ebd90f3691b1bd12c91f2b379de3e2a83be75868507e41ffb259fce889a731297369a9293e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7941370a4d6bc830db3f62e8ad474b89

SHA1
ed55bcde23e4c7f83212acefc0f3fede49d67624

SHA256
1d07a6f411b41d0efcf2c39ec5eb33b23d452d141977db85a98937f9ad66604f

SHA512
25c0e9a0e37c7c1fecaa332bdb83bf3b1d29dc6aadd03193138623e760b1f2e24534e3949cc2dd8ec0e1bbc5299d40ac0de3682c70fe8323d6515410d91d0549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91fcb91d2742fc38dc0b9ebf75751daa

SHA1
5ca6a682c88dd079a1c4136b70715cc8d680527d

SHA256
45632316b49a28949715cff5a4773f98c2d45d05bae4869bf564103ad635514d

SHA512
aa7d3a32b6301c7719dd6b81a2a9b5938f0a7bb7b6235ed227c44cf0a7d41806683c1758557bcfde04983162022804f35aa9a29c19fb475e8f859d714f179da8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e98ef69da1408db9166b09e7a4b7702f

SHA1
e39dab679f75352478b5f16ce93582f02f3d2056

SHA256
659146193b7e888b7810a86a4d1f0bb084b3da91699209d1c66ee5c4f31ee6dc

SHA512
189a1222da500d11b25746038a0b116540ecc3ac68be67fd4485e84904d1321933dd1aeb244ff156582558a3ea87ec248696e70bd7eb83c9ec5094732ecb4b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a344583e4a13e6985d7d01c95200c16d

SHA1
4fa436b82cc8be68b7de36dafbfc0589c2070e5f

SHA256
263fc7e523ebfeba9e7e7d317440880a5061ae4306a823df2ca353e368ef0f19

SHA512
0e4e9679284dc5cf125c914db49a1560498964d6380492f0570da29854b7c79f2ff3bc30016ba50a75d4ae70a7a0ad62b9b262c914d6bed6b51ab436dcd1b7db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b264f3c1239d212700d06f7aaa86d7d

SHA1
6d1a45ec823b740e3abbaa06f2977c3ec2edfb81

SHA256
3a6f3106c2b0dc0d017f00ebc57685ee97cc1d3e7d6f67798ed36c265c94852e

SHA512
498de9d3934992f3f67a7ab480c5346b665cf5a888e37d531797bd7a09403c5b855ce030ab9e96c6f1fdf872c5c5b908ace3cdf2c6d68e0390a7925f9efdc1cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58766e88d808b7128d24974686e082a6

SHA1
f64a2103aaa8fe2deb3538802330884421a9f1b6

SHA256
b9995425c36675542d8e36a7088843e322ad7dfdb775ff8e7dc7d577feef7b2f

SHA512
fef59e19cb934cc03fbb71669cc37132e615bcd82de8216ebbee8058370367c00092495c3194c35c171ddeb3c3f0ec9d65eb1c9ffb5fe8a240e8f11c5ebbc3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97fb6ece5c17a2e30db368c0881c636a

SHA1
8d40bcad7015765e527fa8c2ff34533efbf95920

SHA256
6a167ada494d9d384163077fbdeffa1504edecd1a414e6496bcd9756654e7e90

SHA512
5302ddff6fd4ead52ca1dd9d811995b17aeefd1065d3210dc57e0e555c4579b3e3b9663c64246b22b9af885088b3f37e03653c4d5f1c244ee3a7afa19bffc81d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee0fa6df4c175294a11091777f68b8d9

SHA1
221972ceb2549a5b764dc268b17f77deca23064e

SHA256
46eb74d1188213ca621dc2682908b820140c1a442aefb867ebb5ad48dcc0c266

SHA512
7329ae12327d7e8d85ed7376ae55ba558e8dd0c55b8fa65ef2be65f50624ec983bcd270e720c313d1b32bf54ac0090cec1c7f5278301d1ce58df5abdbea2e05d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab710796468bfa78d1b02bb26c07f4f8

SHA1
b85c581382279192ba31367fcb17601145e642c6

SHA256
7dc335380e72869a7d63e78394dd48c8bbd5fa067915ae59fdcdc10780ba0be7

SHA512
35767688f6eb2f0959791fc3f5c1f75fbe5d8fc0d257b5bf3e1db15ba568d14f80ffc66b532595392b2c07a96ef97621bf823e7c455efbe6020c65395831206a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10ed2680d1f3a63c84f5def2eda226f3

SHA1
06b2e0019f7027efab1729654862c13c8d57efe6

SHA256
794446b47fa3e0bc8d3ba23d3599bff5fb3140d913f3d2f7cdb2a3db8eb6aea3

SHA512
50b5b26ebad535640b8718243236a381db0576df7cb47b641e8230495ad0f82cd51da2f635f3213a90cccebb82a8ebe4335b075d7deb6ff5c5f1e7c94289fd3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
223aebd7f8fb76d88a79ac4bd837e4d9

SHA1
cefd7e7cc910e5a6a1cca1701ce41bcd2427d41f

SHA256
fe018e9c6080b724a894f5feb046e9459692a9120d223dc90d537b50147ef409

SHA512
dc0c6fd5dc4f584f6c8b22f68253b5592b9942c900ac6dc2a42031ad55506dcae36dfc116cc1aa0d6ef350d00d181ab10f3d0ce5c6889865879e944869db947c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5435e3a806e9bc87b6a6e0dc0adbd33e

