LunaGrabber | a8f611076c461e67ad46fb3c7dc118abb1ec9d9cc71076f12a372202dd302c91

Analysis

max time kernel
92s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 07:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adm-hub.exe
Size

59.6MB
MD5

e20737240141c56388af8de1f151c761
SHA1

819b9fb1d2cbcf304b379470332822c33f39f554
SHA256

a8f611076c461e67ad46fb3c7dc118abb1ec9d9cc71076f12a372202dd302c91
SHA512

862c44ef6d1239fe0e47cb7aa1ebf951c84bf6aed771fe907dc540ea29730f136dabc4d113982bab8695f94b7f01abf2eaddd5104e616f6f9af33e5fcbdf560c
SSDEEP

1572864:j+rewmxQqMrlpA+Ql4oKErkZkcJDucqXZCxiJg:j9wmxyklDKErqkchuc3xii

Score

10^/10

LunaGrabber redtiger luna stealer upx

Malware Config

Signatures

Detects RedTiger Stealer 64 IoCs

stealer

resource	yara_rule
behavioral2/files/0x000700000002405f-736.dat	redtigerv122
behavioral2/files/0x000700000002405f-736.dat	redtigerv22
behavioral2/files/0x000700000002405f-736.dat	redtiger_stealer_detection
behavioral2/files/0x000700000002405f-736.dat	redtiger_stealer_detection_v2
behavioral2/files/0x000700000002405f-736.dat	staticSred
behavioral2/files/0x000700000002405f-736.dat	staticred
behavioral2/files/0x000700000002405f-736.dat	redtiger_stealer_detection_v1
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	redtigerv122
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	redtigerv22
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	staticSred
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	staticred
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/files/0x0008000000023c28-739.dat	redtigerv122
behavioral2/files/0x0008000000023c28-739.dat	redtigerv22
behavioral2/files/0x0008000000023c28-739.dat	redtiger_stealer_detection
behavioral2/files/0x0008000000023c28-739.dat	redtiger_stealer_detection_v2
behavioral2/files/0x0008000000023c28-739.dat	staticSred
behavioral2/files/0x0008000000023c28-739.dat	staticred
behavioral2/files/0x0008000000023c28-739.dat	redtiger_stealer_detection_v1
behavioral2/files/0x0008000000023c65-741.dat	redtigerv122
behavioral2/files/0x0008000000023c65-741.dat	redtigerv22
behavioral2/files/0x0008000000023c65-741.dat	redtiger_stealer_detection
behavioral2/files/0x0008000000023c65-741.dat	redtiger_stealer_detection_v2
behavioral2/files/0x0008000000023c65-741.dat	staticSred
behavioral2/files/0x0008000000023c65-741.dat	staticred
behavioral2/files/0x0008000000023c65-741.dat	redtiger_stealer_detection_v1
behavioral2/files/0x0008000000023c32-742.dat	redtigerv122
behavioral2/files/0x0008000000023c32-742.dat	redtigerv22
behavioral2/files/0x0008000000023c32-742.dat	redtiger_stealer_detection
behavioral2/files/0x0008000000023c32-742.dat	redtiger_stealer_detection_v2
behavioral2/files/0x0008000000023c32-742.dat	staticSred
behavioral2/files/0x0008000000023c32-742.dat	staticred
behavioral2/files/0x0008000000023c32-742.dat	redtiger_stealer_detection_v1
behavioral2/files/0x000700000002405e-743.dat	redtigerv122
behavioral2/files/0x000700000002405e-743.dat	redtigerv22
behavioral2/files/0x000700000002405e-743.dat	redtiger_stealer_detection
behavioral2/files/0x000700000002405e-743.dat	redtiger_stealer_detection_v2
behavioral2/files/0x000700000002405e-743.dat	staticSred
behavioral2/files/0x000700000002405e-743.dat	staticred
behavioral2/files/0x000700000002405e-743.dat	redtiger_stealer_detection_v1
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	redtigerv122
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	redtigerv22
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	redtiger_stealer_detection
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	redtiger_stealer_detection_v2
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	staticSred
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	staticred
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	redtiger_stealer_detection_v1
behavioral2/files/0x0007000000023c98-747.dat	redtigerv122
behavioral2/files/0x0007000000023c98-747.dat	redtigerv22
behavioral2/files/0x0007000000023c98-747.dat	redtiger_stealer_detection
behavioral2/files/0x0007000000023c98-747.dat	redtiger_stealer_detection_v2
behavioral2/files/0x0007000000023c98-747.dat	staticSred
behavioral2/files/0x0007000000023c98-747.dat	staticred
behavioral2/files/0x0007000000023c98-747.dat	redtiger_stealer_detection_v1
behavioral2/files/0x0008000000023c30-751.dat	redtigerv122
behavioral2/files/0x0008000000023c30-751.dat	redtigerv22
behavioral2/files/0x0008000000023c30-751.dat	redtiger_stealer_detection
behavioral2/files/0x0008000000023c30-751.dat	redtiger_stealer_detection_v2
behavioral2/files/0x0008000000023c30-751.dat	staticSred
behavioral2/files/0x0008000000023c30-751.dat	staticred
behavioral2/files/0x0008000000023c30-751.dat	redtiger_stealer_detection_v1
behavioral2/memory/4060-753-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp	redtigerv122

