5dde351516155c3ec5f77c4b93018609d6beeb642a03f12d5da30f0e1ca9d410

Analysis

max time kernel
112s
max time network
72s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

840971f6b9e264361d0748afca50d310N.exe
Size

5.4MB
MD5

840971f6b9e264361d0748afca50d310
SHA1

b53db20b34e04b0b625b950c86a77251f77663e3
SHA256

5dde351516155c3ec5f77c4b93018609d6beeb642a03f12d5da30f0e1ca9d410
SHA512

4912f33d43e17444fdd58247a459f390ed1433b6f9892688c262a4fa0cbf3e3e09e5677ed956d9b40767ed47786265d831ac63c5e9e03523777702ca37ef4c21
SSDEEP

98304:hjWpiX6sEee+AHN/zABIzs16UQqRZaOBXVqRt3DKe+LMceFa/D4vHZ0M:NMiK8e+kNxzs4UQaaOB8tDp+recER0M

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1696	SpeedyPC.exe
2632	SpeedyPC_Update3.exe
2848	SpeedyPC.exe
2552	SpeedyPC.exe
2600	SpeedyPC.exe

Loads dropped DLL 38 IoCs

pid	Process
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
1696	SpeedyPC.exe
1696	SpeedyPC.exe
1696	SpeedyPC.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2848	SpeedyPC.exe
2848	SpeedyPC.exe
2848	SpeedyPC.exe
2552	SpeedyPC.exe
2552	SpeedyPC.exe
2552	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_low.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\general\driverbg.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_settings.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_bkimg.gif	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\settings.xml	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_17.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\drivers\floppy.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_subheadbarbase.jpg	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\settings.xml	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\0_days.htm	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\License_Time.rdat	SpeedyPC.exe
File opened for modification	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\RB.rdat	SpeedyPC.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\30_days.htm	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\RB.rdat	SpeedyPC.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Buttons\start_over.png	840971f6b9e264361d0748afca50d310N.exe
File opened for modification	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\header_background.jpg	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close_over.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_video.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_privacy.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware24.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\contentwrapper.gif	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_16.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Buttons\register.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_15.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_performance.png	840971f6b9e264361d0748afca50d310N.exe
File opened for modification	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_md.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\MyResources.dll	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\other.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_22.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\header_background.jpg	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_7.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown24.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button_over.gif	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\top_logo.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\driver_animation\ani_10.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\drivers\software.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\drivers\usb.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\1_days.htm	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png	840971f6b9e264361d0748afca50d310N.exe
File created	C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png	840971f6b9e264361d0748afca50d310N.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Tasks\SpeedyPC Update Version3.job	SpeedyPC_Update3.exe
File created	C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job	SpeedyPC_Update3.exe
File opened for modification	C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job	SpeedyPC_Update3.exe
File created	C:\Windows\Tasks\SpeedyPC Registration3.job	SpeedyPC.exe
File opened for modification	C:\Windows\Tasks\SpeedyPC Registration3.job	SpeedyPC.exe
File created	C:\Windows\Tasks\SpeedyPC Pro.job	SpeedyPC.exe
File opened for modification	C:\Windows\Tasks\SpeedyPC Pro.job	SpeedyPC.exe
File created	C:\Windows\Tasks\SpeedyPC Update Version3.job	SpeedyPC_Update3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SpeedyPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SpeedyPC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SpeedyPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SpeedyPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	SpeedyPC.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc\shell\open\command	840971f6b9e264361d0748afca50d310N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc\shell	840971f6b9e264361d0748afca50d310N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc\shell\open	840971f6b9e264361d0748afca50d310N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc\shell\open\command\ = "\"C:\\Program Files (x86)\\Common Files\\SpeedyPC Software\\UUS3\\SpeedyPC_Update3.exe\" %1"	840971f6b9e264361d0748afca50d310N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc	840971f6b9e264361d0748afca50d310N.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\uus3url-spc\URL Protocol	840971f6b9e264361d0748afca50d310N.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe
2596	840971f6b9e264361d0748afca50d310N.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	SpeedyPC.exe
Token: SeShutdownPrivilege	2600	SpeedyPC.exe
Token: SeBackupPrivilege	2744	vssvc.exe
Token: SeRestorePrivilege	2744	vssvc.exe
Token: SeAuditPrivilege	2744	vssvc.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1696	SpeedyPC.exe
2632	SpeedyPC_Update3.exe
2848	SpeedyPC.exe
2552	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe
2600	SpeedyPC.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2596 wrote to memory of 1696	2596	840971f6b9e264361d0748afca50d310N.exe	30
PID 2596 wrote to memory of 1696	2596	840971f6b9e264361d0748afca50d310N.exe	30
PID 2596 wrote to memory of 1696	2596	840971f6b9e264361d0748afca50d310N.exe	30
PID 2596 wrote to memory of 1696	2596	840971f6b9e264361d0748afca50d310N.exe	30
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2632	2596	840971f6b9e264361d0748afca50d310N.exe	31
PID 2596 wrote to memory of 2848	2596	840971f6b9e264361d0748afca50d310N.exe	32
PID 2596 wrote to memory of 2848	2596	840971f6b9e264361d0748afca50d310N.exe	32
PID 2596 wrote to memory of 2848	2596	840971f6b9e264361d0748afca50d310N.exe	32
PID 2596 wrote to memory of 2848	2596	840971f6b9e264361d0748afca50d310N.exe	32
PID 2596 wrote to memory of 2552	2596	840971f6b9e264361d0748afca50d310N.exe	33
PID 2596 wrote to memory of 2552	2596	840971f6b9e264361d0748afca50d310N.exe	33
PID 2596 wrote to memory of 2552	2596	840971f6b9e264361d0748afca50d310N.exe	33
PID 2596 wrote to memory of 2552	2596	840971f6b9e264361d0748afca50d310N.exe	33
PID 2596 wrote to memory of 2600	2596	840971f6b9e264361d0748afca50d310N.exe	36
PID 2596 wrote to memory of 2600	2596	840971f6b9e264361d0748afca50d310N.exe	36
PID 2596 wrote to memory of 2600	2596	840971f6b9e264361d0748afca50d310N.exe	36
PID 2596 wrote to memory of 2600	2596	840971f6b9e264361d0748afca50d310N.exe	36

