warzonerat | ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08

Analysis

max time kernel
134s
max time network
112s
platform
windows10_x64
resource
win10v200430
submitted
06-07-2020 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
Size

1.8MB
MD5

c8c500dafdfa5f1e0b9609a0de3ed0c2
SHA1

0188ba23e3ee0f74ad8a055a6474933c47eaa7e9
SHA256

ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08
SHA512

7cb27417cb1796978459161fd94bc067ce047b9bdc7886e8dab02f5ec59a21c3fc93c27c9b29f51e715df512cea75e91fe7b6273e94573b8d02130c369a3f93c

Score

10^/10

rat persistence evasion infostealer warzonerat

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs
evasion

Hidden Files and Directories
T1158

Modify Registry
T1112
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT Payload 147 IoCs

rat

resource	yara_rule
behavioral2/files/0x000200000001ad88-9.dat	warzonerat
behavioral2/files/0x000200000001ad88-10.dat	warzonerat
behavioral2/files/0x000200000001ad88-13.dat	warzonerat
behavioral2/files/0x000200000001ad82-14.dat	warzonerat
behavioral2/files/0x000200000001ad83-15.dat	warzonerat
behavioral2/files/0x000300000001ad87-21.dat	warzonerat
behavioral2/files/0x000300000001ad87-22.dat	warzonerat
behavioral2/files/0x000300000001ad87-28.dat	warzonerat
behavioral2/files/0x000300000001ad87-32.dat	warzonerat
behavioral2/files/0x000300000001ad87-36.dat	warzonerat
behavioral2/files/0x000300000001ad87-40.dat	warzonerat
behavioral2/files/0x000300000001ad87-44.dat	warzonerat
behavioral2/files/0x000300000001ad87-48.dat	warzonerat
behavioral2/files/0x000300000001ad87-52.dat	warzonerat
behavioral2/files/0x000300000001ad87-56.dat	warzonerat
behavioral2/files/0x000300000001ad87-60.dat	warzonerat
behavioral2/files/0x000300000001ad87-64.dat	warzonerat
behavioral2/files/0x000300000001ad87-68.dat	warzonerat
behavioral2/files/0x000300000001ad87-72.dat	warzonerat
behavioral2/files/0x000300000001ad87-76.dat	warzonerat
behavioral2/files/0x000300000001ad87-80.dat	warzonerat
behavioral2/files/0x000300000001ad87-84.dat	warzonerat
behavioral2/files/0x000300000001ad87-88.dat	warzonerat
behavioral2/files/0x000300000001ad87-92.dat	warzonerat
behavioral2/files/0x000300000001ad87-96.dat	warzonerat
behavioral2/files/0x000300000001ad87-100.dat	warzonerat
behavioral2/files/0x000300000001ad87-104.dat	warzonerat
behavioral2/files/0x000300000001ad87-108.dat	warzonerat
behavioral2/files/0x000300000001ad87-112.dat	warzonerat
behavioral2/files/0x000300000001ad87-116.dat	warzonerat
behavioral2/files/0x000300000001ad87-120.dat	warzonerat
behavioral2/files/0x000300000001ad87-124.dat	warzonerat
behavioral2/files/0x000300000001ad87-128.dat	warzonerat
behavioral2/files/0x000300000001ad87-132.dat	warzonerat
behavioral2/files/0x000300000001ad87-136.dat	warzonerat
behavioral2/files/0x000300000001ad87-140.dat	warzonerat
behavioral2/files/0x000300000001ad87-144.dat	warzonerat
behavioral2/files/0x000300000001ad87-148.dat	warzonerat
behavioral2/files/0x000300000001ad87-152.dat	warzonerat
behavioral2/files/0x000300000001ad87-156.dat	warzonerat
behavioral2/files/0x000300000001ad87-160.dat	warzonerat
behavioral2/files/0x000300000001ad87-164.dat	warzonerat
behavioral2/files/0x000300000001ad87-168.dat	warzonerat
behavioral2/files/0x000300000001ad87-172.dat	warzonerat
behavioral2/files/0x000300000001ad87-176.dat	warzonerat
behavioral2/files/0x000300000001ad87-180.dat	warzonerat
behavioral2/files/0x000300000001ad87-184.dat	warzonerat
behavioral2/files/0x000300000001ad87-188.dat	warzonerat
behavioral2/files/0x000300000001ad87-192.dat	warzonerat
behavioral2/files/0x000300000001ad87-196.dat	warzonerat
behavioral2/files/0x000300000001ad87-200.dat	warzonerat
behavioral2/files/0x000300000001ad87-204.dat	warzonerat
behavioral2/files/0x000300000001ad87-208.dat	warzonerat
behavioral2/files/0x000300000001ad87-212.dat	warzonerat
behavioral2/files/0x000300000001ad87-216.dat	warzonerat
behavioral2/files/0x000300000001ad87-220.dat	warzonerat
behavioral2/files/0x000300000001ad87-224.dat	warzonerat
behavioral2/files/0x000300000001ad87-228.dat	warzonerat
behavioral2/files/0x000300000001ad87-232.dat	warzonerat
behavioral2/files/0x000300000001ad87-236.dat	warzonerat
behavioral2/files/0x000300000001ad87-240.dat	warzonerat
behavioral2/files/0x000300000001ad87-244.dat	warzonerat
behavioral2/files/0x000300000001ad87-248.dat	warzonerat
behavioral2/files/0x000300000001ad87-252.dat	warzonerat
behavioral2/files/0x000300000001ad87-256.dat	warzonerat
behavioral2/files/0x000300000001ad87-260.dat	warzonerat
behavioral2/files/0x000300000001ad87-264.dat	warzonerat
behavioral2/files/0x000300000001ad87-268.dat	warzonerat
behavioral2/files/0x000300000001ad87-272.dat	warzonerat
behavioral2/files/0x000300000001ad87-276.dat	warzonerat
behavioral2/files/0x000300000001ad87-280.dat	warzonerat
behavioral2/files/0x000300000001ad87-284.dat	warzonerat
behavioral2/files/0x000300000001ad87-288.dat	warzonerat
behavioral2/files/0x000300000001ad87-292.dat	warzonerat
behavioral2/files/0x000300000001ad87-296.dat	warzonerat
behavioral2/files/0x000300000001ad87-300.dat	warzonerat
behavioral2/files/0x000300000001ad87-304.dat	warzonerat
behavioral2/files/0x000300000001ad87-308.dat	warzonerat
behavioral2/files/0x000300000001ad87-312.dat	warzonerat
behavioral2/files/0x000300000001ad87-316.dat	warzonerat
behavioral2/files/0x000300000001ad87-320.dat	warzonerat
behavioral2/files/0x000300000001ad87-324.dat	warzonerat
behavioral2/files/0x000300000001ad87-328.dat	warzonerat
behavioral2/files/0x000300000001ad87-332.dat	warzonerat
behavioral2/files/0x000300000001ad87-336.dat	warzonerat
behavioral2/files/0x000300000001ad87-340.dat	warzonerat
behavioral2/files/0x000300000001ad87-344.dat	warzonerat
behavioral2/files/0x000300000001ad87-348.dat	warzonerat
behavioral2/files/0x000300000001ad87-352.dat	warzonerat
behavioral2/files/0x000300000001ad87-356.dat	warzonerat
behavioral2/files/0x000300000001ad87-360.dat	warzonerat
behavioral2/files/0x000300000001ad87-364.dat	warzonerat
behavioral2/files/0x000300000001ad87-368.dat	warzonerat
behavioral2/files/0x000300000001ad87-372.dat	warzonerat
behavioral2/files/0x000300000001ad87-376.dat	warzonerat
behavioral2/files/0x000300000001ad87-380.dat	warzonerat
behavioral2/files/0x000300000001ad87-384.dat	warzonerat
behavioral2/files/0x000300000001ad87-388.dat	warzonerat
behavioral2/files/0x000300000001ad87-392.dat	warzonerat
behavioral2/files/0x000300000001ad87-396.dat	warzonerat
behavioral2/files/0x000300000001ad87-400.dat	warzonerat
behavioral2/files/0x000300000001ad87-404.dat	warzonerat
behavioral2/files/0x000300000001ad87-408.dat	warzonerat
behavioral2/files/0x000300000001ad87-412.dat	warzonerat
behavioral2/files/0x000300000001ad87-416.dat	warzonerat
behavioral2/files/0x000300000001ad87-420.dat	warzonerat
behavioral2/files/0x000300000001ad87-424.dat	warzonerat
behavioral2/files/0x000300000001ad87-428.dat	warzonerat
behavioral2/files/0x000300000001ad87-432.dat	warzonerat
behavioral2/files/0x000300000001ad87-436.dat	warzonerat
behavioral2/files/0x000300000001ad87-440.dat	warzonerat
behavioral2/files/0x000300000001ad87-444.dat	warzonerat
behavioral2/files/0x000300000001ad87-448.dat	warzonerat
behavioral2/files/0x000300000001ad87-452.dat	warzonerat
behavioral2/files/0x000300000001ad87-456.dat	warzonerat
behavioral2/files/0x000300000001ad87-460.dat	warzonerat
behavioral2/files/0x000300000001ad87-464.dat	warzonerat
behavioral2/files/0x000300000001ad87-468.dat	warzonerat
behavioral2/files/0x000300000001ad87-472.dat	warzonerat
behavioral2/files/0x000300000001ad87-476.dat	warzonerat
behavioral2/files/0x000300000001ad87-480.dat	warzonerat
behavioral2/files/0x000300000001ad87-484.dat	warzonerat
behavioral2/files/0x000300000001ad87-488.dat	warzonerat
behavioral2/files/0x000300000001ad87-492.dat	warzonerat
behavioral2/files/0x000300000001ad87-496.dat	warzonerat
behavioral2/files/0x000300000001ad87-500.dat	warzonerat
behavioral2/files/0x000300000001ad87-504.dat	warzonerat
behavioral2/files/0x000300000001ad87-508.dat	warzonerat
behavioral2/files/0x000300000001ad87-512.dat	warzonerat
behavioral2/files/0x000300000001ad87-516.dat	warzonerat
behavioral2/files/0x000300000001ad87-520.dat	warzonerat
behavioral2/files/0x000300000001ad87-524.dat	warzonerat
behavioral2/files/0x000300000001ad87-528.dat	warzonerat
behavioral2/files/0x000300000001ad87-532.dat	warzonerat
behavioral2/files/0x000300000001ad87-536.dat	warzonerat
behavioral2/files/0x000300000001ad87-540.dat	warzonerat
behavioral2/files/0x000300000001ad87-544.dat	warzonerat
behavioral2/files/0x000300000001ad87-548.dat	warzonerat
behavioral2/files/0x000300000001ad87-552.dat	warzonerat
behavioral2/files/0x000300000001ad87-556.dat	warzonerat
behavioral2/files/0x000300000001ad87-560.dat	warzonerat
behavioral2/files/0x000300000001ad87-564.dat	warzonerat
behavioral2/files/0x000300000001ad87-568.dat	warzonerat
behavioral2/files/0x000300000001ad87-572.dat	warzonerat
behavioral2/files/0x000300000001ad87-576.dat	warzonerat
behavioral2/files/0x000300000001ad87-580.dat	warzonerat
behavioral2/files/0x000300000001ad87-584.dat	warzonerat

