metasploit | 2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

Analysis

max time kernel
215s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
Size

172KB
MD5

6b71c6fc0be00422746b0a401190787f
SHA1

fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7
SHA256

2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b
SHA512

95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc
SSDEEP

3072:z3UPm+bvOh8olvVMZkwkS/KmB/FsewXd/5PZhnzOJLF0bATa80hG6:MvYRliZtkm/FXwXHPZVzWaAG86G6

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 31 IoCs

Processes:

igfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

pid	process
4712	igfxwl32.exe
1288	igfxwl32.exe
3864	igfxwl32.exe
2576	igfxwl32.exe
4420	igfxwl32.exe
260	igfxwl32.exe
1860	igfxwl32.exe
2596	igfxwl32.exe
1780	igfxwl32.exe
768	igfxwl32.exe
2836	igfxwl32.exe
1844	igfxwl32.exe
2280	igfxwl32.exe
4624	igfxwl32.exe
1864	igfxwl32.exe
5096	igfxwl32.exe
1952	igfxwl32.exe
2316	igfxwl32.exe
3776	igfxwl32.exe
3144	igfxwl32.exe
536	igfxwl32.exe
2612	igfxwl32.exe
5040	igfxwl32.exe
3164	igfxwl32.exe
4508	igfxwl32.exe
3960	igfxwl32.exe
3656	igfxwl32.exe
1652	igfxwl32.exe
4340	igfxwl32.exe
912	igfxwl32.exe
2696	igfxwl32.exe

UPX packed file 37 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4844-134-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4844-137-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4844-138-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4844-139-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4844-143-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1288-150-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1288-151-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1288-152-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1288-155-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2576-164-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2576-167-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/260-176-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/260-179-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2596-188-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2596-191-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/768-200-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/768-204-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1844-213-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1844-216-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4624-225-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4624-229-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/5096-238-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/5096-241-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2316-250-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2316-253-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3144-262-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3144-265-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2612-274-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2612-277-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3164-286-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3164-289-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3960-298-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3960-301-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1652-310-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1652-313-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/912-322-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/912-325-0x0000000000400000-0x0000000000466000-memory.dmp	upx

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	igfxwl32.exe

Maps connected drives based on registry 3 TTPs 32 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

igfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	igfxwl32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	igfxwl32.exe

Drops file in System32 directory 48 IoCs

Processes:

igfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File created	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe
File opened for modification	C:\Windows\SysWOW64\igfxwl32.exe	igfxwl32.exe

Suspicious use of SetThreadContext 16 IoCs

Processes:

description	pid	process	target process
PID 1460 set thread context of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 4712 set thread context of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 3864 set thread context of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 4420 set thread context of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 1860 set thread context of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1780 set thread context of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 2836 set thread context of 1844	2836	igfxwl32.exe	igfxwl32.exe
PID 2280 set thread context of 4624	2280	igfxwl32.exe	igfxwl32.exe
PID 1864 set thread context of 5096	1864	igfxwl32.exe	igfxwl32.exe
PID 1952 set thread context of 2316	1952	igfxwl32.exe	igfxwl32.exe
PID 3776 set thread context of 3144	3776	igfxwl32.exe	igfxwl32.exe
PID 536 set thread context of 2612	536	igfxwl32.exe	igfxwl32.exe
PID 5040 set thread context of 3164	5040	igfxwl32.exe	igfxwl32.exe
PID 4508 set thread context of 3960	4508	igfxwl32.exe	igfxwl32.exe
PID 3656 set thread context of 1652	3656	igfxwl32.exe	igfxwl32.exe
PID 4340 set thread context of 912	4340	igfxwl32.exe	igfxwl32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 16 IoCs

Processes:

igfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	igfxwl32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

