b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966

Analysis

max time kernel
144s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
31-10-2022 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
Size

6.2MB
MD5

9014699a076a82ce38a9563f3d05cb83
SHA1

f6af65392887bf3345d4fc7ca01fc17517f6adca
SHA256

b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966
SHA512

dd6b2420874f2cace7c8aa2023bbbc94ca23cdf7d8b3796176c3d3794573164af8f1b69a9249537cd00918d6c24e76e6013b146306a4bb16b2c933c878e74e56
SSDEEP

196608:gIuMqEVoIkJuuE11rHeLPDRIc0MJRNxha1Se0DJgKd2v:qMBqBuuE11reLFFVRN8Se0Dp

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 14 IoCs

flow	pid	Process
3	4748	rundll32.exe
4	4992	rundll32.exe
8	4272	rundll32.exe
9	4748	rundll32.exe
10	4992	rundll32.exe
11	4748	rundll32.exe
12	4992	rundll32.exe
14	4272	rundll32.exe
15	824	rundll32.exe
16	528	rundll32.exe
17	824	rundll32.exe
18	1920	rundll32.exe
19	528	rundll32.exe
20	1920	rundll32.exe

Loads dropped DLL 11 IoCs

pid	Process
4748	rundll32.exe
4992	rundll32.exe
4272	rundll32.exe
4272	rundll32.exe
824	rundll32.exe
824	rundll32.exe
528	rundll32.exe
1920	rundll32.exe
4948	rundll32.exe
4908	rundll32.exe
4152	rundll32.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4748 set thread context of 380	4748	rundll32.exe	138

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2624	4036	WerFault.exe	65
4364	4036	WerFault.exe	65
4280	4036	WerFault.exe	65
1356	4036	WerFault.exe	65
2724	4036	WerFault.exe	65
1252	4036	WerFault.exe	65
3704	4036	WerFault.exe	65
3756	4036	WerFault.exe	65
3196	4356	WerFault.exe	74
4020	4356	WerFault.exe	74
4776	4356	WerFault.exe	74
3208	4356	WerFault.exe	74
4360	4356	WerFault.exe	74
4444	4356	WerFault.exe	74
3864	4356	WerFault.exe	74
4972	4356	WerFault.exe	74
3820	528	WerFault.exe	84
4976	528	WerFault.exe	84
4212	528	WerFault.exe	84
2076	528	WerFault.exe	84
3956	528	WerFault.exe	84
3104	528	WerFault.exe	84
3516	528	WerFault.exe	84
4076	528	WerFault.exe	84
4852	528	WerFault.exe	84
4752	4352	WerFault.exe	95
3336	4352	WerFault.exe	95
3012	4352	WerFault.exe	95
4432	4352	WerFault.exe	95
3812	4352	WerFault.exe	95
4912	4352	WerFault.exe	95
4856	4352	WerFault.exe	95
1296	4352	WerFault.exe	95
1984	4960	WerFault.exe	105
4812	4960	WerFault.exe	105
1600	4960	WerFault.exe	105
2268	4960	WerFault.exe	105
4256	4960	WerFault.exe	105
4280	4960	WerFault.exe	105
1068	4960	WerFault.exe	105
2688	4960	WerFault.exe	105
3624	3900	WerFault.exe	115
4952	3900	WerFault.exe	115
4008	3900	WerFault.exe	115
4336	3900	WerFault.exe	115
764	3900	WerFault.exe	115
1556	3900	WerFault.exe	115
1480	3900	WerFault.exe	115
1432	3900	WerFault.exe	115
4004	488	WerFault.exe	125
2204	488	WerFault.exe	125
3448	488	WerFault.exe	125
2280	488	WerFault.exe	125
4736	488	WerFault.exe	125
1092	488	WerFault.exe	125
4684	488	WerFault.exe	125
4744	488	WerFault.exe	125
536	2088	WerFault.exe	135
1512	2088	WerFault.exe	135
4020	2088	WerFault.exe	135
4764	2088	WerFault.exe	135
4880	2088	WerFault.exe	135
3888	2088	WerFault.exe	135
2516	2088	WerFault.exe	135