Executes dropped EXE 149 IoCs

pid	Process
2712	explorer.exe
2820	explorer.exe
3000	spoolsv.exe
3852	spoolsv.exe
3948	spoolsv.exe
3412	spoolsv.exe
3448	spoolsv.exe
1720	spoolsv.exe
3004	spoolsv.exe
2968	spoolsv.exe
2636	spoolsv.exe
3540	spoolsv.exe
2508	spoolsv.exe
3036	spoolsv.exe
748	spoolsv.exe
1260	spoolsv.exe
2040	spoolsv.exe
2736	spoolsv.exe
3908	spoolsv.exe
392	spoolsv.exe
1804	spoolsv.exe
1596	spoolsv.exe
2976	spoolsv.exe
2264	spoolsv.exe
2432	spoolsv.exe
2480	spoolsv.exe
424	spoolsv.exe
1312	spoolsv.exe
3424	spoolsv.exe
3684	spoolsv.exe
3964	spoolsv.exe
3408	spoolsv.exe
3520	spoolsv.exe
3508	spoolsv.exe
4088	spoolsv.exe
3588	spoolsv.exe
1316	spoolsv.exe
1432	spoolsv.exe
2020	spoolsv.exe
3356	spoolsv.exe
2896	spoolsv.exe
2128	spoolsv.exe
1540	spoolsv.exe
4080	spoolsv.exe
3420	spoolsv.exe
2244	spoolsv.exe
3764	spoolsv.exe
3464	spoolsv.exe
3972	spoolsv.exe
2728	spoolsv.exe
3656	spoolsv.exe
2984	spoolsv.exe
2648	spoolsv.exe
2716	spoolsv.exe
3028	spoolsv.exe
3180	spoolsv.exe
2084	spoolsv.exe
4104	spoolsv.exe
4136	spoolsv.exe
4168	spoolsv.exe
4200	spoolsv.exe
4232	spoolsv.exe
4268	spoolsv.exe
4300	spoolsv.exe
4332	spoolsv.exe
4364	spoolsv.exe
4396	spoolsv.exe
4428	spoolsv.exe
4460	spoolsv.exe
4492	spoolsv.exe
4524	spoolsv.exe
4556	spoolsv.exe
4592	spoolsv.exe
4624	spoolsv.exe
4656	spoolsv.exe
4688	spoolsv.exe
4720	spoolsv.exe
4752	spoolsv.exe
4784	spoolsv.exe
4816	spoolsv.exe
4848	spoolsv.exe
4880	spoolsv.exe
4912	spoolsv.exe
4944	spoolsv.exe
4976	spoolsv.exe
5008	spoolsv.exe
5040	spoolsv.exe
5072	spoolsv.exe
5104	spoolsv.exe
4128	spoolsv.exe
4196	spoolsv.exe
4264	spoolsv.exe
4340	spoolsv.exe
4404	spoolsv.exe
4468	spoolsv.exe
4532	spoolsv.exe
4600	spoolsv.exe
4664	spoolsv.exe
4712	spoolsv.exe
4776	spoolsv.exe
4840	spoolsv.exe
4904	spoolsv.exe
4968	spoolsv.exe
5032	spoolsv.exe
5096	spoolsv.exe
4192	spoolsv.exe
4328	spoolsv.exe
4456	spoolsv.exe
4588	spoolsv.exe
4700	spoolsv.exe
4828	spoolsv.exe
4924	spoolsv.exe
5052	spoolsv.exe
4244	spoolsv.exe
4488	spoolsv.exe
4732	spoolsv.exe
4956	spoolsv.exe
4180	spoolsv.exe
2620	spoolsv.exe
5020	spoolsv.exe
1796	spoolsv.exe
3880	spoolsv.exe
5136	spoolsv.exe
5168	spoolsv.exe
5200	spoolsv.exe
5232	spoolsv.exe
5264	spoolsv.exe
5296	spoolsv.exe
5328	spoolsv.exe
5360	spoolsv.exe
5392	spoolsv.exe
5424	spoolsv.exe
5456	spoolsv.exe
5488	spoolsv.exe
5520	spoolsv.exe
5552	spoolsv.exe
5584	spoolsv.exe
5616	spoolsv.exe
5648	spoolsv.exe
5680	spoolsv.exe
5712	spoolsv.exe
5744	spoolsv.exe
5776	spoolsv.exe
5820	spoolsv.exe
5808	spoolsv.exe
5900	spoolsv.exe
5932	spoolsv.exe
5944	spoolsv.exe
5988	spoolsv.exe