Lunagrabber family
LunaGrabber

Matches Luna Grabber Rule For Entry 25 IoCs

Detects behavior indicative of Luna Grabber malware

stealer luna

resource	yara_rule
behavioral2/files/0x000700000002405f-736.dat	LunaGrabber
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	LunaGrabber
behavioral2/files/0x0008000000023c65-741.dat	LunaGrabber
behavioral2/files/0x0007000000023c97-757.dat	LunaGrabber
behavioral2/memory/4060-792-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	LunaGrabber
behavioral2/memory/4060-782-0x00007FFA14650000-0x00007FFA1465D000-memory.dmp	LunaGrabber
behavioral2/memory/4060-780-0x00007FFA13680000-0x00007FFA13699000-memory.dmp	LunaGrabber
behavioral2/memory/4060-805-0x0000011DCA750000-0x0000011DCAAC9000-memory.dmp	LunaGrabber
behavioral2/memory/4060-806-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp	LunaGrabber
behavioral2/memory/4060-804-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp	LunaGrabber
behavioral2/memory/4060-810-0x00007FFA13680000-0x00007FFA13699000-memory.dmp	LunaGrabber
behavioral2/memory/4060-828-0x00007FFA13020000-0x00007FFA13047000-memory.dmp	LunaGrabber
behavioral2/memory/4060-830-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp	LunaGrabber
behavioral2/memory/4060-832-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp	LunaGrabber
behavioral2/memory/4060-834-0x0000011DCA750000-0x0000011DCAAC9000-memory.dmp	LunaGrabber
behavioral2/memory/4060-833-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp	LunaGrabber
behavioral2/memory/4060-849-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp	LunaGrabber
behavioral2/memory/4060-909-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp	LunaGrabber
behavioral2/memory/4060-920-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp	LunaGrabber
behavioral2/memory/4060-918-0x00007FFA13020000-0x00007FFA13047000-memory.dmp	LunaGrabber
behavioral2/memory/4060-910-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp	LunaGrabber
behavioral2/memory/4060-904-0x00007FFA14650000-0x00007FFA1465D000-memory.dmp	LunaGrabber
behavioral2/memory/4060-903-0x00007FFA13680000-0x00007FFA13699000-memory.dmp	LunaGrabber
behavioral2/memory/4060-901-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp	LunaGrabber
behavioral2/memory/4060-897-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	LunaGrabber

Redtiger family
redtiger

Loads dropped DLL 58 IoCs

pid	Process
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe
4060	adm-hub.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000002405f-736.dat	upx
behavioral2/memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	upx
behavioral2/files/0x0008000000023c32-742.dat	upx
behavioral2/memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c98-747.dat	upx
behavioral2/files/0x0008000000023c30-751.dat	upx
behavioral2/memory/4060-753-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp	upx
behavioral2/memory/4060-752-0x00007FFA14720000-0x00007FFA1472F000-memory.dmp	upx
behavioral2/files/0x0008000000023c4f-754.dat	upx
behavioral2/memory/4060-756-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp	upx
behavioral2/files/0x0007000000023c97-757.dat	upx
behavioral2/files/0x0008000000023c63-775.dat	upx
behavioral2/files/0x000700000002405d-760.dat	upx
behavioral2/memory/4060-778-0x00007FFA13940000-0x00007FFA13975000-memory.dmp	upx
behavioral2/files/0x0007000000024063-781.dat	upx
behavioral2/files/0x0008000000023c60-783.dat	upx
behavioral2/memory/4060-785-0x00007FFA14300000-0x00007FFA1430D000-memory.dmp	upx
behavioral2/files/0x0007000000024071-794.dat	upx
behavioral2/memory/4060-796-0x00007FFA13330000-0x00007FFA1335B000-memory.dmp	upx
behavioral2/memory/4060-795-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp	upx
behavioral2/memory/4060-792-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp	upx
behavioral2/memory/4060-791-0x00007FFA043D0000-0x00007FFA0448C000-memory.dmp	upx
behavioral2/memory/4060-790-0x00007FFA13650000-0x00007FFA1367E000-memory.dmp	upx
behavioral2/files/0x0007000000024062-784.dat	upx
behavioral2/memory/4060-782-0x00007FFA14650000-0x00007FFA1465D000-memory.dmp	upx
behavioral2/files/0x0007000000024061-789.dat	upx
behavioral2/memory/4060-780-0x00007FFA13680000-0x00007FFA13699000-memory.dmp	upx
behavioral2/files/0x0008000000023c61-779.dat	upx
behavioral2/files/0x0008000000023c62-774.dat	upx
behavioral2/files/0x0008000000023c5f-771.dat	upx
behavioral2/files/0x0008000000023c53-770.dat	upx
behavioral2/files/0x0016000000023c49-769.dat	upx
behavioral2/files/0x000b000000023c48-768.dat	upx
behavioral2/files/0x0008000000023c33-767.dat	upx
behavioral2/files/0x0008000000023c31-766.dat	upx
behavioral2/files/0x0008000000023c2f-765.dat	upx
behavioral2/files/0x000700000002406e-763.dat	upx
behavioral2/files/0x000700000002406d-762.dat	upx
behavioral2/files/0x0007000000023c99-758.dat	upx
behavioral2/memory/4060-798-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp	upx
behavioral2/memory/4060-799-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp	upx
behavioral2/memory/4060-806-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp	upx
behavioral2/memory/4060-804-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp	upx
behavioral2/memory/4060-803-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp	upx
behavioral2/memory/4060-808-0x00007FFA13190000-0x00007FFA131A4000-memory.dmp	upx
behavioral2/memory/4060-811-0x00007FFA13640000-0x00007FFA13650000-memory.dmp	upx
behavioral2/memory/4060-810-0x00007FFA13680000-0x00007FFA13699000-memory.dmp	upx
behavioral2/memory/4060-813-0x00007FFA033D0000-0x00007FFA034E8000-memory.dmp	upx
behavioral2/files/0x0007000000024077-814.dat	upx
behavioral2/memory/4060-816-0x00007FFA04A00000-0x00007FFA04A87000-memory.dmp	upx
behavioral2/memory/4060-820-0x00007FFA13050000-0x00007FFA13065000-memory.dmp	upx
behavioral2/memory/4060-819-0x00007FFA043D0000-0x00007FFA0448C000-memory.dmp	upx
behavioral2/memory/4060-818-0x00007FFA13650000-0x00007FFA1367E000-memory.dmp	upx
behavioral2/memory/4060-828-0x00007FFA13020000-0x00007FFA13047000-memory.dmp	upx
behavioral2/memory/4060-827-0x00007FFA1B200000-0x00007FFA1B20B000-memory.dmp	upx
behavioral2/files/0x0007000000023c73-824.dat	upx
behavioral2/files/0x0007000000023c72-822.dat	upx
behavioral2/files/0x0007000000023cbc-829.dat	upx
behavioral2/memory/4060-831-0x00007FFA11C10000-0x00007FFA11C28000-memory.dmp	upx
behavioral2/memory/4060-830-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp	upx
behavioral2/memory/4060-832-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp	upx
behavioral2/memory/4060-836-0x00007FFA04880000-0x00007FFA049FA000-memory.dmp	upx
behavioral2/memory/4060-835-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp	upx
behavioral2/memory/4060-833-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp	upx

