metasploit | 1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

Analysis

max time kernel
155s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
04-06-2022 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
Size

229KB
MD5

94de0eca22a51386728d08d404e27338
SHA1

c605eb37c4a9503b74187051510d0cf7e43ac4cd
SHA256

1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d
SHA512

646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 52 IoCs

Processes:

wmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exe

pid	process
4200	wmipsxdl.exe
4448	wmipsxdl.exe
3512	wmipsxdl.exe
2656	wmipsxdl.exe
3164	wmipsxdl.exe
4392	wmipsxdl.exe
1384	wmipsxdl.exe
3516	wmipsxdl.exe
3212	wmipsxdl.exe
3424	wmipsxdl.exe
1980	wmipsxdl.exe
2276	wmipsxdl.exe
1472	wmipsxdl.exe
2352	wmipsxdl.exe
4492	wmipsxdl.exe
4512	wmipsxdl.exe
3768	wmipsxdl.exe
2224	wmipsxdl.exe
4552	wmipsxdl.exe
2600	wmipsxdl.exe
3132	wmipsxdl.exe
4848	wmipsxdl.exe
1236	wmipsxdl.exe
2400	wmipsxdl.exe
4372	wmipsxdl.exe
2900	wmipsxdl.exe
3452	wmipsxdl.exe
4844	wmipsxdl.exe
4852	wmipsxdl.exe
800	wmipsxdl.exe
2528	wmipsxdl.exe
3512	wmipsxdl.exe
436	wmipsxdl.exe
3428	wmipsxdl.exe
5080	wmipsxdl.exe
232	wmipsxdl.exe
4824	wmipsxdl.exe
4920	wmipsxdl.exe
1484	wmipsxdl.exe
4008	wmipsxdl.exe
3536	wmipsxdl.exe
2924	wmipsxdl.exe
3856	wmipsxdl.exe
4864	wmipsxdl.exe
1832	wmipsxdl.exe
2036	wmipsxdl.exe
4440	wmipsxdl.exe
2044	wmipsxdl.exe
908	wmipsxdl.exe
4324	wmipsxdl.exe
4800	wmipsxdl.exe
2340	wmipsxdl.exe

UPX packed file 40 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1448-133-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/1448-136-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/1448-137-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/1448-138-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/1448-139-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/1448-143-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4448-151-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4448-150-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4448-152-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4448-155-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2656-164-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2656-167-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4392-176-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4392-179-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3516-188-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3516-191-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3424-199-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3424-202-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2276-211-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2276-214-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2352-222-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2352-225-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4512-234-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4512-237-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2224-246-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2224-250-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2600-258-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2600-261-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4848-269-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4848-272-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2400-280-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2400-283-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2900-291-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/2900-294-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4844-302-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4844-305-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/800-314-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/800-317-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3512-326-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/3512-329-0x0000000000400000-0x000000000046A000-memory.dmp	upx

Checks computer location settings 2 TTPs 26 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	wmipsxdl.exe

Maps connected drives based on registry 3 TTPs 54 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	wmipsxdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	wmipsxdl.exe

Drops file in System32 directory 52 IoCs

Processes:

wmipsxdl.exe1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File opened for modification	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe
File created	C:\Windows\SysWOW64\wmipsxdl.exe	wmipsxdl.exe

Suspicious use of SetThreadContext 27 IoCs

Processes:

1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exe

description	pid	process	target process
PID 1488 set thread context of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 4200 set thread context of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 3512 set thread context of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3164 set thread context of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 1384 set thread context of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 3212 set thread context of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 1980 set thread context of 2276	1980	wmipsxdl.exe	wmipsxdl.exe
PID 1472 set thread context of 2352	1472	wmipsxdl.exe	wmipsxdl.exe
PID 4492 set thread context of 4512	4492	wmipsxdl.exe	wmipsxdl.exe
PID 3768 set thread context of 2224	3768	wmipsxdl.exe	wmipsxdl.exe
PID 4552 set thread context of 2600	4552	wmipsxdl.exe	wmipsxdl.exe
PID 3132 set thread context of 4848	3132	wmipsxdl.exe	wmipsxdl.exe
PID 1236 set thread context of 2400	1236	wmipsxdl.exe	wmipsxdl.exe
PID 4372 set thread context of 2900	4372	wmipsxdl.exe	wmipsxdl.exe
PID 3452 set thread context of 4844	3452	wmipsxdl.exe	wmipsxdl.exe
PID 4852 set thread context of 800	4852	wmipsxdl.exe	wmipsxdl.exe
PID 2528 set thread context of 3512	2528	wmipsxdl.exe	wmipsxdl.exe
PID 436 set thread context of 3428	436	wmipsxdl.exe	wmipsxdl.exe
PID 5080 set thread context of 232	5080	wmipsxdl.exe	wmipsxdl.exe
PID 4824 set thread context of 4920	4824	wmipsxdl.exe	wmipsxdl.exe
PID 1484 set thread context of 4008	1484	wmipsxdl.exe	wmipsxdl.exe
PID 3536 set thread context of 2924	3536	wmipsxdl.exe	wmipsxdl.exe
PID 3856 set thread context of 4864	3856	wmipsxdl.exe	wmipsxdl.exe
PID 1832 set thread context of 2036	1832	wmipsxdl.exe	wmipsxdl.exe
PID 4440 set thread context of 2044	4440	wmipsxdl.exe	wmipsxdl.exe
PID 908 set thread context of 4324	908	wmipsxdl.exe	wmipsxdl.exe
PID 4800 set thread context of 2340	4800	wmipsxdl.exe	wmipsxdl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 26 IoCs

Processes:

wmipsxdl.exewmipsxdl.exewmipsxdl.exe1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	wmipsxdl.exe

Suspicious behavior: EnumeratesProcesses 54 IoCs

Processes:

pid	process
1448	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
1448	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
4448	wmipsxdl.exe
4448	wmipsxdl.exe
2656	wmipsxdl.exe
2656	wmipsxdl.exe
4392	wmipsxdl.exe
4392	wmipsxdl.exe
3516	wmipsxdl.exe
3516	wmipsxdl.exe
3424	wmipsxdl.exe
3424	wmipsxdl.exe
2276	wmipsxdl.exe
2276	wmipsxdl.exe
2352	wmipsxdl.exe
2352	wmipsxdl.exe
4512	wmipsxdl.exe
4512	wmipsxdl.exe
2224	wmipsxdl.exe
2224	wmipsxdl.exe
2600	wmipsxdl.exe
2600	wmipsxdl.exe
4848	wmipsxdl.exe
4848	wmipsxdl.exe
2400	wmipsxdl.exe
2400	wmipsxdl.exe
2900	wmipsxdl.exe
2900	wmipsxdl.exe
4844	wmipsxdl.exe
4844	wmipsxdl.exe
800	wmipsxdl.exe
800	wmipsxdl.exe
3512	wmipsxdl.exe
3512	wmipsxdl.exe
3428	wmipsxdl.exe
3428	wmipsxdl.exe
232	wmipsxdl.exe
232	wmipsxdl.exe
4920	wmipsxdl.exe
4920	wmipsxdl.exe
4008	wmipsxdl.exe
4008	wmipsxdl.exe
2924	wmipsxdl.exe
2924	wmipsxdl.exe
4864	wmipsxdl.exe
4864	wmipsxdl.exe
2036	wmipsxdl.exe
2036	wmipsxdl.exe
2044	wmipsxdl.exe
2044	wmipsxdl.exe
4324	wmipsxdl.exe
4324	wmipsxdl.exe
2340	wmipsxdl.exe
2340	wmipsxdl.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exewmipsxdl.exe