pid	process
4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
1288	igfxwl32.exe
1288	igfxwl32.exe
1288	igfxwl32.exe
1288	igfxwl32.exe
2576	igfxwl32.exe
2576	igfxwl32.exe
2576	igfxwl32.exe
2576	igfxwl32.exe
260	igfxwl32.exe
260	igfxwl32.exe
260	igfxwl32.exe
260	igfxwl32.exe
2596	igfxwl32.exe
2596	igfxwl32.exe
2596	igfxwl32.exe
2596	igfxwl32.exe
768	igfxwl32.exe
768	igfxwl32.exe
768	igfxwl32.exe
768	igfxwl32.exe
1844	igfxwl32.exe
1844	igfxwl32.exe
1844	igfxwl32.exe
1844	igfxwl32.exe
4624	igfxwl32.exe
4624	igfxwl32.exe
4624	igfxwl32.exe
4624	igfxwl32.exe
5096	igfxwl32.exe
5096	igfxwl32.exe
5096	igfxwl32.exe
5096	igfxwl32.exe
2316	igfxwl32.exe
2316	igfxwl32.exe
2316	igfxwl32.exe
2316	igfxwl32.exe
3144	igfxwl32.exe
3144	igfxwl32.exe
3144	igfxwl32.exe
3144	igfxwl32.exe
2612	igfxwl32.exe
2612	igfxwl32.exe
2612	igfxwl32.exe
2612	igfxwl32.exe
3164	igfxwl32.exe
3164	igfxwl32.exe
3164	igfxwl32.exe
3164	igfxwl32.exe
3960	igfxwl32.exe
3960	igfxwl32.exe
3960	igfxwl32.exe
3960	igfxwl32.exe
1652	igfxwl32.exe
1652	igfxwl32.exe
1652	igfxwl32.exe
1652	igfxwl32.exe
912	igfxwl32.exe
912	igfxwl32.exe
912	igfxwl32.exe
912	igfxwl32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exeigfxwl32.exe

description	pid	process	target process
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 1460 wrote to memory of 4844	1460	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
PID 4844 wrote to memory of 4712	4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	igfxwl32.exe
PID 4844 wrote to memory of 4712	4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	igfxwl32.exe
PID 4844 wrote to memory of 4712	4844	2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 4712 wrote to memory of 1288	4712	igfxwl32.exe	igfxwl32.exe
PID 1288 wrote to memory of 3864	1288	igfxwl32.exe	igfxwl32.exe
PID 1288 wrote to memory of 3864	1288	igfxwl32.exe	igfxwl32.exe
PID 1288 wrote to memory of 3864	1288	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 3864 wrote to memory of 2576	3864	igfxwl32.exe	igfxwl32.exe
PID 2576 wrote to memory of 4420	2576	igfxwl32.exe	igfxwl32.exe
PID 2576 wrote to memory of 4420	2576	igfxwl32.exe	igfxwl32.exe
PID 2576 wrote to memory of 4420	2576	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 4420 wrote to memory of 260	4420	igfxwl32.exe	igfxwl32.exe
PID 260 wrote to memory of 1860	260	igfxwl32.exe	igfxwl32.exe
PID 260 wrote to memory of 1860	260	igfxwl32.exe	igfxwl32.exe
PID 260 wrote to memory of 1860	260	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 1860 wrote to memory of 2596	1860	igfxwl32.exe	igfxwl32.exe
PID 2596 wrote to memory of 1780	2596	igfxwl32.exe	igfxwl32.exe
PID 2596 wrote to memory of 1780	2596	igfxwl32.exe	igfxwl32.exe
PID 2596 wrote to memory of 1780	2596	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 1780 wrote to memory of 768	1780	igfxwl32.exe	igfxwl32.exe
PID 768 wrote to memory of 2836	768	igfxwl32.exe	igfxwl32.exe
PID 768 wrote to memory of 2836	768	igfxwl32.exe	igfxwl32.exe
PID 768 wrote to memory of 2836	768	igfxwl32.exe	igfxwl32.exe
PID 2836 wrote to memory of 1844	2836	igfxwl32.exe	igfxwl32.exe
PID 2836 wrote to memory of 1844	2836	igfxwl32.exe	igfxwl32.exe
PID 2836 wrote to memory of 1844	2836	igfxwl32.exe	igfxwl32.exe
PID 2836 wrote to memory of 1844	2836	igfxwl32.exe	igfxwl32.exe

C:\Users\Admin\AppData\Local\Temp\2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
"C:\Users\Admin\AppData\Local\Temp\2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1460

C:\Users\Admin\AppData\Local\Temp\2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe
"C:\Users\Admin\AppData\Local\Temp\2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b.exe"
2⤵
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Users\Admin\AppData\Local\Temp\2788F9~1.EXE
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4712

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Users\Admin\AppData\Local\Temp\2788F9~1.EXE
4⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3864

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
6⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2576

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4420

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
8⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:260

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1860

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
10⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2596

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1780

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
12⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:768

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2836

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
14⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1844

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2280

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
16⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4624

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1864

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
18⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5096

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1952

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
20⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2316