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
3940	WMIC.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4060	adm-hub.exe
4060	adm-hub.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4060	adm-hub.exe
Token: SeIncreaseQuotaPrivilege	2108	WMIC.exe
Token: SeSecurityPrivilege	2108	WMIC.exe
Token: SeTakeOwnershipPrivilege	2108	WMIC.exe
Token: SeLoadDriverPrivilege	2108	WMIC.exe
Token: SeSystemProfilePrivilege	2108	WMIC.exe
Token: SeSystemtimePrivilege	2108	WMIC.exe
Token: SeProfSingleProcessPrivilege	2108	WMIC.exe
Token: SeIncBasePriorityPrivilege	2108	WMIC.exe
Token: SeCreatePagefilePrivilege	2108	WMIC.exe
Token: SeBackupPrivilege	2108	WMIC.exe
Token: SeRestorePrivilege	2108	WMIC.exe
Token: SeShutdownPrivilege	2108	WMIC.exe
Token: SeDebugPrivilege	2108	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2108	WMIC.exe
Token: SeRemoteShutdownPrivilege	2108	WMIC.exe
Token: SeUndockPrivilege	2108	WMIC.exe
Token: SeManageVolumePrivilege	2108	WMIC.exe
Token: 33	2108	WMIC.exe
Token: 34	2108	WMIC.exe
Token: 35	2108	WMIC.exe
Token: 36	2108	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2108	WMIC.exe
Token: SeSecurityPrivilege	2108	WMIC.exe
Token: SeTakeOwnershipPrivilege	2108	WMIC.exe
Token: SeLoadDriverPrivilege	2108	WMIC.exe
Token: SeSystemProfilePrivilege	2108	WMIC.exe
Token: SeSystemtimePrivilege	2108	WMIC.exe
Token: SeProfSingleProcessPrivilege	2108	WMIC.exe
Token: SeIncBasePriorityPrivilege	2108	WMIC.exe
Token: SeCreatePagefilePrivilege	2108	WMIC.exe
Token: SeBackupPrivilege	2108	WMIC.exe
Token: SeRestorePrivilege	2108	WMIC.exe
Token: SeShutdownPrivilege	2108	WMIC.exe
Token: SeDebugPrivilege	2108	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2108	WMIC.exe
Token: SeRemoteShutdownPrivilege	2108	WMIC.exe
Token: SeUndockPrivilege	2108	WMIC.exe
Token: SeManageVolumePrivilege	2108	WMIC.exe
Token: 33	2108	WMIC.exe
Token: 34	2108	WMIC.exe
Token: 35	2108	WMIC.exe
Token: 36	2108	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3940	WMIC.exe
Token: SeSecurityPrivilege	3940	WMIC.exe
Token: SeTakeOwnershipPrivilege	3940	WMIC.exe
Token: SeLoadDriverPrivilege	3940	WMIC.exe
Token: SeSystemProfilePrivilege	3940	WMIC.exe
Token: SeSystemtimePrivilege	3940	WMIC.exe
Token: SeProfSingleProcessPrivilege	3940	WMIC.exe
Token: SeIncBasePriorityPrivilege	3940	WMIC.exe
Token: SeCreatePagefilePrivilege	3940	WMIC.exe
Token: SeBackupPrivilege	3940	WMIC.exe
Token: SeRestorePrivilege	3940	WMIC.exe
Token: SeShutdownPrivilege	3940	WMIC.exe
Token: SeDebugPrivilege	3940	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3940	WMIC.exe
Token: SeRemoteShutdownPrivilege	3940	WMIC.exe
Token: SeUndockPrivilege	3940	WMIC.exe
Token: SeManageVolumePrivilege	3940	WMIC.exe
Token: 33	3940	WMIC.exe
Token: 34	3940	WMIC.exe
Token: 35	3940	WMIC.exe
Token: 36	3940	WMIC.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 4060	1832	adm-hub.exe	83
PID 1832 wrote to memory of 4060	1832	adm-hub.exe	83
PID 4060 wrote to memory of 2388	4060	adm-hub.exe	84
PID 4060 wrote to memory of 2388	4060	adm-hub.exe	84
PID 4060 wrote to memory of 4284	4060	adm-hub.exe	89
PID 4060 wrote to memory of 4284	4060	adm-hub.exe	89
PID 4284 wrote to memory of 2108	4284	cmd.exe	91
PID 4284 wrote to memory of 2108	4284	cmd.exe	91
PID 4060 wrote to memory of 2428	4060	adm-hub.exe	95
PID 4060 wrote to memory of 2428	4060	adm-hub.exe	95
PID 2428 wrote to memory of 3940	2428	cmd.exe	97
PID 2428 wrote to memory of 3940	2428	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\adm-hub.exe
"C:\Users\Admin\AppData\Local\Temp\adm-hub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\adm-hub.exe
  "C:\Users\Admin\AppData\Local\Temp\adm-hub.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:2388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious use of AdjustPrivilegeToken
      PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI18322\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\VCRUNTIME140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_asyncio.pyd

