metasploit | 111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
04-06-2022 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
Size

608KB
MD5

11ea6447e3c843c806d6fc9619b907c2
SHA1

b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7
SHA256

111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0
SHA512

b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 43 IoCs

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

pid	process
5064	igfxdwx32.exe
1156	igfxdwx32.exe
3492	igfxdwx32.exe
4400	igfxdwx32.exe
1288	igfxdwx32.exe
3940	igfxdwx32.exe
216	igfxdwx32.exe
4664	igfxdwx32.exe
4184	igfxdwx32.exe
3772	igfxdwx32.exe
1948	igfxdwx32.exe
1564	igfxdwx32.exe
4560	igfxdwx32.exe
1980	igfxdwx32.exe
5088	igfxdwx32.exe
868	igfxdwx32.exe
4324	igfxdwx32.exe
3876	igfxdwx32.exe
2976	igfxdwx32.exe
5032	igfxdwx32.exe
3220	igfxdwx32.exe
3484	igfxdwx32.exe
4284	igfxdwx32.exe
1560	igfxdwx32.exe
3456	igfxdwx32.exe
1576	igfxdwx32.exe
1840	igfxdwx32.exe
3052	igfxdwx32.exe
4216	igfxdwx32.exe
2336	igfxdwx32.exe
3976	igfxdwx32.exe
4012	igfxdwx32.exe
5004	igfxdwx32.exe
2676	igfxdwx32.exe
4448	igfxdwx32.exe
5000	igfxdwx32.exe
5044	igfxdwx32.exe
1996	igfxdwx32.exe
1116	igfxdwx32.exe
4528	igfxdwx32.exe
2776	igfxdwx32.exe
4548	igfxdwx32.exe
1808	igfxdwx32.exe

Checks computer location settings 2 TTPs 43 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	igfxdwx32.exe

Maps connected drives based on registry 3 TTPs 64 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxdwx32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxdwx32.exe

Drops file in System32 directory 64 IoCs

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxdwx32.exe
File opened for modification	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe
File created	C:\Windows\SysWOW64\igfxdwx32.exe	igfxdwx32.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 44 IoCs

Processes:

111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

pid	process
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
5064	igfxdwx32.exe
1156	igfxdwx32.exe
3492	igfxdwx32.exe
4400	igfxdwx32.exe
1288	igfxdwx32.exe
3940	igfxdwx32.exe
216	igfxdwx32.exe
4664	igfxdwx32.exe
4184	igfxdwx32.exe
3772	igfxdwx32.exe
1948	igfxdwx32.exe
1564	igfxdwx32.exe
4560	igfxdwx32.exe
1980	igfxdwx32.exe
5088	igfxdwx32.exe
868	igfxdwx32.exe
4324	igfxdwx32.exe
3876	igfxdwx32.exe
2976	igfxdwx32.exe
5032	igfxdwx32.exe
3220	igfxdwx32.exe
3484	igfxdwx32.exe
4284	igfxdwx32.exe
1560	igfxdwx32.exe
3456	igfxdwx32.exe
1576	igfxdwx32.exe
1840	igfxdwx32.exe
3052	igfxdwx32.exe
4216	igfxdwx32.exe
2336	igfxdwx32.exe
3976	igfxdwx32.exe
4012	igfxdwx32.exe
5004	igfxdwx32.exe
2676	igfxdwx32.exe
4448	igfxdwx32.exe
5000	igfxdwx32.exe
5044	igfxdwx32.exe
1996	igfxdwx32.exe
1116	igfxdwx32.exe
4528	igfxdwx32.exe
2776	igfxdwx32.exe
4548	igfxdwx32.exe
1808	igfxdwx32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 43 IoCs