description	pid	process	target process
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1488 wrote to memory of 1448	1488	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
PID 1448 wrote to memory of 4200	1448	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	wmipsxdl.exe
PID 1448 wrote to memory of 4200	1448	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	wmipsxdl.exe
PID 1448 wrote to memory of 4200	1448	1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4200 wrote to memory of 4448	4200	wmipsxdl.exe	wmipsxdl.exe
PID 4448 wrote to memory of 3512	4448	wmipsxdl.exe	wmipsxdl.exe
PID 4448 wrote to memory of 3512	4448	wmipsxdl.exe	wmipsxdl.exe
PID 4448 wrote to memory of 3512	4448	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 3512 wrote to memory of 2656	3512	wmipsxdl.exe	wmipsxdl.exe
PID 2656 wrote to memory of 3164	2656	wmipsxdl.exe	wmipsxdl.exe
PID 2656 wrote to memory of 3164	2656	wmipsxdl.exe	wmipsxdl.exe
PID 2656 wrote to memory of 3164	2656	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 3164 wrote to memory of 4392	3164	wmipsxdl.exe	wmipsxdl.exe
PID 4392 wrote to memory of 1384	4392	wmipsxdl.exe	wmipsxdl.exe
PID 4392 wrote to memory of 1384	4392	wmipsxdl.exe	wmipsxdl.exe
PID 4392 wrote to memory of 1384	4392	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 1384 wrote to memory of 3516	1384	wmipsxdl.exe	wmipsxdl.exe
PID 3516 wrote to memory of 3212	3516	wmipsxdl.exe	wmipsxdl.exe
PID 3516 wrote to memory of 3212	3516	wmipsxdl.exe	wmipsxdl.exe
PID 3516 wrote to memory of 3212	3516	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3212 wrote to memory of 3424	3212	wmipsxdl.exe	wmipsxdl.exe
PID 3424 wrote to memory of 1980	3424	wmipsxdl.exe	wmipsxdl.exe
PID 3424 wrote to memory of 1980	3424	wmipsxdl.exe	wmipsxdl.exe
PID 3424 wrote to memory of 1980	3424	wmipsxdl.exe	wmipsxdl.exe
PID 1980 wrote to memory of 2276	1980	wmipsxdl.exe	wmipsxdl.exe
PID 1980 wrote to memory of 2276	1980	wmipsxdl.exe	wmipsxdl.exe
PID 1980 wrote to memory of 2276	1980	wmipsxdl.exe	wmipsxdl.exe
PID 1980 wrote to memory of 2276	1980	wmipsxdl.exe	wmipsxdl.exe

C:\Users\Admin\AppData\Local\Temp\1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
"C:\Users\Admin\AppData\Local\Temp\1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1488

C:\Users\Admin\AppData\Local\Temp\1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe
"C:\Users\Admin\AppData\Local\Temp\1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d.exe"
2⤵
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1448

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Users\Admin\AppData\Local\Temp\1197DC~1.EXE
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4200

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Users\Admin\AppData\Local\Temp\1197DC~1.EXE
4⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4448

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3512

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
6⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2656

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3164

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
8⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4392

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1384

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
10⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3516

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3212

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
12⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3424

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1980

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
14⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2276

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1472

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
16⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4492

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
18⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4512

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3768

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
20⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2224

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4552

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
22⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2600

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3132

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
24⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4848

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1236

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
26⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2400

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4372

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
28⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2900

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3452

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
30⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4844

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4852

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
32⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:800

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2528

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
34⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3512

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:436

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
36⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3428

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5080

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
38⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:232

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4824

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
40⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4920

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1484

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
42⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4008

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3536

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
44⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2924

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3856

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
46⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4864

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1832

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
48⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2036

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4440

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
50⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2044

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:908

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
52⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\system32\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4800

C:\Windows\SysWOW64\wmipsxdl.exe
"C:\Windows\SysWOW64\wmipsxdl.exe" C:\Windows\SysWOW64\wmipsxdl.exe
54⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:2340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
C:\Windows\SysWOW64\wmipsxdl.exe
Filesize
229KB

MD5
94de0eca22a51386728d08d404e27338

SHA1
c605eb37c4a9503b74187051510d0cf7e43ac4cd

SHA256
1197dc8fab822747c6fb2cfecd917a17e45b417237a5c6a99dd3585a1d2c407d

SHA512
646889e0d260ff4248a47391f70a634d6852f332e6e4751d1ae9b831a7aa18bebd6f14e72a8ee76b118547995f1e512718a2bb48611795d3ca8393142dbe29c7

Download Submit
memory/232-343-0x0000000000000000-mapping.dmp

Download
memory/436-334-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/436-327-0x0000000000000000-mapping.dmp

Download
memory/800-314-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/800-317-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/800-307-0x0000000000000000-mapping.dmp

Download
memory/908-414-0x0000000000000000-mapping.dmp

Download
memory/1236-270-0x0000000000000000-mapping.dmp

Download
memory/1236-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1384-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1384-180-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1384-177-0x0000000000000000-mapping.dmp