Filesize
35KB

MD5
a65c96fdc6f3b556248e3294bd9ce270

SHA1
00aa33533781a0bb2df5df5f4f2a3bcb1ab816b7

SHA256
aed83fbd7266e9511fe2ea160853fda6da3a37e569b2408bd39809637eaab3f3

SHA512
1cfd9bb03f4be8dd07097e5b6350bb7db31f48170a24c04c9144c78c1eebad4bf48746ce2652286cbff85f5ee1b0bb79048b56d90144f647996903562b6547cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_bz2.pyd

Filesize
47KB

MD5
ff52c3b3ef7549a1d89070e8649f8ed2

SHA1
6b81e0e18f7ddf8fae7fa1e9aec1cef261e4aeae

SHA256
69d181c25797e994a9961c9f40dc57d04f8391c4fd83d412d23162fb4beb4fd7

SHA512
a84129700ff8cc95d3581d99b41b67f6d6e123d5f49132ca979e5acf1e9c70420c1b200b1c811327e8c815044270c61f8297df076eb3d8efbd60870d089316a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
796a3e2ecf2e31669defc1b3e07df327

SHA1
39c896e7217f9c2beaac7a831a5c24e1fff94714

SHA256
803969a018b78e0ca670c0cf2c7b8ff62efd7dcbdc049070f0109d1147453cea

SHA512
429dbbde27e65cc66754c3436153e04f9cde4800553caa678f8aebd55adb2490e93b7822650067eaa51094b47b5db1003af8c4d06aa1acb5d8531666cc308381

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_ctypes.pyd

Filesize
58KB

MD5
5f8caca0a680cab74cbd25ee7faa8e91

SHA1
0d6fe9047af38c371b9a8006805658bee386661b

SHA256
067ecceb2548c05b8dec8d755f756c9fd1a3bf806f911a7fb23fa6edd2649d5c

SHA512
48f5f7cb0cbc96f2692b9b555a967031e5a91f0dba2ce96bdeccceda81984efa89edfe08808e5298e0a522af714064e9e88234647819e8d88b68b21b9a6317d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_decimal.pyd

Filesize
106KB

MD5
a9e4c6c68e20518e4301a865a6387c4a

SHA1
ff5b7ebf0802d042566ca8328a01b77b62066386

SHA256
23d9216d09abe0dcf7f9d31db37239f2bcdcda1954ebe0e8fe094c905f071c1c

SHA512
4349975b5b15ba6a5ddce52f724659f231e9e8282c571ca79a2bbf4000e7b5280ecc59e2e749812f6de5e453293935b6727b73ef19b072ea4db221d4a5943539

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_elementtree.pyd

Filesize
57KB

MD5
c351578636f53ef4bced4f34bdcedc1b

SHA1
68511b4948f7ce5b68f99ea50e837d27c89304ef

SHA256
b0ef6cdbe1ca935b394e3ee10b90372579c1debac0e8e0807731faad92e43b68

SHA512
f55157133d70efd812452baf6009c017c68f76ca33ae0abc91470bcc3fc1cea479b4e4cae61d337ababa18c29bf2d85ec76ae596003c8b7fe9d66f6faa343614

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_hashlib.pyd

Filesize
35KB

MD5
244ac279950597392f9a9133a976f20b

SHA1
8b0aefcc6e96f854cfce0425eaab0e037d717277

SHA256
0e39dd9b6f307f6c43f25444492b7913039ea86c84e82715863fb2bf6c1cf4f4

SHA512
1a898ce71e1b143e3c6070c290d6ceb2f5df7ae85ac3eb3ef0e29ce5173f774dbbd89f671da959d323280928c7d8232cc1b5855fbaebb4b0d81abac3238c1859

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_lzma.pyd

Filesize
85KB

MD5
9c52741fcdee40f2b8a44e7cc0431bc3

SHA1
90ee686ebd007c9a1adef06e25dc4f920854231b

SHA256
63c20b51c3a15603a37169ebd48ec55d7f3edb6aae287b9b140a13806932b8ec

SHA512
dbb06f6033dc76635c4352d5c238514937446ce7c70e65f3be2e7e0413ef95b341fc0a5ea7759c891c875f7b89a53a37ba2d29f5ad7a727bca149b98fb4ecee7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_multiprocessing.pyd

Filesize
26KB

MD5
9504e16d83794f4b0eb8e82c4bcf0071

SHA1
a80c846b8d861c424bdb96aa48ae89a62deab037

SHA256
9453cc768746f3c2c8d9f7bfb2ffeb37a8bd8a17ee4799e3b9eab09e4b2c6cfb

SHA512
37cbb8e5e4613525a18f0f7972a922ea1e4f4ae8d82c4f440fa20df9cc8c66f7d052b7760606d00053731668d010f93f7bd083961177749a1d4fb7d6b879eda1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_overlapped.pyd

Filesize
31KB

MD5
cdc685dfbf69fc99d7576441d191fc50

SHA1
5884801d5cef295abf67f2a592d5e6a801790d52

SHA256
b933338c9b51a3133562e9395d0d11bd03e7cfa8cb1cc0d21aa89b11e9fd1fe8

SHA512
c1719ab8f1e7aa4a7a585dce4eeca9d7fc4a3bbfacf7cee5f7f6a4c62bfd020095570ce535914c52904e8a7ae7fc1c720f4d82120c5cd005cf365281b74e1110

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_queue.pyd

Filesize
25KB

MD5
be01bfb58958533f902a4b2ce2e3cbce

SHA1
24c0f4858f67817872e874677cc677bd2d19316b

SHA256
7fddae441eeeb41269d4216afb3044c05cbb6171fe8c21e111f965697a7f0cf4

SHA512
f31bd9a2023f5095f21ea9779d0d4cc9b187d9850d4eae3787978890ccde61fcee7af018e5c100fe27f92abd53d1742be04f06e519d2b7c1317e98ac5ef1d0b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_socket.pyd