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\840971f6b9e264361d0748afca50d310N.exe
"C:\Users\Admin\AppData\Local\Temp\840971f6b9e264361d0748afca50d310N.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
  "C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe" -addtask
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:1696
- C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
  "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe" -AddTask
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2632
- C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
  "C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe" -install
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:2848
- C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
  "C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe" -report
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2552
- C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
  "C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2600

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\settings.xml

Filesize
1KB

MD5
5051e8b182ba7a7a5708ba7c36c6d09e

SHA1
986c6bd2094615e40d2b2aa42c7e84cce0723880

SHA256
7653353aaa1c7838dc8388bcc2f678402c233fb0450280d9b37316d2d19220b0

SHA512
08dbe489ba0158c80ed3f62fa73ec56b20f4709df4b9b35f9e705a42284fdb60c0e3e2536ded00ae72051fb5f6ebc926abaacd5871a82a16ae51ad4d213819e8

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\7ZipDLL.dll

Filesize
535KB

MD5
cc356317feceaeb3f98dd72170e0b279

SHA1
13f8dbb6e683d1db06888ef2182d200b1bb4e793

SHA256
988b259b5c96eadcd14a5ee709f0f8d65fdb526b3fbc9714152e92fc92d9052f

SHA512
dc5805cf1a35b628cda5970ef02212d448349492f8364d250c3d3ed285ad50afe2d46e02ddf291510c5e7b97ef45cbd34cb84c0acfc1d8a9c5deaa078f80fd88

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\LiteZip.dll

Filesize
39KB

MD5
6b0a2f1a4894ea98ae291c4c7157258c

SHA1
eb84113974e5a9f407d7bae2acc83a9d6b3f7c99

SHA256
4df5f1b5f6068347c9e0dccdfc07c4c8103fb798f3b3ea31c3b8c53cb384a9ca

SHA512
f32719a62fd7cadd95618405f201f930ad48002fc65c23245456989ad4dd798a16e301777dff229b72dc58a74b81b74acd79ce4364c3dfdad10172b3c0df804c