Processes:

igfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exeigfxdwx32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxdwx32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exeigfxdwx32.exe

pid	process
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe
5064	igfxdwx32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 1620 wrote to memory of 5064	1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe	igfxdwx32.exe
PID 1620 wrote to memory of 5064	1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe	igfxdwx32.exe
PID 1620 wrote to memory of 5064	1620	111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe	igfxdwx32.exe
PID 5064 wrote to memory of 1156	5064	igfxdwx32.exe	igfxdwx32.exe
PID 5064 wrote to memory of 1156	5064	igfxdwx32.exe	igfxdwx32.exe
PID 5064 wrote to memory of 1156	5064	igfxdwx32.exe	igfxdwx32.exe
PID 1156 wrote to memory of 3492	1156	igfxdwx32.exe	igfxdwx32.exe
PID 1156 wrote to memory of 3492	1156	igfxdwx32.exe	igfxdwx32.exe
PID 1156 wrote to memory of 3492	1156	igfxdwx32.exe	igfxdwx32.exe
PID 3492 wrote to memory of 4400	3492	igfxdwx32.exe	igfxdwx32.exe
PID 3492 wrote to memory of 4400	3492	igfxdwx32.exe	igfxdwx32.exe
PID 3492 wrote to memory of 4400	3492	igfxdwx32.exe	igfxdwx32.exe
PID 4400 wrote to memory of 1288	4400	igfxdwx32.exe	igfxdwx32.exe
PID 4400 wrote to memory of 1288	4400	igfxdwx32.exe	igfxdwx32.exe
PID 4400 wrote to memory of 1288	4400	igfxdwx32.exe	igfxdwx32.exe
PID 1288 wrote to memory of 3940	1288	igfxdwx32.exe	igfxdwx32.exe
PID 1288 wrote to memory of 3940	1288	igfxdwx32.exe	igfxdwx32.exe
PID 1288 wrote to memory of 3940	1288	igfxdwx32.exe	igfxdwx32.exe
PID 3940 wrote to memory of 216	3940	igfxdwx32.exe	igfxdwx32.exe
PID 3940 wrote to memory of 216	3940	igfxdwx32.exe	igfxdwx32.exe
PID 3940 wrote to memory of 216	3940	igfxdwx32.exe	igfxdwx32.exe
PID 216 wrote to memory of 4664	216	igfxdwx32.exe	igfxdwx32.exe
PID 216 wrote to memory of 4664	216	igfxdwx32.exe	igfxdwx32.exe
PID 216 wrote to memory of 4664	216	igfxdwx32.exe	igfxdwx32.exe
PID 4664 wrote to memory of 4184	4664	igfxdwx32.exe	igfxdwx32.exe
PID 4664 wrote to memory of 4184	4664	igfxdwx32.exe	igfxdwx32.exe
PID 4664 wrote to memory of 4184	4664	igfxdwx32.exe	igfxdwx32.exe
PID 4184 wrote to memory of 3772	4184	igfxdwx32.exe	igfxdwx32.exe
PID 4184 wrote to memory of 3772	4184	igfxdwx32.exe	igfxdwx32.exe
PID 4184 wrote to memory of 3772	4184	igfxdwx32.exe	igfxdwx32.exe
PID 3772 wrote to memory of 1948	3772	igfxdwx32.exe	igfxdwx32.exe
PID 3772 wrote to memory of 1948	3772	igfxdwx32.exe	igfxdwx32.exe
PID 3772 wrote to memory of 1948	3772	igfxdwx32.exe	igfxdwx32.exe
PID 1948 wrote to memory of 1564	1948	igfxdwx32.exe	igfxdwx32.exe
PID 1948 wrote to memory of 1564	1948	igfxdwx32.exe	igfxdwx32.exe
PID 1948 wrote to memory of 1564	1948	igfxdwx32.exe	igfxdwx32.exe
PID 1564 wrote to memory of 4560	1564	igfxdwx32.exe	igfxdwx32.exe
PID 1564 wrote to memory of 4560	1564	igfxdwx32.exe	igfxdwx32.exe
PID 1564 wrote to memory of 4560	1564	igfxdwx32.exe	igfxdwx32.exe
PID 4560 wrote to memory of 1980	4560	igfxdwx32.exe	igfxdwx32.exe
PID 4560 wrote to memory of 1980	4560	igfxdwx32.exe	igfxdwx32.exe
PID 4560 wrote to memory of 1980	4560	igfxdwx32.exe	igfxdwx32.exe
PID 1980 wrote to memory of 5088	1980	igfxdwx32.exe	igfxdwx32.exe
PID 1980 wrote to memory of 5088	1980	igfxdwx32.exe	igfxdwx32.exe
PID 1980 wrote to memory of 5088	1980	igfxdwx32.exe	igfxdwx32.exe
PID 5088 wrote to memory of 868	5088	igfxdwx32.exe	igfxdwx32.exe
PID 5088 wrote to memory of 868	5088	igfxdwx32.exe	igfxdwx32.exe
PID 5088 wrote to memory of 868	5088	igfxdwx32.exe	igfxdwx32.exe
PID 868 wrote to memory of 4324	868	igfxdwx32.exe	igfxdwx32.exe
PID 868 wrote to memory of 4324	868	igfxdwx32.exe	igfxdwx32.exe
PID 868 wrote to memory of 4324	868	igfxdwx32.exe	igfxdwx32.exe
PID 4324 wrote to memory of 3876	4324	igfxdwx32.exe	igfxdwx32.exe
PID 4324 wrote to memory of 3876	4324	igfxdwx32.exe	igfxdwx32.exe
PID 4324 wrote to memory of 3876	4324	igfxdwx32.exe	igfxdwx32.exe
PID 3876 wrote to memory of 2976	3876	igfxdwx32.exe	igfxdwx32.exe
PID 3876 wrote to memory of 2976	3876	igfxdwx32.exe	igfxdwx32.exe
PID 3876 wrote to memory of 2976	3876	igfxdwx32.exe	igfxdwx32.exe
PID 2976 wrote to memory of 5032	2976	igfxdwx32.exe	igfxdwx32.exe
PID 2976 wrote to memory of 5032	2976	igfxdwx32.exe	igfxdwx32.exe
PID 2976 wrote to memory of 5032	2976	igfxdwx32.exe	igfxdwx32.exe
PID 5032 wrote to memory of 3220	5032	igfxdwx32.exe	igfxdwx32.exe
PID 5032 wrote to memory of 3220	5032	igfxdwx32.exe	igfxdwx32.exe
PID 5032 wrote to memory of 3220	5032	igfxdwx32.exe	igfxdwx32.exe
PID 3220 wrote to memory of 3484	3220	igfxdwx32.exe	igfxdwx32.exe