Filesize
42KB

MD5
02330613585155baa15b57e33b6a1753

SHA1
be35ad82df4c098fa667b15c432252e74c7923a1

SHA256
5e850aa502e15b8dc02dd44095e112bb97aa9be12d21e73025af323413c03f81

SHA512
18f3231ccfb91230b4510b76803418aaae692b1caf9543457f87248fae2fd107b9e387b30586d7a256800e9dbf58b1e2384a5ebc44ac5e47e265d224234c850b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_sqlite3.pyd

Filesize
50KB

MD5
c75497a7c703c95fbf01d41e35ebcfad

SHA1
412201cfcb67c349835a60c1a18f49dbeac3bd31

SHA256
5c8943b46d8bf6037c66735534568ce6d7f1fc9bf74d39020f097156742a4dec

SHA512
9b7ffbb7d9f837550930cbeb2d226f471d0569e8d0c90681bd7a7326a86f7ab98e724e4a9ea75b5cb0ae601204c183d4928dc89bd2544212774c4e6de83e8732

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_ssl.pyd

Filesize
62KB

MD5
e2edbf80205ca00b6333d6b6746175bb

SHA1
c59f3ef991db057ddeb6966ad4a4792b87f52a74

SHA256
15cdeb6ff633a7fbfa6f505aba943d88b50d7c410bdaabfb365bee9829ef806d

SHA512
aff7a1a348a7557a17166ad80617c7d9a5b4a3a0fd72fe4135e173888aabd272026003546b7c6d474461d9815ffd089293f2f161124a875baa8ada8c34eb35f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\_uuid.pyd

Filesize
24KB

MD5
b68c98113c8e7e83af56ba98ff3ac84a

SHA1
448938564559570b269e05e745d9c52ecda37154

SHA256
990586f2a2ba00d48b59bdd03d3c223b8e9fb7d7fab6d414bac2833eb1241ca2

SHA512
33c69199cba8e58e235b96684346e748a17cc7f03fc068cfa8a7ec7b5f9f6fa90d90b5cdb43285abf8b4108e71098d4e87fb0d06b28e2132357964b3eea3a4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\base_library.zip

Filesize
859KB

MD5
4c60bcc38288ed81c09957fc6b4cd7cd

SHA1
e7f08d71e567ea73bb30656953837314c8d715a7

SHA256
9d6f7b75918990ec9cd5820624130af309a2045119209bd90b4f70bc3abd3733

SHA512
856d97b81a2cb53dcba0136afa0782e0f3f81bea46f98e0247582b2e28870b837be3c03e87562b918ec6bc76469eecc2c22599238d191d3fba467f7031a2acaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\certifi\cacert.pem

Filesize
287KB

MD5
52a8319281308de49ccef4850a7245bc

SHA1
43d20d833b084454311ca9b00dd7595c527ce3bb

SHA256
807897254f383a27f45e44f49656f378abab2141ede43a4ad3c2420a597dd23f

SHA512
2764222c0cd8c862906ac0e3e51f201e748822fe9ce9b1008f3367fdd7f0db7cc12bf86e319511157af087dd2093c42e2d84232fae023d35ee1e425e7c43382d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
9KB

MD5
5de31a89708aa3532a1a1bef7347c067

SHA1
d4a6968ca75a5fce14b09bbc3191c28acc1c44e2

SHA256
a3decdd18950e46af55e322abd452dd66d2822bab85d4651a229a93eb7a4b2c6

SHA512
7ea05575c351fcf26ddae51184406e5d4db9c5680ed5f5203625f090211ff83c52e3e7755bba0ba341385c1130a64c302f1fcdcbca4867aca0c3c85a6db4b670

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
40KB

MD5
28c5ab859d1049306ae0e7e4f2f96a3e

SHA1
de55f2965a93f0abc506742eb821d645ceeb1565

SHA256
335f65161748ee1f7dc398d3e302817cb787f8bee0e1fe376d2ec6881e82a630

SHA512
ee28b5abf0343afe0d412cbf535326be42f7234b4ce0640f735566ea99e3610ac96e16993c577077eddd05a73db6053a9dc3a028f0236423e1c842f81d518c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\libcrypto-1_1.dll

Filesize
1.1MB

MD5
4df5b549ac0eb0c90db4faee686087b2

SHA1
1291e1767433f622ace0a8a2c5d209763c8555bf

SHA256
7214cd7099c0bf4e8261ba0009fc2a9fe9163efbb53850dae9b7524b820faf39

SHA512
36f1e4ab936d7e5117557c91bb74379d743f9142c84ab69c2c1354584c74f649346dd796a22173a6edaca3821841d67da790f59d68cf700c12f152ec77c77b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\libffi-7.dll

Filesize
23KB

MD5
4e261cbb8247260ea91860986110f805

SHA1
1563d67c2aabcb5e00e25ef293456c6481a2adc3

SHA256
ddfd0755e011ea0df26d77cf3628e2cc59653aee02bf241b54b6b08561520453

SHA512
076cdc8759f9cbbf7f8dc7b1eaba3c51f6c40ae6043b1fb55aa2fb83f81e86933d0f885a61d83300173b9bd7c589ff126e2a5d858a3f4036390d02eb1e73d229

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\libssl-1_1.dll

Filesize
204KB

MD5
c5dcc2fa27268b3cb0249c2192513d55

SHA1
5ae020ec0c2d966ff18d7b303c66a4cb08a3f070

SHA256
1d8b3ec881b4bf24d5425322159af98c773f37c328229e06a3f5a5b2a3f82737

SHA512
4d2fe3b6f778f3c157da6ff2e9bb110ee9ab0e90f921f605338429c4165e6be511911d251418682128d0fdd853e6b9ccfe03abce3a2db735c952717dc43b921a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\luna.aes