Modifies Installed Components in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\SyncHost.exe"	spoolsv.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft OneDrive = "C:\\Users\\Admin\\AppData\\Local\\Chrome\\StikyNot.exe"	spoolsv.exe

Suspicious use of SetThreadContext 9 IoCs

description	pid	Process	procid_target
PID 3180 set thread context of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 2712 set thread context of 2820	2712	explorer.exe	75
PID 3000 set thread context of 5808	3000	spoolsv.exe	218
PID 3000 set thread context of 5864	3000	spoolsv.exe	220
PID 3852 set thread context of 5900	3852	spoolsv.exe	221
PID 3948 set thread context of 5944	3948	spoolsv.exe	223
PID 3852 set thread context of 6000	3852	spoolsv.exe	225
PID 3412 set thread context of 5988	3412	spoolsv.exe	224
PID 3948 set thread context of 6048	3948	spoolsv.exe	226

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\system\svchost.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\explorer.exe	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	explorer.exe

Suspicious behavior: EnumeratesProcesses 290 IoCs

pid	Process
2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2820	explorer.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
5808	spoolsv.exe
5808	spoolsv.exe
5900	spoolsv.exe
5944	spoolsv.exe
5900	spoolsv.exe

Suspicious use of WriteProcessMemory 513 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2088	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	72
PID 3180 wrote to memory of 2092	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	73
PID 3180 wrote to memory of 2092	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	73
PID 3180 wrote to memory of 2092	3180	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	73
PID 2088 wrote to memory of 2712	2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	74
PID 2088 wrote to memory of 2712	2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	74
PID 2088 wrote to memory of 2712	2088	ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe	74
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 2820	2712	explorer.exe	75
PID 2712 wrote to memory of 3844	2712	explorer.exe	76
PID 2712 wrote to memory of 3844	2712	explorer.exe	76
PID 2712 wrote to memory of 3844	2712	explorer.exe	76
PID 2820 wrote to memory of 3000	2820	explorer.exe	77
PID 2820 wrote to memory of 3000	2820	explorer.exe	77
PID 2820 wrote to memory of 3000	2820	explorer.exe	77
PID 2820 wrote to memory of 3852	2820	explorer.exe	78
PID 2820 wrote to memory of 3852	2820	explorer.exe	78
PID 2820 wrote to memory of 3852	2820	explorer.exe	78
PID 2820 wrote to memory of 3948	2820	explorer.exe	79
PID 2820 wrote to memory of 3948	2820	explorer.exe	79
PID 2820 wrote to memory of 3948	2820	explorer.exe	79
PID 2820 wrote to memory of 3412	2820	explorer.exe	80
PID 2820 wrote to memory of 3412	2820	explorer.exe	80
PID 2820 wrote to memory of 3412	2820	explorer.exe	80
PID 2820 wrote to memory of 3448	2820	explorer.exe	81
PID 2820 wrote to memory of 3448	2820	explorer.exe	81
PID 2820 wrote to memory of 3448	2820	explorer.exe	81
PID 2820 wrote to memory of 1720	2820	explorer.exe	82
PID 2820 wrote to memory of 1720	2820	explorer.exe	82
PID 2820 wrote to memory of 1720	2820	explorer.exe	82
PID 2820 wrote to memory of 3004	2820	explorer.exe	83
PID 2820 wrote to memory of 3004	2820	explorer.exe	83
PID 2820 wrote to memory of 3004	2820	explorer.exe	83
PID 2820 wrote to memory of 2968	2820	explorer.exe	84
PID 2820 wrote to memory of 2968	2820	explorer.exe	84
PID 2820 wrote to memory of 2968	2820	explorer.exe	84
PID 2820 wrote to memory of 2636	2820	explorer.exe	85
PID 2820 wrote to memory of 2636	2820	explorer.exe	85
PID 2820 wrote to memory of 2636	2820	explorer.exe	85
PID 2820 wrote to memory of 3540	2820	explorer.exe	86
PID 2820 wrote to memory of 3540	2820	explorer.exe	86
PID 2820 wrote to memory of 3540	2820	explorer.exe	86
PID 2820 wrote to memory of 2508	2820	explorer.exe	87
PID 2820 wrote to memory of 2508	2820	explorer.exe	87
PID 2820 wrote to memory of 2508	2820	explorer.exe	87
PID 2820 wrote to memory of 3036	2820	explorer.exe	88
PID 2820 wrote to memory of 3036	2820	explorer.exe	88
PID 2820 wrote to memory of 3036	2820	explorer.exe	88
PID 2820 wrote to memory of 748	2820	explorer.exe	89
PID 2820 wrote to memory of 748	2820	explorer.exe	89
PID 2820 wrote to memory of 748	2820	explorer.exe	89
PID 2820 wrote to memory of 1260	2820	explorer.exe	90
PID 2820 wrote to memory of 1260	2820	explorer.exe	90
PID 2820 wrote to memory of 1260	2820	explorer.exe	90
PID 2820 wrote to memory of 2040	2820	explorer.exe	91
PID 2820 wrote to memory of 2040	2820	explorer.exe	91
PID 2820 wrote to memory of 2040	2820	explorer.exe	91
PID 2820 wrote to memory of 2736	2820	explorer.exe	92
PID 2820 wrote to memory of 2736	2820	explorer.exe	92
PID 2820 wrote to memory of 2736	2820	explorer.exe	92
PID 2820 wrote to memory of 3908	2820	explorer.exe	93
PID 2820 wrote to memory of 3908	2820	explorer.exe	93
PID 2820 wrote to memory of 3908	2820	explorer.exe	93
PID 2820 wrote to memory of 392	2820	explorer.exe	94
PID 2820 wrote to memory of 392	2820	explorer.exe	94
PID 2820 wrote to memory of 392	2820	explorer.exe	94
PID 2820 wrote to memory of 1804	2820	explorer.exe	95
PID 2820 wrote to memory of 1804	2820	explorer.exe	95
PID 2820 wrote to memory of 1804	2820	explorer.exe	95
PID 2820 wrote to memory of 1596	2820	explorer.exe	96
PID 2820 wrote to memory of 1596	2820	explorer.exe	96
PID 2820 wrote to memory of 1596	2820	explorer.exe	96