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\colors.xml

Filesize
3KB

MD5
28dab61d106cc3370c9f336626fe4310

SHA1
7ea12c6bcb0cccf18473a34ba0aa3994a74fb542

SHA256
6d0277406464ca92b365f8aa618c6d4c2fe705dd509b758cea915a741e66b9aa

SHA512
bb009e664baf7a44a309cbca81c092802032755d0bb829710247131255351b036faaa5445d547f0033da455561813b41f5f7eaf09cd78a2b478fc154292c9649

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\close.png

Filesize
347B

MD5
8b8f2447af69de4e06e496d218e85fc4

SHA1
140db4a4b2762760bc6d73aa11a3c26cb5c49a36

SHA256
683e30d6bc30c137327c120ec1d6703a0f4ee2c1d95137e1ff1371c41ceb4ff7

SHA512
933818a5b0c76535ebbbc03090395709d51472790e5fa8ca076176f5c74702c57200b07f5073c399793c80ad43cf5818d09825043b7ebea9a93ff68394e60677

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\logo.png

Filesize
11KB

MD5
68709bb060b6861f15f0ef837a363f56

SHA1
6b63eb1f320b765467286ab26a7310ad47a98a5d

SHA256
5f406086ae691da1933ffeee6ddd9df4181da0808d6b907168974ed3faf0e09b

SHA512
81bdbe61572c544ff92c3322f2e1de8aaba5526f48d382aba8410e3745803c1edf20c6e361fb1cbb79ec0167da67c91bf9a930ecd7bc93c2040e211ae93a6c6e

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\max.png

Filesize
254B

MD5
917af97fc8e48cefcf00f6b780f75d0b

SHA1
37e39b627067ea421212f2229afb849a120d80f7

SHA256
8e2116768c6d16ace4119d58579287c51d203bd4085be3dfc049b9b55ac03db2

SHA512
2cd862119a2c85680054caa68465017651dd1c2ed9dbe7611e468494aedb7449c08de7bf1bc8ba6659d4d026dd388f8811eb6d5722fd15bd838d0df00f7ebe4d

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\min.png

Filesize
218B

MD5
6baf60a941ffefad7db90d7fc33b5b5d

SHA1
f142658e56b22f3a81aadfe40f025464eed69789

SHA256
28f2b5b3dd1644a5a15bbc8245bc7952437cce16cbb2f84e8a7ba1d5251525e7

SHA512
5596175584359a2dd090b78a5930ae31e171288e446115056afc97b11deb73e311de3a6481ecb64840e275d7ee0aa3db0d21ec0530d461482a2d1d1eed6a899a

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\register.png

Filesize
2KB

MD5
7157905009a2be7ffc99b16958b92713

SHA1
0075e68026a4be6391a19a5e89b4649644cef023

SHA256
0b4f642021bc50c3c8777d59722d46de7434ebd7728da5adc8f8030f5154e325

SHA512
d4be2ebed56323b7e6769a57edb191c93c9ecef0e4fd665f8086f48b47f6d576617412426d7763c3fb35965a49c35846d6ba5cd6ab43b561a752c678f34b5215

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\register_over.png

Filesize
3KB

MD5
4ce0a75c27f842257a195f7d856c1186

SHA1
fc7e2a9e29be3b2a9403b961da1d1091e81e5a7c

SHA256
8b9623bb5a9d6be9415ed823ff7df3372ec752ffcf3517bbfd72152ab22af9df

SHA512
f17b1db8ba88567510763803049bf83d26cfd902a8e9ec550a80852c921c90446a706afab3069f6979183ccb3bf7b6d3fe4ddae928b4a8722b91dafb6b22fef0

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\renew.png

Filesize
2KB

MD5
ffc89e0b584906f652fb5e9024b938e6

SHA1
47d91c2d1aec01ca4eab5daa65061e6bc1243a65

SHA256
fcc11791e3abfbe4b3e2e98b0b3f555a17b6d249295f2631474ecc880fe76b60

SHA512
4eed2f8570a0f89a4d34754943d417c2f6c1664b1e406ff1f530ae857969981effe75bba6cfb90c3b92a4aca0304f61e4682ee0510f81da5851354357c9be5a1