Filesize
6.2MB

MD5
a98829d5bf9bd0fafe7d802697e53bd6

SHA1
73401ce2ff9f42ccbf885bade4c8909f77778c8f

SHA256
49daddf8b85819f27c97f61d516ed6d33626cea80a158e0994c961bca88bb427

SHA512
719969222dfdc8f5b46ee4855fbccf9e8f59d9a5c1e31935fd624981633b6ae80fbf3dbc32a02f607072844e133c41bcd78f6f387627b71b6fc7476745e305a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\psutil\_psutil_windows.pyd

Filesize
31KB

MD5
c506499ee527c8c15bd1202338d71868

SHA1
6a4d9c913254a60f5f47fd8834034a8eddacac24

SHA256
ffa23be0529c7005651552e6d9f35622bb163feca9e1e48699ddfa6ada8c6654

SHA512
4c24f37d566c31b1ecaf63024567b41cabefd9988825868ad46d2bf8fd1d93c4279d63bdcee2ad75da05a31de0dd6344b1e14c4274a61479f0f0ff2e678416f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\pyexpat.pyd

Filesize
87KB

MD5
16b38609f876981e175d25ab189465e8

SHA1
c49455356b970fcde5ca0b59097a9b4e8da7ce5a

SHA256
c91016393059729debc009ca678e3132d970099283b11a35d9208361ba9fc96e

SHA512
35b0888d4ef0a7f0d11ca066dc87bbce6b0bb53a8d670278bf3e269d836e3211e93357dc22f006ca6722388e3eda899490aed3b5beb7312e047a0fe29d98ff34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\python3.DLL

Filesize
64KB

MD5
fd4a39e7c1f7f07cf635145a2af0dc3a

SHA1
05292ba14acc978bb195818499a294028ab644bd

SHA256
dc909eb798a23ba8ee9f8e3f307d97755bc0d2dc0cb342cedae81fbbad32a8a9

SHA512
37d3218bc767c44e8197555d3fa18d5aad43a536cfe24ac17bf8a3084fb70bd4763ccfd16d2df405538b657f720871e0cd312dfeb7f592f3aac34d9d00d5a643

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\python310.dll

Filesize
1.4MB

MD5
2eac43445089be54e8fc98a8ef1a45de

SHA1
ec0bcb5bbf781b104a351668c15f5b63775bb9b9

SHA256
8503edb23e050affeb895fe647253493a172a5aeff5062aad2fa3c8c4dcaae93

SHA512
a604c169c4e27db450a904cb5437a692da0b114ac1793eb7c470a81831dcc09a6091528f052a48039ae5f7496d0f8498cafa6485f38221466d34d9e757e5e7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\pywin32_system32\pythoncom310.dll

Filesize
193KB

MD5
0f0e95fab7781458a0c7519004c299de

SHA1
2bcc65939d6cd4dc97f973f9dd303c49c2bd573b

SHA256
4cf19511ca0f796670abb9ef760a2081f091f1be613eece04a1d4d79beaecc4d

SHA512
2e89e75b2ddbdbf98dde2d9b100fda04e9b03f8b29c4d3f4b2c29d4ce74d5c6314fe558b6748ff939c892468a788f2470e957443369d9318b449cd99d2b4e43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\pywin32_system32\pywintypes310.dll

Filesize
62KB

MD5
7f9e63eae14711476c11dab1f2887627

SHA1
9f30c50cdfb4807e390ea8c7cca42c13243ceed1

SHA256
7905866620d94c3f341fa5fab43082ca6af3fee09b75d5d1e4b1cd6319ee17cd

SHA512
164ba0d32fd10eca67a062ca5b948232948f2329c3aeec581d065fd5e004dcf4ff0617d6e8ac3ec5fc6fb20807c5c222fe646d6a99a1eaab4fa15909c7226b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\select.pyd

Filesize
25KB

MD5
f7bc78210297779ed53d82ba83474524

SHA1
2cf775888eb0f6b503aa3914d190ea53cb24bfd8

SHA256
3f22ccd295ae81f5515b6256bda7ad97889fe2cf0a4c4ee8b4cc8fde79998314

SHA512
2bec59882c7f46544e446e868a8ae1993bf6aa8a3d599c888d126498a9396482b72e35a2d9c34d77a5cadbbe59f3620ab3af02a802245e95dfac53be8f3d8529

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\sqlite3.dll

Filesize
622KB

MD5
d356044ee56072d6cc490d2ec387842d

SHA1
c7c605efbbe5a4725ac4f942da2ecccc3fe4662c

SHA256
6fec78acdd4bda3a400bed8a8cb4a5c8a0e9a5a0fe450317268dbb1d8207b92c

SHA512
f53e48042cb3e6d626f4d2ba8f3b7b1f8ad5fa077df9024710c68d976ba9247642bb0e57a3fd704c9126e31b6efa7b97df577a00b1284e6bb219edf586e6cac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\unicodedata.pyd

Filesize
289KB

MD5
cc8f4dd8309f2eb3e4137b6464a5d797

SHA1
dcc7b250a57064b133694ac27fcfe570274425fd

SHA256
a753e10a438b5646851be2c07d6c97e5868c4828d0db1d041e11b5ca45af4d3a

SHA512
9fbe99dff749eddf4594b27bfbd643987c6610b7cdc1bed57937b8392ee9448084308700fde5f303970d835513403083004357f9973ad95da8da9eaa80fcb1fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\win32\win32api.pyd

Filesize
48KB

MD5
720ad6bad874f4ae4f15060ccdb1197d

SHA1
f57f91099b5328589d3b30e16580cc7cf1c09134

SHA256
0239fc9bf8ea4ebc8ff3a6cdef310780521975026a77ad7297a3bb156b76785e

SHA512
df9b983d58b463218d4fcdd6f5378f3bcae8fdba042f926d003d1bbbbf8e96ed93218af106fec65de1bb185bcdaea2e96a3077efe864d7e691bb613edf3069c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI18322\zstandard\backend_c.cp310-win_amd64.pyd