PID 2820 wrote to memory of 2976	2820	explorer.exe	97
PID 2820 wrote to memory of 2976	2820	explorer.exe	97
PID 2820 wrote to memory of 2976	2820	explorer.exe	97
PID 2820 wrote to memory of 2264	2820	explorer.exe	98
PID 2820 wrote to memory of 2264	2820	explorer.exe	98
PID 2820 wrote to memory of 2264	2820	explorer.exe	98
PID 2820 wrote to memory of 2432	2820	explorer.exe	99
PID 2820 wrote to memory of 2432	2820	explorer.exe	99
PID 2820 wrote to memory of 2432	2820	explorer.exe	99
PID 2820 wrote to memory of 2480	2820	explorer.exe	100
PID 2820 wrote to memory of 2480	2820	explorer.exe	100
PID 2820 wrote to memory of 2480	2820	explorer.exe	100
PID 2820 wrote to memory of 424	2820	explorer.exe	101
PID 2820 wrote to memory of 424	2820	explorer.exe	101
PID 2820 wrote to memory of 424	2820	explorer.exe	101
PID 2820 wrote to memory of 1312	2820	explorer.exe	102
PID 2820 wrote to memory of 1312	2820	explorer.exe	102
PID 2820 wrote to memory of 1312	2820	explorer.exe	102
PID 2820 wrote to memory of 3424	2820	explorer.exe	103
PID 2820 wrote to memory of 3424	2820	explorer.exe	103
PID 2820 wrote to memory of 3424	2820	explorer.exe	103
PID 2820 wrote to memory of 3684	2820	explorer.exe	104
PID 2820 wrote to memory of 3684	2820	explorer.exe	104
PID 2820 wrote to memory of 3684	2820	explorer.exe	104
PID 2820 wrote to memory of 3964	2820	explorer.exe	105
PID 2820 wrote to memory of 3964	2820	explorer.exe	105
PID 2820 wrote to memory of 3964	2820	explorer.exe	105
PID 2820 wrote to memory of 3408	2820	explorer.exe	106
PID 2820 wrote to memory of 3408	2820	explorer.exe	106
PID 2820 wrote to memory of 3408	2820	explorer.exe	106
PID 2820 wrote to memory of 3520	2820	explorer.exe	107
PID 2820 wrote to memory of 3520	2820	explorer.exe	107
PID 2820 wrote to memory of 3520	2820	explorer.exe	107
PID 2820 wrote to memory of 3508	2820	explorer.exe	108
PID 2820 wrote to memory of 3508	2820	explorer.exe	108
PID 2820 wrote to memory of 3508	2820	explorer.exe	108
PID 2820 wrote to memory of 4088	2820	explorer.exe	109
PID 2820 wrote to memory of 4088	2820	explorer.exe	109
PID 2820 wrote to memory of 4088	2820	explorer.exe	109
PID 2820 wrote to memory of 3588	2820	explorer.exe	110
PID 2820 wrote to memory of 3588	2820	explorer.exe	110
PID 2820 wrote to memory of 3588	2820	explorer.exe	110
PID 2820 wrote to memory of 1316	2820	explorer.exe	111
PID 2820 wrote to memory of 1316	2820	explorer.exe	111
PID 2820 wrote to memory of 1316	2820	explorer.exe	111
PID 2820 wrote to memory of 1432	2820	explorer.exe	112
PID 2820 wrote to memory of 1432	2820	explorer.exe	112
PID 2820 wrote to memory of 1432	2820	explorer.exe	112
PID 2820 wrote to memory of 2020	2820	explorer.exe	113
PID 2820 wrote to memory of 2020	2820	explorer.exe	113
PID 2820 wrote to memory of 2020	2820	explorer.exe	113
PID 2820 wrote to memory of 3356	2820	explorer.exe	114
PID 2820 wrote to memory of 3356	2820	explorer.exe	114
PID 2820 wrote to memory of 3356	2820	explorer.exe	114
PID 2820 wrote to memory of 2896	2820	explorer.exe	115
PID 2820 wrote to memory of 2896	2820	explorer.exe	115
PID 2820 wrote to memory of 2896	2820	explorer.exe	115
PID 2820 wrote to memory of 2128	2820	explorer.exe	116
PID 2820 wrote to memory of 2128	2820	explorer.exe	116
PID 2820 wrote to memory of 2128	2820	explorer.exe	116
PID 2820 wrote to memory of 1540	2820	explorer.exe	117
PID 2820 wrote to memory of 1540	2820	explorer.exe	117
PID 2820 wrote to memory of 1540	2820	explorer.exe	117
PID 2820 wrote to memory of 4080	2820	explorer.exe	118
PID 2820 wrote to memory of 4080	2820	explorer.exe	118
PID 2820 wrote to memory of 4080	2820	explorer.exe	118
PID 2820 wrote to memory of 3420	2820	explorer.exe	119
PID 2820 wrote to memory of 3420	2820	explorer.exe	119
PID 2820 wrote to memory of 3420	2820	explorer.exe	119
PID 2820 wrote to memory of 2244	2820	explorer.exe	120
PID 2820 wrote to memory of 2244	2820	explorer.exe	120
PID 2820 wrote to memory of 2244	2820	explorer.exe	120
PID 2820 wrote to memory of 3764	2820	explorer.exe	121
PID 2820 wrote to memory of 3764	2820	explorer.exe	121
PID 2820 wrote to memory of 3764	2820	explorer.exe	121
PID 2820 wrote to memory of 3464	2820	explorer.exe	122
PID 2820 wrote to memory of 3464	2820	explorer.exe	122
PID 2820 wrote to memory of 3464	2820	explorer.exe	122
PID 2820 wrote to memory of 3972	2820	explorer.exe	123
PID 2820 wrote to memory of 3972	2820	explorer.exe	123
PID 2820 wrote to memory of 3972	2820	explorer.exe	123
PID 2820 wrote to memory of 2728	2820	explorer.exe	124
PID 2820 wrote to memory of 2728	2820	explorer.exe	124
PID 2820 wrote to memory of 2728	2820	explorer.exe	124
PID 2820 wrote to memory of 3656	2820	explorer.exe	125
PID 2820 wrote to memory of 3656	2820	explorer.exe	125
PID 2820 wrote to memory of 3656	2820	explorer.exe	125
PID 2820 wrote to memory of 2984	2820	explorer.exe	126
PID 2820 wrote to memory of 2984	2820	explorer.exe	126
PID 2820 wrote to memory of 2984	2820	explorer.exe	126
PID 2820 wrote to memory of 2648	2820	explorer.exe	127
PID 2820 wrote to memory of 2648	2820	explorer.exe	127
PID 2820 wrote to memory of 2648	2820	explorer.exe	127
PID 2820 wrote to memory of 2716	2820	explorer.exe	128
PID 2820 wrote to memory of 2716	2820	explorer.exe	128
PID 2820 wrote to memory of 2716	2820	explorer.exe	128
PID 2820 wrote to memory of 3028	2820	explorer.exe	129
PID 2820 wrote to memory of 3028	2820	explorer.exe	129
PID 2820 wrote to memory of 3028	2820	explorer.exe	129
PID 2820 wrote to memory of 3180	2820	explorer.exe	130
PID 2820 wrote to memory of 3180	2820	explorer.exe	130