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3776

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
22⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3144

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:536

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
24⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2612

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5040

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
26⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3164

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4508

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
28⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3960

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3656

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
30⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1652

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4340

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
32⤵
- Executes dropped EXE
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:912

C:\Windows\SysWOW64\igfxwl32.exe
"C:\Windows\system32\igfxwl32.exe" C:\Windows\SysWOW64\igfxwl32.exe
33⤵
- Executes dropped EXE
PID:2696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
C:\Windows\SysWOW64\igfxwl32.exe

Filesize
172KB

MD5
6b71c6fc0be00422746b0a401190787f

SHA1
fd3ab8b7a192403e0f8a38ecf01a5d5da9a743a7

SHA256
2788f9db07447f64daf86f36af3b572df004974e35dd362fab9ab794ec9f7a1b

SHA512
95ee4a8ac69da10fc2a78505e3779a5f2bd9381588df711b9720a943ce9d379f029e8cc49cf8e45f0b0d261d9ffaa4b3ba1ba06418d3ac7c788deac1880f73bc

Download Submit
\??\PIPE\srvsvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\PIPE\srvsvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/260-169-0x0000000000000000-mapping.dmp

Download
memory/260-176-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/260-179-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/536-271-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/536-266-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/536-263-0x0000000000000000-mapping.dmp

Download
memory/768-193-0x0000000000000000-mapping.dmp

Download
memory/768-200-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/768-204-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/912-325-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/912-322-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/912-315-0x0000000000000000-mapping.dmp

Download
memory/1288-152-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1288-151-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1288-150-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1288-145-0x0000000000000000-mapping.dmp

Download
memory/1288-155-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1460-135-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1460-132-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1652-303-0x0000000000000000-mapping.dmp

Download
memory/1652-313-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1652-310-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1780-192-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1780-196-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1780-189-0x0000000000000000-mapping.dmp

Download
memory/1844-206-0x0000000000000000-mapping.dmp

Download
memory/1844-213-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1844-216-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1860-177-0x0000000000000000-mapping.dmp

Download
memory/1860-180-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1860-184-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1864-230-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1864-235-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1864-227-0x0000000000000000-mapping.dmp

Download
memory/1952-242-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1952-246-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1952-239-0x0000000000000000-mapping.dmp

Download
memory/2280-222-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2280-217-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2280-214-0x0000000000000000-mapping.dmp

Download
memory/2316-250-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2316-243-0x0000000000000000-mapping.dmp

Download
memory/2316-253-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2576-157-0x0000000000000000-mapping.dmp

Download
memory/2576-167-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2576-164-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2596-181-0x0000000000000000-mapping.dmp

Download
memory/2596-188-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2596-191-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2612-274-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2612-277-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2612-267-0x0000000000000000-mapping.dmp

Download
memory/2696-323-0x0000000000000000-mapping.dmp

Download
memory/2836-205-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2836-202-0x0000000000000000-mapping.dmp

Download
memory/2836-208-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3144-265-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3144-262-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3144-255-0x0000000000000000-mapping.dmp

Download
memory/3164-289-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3164-286-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3164-279-0x0000000000000000-mapping.dmp

Download
memory/3656-302-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3656-299-0x0000000000000000-mapping.dmp

Download
memory/3656-306-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3776-254-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3776-258-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3776-251-0x0000000000000000-mapping.dmp

Download
memory/3864-161-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3864-153-0x0000000000000000-mapping.dmp

Download
memory/3864-156-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3960-298-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3960-301-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3960-291-0x0000000000000000-mapping.dmp

Download
memory/4340-318-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4340-314-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4340-311-0x0000000000000000-mapping.dmp

Download
memory/4420-165-0x0000000000000000-mapping.dmp

Download
memory/4420-168-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4420-174-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4508-290-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4508-287-0x0000000000000000-mapping.dmp

Download
memory/4508-296-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4624-218-0x0000000000000000-mapping.dmp

Download
memory/4624-225-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4624-229-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4712-140-0x0000000000000000-mapping.dmp

Download
memory/4712-149-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4712-144-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4844-138-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4844-143-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4844-133-0x0000000000000000-mapping.dmp

Download
memory/4844-134-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4844-137-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4844-139-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5040-283-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5040-275-0x0000000000000000-mapping.dmp

Download
memory/5040-278-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5096-238-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5096-231-0x0000000000000000-mapping.dmp

Download
memory/5096-241-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download