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\renew_over.png

Filesize
2KB

MD5
4a8e1fcd2c0c5ccc7f5e874f887b7586

SHA1
111c69c17d722669ab12bc5a34413560a1b3c167

SHA256
2814afbc1a8a01a38fc5f3466ad4f4ff4f50f2b02dca668aabf5423e3a1952a4

SHA512
0ff36eec1d86019ef5454f3cdd60afcadafeb99167af6056b0b29b18ec46b01a14f44adda8cdf2a2e75984acfc0fc18da5393652d901a228a33e96ef0a6b17f3

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\restore.png

Filesize
337B

MD5
094811b54c00fde816f94bb8082fbaf6

SHA1
5558fe132a7ea36915beb44731aa9be6fb1bcf01

SHA256
1d0d72e71a49f3a0488f27721a93a94c618e89a6dcab29d32490b837970d27a5

SHA512
81e16fe3dbf40fc45602275e6d4496f112664fa0a491289da05ce15dd16d529f14eefe098b3fe36e3e6b6a9a80cc9f94cf5d97be528d745adc98fbfb4bdd0fe7

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\tab_bg.png

Filesize
668B

MD5
455d6f48600b1ee98fa786d56c778b2a

SHA1
69d2f56a4e55bce2f7f21a3549ce4303730f67bc

SHA256
e1cff8b7ac004d3181982860a028624776effd61b3af0200996707e2feeea9c8

SHA512
f9fe1c0212c13456b5fba6aa9cf5e9b88546cdd15c90af0f6ac6db4ecb96cc9bc05564a92a8a84bc9337ec56da58e60530dfa6f13fb37f86f1c0b8c804bea891

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\tabactive_bg.png

Filesize
3KB

MD5
8f241f233155f3018a39c4668676fa95

SHA1
65fba77a94c8a3a3a93c10208bba9faf1dfa38fc

SHA256
e5ddeed41c9488ddd9ca6a8e03398c01418f6bd8e82a42853d9038040aaedce7

SHA512
c5aa439966133dc0f64ed81f93507e435353e2d9c405c1117c23935eba3c2168c79044b9b086901044ce59a8ed5de09026309bc7cebf3889c9b6e004d2367c5d

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\tabover_bg.png

Filesize
649B

MD5
bc41b499126b3d7f39ad1dba5716c566

SHA1
928421f0b4242658d9799a57ad1a8d186f49720f

SHA256
c21fd4580c73480310c71958695cc0051811bf259d22df2f0396eb41c8e6db85

SHA512
0c2f83a5e56c83fe474e77784d767f64f1b3b3ab83434774eb5d6d6d235d31a6be5afc868bc0120d27bd6ebd6c9537a43875fbb507285422c46913e8c2425581

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\title_bar.png

Filesize
66KB

MD5
954b84af2f7b383f05135e3e516300d9

SHA1
92101ef930f29d0e6fbc89cf8bdf2c5ea049df69

SHA256
17b32fda4cf3db2ccc4a64bd443739db938af1e7a7d78cdb796fc16e8aa94c28

SHA512
32f795174d41a83e01c247096e7f501da1579c56ad6639f701a09254f68a887b1426a6fdc0b98a659d3aec663299447d46d4f1c2ae226229041aba1cc43c07a0

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\top_logo.png

Filesize
9KB

MD5
48cfed7a3c045689ccde732446ac58ad

SHA1
b3ad478902b8fe377101e88f24f120463bbdf60a

SHA256
10a63e3f4b39cf040194fbd315ac154ad072b7dd3656e94dc36deccb9c2f7126

SHA512
43d63459cfddd9c706e5655ace81d8f4ec9ac2d4f628edc133753db2628452aacd1a5769b83feda1cee2c14a105c4b2e2e987c5edcaa8df985ba707e68961884