PID 2820 wrote to memory of 3180	2820	explorer.exe	130
PID 2820 wrote to memory of 2084	2820	explorer.exe	131
PID 2820 wrote to memory of 2084	2820	explorer.exe	131
PID 2820 wrote to memory of 2084	2820	explorer.exe	131
PID 2820 wrote to memory of 4104	2820	explorer.exe	132
PID 2820 wrote to memory of 4104	2820	explorer.exe	132
PID 2820 wrote to memory of 4104	2820	explorer.exe	132
PID 2820 wrote to memory of 4136	2820	explorer.exe	133
PID 2820 wrote to memory of 4136	2820	explorer.exe	133
PID 2820 wrote to memory of 4136	2820	explorer.exe	133
PID 2820 wrote to memory of 4168	2820	explorer.exe	134
PID 2820 wrote to memory of 4168	2820	explorer.exe	134
PID 2820 wrote to memory of 4168	2820	explorer.exe	134
PID 2820 wrote to memory of 4200	2820	explorer.exe	135
PID 2820 wrote to memory of 4200	2820	explorer.exe	135
PID 2820 wrote to memory of 4200	2820	explorer.exe	135
PID 2820 wrote to memory of 4232	2820	explorer.exe	136
PID 2820 wrote to memory of 4232	2820	explorer.exe	136
PID 2820 wrote to memory of 4232	2820	explorer.exe	136
PID 2820 wrote to memory of 4268	2820	explorer.exe	137
PID 2820 wrote to memory of 4268	2820	explorer.exe	137
PID 2820 wrote to memory of 4268	2820	explorer.exe	137
PID 2820 wrote to memory of 4300	2820	explorer.exe	138
PID 2820 wrote to memory of 4300	2820	explorer.exe	138
PID 2820 wrote to memory of 4300	2820	explorer.exe	138
PID 2820 wrote to memory of 4332	2820	explorer.exe	139
PID 2820 wrote to memory of 4332	2820	explorer.exe	139
PID 2820 wrote to memory of 4332	2820	explorer.exe	139
PID 2820 wrote to memory of 4364	2820	explorer.exe	140
PID 2820 wrote to memory of 4364	2820	explorer.exe	140
PID 2820 wrote to memory of 4364	2820	explorer.exe	140
PID 2820 wrote to memory of 4396	2820	explorer.exe	141
PID 2820 wrote to memory of 4396	2820	explorer.exe	141
PID 2820 wrote to memory of 4396	2820	explorer.exe	141
PID 2820 wrote to memory of 4428	2820	explorer.exe	142
PID 2820 wrote to memory of 4428	2820	explorer.exe	142
PID 2820 wrote to memory of 4428	2820	explorer.exe	142
PID 2820 wrote to memory of 4460	2820	explorer.exe	143
PID 2820 wrote to memory of 4460	2820	explorer.exe	143
PID 2820 wrote to memory of 4460	2820	explorer.exe	143
PID 2820 wrote to memory of 4492	2820	explorer.exe	144
PID 2820 wrote to memory of 4492	2820	explorer.exe	144
PID 2820 wrote to memory of 4492	2820	explorer.exe	144
PID 2820 wrote to memory of 4524	2820	explorer.exe	145
PID 2820 wrote to memory of 4524	2820	explorer.exe	145
PID 2820 wrote to memory of 4524	2820	explorer.exe	145
PID 2820 wrote to memory of 4556	2820	explorer.exe	146
PID 2820 wrote to memory of 4556	2820	explorer.exe	146
PID 2820 wrote to memory of 4556	2820	explorer.exe	146
PID 2820 wrote to memory of 4592	2820	explorer.exe	147
PID 2820 wrote to memory of 4592	2820	explorer.exe	147
PID 2820 wrote to memory of 4592	2820	explorer.exe	147
PID 2820 wrote to memory of 4624	2820	explorer.exe	148
PID 2820 wrote to memory of 4624	2820	explorer.exe	148
PID 2820 wrote to memory of 4624	2820	explorer.exe	148
PID 2820 wrote to memory of 4656	2820	explorer.exe	149
PID 2820 wrote to memory of 4656	2820	explorer.exe	149
PID 2820 wrote to memory of 4656	2820	explorer.exe	149
PID 2820 wrote to memory of 4688	2820	explorer.exe	150
PID 2820 wrote to memory of 4688	2820	explorer.exe	150
PID 2820 wrote to memory of 4688	2820	explorer.exe	150
PID 2820 wrote to memory of 4720	2820	explorer.exe	151
PID 2820 wrote to memory of 4720	2820	explorer.exe	151
PID 2820 wrote to memory of 4720	2820	explorer.exe	151
PID 2820 wrote to memory of 4752	2820	explorer.exe	152
PID 2820 wrote to memory of 4752	2820	explorer.exe	152
PID 2820 wrote to memory of 4752	2820	explorer.exe	152
PID 2820 wrote to memory of 4784	2820	explorer.exe	153
PID 2820 wrote to memory of 4784	2820	explorer.exe	153
PID 2820 wrote to memory of 4784	2820	explorer.exe	153
PID 2820 wrote to memory of 4816	2820	explorer.exe	154
PID 2820 wrote to memory of 4816	2820	explorer.exe	154
PID 2820 wrote to memory of 4816	2820	explorer.exe	154
PID 2820 wrote to memory of 4848	2820	explorer.exe	155
PID 2820 wrote to memory of 4848	2820	explorer.exe	155
PID 2820 wrote to memory of 4848	2820	explorer.exe	155
PID 2820 wrote to memory of 4880	2820	explorer.exe	156
PID 2820 wrote to memory of 4880	2820	explorer.exe	156
PID 2820 wrote to memory of 4880	2820	explorer.exe	156
PID 2820 wrote to memory of 4912	2820	explorer.exe	157
PID 2820 wrote to memory of 4912	2820	explorer.exe	157
PID 2820 wrote to memory of 4912	2820	explorer.exe	157
PID 2820 wrote to memory of 4944	2820	explorer.exe	158
PID 2820 wrote to memory of 4944	2820	explorer.exe	158
PID 2820 wrote to memory of 4944	2820	explorer.exe	158
PID 2820 wrote to memory of 4976	2820	explorer.exe	159
PID 2820 wrote to memory of 4976	2820	explorer.exe	159
PID 2820 wrote to memory of 4976	2820	explorer.exe	159
PID 2820 wrote to memory of 5008	2820	explorer.exe	160
PID 2820 wrote to memory of 5008	2820	explorer.exe	160
PID 2820 wrote to memory of 5008	2820	explorer.exe	160
PID 2820 wrote to memory of 5040	2820	explorer.exe	161
PID 2820 wrote to memory of 5040	2820	explorer.exe	161
PID 2820 wrote to memory of 5040	2820	explorer.exe	161
PID 2820 wrote to memory of 5072	2820	explorer.exe	162
PID 2820 wrote to memory of 5072	2820	explorer.exe	162
PID 2820 wrote to memory of 5072	2820	explorer.exe	162
PID 2820 wrote to memory of 5104	2820	explorer.exe	163
PID 2820 wrote to memory of 5104	2820	explorer.exe	163
PID 2820 wrote to memory of 5104	2820	explorer.exe	163
PID 2820 wrote to memory of 4128	2820	explorer.exe	164