C:\Users\Admin\AppData\Local\Temp\111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe
"C:\Users\Admin\AppData\Local\Temp\111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0.exe"
1⤵
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Users\Admin\AppData\Local\Temp\111C77~1.EXE
2⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5064

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
3⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1156

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
4⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3492

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
5⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4400

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
6⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
7⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3940

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
8⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:216

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
9⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4664

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
10⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4184

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
11⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3772

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
12⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1948

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
13⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
14⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4560

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
15⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1980

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
16⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5088

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
17⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:868

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
18⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4324

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
19⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3876

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
20⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
21⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5032

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
22⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3220

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
23⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:3484

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
24⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4284

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
25⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1560

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
26⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:3456

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
27⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1576

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
28⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1840

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
29⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:3052

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
30⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4216

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
31⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:2336

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
32⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:3976

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
33⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4012

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
34⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:5004

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
35⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:2676

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
36⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4448

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
37⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:5000

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
38⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:5044

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
39⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1996

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
40⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1116

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
41⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4528

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
42⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:2776

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
43⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:4548

C:\Windows\SysWOW64\igfxdwx32.exe
"C:\Windows\system32\igfxdwx32.exe" C:\Windows\SysWOW64\IGFXDW~1.EXE
44⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1808

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
C:\Windows\SysWOW64\igfxdwx32.exe
Filesize
608KB

MD5
11ea6447e3c843c806d6fc9619b907c2

SHA1
b7c6eb9b8a042e67006244f1af2e5b7a23fa6eb7

SHA256
111c77070541fe3b52706d60ef64f778005fdb38d79da08b64f79f725847e1f0

SHA512
b75441513722511b6eab359379bfc027ca67ea46ec43a0cd8844deeddbd11bb97c1e14b9618efa18407869baf96248aeef87267130b26428d0952b7fb15250ad

Download Submit
memory/216-163-0x0000000000000000-mapping.dmp

Download
memory/216-166-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/216-167-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/216-170-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/868-209-0x0000000000000000-mapping.dmp