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\Frame\upper_divider.png

Filesize
248B

MD5
e18ab964e7d99abf268ece884270cd90

SHA1
88641949491ce5e505ded537e894314251844c49

SHA256
4ac94b56340ab35f0a528884736039c8975d263ac359f0e8ba0d5e625614a9c7

SHA512
a7c6db04a34ada1505f8e2b3dbbe9fde39f9a9791f00f161b24df2bdefb00e94020612374293db10eb143a8b589ee85a47f1bf38d9f190f1aea79ba97c8f9754

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\buttons\btn.png

Filesize
3KB

MD5
a819be4a731549d962df1b939e789193

SHA1
c37f1ae7a474bb600b509058b224f496d41f36cc

SHA256
afc9af1211e216bc77eede55c88012da5074598e46cf93b476bec292b1ef6cae

SHA512
1ea2ff6fe9770f7558e315a6cdf6d4c2854d06b425a74adeabc9aa468ade77c8a578242d721831552504ee07da915d916315ee4bf7c9d7c7c34dfc7fa6b1b96b

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\buttons\btn_over.png

Filesize
3KB

MD5
f8283b8bde25f5a2496981f3ce4f7a89

SHA1
1b0cf6a749717d161ce1dd97dde12293775cdd01

SHA256
41b4662daec8ea4ac5dee21be072d3bd3c478b850c7c1c314d70fbbe9704e194

SHA512
c7df5e18a9fc6bf511026788ad305eee5e037f1df2f263f8d18bba4f45e758bd16bcd1e82ebbbe57655d5b25da9a0d78323a4314ea6674d61df616ba2c9e578f

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\frame\dlg_title.png

Filesize
9KB

MD5
130319ca832ceb636c7710f393db3a83

SHA1
c29da9f5a3e97f26c6cd94ff66882bac928a2e7f

SHA256
9d84484f6a1b69519a2633914d354b475335f7773b5a76bed5afc8a90fc3f348

SHA512
0245476b5c5a605145653808d72aabcc31e041a98e2966e2c002d0eda27fdfa4b0098347ce3533a34f5d49efe92d74498e9fa5202335240e7504938a5eb521ab

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\headers\header_about.png

Filesize
6KB

MD5
32e336a672389136042039b42048b015

SHA1
7da1f8f9fff4d9432eee227da62040da9887cdcd

SHA256
e315d98b39b77042f9a8daa14e5dadeb61c62592fabf40a1a08624830f7bed04

SHA512
c1174bc564976567ea75f091749f7eb95879a207a411072227d6ed4ba563b6226e82e4510d8b27a156abdd7e65053abc72146e7489b29a448e624e7a4180627d

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\scan\check.png

Filesize
4KB

MD5
3a4252c4666839cb6ecd059b49f232a2

SHA1
2d82c779b6ac9c827f416baff0ac9043f0066596

SHA256
ff815cd2bbdecffa207d40aa2222a80c938480b515efd44cb89e43c870bf90a8

SHA512
bb0554fb077309e2f8bc7d3e5842115d092a84b60349fe31205785ca9e68a8f5abe63988f2c8589b32a37f4a80292352ba9a814add3450e43e4fc951a2e922d3

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\scan\error_large.png

Filesize
7KB

MD5
f5bc4840f47de36a0dde8ac48e60f56c

SHA1
e2a630dc239efbf4b897fa1e48de8e944c1ef432

SHA256
2c1f34679930dca6c7ac4b706ab2b93de0990f17d84227ab757b9a3b8e7608cf

SHA512
01552a59b54d07ec5d579fa497cc4e4959fec20f11d47abeaa55afe86eb548f03b63f7b6766023d8c4c021a7274138b539408088cf1c9ec283ab3b6a97e97288

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\scan\junk.png

Filesize
2KB

MD5
0845bd9cb4c3943cbf1f0e4a09eea4e8

SHA1
60df34b52974f583845a172020b71ae5c8abef8d

SHA256
3328295fce63ac3cd295fbf5845c2ef023bf914388d18c39eb0a1e96104fa306

SHA512
eccb4e58bb6f41da5a94dbac6da312f4c45a5e61dc5942d4614240283f9c832ae639c226a28b04676c4d88d3fd09b5d20eefa3f8ad15fcb6b2a551d8521c70ea