PID 2820 wrote to memory of 4128	2820	explorer.exe	164
PID 2820 wrote to memory of 4128	2820	explorer.exe	164
PID 2820 wrote to memory of 4196	2820	explorer.exe	165
PID 2820 wrote to memory of 4196	2820	explorer.exe	165
PID 2820 wrote to memory of 4196	2820	explorer.exe	165
PID 2820 wrote to memory of 4264	2820	explorer.exe	166
PID 2820 wrote to memory of 4264	2820	explorer.exe	166
PID 2820 wrote to memory of 4264	2820	explorer.exe	166
PID 2820 wrote to memory of 4340	2820	explorer.exe	167
PID 2820 wrote to memory of 4340	2820	explorer.exe	167
PID 2820 wrote to memory of 4340	2820	explorer.exe	167
PID 2820 wrote to memory of 4404	2820	explorer.exe	168
PID 2820 wrote to memory of 4404	2820	explorer.exe	168
PID 2820 wrote to memory of 4404	2820	explorer.exe	168
PID 2820 wrote to memory of 4468	2820	explorer.exe	169
PID 2820 wrote to memory of 4468	2820	explorer.exe	169
PID 2820 wrote to memory of 4468	2820	explorer.exe	169
PID 2820 wrote to memory of 4532	2820	explorer.exe	170
PID 2820 wrote to memory of 4532	2820	explorer.exe	170
PID 2820 wrote to memory of 4532	2820	explorer.exe	170
PID 2820 wrote to memory of 4600	2820	explorer.exe	171
PID 2820 wrote to memory of 4600	2820	explorer.exe	171
PID 2820 wrote to memory of 4600	2820	explorer.exe	171
PID 2820 wrote to memory of 4664	2820	explorer.exe	172
PID 2820 wrote to memory of 4664	2820	explorer.exe	172
PID 2820 wrote to memory of 4664	2820	explorer.exe	172
PID 2820 wrote to memory of 4712	2820	explorer.exe	173
PID 2820 wrote to memory of 4712	2820	explorer.exe	173
PID 2820 wrote to memory of 4712	2820	explorer.exe	173
PID 2820 wrote to memory of 4776	2820	explorer.exe	174
PID 2820 wrote to memory of 4776	2820	explorer.exe	174
PID 2820 wrote to memory of 4776	2820	explorer.exe	174
PID 2820 wrote to memory of 4840	2820	explorer.exe	175
PID 2820 wrote to memory of 4840	2820	explorer.exe	175
PID 2820 wrote to memory of 4840	2820	explorer.exe	175
PID 2820 wrote to memory of 4904	2820	explorer.exe	176
PID 2820 wrote to memory of 4904	2820	explorer.exe	176
PID 2820 wrote to memory of 4904	2820	explorer.exe	176
PID 2820 wrote to memory of 4968	2820	explorer.exe	177
PID 2820 wrote to memory of 4968	2820	explorer.exe	177
PID 2820 wrote to memory of 4968	2820	explorer.exe	177
PID 2820 wrote to memory of 5032	2820	explorer.exe	178
PID 2820 wrote to memory of 5032	2820	explorer.exe	178
PID 2820 wrote to memory of 5032	2820	explorer.exe	178
PID 2820 wrote to memory of 5096	2820	explorer.exe	179
PID 2820 wrote to memory of 5096	2820	explorer.exe	179
PID 2820 wrote to memory of 5096	2820	explorer.exe	179
PID 2820 wrote to memory of 4192	2820	explorer.exe	180
PID 2820 wrote to memory of 4192	2820	explorer.exe	180
PID 2820 wrote to memory of 4192	2820	explorer.exe	180
PID 2820 wrote to memory of 4328	2820	explorer.exe	181
PID 2820 wrote to memory of 4328	2820	explorer.exe	181
PID 2820 wrote to memory of 4328	2820	explorer.exe	181
PID 2820 wrote to memory of 4456	2820	explorer.exe	182
PID 2820 wrote to memory of 4456	2820	explorer.exe	182
PID 2820 wrote to memory of 4456	2820	explorer.exe	182
PID 2820 wrote to memory of 4588	2820	explorer.exe	183
PID 2820 wrote to memory of 4588	2820	explorer.exe	183
PID 2820 wrote to memory of 4588	2820	explorer.exe	183
PID 2820 wrote to memory of 4700	2820	explorer.exe	184
PID 2820 wrote to memory of 4700	2820	explorer.exe	184
PID 2820 wrote to memory of 4700	2820	explorer.exe	184
PID 2820 wrote to memory of 4828	2820	explorer.exe	185
PID 2820 wrote to memory of 4828	2820	explorer.exe	185
PID 2820 wrote to memory of 4828	2820	explorer.exe	185
PID 2820 wrote to memory of 4924	2820	explorer.exe	186
PID 2820 wrote to memory of 4924	2820	explorer.exe	186
PID 2820 wrote to memory of 4924	2820	explorer.exe	186
PID 2820 wrote to memory of 5052	2820	explorer.exe	187
PID 2820 wrote to memory of 5052	2820	explorer.exe	187
PID 2820 wrote to memory of 5052	2820	explorer.exe	187
PID 2820 wrote to memory of 4244	2820	explorer.exe	188
PID 2820 wrote to memory of 4244	2820	explorer.exe	188
PID 2820 wrote to memory of 4244	2820	explorer.exe	188
PID 2820 wrote to memory of 4488	2820	explorer.exe	189
PID 2820 wrote to memory of 4488	2820	explorer.exe	189
PID 2820 wrote to memory of 4488	2820	explorer.exe	189
PID 2820 wrote to memory of 4732	2820	explorer.exe	190
PID 2820 wrote to memory of 4732	2820	explorer.exe	190
PID 2820 wrote to memory of 4732	2820	explorer.exe	190
PID 2820 wrote to memory of 4956	2820	explorer.exe	191
PID 2820 wrote to memory of 4956	2820	explorer.exe	191
PID 2820 wrote to memory of 4956	2820	explorer.exe	191
PID 2820 wrote to memory of 4180	2820	explorer.exe	192
PID 2820 wrote to memory of 4180	2820	explorer.exe	192
PID 2820 wrote to memory of 4180	2820	explorer.exe	192
PID 2820 wrote to memory of 2620	2820	explorer.exe	193
PID 2820 wrote to memory of 2620	2820	explorer.exe	193
PID 2820 wrote to memory of 2620	2820	explorer.exe	193
PID 2820 wrote to memory of 5020	2820	explorer.exe	194
PID 2820 wrote to memory of 5020	2820	explorer.exe	194
PID 2820 wrote to memory of 5020	2820	explorer.exe	194
PID 2820 wrote to memory of 1796	2820	explorer.exe	195
PID 2820 wrote to memory of 1796	2820	explorer.exe	195
PID 2820 wrote to memory of 1796	2820	explorer.exe	195
PID 2820 wrote to memory of 3880	2820	explorer.exe	196
PID 2820 wrote to memory of 3880	2820	explorer.exe	196
PID 2820 wrote to memory of 3880	2820	explorer.exe	196
PID 2820 wrote to memory of 5136	2820	explorer.exe	197
PID 2820 wrote to memory of 5136	2820	explorer.exe	197
PID 2820 wrote to memory of 5136	2820	explorer.exe	197