Download
memory/1448-136-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1448-132-0x0000000000000000-mapping.dmp

Download
memory/1448-133-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1448-143-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1448-139-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1448-138-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1448-137-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/1472-212-0x0000000000000000-mapping.dmp

Download
memory/1472-218-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1484-363-0x0000000000000000-mapping.dmp

Download
memory/1488-131-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1488-134-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1832-395-0x0000000000000000-mapping.dmp

Download
memory/1980-200-0x0000000000000000-mapping.dmp

Download
memory/1980-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1980-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2036-398-0x0000000000000000-mapping.dmp

Download
memory/2044-407-0x0000000000000000-mapping.dmp

Download
memory/2224-250-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2224-239-0x0000000000000000-mapping.dmp

Download
memory/2224-246-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2276-211-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2276-214-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2276-204-0x0000000000000000-mapping.dmp

Download
memory/2340-425-0x0000000000000000-mapping.dmp

Download
memory/2352-225-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2352-215-0x0000000000000000-mapping.dmp

Download
memory/2352-222-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2400-283-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2400-280-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2400-273-0x0000000000000000-mapping.dmp

Download
memory/2528-323-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2528-318-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2528-315-0x0000000000000000-mapping.dmp

Download
memory/2600-258-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2600-251-0x0000000000000000-mapping.dmp

Download
memory/2600-261-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2656-157-0x0000000000000000-mapping.dmp

Download
memory/2656-167-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2656-164-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2900-294-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2900-284-0x0000000000000000-mapping.dmp

Download
memory/2900-291-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2924-377-0x0000000000000000-mapping.dmp

Download
memory/3132-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3132-259-0x0000000000000000-mapping.dmp

Download
memory/3164-168-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3164-172-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3164-165-0x0000000000000000-mapping.dmp

Download
memory/3212-196-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3212-189-0x0000000000000000-mapping.dmp

Download
memory/3424-192-0x0000000000000000-mapping.dmp

Download
memory/3424-202-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3424-199-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3428-330-0x0000000000000000-mapping.dmp

Download
memory/3452-292-0x0000000000000000-mapping.dmp

Download
memory/3452-297-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3512-156-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3512-326-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3512-319-0x0000000000000000-mapping.dmp

Download
memory/3512-153-0x0000000000000000-mapping.dmp

Download
memory/3512-329-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3512-161-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3516-188-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3516-181-0x0000000000000000-mapping.dmp

Download
memory/3516-191-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/3536-374-0x0000000000000000-mapping.dmp

Download
memory/3768-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3768-235-0x0000000000000000-mapping.dmp

Download
memory/3768-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3856-385-0x0000000000000000-mapping.dmp

Download
memory/4008-366-0x0000000000000000-mapping.dmp

Download
memory/4200-140-0x0000000000000000-mapping.dmp

Download
memory/4200-148-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4324-416-0x0000000000000000-mapping.dmp

Download
memory/4372-281-0x0000000000000000-mapping.dmp

Download
memory/4372-288-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4392-179-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4392-176-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4392-169-0x0000000000000000-mapping.dmp

Download
memory/4440-405-0x0000000000000000-mapping.dmp

Download
memory/4448-144-0x0000000000000000-mapping.dmp

Download
memory/4448-151-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4448-150-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4448-152-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4448-155-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4492-223-0x0000000000000000-mapping.dmp

Download
memory/4492-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4492-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4512-237-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4512-234-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4512-227-0x0000000000000000-mapping.dmp

Download
memory/4552-247-0x0000000000000000-mapping.dmp

Download
memory/4552-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4552-254-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4800-423-0x0000000000000000-mapping.dmp

Download
memory/4824-351-0x0000000000000000-mapping.dmp

Download
memory/4844-305-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4844-295-0x0000000000000000-mapping.dmp

Download
memory/4844-302-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4848-269-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4848-262-0x0000000000000000-mapping.dmp

Download
memory/4848-272-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4852-303-0x0000000000000000-mapping.dmp

Download
memory/4852-306-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4852-310-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4864-388-0x0000000000000000-mapping.dmp

Download
memory/4920-355-0x0000000000000000-mapping.dmp

Download
memory/5080-339-0x0000000000000000-mapping.dmp

Download