SHA1
2ab7b0bb0a6d26cf288d665b2f71ba8f21126f05

SHA256
2e101770666cce623ef00ea4e62a6f47cb6a1a65a2e4abe8da854880bd4bd72d

SHA512
d7698d00b1ffde3706062523f6a4fe75f7d678c031d36fe6fa661f4a41bf65278f93ae02c8862ac49df5725c51958b2dce85c5672b196ff19ca103fe598ad388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88ae4767de204fe5b30a3c16a69b0a87

SHA1
d95b506b4ff8f2609da457201967075ad76996ea

SHA256
3139e09a11b7d31755e9be6c9619d3f2a87958a548c934c7d14d40ab1d840762

SHA512
10e69ecb00c6d05738f48f0e7025d1ca55e8b5612ddab6b7aa4bff1361a9165019a708a11c121594b594ec3cfefe8aa5ef0f3056957913b0c056a196fd2b1127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71bf2eb5e9f939d10018d5bade7dc5fa

SHA1
d40cc47818905001616dd8bb914a1381ef2181ea

SHA256
6c48593ab8c616f2aad04a2f7ac57d26eef4001f7bc0275fc23784334c1116f3

SHA512
89baf881e062ddaab22c323ead4cb1b0edcca6416382d792f4dc6df46fc5ab7eeae57480f9ff6f87183af8313b3948e4687314a9d336f293ec2126f5ba062386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b5065617de80f093383ed2eb33dbe6b

SHA1
663ad50e6f71285d060e84c3d66446ec17fa7b9a

SHA256
03ecfb5179b4eb17cd306b7ee3cd2806a45f66867185b6741becb88bb7acf059

SHA512
db2961d6447ee342e12c0043ba9d6cde974ea3362d21da3535755a6fbb140ee7ae1b39f5da935ca1ce059d2a9d8b90e8cc9a1343845be7c1281f2e6ebe5b1c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
335459e41a63add4c13a1f64b95134e3

SHA1
1afe2b7293dd37b0dd09269dc799b1c101c44153

SHA256
1338ad5db713e24054114237920af57471e6f50a72b607e7c9d8c0394a1f3310

SHA512
f5667381c58bb86efffbd81d135c702026c621c42dd43bda8ef22e2e0edc6111bcebda4e117f9093d6ff3875132afcf9af7089e60cf758cb3418079a4a826448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a324b2bc9a78ae70222c6bbb9ae2e3

SHA1
ace5072f2fabc2d6c77ad4724dcfe92aae95e957

SHA256
01e02064ba13889f88abe433f1173582618df29094a526496ba94ee802a86004

SHA512
6796b49ea12a501618b68d718b9be19ee7e3682c576ad226f68439bee6c3dcd99eaea4cb82a78a3738291a503e25ce9966ed707693863b2f4e8f90d6bb74bdf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d73f0b86b4228b618fdd365b90832049

SHA1
c9b9cba4d21b2851fb05bba1db384410212f2118

SHA256
a825ff6981aa5c8f87a4f2f95eaff0e1578e57a657c9968c58b5a1d022a26d57

SHA512
960f22f463d7b410181d9619b2f6173558c3a725857b97f15c935b31152876d65d8bb5e2ff7c0223edcca8d35981d83113708865f2719208b4676e9bf8656bc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3110e020df6f16d65249e6ba9c202ffe

SHA1
8b2b45d58f81d13ce6364bb29a3f197a4f95c01c

SHA256
375afeb3f22c6d2d5c7799bbbb1d2c16f5cf5c645d0e0e8380b623db9f13b216

SHA512
2cf82734f59960399180f6c46b71158f28e3c5bb56c86b2ed08d4c403e3d3f9780f8d97bf85ecd7d209c5428bc329d3acc46e364a9292990aba1e46b6644b692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70301ae86e90876a8f769b195cbd5546

SHA1
3821fa57e05e4d5beb00ac48001181c3bb187f65

SHA256
4a0ad3ecce9274f788ad61ec2fd52c965957257e4534cd12d9af9ab62fbcd6ef

SHA512
52deb2492b8e234901f2543a4475c7aa42efdc8846de51cb6696303811f1f1ea22d11bdf9635ed6bf12e36e8f8d2eac2d90ba9475ccaa410d035c7c4b2fb0e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB425.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4E3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\melt.bat

Filesize
282B

MD5
231f350074c6c8a78980f57194737a6c

SHA1
ef46b4be6488c5762309753771949c2ba49a078d

SHA256
316e2f98244fd152589e419b1ef2a730821171d112081c5aaf77739ef5dce7a6

SHA512
1e53af9b0002c67a19c4d6b85e6fa7bf57843b63490dec3a2a06cd78d9292825dd8cf39807eb5eb5f4a8f0ce160cc017730fb1bc347266b63db721da707e6fca

Download Submit
\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
4.8MB

MD5
17f8ee107d2f68c98c01fb57879f30b0

SHA1
a3dd0810f25c4e8ba33ad4d99d987fb025189218

SHA256
c676a0fe692c2f8293a660ec164efa020b3d5544d71239fd0347a3ff714a5b6f

SHA512
9c454cb996858c722da26a5c9e50e83e53b9f8a28a3e8ff4739e682bb490c27051abe4dda7e99dd54bbb47b958768084cd257c4e99e270263c73d469849878b7

Download Submit
memory/524-82-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-84-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-86-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-89-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-80-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-78-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/524-92-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/756-93-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-997-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-104-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-103-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-102-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-100-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-97-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/756-95-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/2564-68-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-70-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-76-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-75-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-73-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-64-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2564-66-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2620-35-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-33-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-44-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-41-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-37-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-39-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2620-31-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2620-46-0x0000000000400000-0x0000000000824000-memory.dmp

Filesize
4.1MB

Download
memory/2660-59-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-52-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-50-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-48-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2660-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download