PID 2820 wrote to memory of 5168	2820	explorer.exe	198
PID 2820 wrote to memory of 5168	2820	explorer.exe	198
PID 2820 wrote to memory of 5168	2820	explorer.exe	198
PID 2820 wrote to memory of 5200	2820	explorer.exe	199
PID 2820 wrote to memory of 5200	2820	explorer.exe	199
PID 2820 wrote to memory of 5200	2820	explorer.exe	199
PID 2820 wrote to memory of 5232	2820	explorer.exe	200
PID 2820 wrote to memory of 5232	2820	explorer.exe	200
PID 2820 wrote to memory of 5232	2820	explorer.exe	200
PID 2820 wrote to memory of 5264	2820	explorer.exe	201
PID 2820 wrote to memory of 5264	2820	explorer.exe	201
PID 2820 wrote to memory of 5264	2820	explorer.exe	201
PID 2820 wrote to memory of 5296	2820	explorer.exe	202
PID 2820 wrote to memory of 5296	2820	explorer.exe	202
PID 2820 wrote to memory of 5296	2820	explorer.exe	202
PID 2820 wrote to memory of 5328	2820	explorer.exe	203
PID 2820 wrote to memory of 5328	2820	explorer.exe	203
PID 2820 wrote to memory of 5328	2820	explorer.exe	203
PID 2820 wrote to memory of 5360	2820	explorer.exe	204
PID 2820 wrote to memory of 5360	2820	explorer.exe	204
PID 2820 wrote to memory of 5360	2820	explorer.exe	204
PID 2820 wrote to memory of 5392	2820	explorer.exe	205
PID 2820 wrote to memory of 5392	2820	explorer.exe	205
PID 2820 wrote to memory of 5392	2820	explorer.exe	205
PID 2820 wrote to memory of 5424	2820	explorer.exe	206
PID 2820 wrote to memory of 5424	2820	explorer.exe	206
PID 2820 wrote to memory of 5424	2820	explorer.exe	206
PID 2820 wrote to memory of 5456	2820	explorer.exe	207
PID 2820 wrote to memory of 5456	2820	explorer.exe	207
PID 2820 wrote to memory of 5456	2820	explorer.exe	207
PID 2820 wrote to memory of 5488	2820	explorer.exe	208
PID 2820 wrote to memory of 5488	2820	explorer.exe	208
PID 2820 wrote to memory of 5488	2820	explorer.exe	208
PID 2820 wrote to memory of 5520	2820	explorer.exe	209
PID 2820 wrote to memory of 5520	2820	explorer.exe	209
PID 2820 wrote to memory of 5520	2820	explorer.exe	209
PID 2820 wrote to memory of 5552	2820	explorer.exe	210
PID 2820 wrote to memory of 5552	2820	explorer.exe	210
PID 2820 wrote to memory of 5552	2820	explorer.exe	210
PID 2820 wrote to memory of 5584	2820	explorer.exe	211
PID 2820 wrote to memory of 5584	2820	explorer.exe	211
PID 2820 wrote to memory of 5584	2820	explorer.exe	211
PID 2820 wrote to memory of 5616	2820	explorer.exe	212
PID 2820 wrote to memory of 5616	2820	explorer.exe	212
PID 2820 wrote to memory of 5616	2820	explorer.exe	212
PID 2820 wrote to memory of 5648	2820	explorer.exe	213
PID 2820 wrote to memory of 5648	2820	explorer.exe	213
PID 2820 wrote to memory of 5648	2820	explorer.exe	213
PID 2820 wrote to memory of 5680	2820	explorer.exe	214
PID 2820 wrote to memory of 5680	2820	explorer.exe	214
PID 2820 wrote to memory of 5680	2820	explorer.exe	214
PID 2820 wrote to memory of 5712	2820	explorer.exe	215
PID 2820 wrote to memory of 5712	2820	explorer.exe	215
PID 2820 wrote to memory of 5712	2820	explorer.exe	215
PID 2820 wrote to memory of 5744	2820	explorer.exe	216
PID 2820 wrote to memory of 5744	2820	explorer.exe	216
PID 2820 wrote to memory of 5744	2820	explorer.exe	216
PID 2820 wrote to memory of 5776	2820	explorer.exe	217
PID 2820 wrote to memory of 5776	2820	explorer.exe	217
PID 2820 wrote to memory of 5776	2820	explorer.exe	217
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 3000 wrote to memory of 5808	3000	spoolsv.exe	218
PID 2820 wrote to memory of 5820	2820	explorer.exe	219
PID 2820 wrote to memory of 5820	2820	explorer.exe	219
PID 2820 wrote to memory of 5820	2820	explorer.exe	219
PID 3000 wrote to memory of 5864	3000	spoolsv.exe	220
PID 3000 wrote to memory of 5864	3000	spoolsv.exe	220
PID 3000 wrote to memory of 5864	3000	spoolsv.exe	220
PID 3000 wrote to memory of 5864	3000	spoolsv.exe	220
PID 3000 wrote to memory of 5864	3000	spoolsv.exe	220
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 3852 wrote to memory of 5900	3852	spoolsv.exe	221
PID 2820 wrote to memory of 5932	2820	explorer.exe	222
PID 2820 wrote to memory of 5932	2820	explorer.exe	222
PID 2820 wrote to memory of 5932	2820	explorer.exe	222
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3948 wrote to memory of 5944	3948	spoolsv.exe	223
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3852 wrote to memory of 6000	3852	spoolsv.exe	225
PID 3852 wrote to memory of 6000	3852	spoolsv.exe	225
PID 3852 wrote to memory of 6000	3852	spoolsv.exe	225
PID 3852 wrote to memory of 6000	3852	spoolsv.exe	225
PID 3852 wrote to memory of 6000	3852	spoolsv.exe	225
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3412 wrote to memory of 5988	3412	spoolsv.exe	224
PID 3948 wrote to memory of 6048	3948	spoolsv.exe	226
PID 3948 wrote to memory of 6048	3948	spoolsv.exe	226
PID 3948 wrote to memory of 6048	3948	spoolsv.exe	226
PID 3948 wrote to memory of 6048	3948	spoolsv.exe	226
PID 3948 wrote to memory of 6048	3948	spoolsv.exe	226
PID 3412 wrote to memory of 6100	3412	spoolsv.exe	227
PID 3412 wrote to memory of 6100	3412	spoolsv.exe	227
PID 3412 wrote to memory of 6100	3412	spoolsv.exe	227
PID 2820 wrote to memory of 6124	2820	explorer.exe	228
PID 2820 wrote to memory of 6124	2820	explorer.exe	228
PID 2820 wrote to memory of 6124	2820	explorer.exe	228
PID 5808 wrote to memory of 6140	5808	spoolsv.exe	229
PID 5808 wrote to memory of 6140	5808	spoolsv.exe	229
PID 5808 wrote to memory of 6140	5808	spoolsv.exe	229
PID 3448 wrote to memory of 5144	3448	spoolsv.exe	230
PID 3448 wrote to memory of 5144	3448	spoolsv.exe	230
PID 3448 wrote to memory of 5144	3448	spoolsv.exe	230