Download
memory/868-212-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/868-213-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/868-216-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1116-319-0x0000000000000000-mapping.dmp

Download
memory/1156-145-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1156-138-0x0000000000000000-mapping.dmp

Download
memory/1156-141-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/1156-142-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1288-156-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1288-157-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/1288-153-0x0000000000000000-mapping.dmp

Download
memory/1288-160-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1560-249-0x0000000000000000-mapping.dmp

Download
memory/1564-189-0x0000000000000000-mapping.dmp

Download
memory/1564-192-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/1564-193-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1564-196-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1576-259-0x0000000000000000-mapping.dmp

Download
memory/1620-130-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1620-135-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1620-131-0x0000000000030000-0x0000000000034000-memory.dmp

Filesize
16KB

Download
memory/1808-335-0x0000000000000000-mapping.dmp

Download
memory/1840-265-0x0000000000000000-mapping.dmp

Download
memory/1948-187-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1948-191-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1948-188-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/1948-183-0x0000000000000000-mapping.dmp

Download
memory/1980-199-0x0000000000000000-mapping.dmp

Download
memory/1980-203-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/1980-206-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1980-202-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1996-315-0x0000000000000000-mapping.dmp

Download
memory/2336-280-0x0000000000000000-mapping.dmp

Download
memory/2676-299-0x0000000000000000-mapping.dmp

Download
memory/2776-327-0x0000000000000000-mapping.dmp

Download
memory/2976-227-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/2976-228-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/2976-224-0x0000000000000000-mapping.dmp

Download
memory/2976-231-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3052-270-0x0000000000000000-mapping.dmp

Download
memory/3220-234-0x0000000000000000-mapping.dmp

Download
memory/3456-254-0x0000000000000000-mapping.dmp

Download
memory/3484-239-0x0000000000000000-mapping.dmp

Download
memory/3492-150-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3492-143-0x0000000000000000-mapping.dmp

Download
memory/3492-146-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3492-147-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/3772-178-0x0000000000000000-mapping.dmp

Download
memory/3772-186-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/3772-185-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3772-181-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3772-182-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/3876-226-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3876-219-0x0000000000000000-mapping.dmp

Download
memory/3876-222-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3876-223-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/3940-162-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/3940-165-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3940-161-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/3940-158-0x0000000000000000-mapping.dmp

Download
memory/3976-285-0x0000000000000000-mapping.dmp

Download
memory/4012-290-0x0000000000000000-mapping.dmp

Download
memory/4184-176-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4184-180-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4184-177-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/4184-173-0x0000000000000000-mapping.dmp

Download
memory/4216-275-0x0000000000000000-mapping.dmp

Download
memory/4284-244-0x0000000000000000-mapping.dmp

Download
memory/4324-214-0x0000000000000000-mapping.dmp

Download
memory/4324-221-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4324-218-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/4324-217-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4400-155-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4400-148-0x0000000000000000-mapping.dmp

Download
memory/4400-151-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4400-152-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/4448-303-0x0000000000000000-mapping.dmp

Download
memory/4528-323-0x0000000000000000-mapping.dmp

Download
memory/4548-331-0x0000000000000000-mapping.dmp

Download
memory/4560-201-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4560-194-0x0000000000000000-mapping.dmp

Download
memory/4560-198-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/4560-197-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4664-175-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4664-171-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4664-172-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/4664-168-0x0000000000000000-mapping.dmp

Download
memory/5000-307-0x0000000000000000-mapping.dmp

Download
memory/5004-295-0x0000000000000000-mapping.dmp

Download
memory/5032-233-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/5032-232-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/5032-229-0x0000000000000000-mapping.dmp

Download
memory/5032-236-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/5044-311-0x0000000000000000-mapping.dmp

Download
memory/5064-137-0x0000000000030000-0x0000000000034000-memory.dmp

Filesize
16KB

Download
memory/5064-140-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/5064-136-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/5064-132-0x0000000000000000-mapping.dmp

Download
memory/5088-204-0x0000000000000000-mapping.dmp

Download
memory/5088-207-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/5088-208-0x0000000000020000-0x0000000000024000-memory.dmp

Filesize
16KB

Download
memory/5088-211-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download