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\scan\md5.png

Filesize
2KB

MD5
31b336410e09ebd60690f085edd91a69

SHA1
31625a80f1d2bd5c1c0bd7a965d62a7384ad9341

SHA256
7f509509c94930c0333fb5299785723cd3ff035cde6dbc8d825e2d003db86925

SHA512
8edae3239192298335dcb4a743e36af9ecb94a15058d6c4d736cf14114eb11cb95a175fe3ac5ae53d70ed909a3bfb17bcf9a87a51129d3e7567a00682c817712

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\images\scan\registry.png

Filesize
2KB

MD5
138a04f1566a7bde38531dd7ac83fa93

SHA1
45a5ddd6eac71fe1587463a423bd493c31d59aba

SHA256
52480e84d1c12fd2846b05af8c6323a24a03383c800371072c427110d0472a02

SHA512
fe5a495cb9679198748b612a3a0e092c2808a753132332166785d0ac20fbfd58dfbfd1945667f24f7df00284571efeb9aa066273752e8cbb31daf5f84c6c72e4

Download Submit
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\settings.xml

Filesize
768B

MD5
f51d493691c91ba47d0a131db1e5e694

SHA1
b6392935d99e6b71287b491f63c18359b5d4930e

SHA256
6843885ee2de076a72f43c0f44b658ccdb545aab781bef56d727b1f7726b3b4f

SHA512
f88f36fea6488e61ba94c472af351f7d2f227dbb3600c6d17ebf8c400e4720646fe88ab727149aa88e3fe23b4eaecffdb4ed0f7a3647e96a7adc8c9f05b749e0

Download Submit
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro\RB.rdat

Filesize
48B

MD5
5ee61af78ef3cf7de7812c8edce0a9d8

SHA1
b97cc11f0ecad6f148e8985fd4f1af8fc98ee519

SHA256
967a130dd206f6008f77a7f0fbec1b9350fcd0de90342dbe5c4ae76f63ed04a6

SHA512
5725ff72ad3565851204d8166a70908a4fa47b38d66eaacc94b27c58f321a3423d37a84c3e16c776d49122ee30fc866606d5bee7c3f928b7728d36549051490b

Download Submit
C:\Windows\Tasks\SpeedyPC Pro.job

Filesize
408B

MD5
13276039443ad6f90257eedd0e6cc755

SHA1
1a6dbd3219272e808775a9ec86b0a3718207baf6

SHA256
3ed77a27ab48a869fa19b5f0041e733de199b18db1524365fec0f0aaf366e5f0

SHA512
d803e3745897c57419d9fd2e604df872216ab8495b4cbabe62672d9e9f690549b23dca41db0e99b6a394f52c49a7ba7c66e4f6ad0477f12e070d7e364d2a09f2

Download Submit
C:\Windows\Tasks\SpeedyPC Registration3.job

Filesize
492B

MD5
dba3b79031371038e6aba801c89cad04

SHA1
b6f30b1dff0ecc59b7d2aebea39f0addf5c11d80

SHA256
763fe1b90cc0d1e7697a4439c03c0b8134173c67abf21d40e92f9d77216cfea2

SHA512
ae6bff7a622188c437a389a7ee70f630f71c6d7df4133e3c579ac218d1f773742acf3a8dc4318a9c086c64946593130f9a38334d2cbb2f67397e541952efd9ef

Download Submit
\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

Filesize
760KB

MD5
425a7d080b637432afbc35d16f2f72cc

SHA1
c4691fbe5a310907f898c7bab9511629d0a20b52

SHA256
809416deedde74206663139a64168b49c2bf7dcdb46ecc0870a563f8877863bd

SHA512
d13d35b9afc03710e12bc7d6fc6d8a7396768aec3f622ab6f58a461cd3a97add8170662686ee245fe9223151b3194d2cff79ad9e819e6ee7624905dee08b02d3