C:\Users\Admin\AppData\Local\Temp\ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
"C:\Users\Admin\AppData\Local\Temp\ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Users\Admin\AppData\Local\Temp\ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe
  "C:\Users\Admin\AppData\Local\Temp\ac0841f157fd3662fe4035ff5f1df319ff1442d9de50fc066bb555ffcd6aee08.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - \??\c:\windows\system\explorer.exe
    c:\windows\system\explorer.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - \??\c:\windows\system\explorer.exe
      c:\windows\system\explorer.exe
      4⤵
      Modifies WinLogon for persistence
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2820
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        
        PID:3000
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5808
        
        \??\c:\windows\system\svchost.exe
        
        c:\windows\system\svchost.exe
        7⤵
        
        PID:6140
      - C:\Windows\SysWOW64\diskperf.exe
        
        "C:\Windows\SysWOW64\diskperf.exe"
        6⤵
        
        PID:5864
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        
        PID:3852
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5900
      - C:\Windows\SysWOW64\diskperf.exe
        
        "C:\Windows\SysWOW64\diskperf.exe"
        6⤵
        
        PID:6000
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        
        PID:3948
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:5944
      - C:\Windows\SysWOW64\diskperf.exe
        
        "C:\Windows\SysWOW64\diskperf.exe"
        6⤵
        
        PID:6048
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of SetThreadContext
        
        PID:3412
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        
        PID:5988
      - C:\Windows\SysWOW64\diskperf.exe
        
        "C:\Windows\SysWOW64\diskperf.exe"
        6⤵
        
        PID:6100
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3448
      - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        6⤵
        
        PID:5144
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1720
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3004
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2968
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2636
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3540
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2508
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3036
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:748
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1260
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2040
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2736
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3908
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:392
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1804
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1596
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2976
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2264
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2432
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2480
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:424
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1312
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3424
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3684
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3964
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3408
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3520
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3508
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4088
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3588
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1316
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1432
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2020
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3356
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2896
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2128
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:1540
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4080
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3420
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2244
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3764
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3464
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3972
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2728
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3656
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2984
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2648
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2716
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3028
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:3180
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:2084
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4104
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4136
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4168
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4200
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4232
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4268
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        Executes dropped EXE
        
        PID:4300
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4332
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4364
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4396
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4428
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4460
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4492
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4524
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4556
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4592
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4624
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4656
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4688
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4720
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4752
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4784
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4816
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4848
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4880
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4912
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4944
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4976
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5008
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5040
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5072
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5104
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4128
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4196
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4264
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4340
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4404
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4468
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4532
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4600
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4664
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4712
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4776
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4840
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4904
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4968
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5032
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5096
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4192
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4328
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4456
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4588
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4700
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4828
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4924
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5052
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4244
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4488
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4732
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4956
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:4180
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:2620
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5020
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:1796
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:3880
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5136
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5168
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5200
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5232
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5264
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5296
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5328
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5360
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5392
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5424
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5456
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5488
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5520
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5552
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5584
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5616
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5648
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5680
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5712
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5744
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5776
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5820
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:5932
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe SE
        5⤵
        
        PID:6124
  - - C:\Windows\SysWOW64\diskperf.exe
      "C:\Windows\SysWOW64\diskperf.exe"
      4⤵
      PID:3844
- C:\Windows\SysWOW64\diskperf.exe
  "C:\Windows\SysWOW64\diskperf.exe"
  2⤵
  PID:2092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-7-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/2088-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2088-6-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/2088-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2820-309-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-505-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-197-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-198-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-621-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-193-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-201-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-202-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-615-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-205-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-206-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-23-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-189-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-209-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-210-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-190-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-24-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-213-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-214-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-25-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-186-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-217-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-218-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-599-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-185-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-221-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-222-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-182-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-181-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-225-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-226-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-178-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-177-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-229-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-230-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-596-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-26-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-233-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-234-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-586-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-174-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-237-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-238-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-173-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-585-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-241-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-242-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-29-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-170-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-245-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-246-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-582-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-169-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-249-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-250-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-581-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-166-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-253-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-254-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-30-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-165-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-257-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-258-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-578-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-162-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-261-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-262-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-577-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-161-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-265-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-266-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-574-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-158-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-269-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-270-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-573-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-157-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-273-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-274-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-33-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-570-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-277-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-278-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-569-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-154-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-281-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-282-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-34-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-153-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-285-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-286-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-566-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-565-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-289-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-290-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-562-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-150-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-293-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-294-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-561-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-149-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-298-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-297-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-37-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-558-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-301-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-302-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-557-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-146-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-306-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-305-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-38-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-145-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-554-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-310-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-553-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-142-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-313-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-314-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-550-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-141-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-317-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-318-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-549-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-41-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-321-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-322-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-546-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-138-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-325-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-326-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-545-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-137-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-329-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-330-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-42-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-542-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-333-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-334-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-541-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-134-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-338-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-337-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-45-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-133-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-341-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-342-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-538-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-537-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-345-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-346-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-46-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-130-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-349-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-350-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-534-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-129-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-353-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-354-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-533-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-530-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-357-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-358-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-529-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-126-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-361-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-362-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-49-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-125-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-365-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-366-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-526-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-122-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-369-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-370-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-525-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-121-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-373-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-374-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-50-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-118-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-377-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-378-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-522-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-117-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-381-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-382-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-521-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-114-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-385-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-386-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-518-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-113-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-389-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-390-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-517-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-110-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-393-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-394-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-53-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-109-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-397-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-398-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-514-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-106-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-401-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-402-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-513-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-105-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-405-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-406-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-54-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-510-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-409-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-410-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-509-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-102-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-413-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-414-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-57-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-101-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-417-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-418-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-506-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-98-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-421-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-422-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-194-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-97-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-425-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-426-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-58-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-94-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-429-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-430-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-502-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-93-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-433-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-434-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-501-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-90-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-437-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-438-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-498-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-89-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-441-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-442-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-497-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-61-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-445-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-446-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-62-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-86-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-449-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-450-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-494-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-85-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-453-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-454-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-493-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-82-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-457-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-458-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-65-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-81-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-461-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-462-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-490-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-78-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-465-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-466-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-489-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-77-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-469-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-470-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-66-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-74-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-473-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-474-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-486-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-73-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-477-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-478-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-485-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-70-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-481-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2820-482-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

Filesize
4KB

Download
memory/2820-69-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/5864-600-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/5864-594-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download