Filesize
167KB

MD5
ab7ed53efcd117f758464ba217683279

SHA1
6e97c4bb849ef7b06714175f2385a53c9ee8dd17

SHA256
56db3e5065806b99c72a2fdc4932e854a307a784138af5208fc5170ab44969b0

SHA512
6f99bcfd202591e6d54ef934e217c63c0a06519d345e39d306d701227a14c621c820a960f4c38132ed04ccf92ef000c1858aec30ebebe2dc461457b755359cd9

Download Submit
memory/4060-831-0x00007FFA11C10000-0x00007FFA11C28000-memory.dmp

Filesize
96KB

Download
memory/4060-848-0x00007FFA0A920000-0x00007FFA0A92C000-memory.dmp

Filesize
48KB

Download
memory/4060-782-0x00007FFA14650000-0x00007FFA1465D000-memory.dmp

Filesize
52KB

Download
memory/4060-790-0x00007FFA13650000-0x00007FFA1367E000-memory.dmp

Filesize
184KB

Download
memory/4060-791-0x00007FFA043D0000-0x00007FFA0448C000-memory.dmp

Filesize
752KB

Download
memory/4060-792-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp

Filesize
4.4MB

Download
memory/4060-795-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp

Filesize
144KB

Download
memory/4060-796-0x00007FFA13330000-0x00007FFA1335B000-memory.dmp

Filesize
172KB

Download
memory/4060-785-0x00007FFA14300000-0x00007FFA1430D000-memory.dmp

Filesize
52KB

Download
memory/4060-798-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp

Filesize
96KB

Download
memory/4060-799-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp

Filesize
184KB

Download
memory/4060-805-0x0000011DCA750000-0x0000011DCAAC9000-memory.dmp

Filesize
3.5MB

Download
memory/4060-806-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp

Filesize
176KB

Download
memory/4060-804-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp

Filesize
3.5MB

Download
memory/4060-803-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp

Filesize
736KB

Download
memory/4060-808-0x00007FFA13190000-0x00007FFA131A4000-memory.dmp

Filesize
80KB

Download
memory/4060-811-0x00007FFA13640000-0x00007FFA13650000-memory.dmp

Filesize
64KB

Download
memory/4060-810-0x00007FFA13680000-0x00007FFA13699000-memory.dmp

Filesize
100KB

Download
memory/4060-813-0x00007FFA033D0000-0x00007FFA034E8000-memory.dmp

Filesize
1.1MB

Download
memory/4060-778-0x00007FFA13940000-0x00007FFA13975000-memory.dmp

Filesize
212KB

Download
memory/4060-816-0x00007FFA04A00000-0x00007FFA04A87000-memory.dmp

Filesize
540KB

Download
memory/4060-820-0x00007FFA13050000-0x00007FFA13065000-memory.dmp

Filesize
84KB

Download
memory/4060-819-0x00007FFA043D0000-0x00007FFA0448C000-memory.dmp

Filesize
752KB

Download
memory/4060-818-0x00007FFA13650000-0x00007FFA1367E000-memory.dmp

Filesize
184KB

Download
memory/4060-756-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp

Filesize
176KB

Download
memory/4060-828-0x00007FFA13020000-0x00007FFA13047000-memory.dmp

Filesize
156KB

Download
memory/4060-827-0x00007FFA1B200000-0x00007FFA1B20B000-memory.dmp

Filesize
44KB

Download
memory/4060-752-0x00007FFA14720000-0x00007FFA1472F000-memory.dmp

Filesize
60KB

Download
memory/4060-753-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp

Filesize
96KB

Download
memory/4060-748-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp

Filesize
144KB

Download
memory/4060-740-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp

Filesize
4.4MB

Download
memory/4060-830-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp

Filesize
184KB

Download
memory/4060-832-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp

Filesize
736KB

Download
memory/4060-836-0x00007FFA04880000-0x00007FFA049FA000-memory.dmp

Filesize
1.5MB

Download
memory/4060-835-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp

Filesize
124KB

Download
memory/4060-834-0x0000011DCA750000-0x0000011DCAAC9000-memory.dmp

Filesize
3.5MB

Download
memory/4060-833-0x00007FFA034F0000-0x00007FFA03869000-memory.dmp

Filesize
3.5MB

Download
memory/4060-838-0x00007FFA0F2B0000-0x00007FFA0F2E7000-memory.dmp

Filesize
220KB

Download
memory/4060-837-0x00007FFA13190000-0x00007FFA131A4000-memory.dmp

Filesize
80KB

Download
memory/4060-839-0x00007FFA11350000-0x00007FFA1135B000-memory.dmp

Filesize
44KB

Download
memory/4060-844-0x00007FFA10200000-0x00007FFA1020B000-memory.dmp

Filesize
44KB

Download
memory/4060-843-0x00007FFA04A00000-0x00007FFA04A87000-memory.dmp

Filesize
540KB

Download
memory/4060-842-0x00007FFA10C30000-0x00007FFA10C3C000-memory.dmp

Filesize
48KB

Download
memory/4060-841-0x00007FFA11340000-0x00007FFA1134B000-memory.dmp

Filesize
44KB

Download
memory/4060-840-0x00007FFA033D0000-0x00007FFA034E8000-memory.dmp

Filesize
1.1MB

Download
memory/4060-845-0x00007FFA0C940000-0x00007FFA0C94C000-memory.dmp