Download Submit
\Program Files (x86)\SpeedyPC Software\SpeedyPC\MyResources.dll

Filesize
492KB

MD5
730a2278d165868c39af6fae3f64cbac

SHA1
e0d584f4ed52ba50e218089b70659dc67e6ccc1b

SHA256
a92db1a505e81c31e7111b26b5695ec9922e9a38255f518e02dbc7cc6f6d0f92

SHA512
13b3011cdc97df73301b1bd2e313577fee309e919aa485b7911493976789abb77aaae6bc776d59c5655d2f89fab62a40a9fec9563dd678b5d24eecf0197e9c80

Download Submit
\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe

Filesize
4.5MB

MD5
77984d881f88c3b6c5174d1537962763

SHA1
72cd16f67d77801ae6616d359730f548dc9806b1

SHA256
3cccaf9f2a07c8907076f719479b981b47a11b52e72f3557b3e5e1fd23fa0edf

SHA512
5d1fd5b37da2be1bee0860a180d133dc79b973a7ed8d0db766e94411ce65f955bfa953ed36d37fafdab38d9ae9f282106291cdeb680d6740fdc9cf5d38486198

Download Submit
\Program Files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe

Filesize
216KB

MD5
93acef4a6e0bf64cdffcc92f2ce485db

SHA1
2b0ae5fc8a26cd8e3ff401c973df14227949c772

SHA256
81a06c3850423fe61cf34aede5afe9baf4458894acba0a1aad23503e50ce0fab

SHA512
14abdd1d4f01188561e0e19d9ce8060bb050b5b02f15cf687dc2153cc5a7146c29d78d57567c93de907c06a3d9ae9b7eac12d3ef0b7ec4f6f29d902ab567f745

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8410.tmp\AdvSplash.dll

Filesize
5KB

MD5
41be2441ee7c684eaa76a62d4223b4c7

SHA1
05de8220e296db1025f7bd4d9de1f44370018162

SHA256
0990902460ec38bcd605b518bffa081942c6f4c5fe1828a61ba3965bbf15d8bd

SHA512
fec074a2196141e497334b57563dc7863a0b949d348164aec8c4f21d1b3c4ed795e03fd6e5726a2e90da7015abfbb4e28102647c0e343e84a707e99271a1a938

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8410.tmp\KillProcDLL.dll

Filesize
32KB

MD5
83142eac84475f4ca889c73f10d9c179

SHA1
dbe43c0de8ef881466bd74861b2e5b17598b5ce8

SHA256
ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

SHA512
1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8410.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8410.tmp\UserInfo.dll

Filesize
4KB

MD5
d16e06c5de8fb8213a0464568ed9852f

SHA1
d063690dc0d2c824f714acb5c4bcede3aa193f03

SHA256
728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531

SHA512
60502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a

Download Submit
memory/1696-349-0x0000000000150000-0x00000000001E0000-memory.dmp

Filesize
576KB

Download
memory/2552-408-0x0000000000230000-0x00000000002C0000-memory.dmp

Filesize
576KB

Download
memory/2600-469-0x0000000004820000-0x0000000004831000-memory.dmp

Filesize
68KB

Download
memory/2600-468-0x0000000004910000-0x00000000049F8000-memory.dmp

Filesize
928KB

Download
memory/2600-465-0x00000000047E0000-0x0000000004807000-memory.dmp

Filesize
156KB

Download
memory/2600-463-0x0000000004670000-0x000000000469A000-memory.dmp

Filesize
168KB

Download
memory/2600-461-0x0000000004630000-0x000000000465A000-memory.dmp

Filesize
168KB

Download
memory/2600-460-0x0000000004600000-0x0000000004618000-memory.dmp

Filesize
96KB

Download
memory/2600-486-0x0000000008830000-0x00000000088C0000-memory.dmp

Filesize
576KB

Download
memory/2600-505-0x0000000006170000-0x0000000006200000-memory.dmp

Filesize
576KB

Download
memory/2600-429-0x00000000004A0000-0x0000000000530000-memory.dmp

Filesize
576KB

Download
memory/2600-522-0x0000000003510000-0x00000000035A0000-memory.dmp

Filesize
576KB

Download