Filesize
48KB

Download
memory/4060-846-0x00007FFA0A930000-0x00007FFA0A93B000-memory.dmp

Filesize
44KB

Download
memory/4060-780-0x00007FFA13680000-0x00007FFA13699000-memory.dmp

Filesize
100KB

Download
memory/4060-847-0x00007FFA11C10000-0x00007FFA11C28000-memory.dmp

Filesize
96KB

Download
memory/4060-850-0x00007FFA0A910000-0x00007FFA0A91D000-memory.dmp

Filesize
52KB

Download
memory/4060-849-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp

Filesize
124KB

Download
memory/4060-856-0x00007FFA11350000-0x00007FFA1135B000-memory.dmp

Filesize
44KB

Download
memory/4060-855-0x00007FFA0A8E0000-0x00007FFA0A8EB000-memory.dmp

Filesize
44KB

Download
memory/4060-854-0x00007FFA0F2B0000-0x00007FFA0F2E7000-memory.dmp

Filesize
220KB

Download
memory/4060-853-0x00007FFA0A8F0000-0x00007FFA0A8FC000-memory.dmp

Filesize
48KB

Download
memory/4060-852-0x00007FFA0A900000-0x00007FFA0A90E000-memory.dmp

Filesize
56KB

Download
memory/4060-851-0x00007FFA04880000-0x00007FFA049FA000-memory.dmp

Filesize
1.5MB

Download
memory/4060-858-0x00007FFA0A8C0000-0x00007FFA0A8CC000-memory.dmp

Filesize
48KB

Download
memory/4060-862-0x00007FFA04D60000-0x00007FFA04D6C000-memory.dmp

Filesize
48KB

Download
memory/4060-861-0x00007FFA04D70000-0x00007FFA04D82000-memory.dmp

Filesize
72KB

Download
memory/4060-860-0x00007FFA04D90000-0x00007FFA04D9D000-memory.dmp

Filesize
52KB

Download
memory/4060-859-0x00007FFA0A210000-0x00007FFA0A21B000-memory.dmp

Filesize
44KB

Download
memory/4060-857-0x00007FFA0A8D0000-0x00007FFA0A8DB000-memory.dmp

Filesize
44KB

Download
memory/4060-863-0x00007FFA10200000-0x00007FFA1020B000-memory.dmp

Filesize
44KB

Download
memory/4060-864-0x00007FFA04850000-0x00007FFA04879000-memory.dmp

Filesize
164KB

Download
memory/4060-867-0x00007FFA04D50000-0x00007FFA04D5B000-memory.dmp

Filesize
44KB

Download
memory/4060-869-0x00007FFA047E0000-0x00007FFA047FC000-memory.dmp

Filesize
112KB

Download
memory/4060-868-0x00007FFA0A930000-0x00007FFA0A93B000-memory.dmp

Filesize
44KB

Download
memory/4060-871-0x00007FFA0A910000-0x00007FFA0A91D000-memory.dmp

Filesize
52KB

Download
memory/4060-870-0x00007FFA02FA0000-0x00007FFA033C7000-memory.dmp

Filesize
4.2MB

Download
memory/4060-872-0x00007FFA01BE0000-0x00007FFA02F91000-memory.dmp

Filesize
19.7MB

Download
memory/4060-873-0x00007FFA04720000-0x00007FFA04742000-memory.dmp

Filesize
136KB

Download
memory/4060-909-0x00007FFA131B0000-0x00007FFA131DE000-memory.dmp

Filesize
184KB

Download
memory/4060-920-0x00007FFA11360000-0x00007FFA1137F000-memory.dmp

Filesize
124KB

Download
memory/4060-919-0x00007FFA11C10000-0x00007FFA11C28000-memory.dmp

Filesize
96KB

Download
memory/4060-918-0x00007FFA13020000-0x00007FFA13047000-memory.dmp

Filesize
156KB

Download
memory/4060-917-0x00007FFA1B200000-0x00007FFA1B20B000-memory.dmp

Filesize
44KB

Download
memory/4060-916-0x00007FFA13050000-0x00007FFA13065000-memory.dmp

Filesize
84KB

Download
memory/4060-915-0x00007FFA10200000-0x00007FFA1020B000-memory.dmp

Filesize
44KB

Download
memory/4060-914-0x00007FFA10C30000-0x00007FFA10C3C000-memory.dmp

Filesize
48KB

Download
memory/4060-913-0x00007FFA13640000-0x00007FFA13650000-memory.dmp

Filesize
64KB

Download
memory/4060-912-0x00007FFA13190000-0x00007FFA131A4000-memory.dmp

Filesize
80KB

Download
memory/4060-911-0x00007FFA0A8E0000-0x00007FFA0A8EB000-memory.dmp

Filesize
44KB

Download
memory/4060-910-0x00007FFA04310000-0x00007FFA043C8000-memory.dmp

Filesize
736KB

Download
memory/4060-908-0x00007FFA13330000-0x00007FFA1335B000-memory.dmp

Filesize
172KB

Download
memory/4060-907-0x00007FFA043D0000-0x00007FFA0448C000-memory.dmp

Filesize
752KB

Download
memory/4060-906-0x00007FFA13650000-0x00007FFA1367E000-memory.dmp

Filesize
184KB

Download
memory/4060-905-0x00007FFA14300000-0x00007FFA1430D000-memory.dmp

Filesize
52KB

Download
memory/4060-904-0x00007FFA14650000-0x00007FFA1465D000-memory.dmp

Filesize
52KB

Download
memory/4060-903-0x00007FFA13680000-0x00007FFA13699000-memory.dmp

Filesize
100KB

Download
memory/4060-902-0x00007FFA13940000-0x00007FFA13975000-memory.dmp

Filesize
212KB

Download
memory/4060-901-0x00007FFA13980000-0x00007FFA139AC000-memory.dmp

Filesize
176KB

Download
memory/4060-900-0x00007FFA139B0000-0x00007FFA139C8000-memory.dmp

Filesize
96KB

Download
memory/4060-899-0x00007FFA14720000-0x00007FFA1472F000-memory.dmp

Filesize
60KB

Download
memory/4060-898-0x00007FFA139D0000-0x00007FFA139F4000-memory.dmp

Filesize
144KB

Download
memory/4060-897-0x00007FFA03870000-0x00007FFA03CD6000-memory.dmp

Filesize
4.4MB

Download