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c0043465346160031000000000000000000100041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004100700070004400610074006100000042000000	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 50003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014000000	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4e003100000000005f554930100054656d7000003a0009000400efbe0c554b885f5549302e000000000000000000000000000000000000000000000000001aba5500540065006d007000000014000000	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
380	rundll32.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4356	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	74
PID 4036 wrote to memory of 4356	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	74
PID 4036 wrote to memory of 4356	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	74
PID 4036 wrote to memory of 4748	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	79
PID 4036 wrote to memory of 4748	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	79
PID 4036 wrote to memory of 4748	4036	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	79
PID 4356 wrote to memory of 528	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	84
PID 4356 wrote to memory of 528	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	84
PID 4356 wrote to memory of 528	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	84
PID 4356 wrote to memory of 4992	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	85
PID 4356 wrote to memory of 4992	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	85
PID 4356 wrote to memory of 4992	4356	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	85
PID 528 wrote to memory of 4352	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	95
PID 528 wrote to memory of 4352	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	95
PID 528 wrote to memory of 4352	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	95
PID 528 wrote to memory of 4272	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	96
PID 528 wrote to memory of 4272	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	96
PID 528 wrote to memory of 4272	528	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	96
PID 4352 wrote to memory of 4960	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	105
PID 4352 wrote to memory of 4960	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	105
PID 4352 wrote to memory of 4960	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	105
PID 4352 wrote to memory of 824	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	106
PID 4352 wrote to memory of 824	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	106
PID 4352 wrote to memory of 824	4352	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	106
PID 4960 wrote to memory of 3900	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	115
PID 4960 wrote to memory of 3900	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	115
PID 4960 wrote to memory of 3900	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	115
PID 4960 wrote to memory of 528	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	117
PID 4960 wrote to memory of 528	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	117
PID 4960 wrote to memory of 528	4960	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	117
PID 3900 wrote to memory of 488	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	125
PID 3900 wrote to memory of 488	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	125
PID 3900 wrote to memory of 488	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	125
PID 3900 wrote to memory of 1920	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	126
PID 3900 wrote to memory of 1920	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	126
PID 3900 wrote to memory of 1920	3900	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	126
PID 488 wrote to memory of 2088	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	135
PID 488 wrote to memory of 2088	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	135
PID 488 wrote to memory of 2088	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	135
PID 488 wrote to memory of 4948	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	136
PID 488 wrote to memory of 4948	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	136
PID 488 wrote to memory of 4948	488	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	136
PID 4748 wrote to memory of 380	4748	rundll32.exe	138
PID 4748 wrote to memory of 380	4748	rundll32.exe	138
PID 4748 wrote to memory of 380	4748	rundll32.exe	138
PID 2088 wrote to memory of 2800	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	149
PID 2088 wrote to memory of 2800	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	149
PID 2088 wrote to memory of 2800	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	149
PID 2088 wrote to memory of 4908	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	147
PID 2088 wrote to memory of 4908	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	147
PID 2088 wrote to memory of 4908	2088	b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe	147

C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
"C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 600
  2⤵
  - Program crash
  PID:2624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 860
  2⤵
  - Program crash
  PID:4364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 956
  2⤵
  - Program crash
  PID:4280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1032
  2⤵
  - Program crash
  PID:1356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1072
  2⤵
  - Program crash
  PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1040
  2⤵
  - Program crash
  PID:1252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1096
  2⤵
  - Program crash
  PID:3704
- C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
  "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4356
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 568
    3⤵
    - Program crash
    PID:3196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 916
    3⤵
    - Program crash
    PID:4020
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 1012
    3⤵
    - Program crash
    PID:4776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 972
    3⤵
    - Program crash
    PID:3208
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 1044
    3⤵
    - Program crash
    PID:4360
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 988
    3⤵
    - Program crash
    PID:4444
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 1072
    3⤵
    - Program crash
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
    "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 568
      4⤵
      Program crash
      PID:3820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 916
      4⤵
      Program crash
      PID:4976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 996
      4⤵
      Program crash
      PID:4212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 964
      4⤵
      Program crash
      PID:2076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 1048
      4⤵
      Program crash
      PID:3956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 1000
      4⤵
      Program crash
      PID:3104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 980
      4⤵
      Program crash
      PID:3516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 1116
      4⤵
      Program crash
      PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
      "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 568
        5⤵
        Program crash
        
        PID:4752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 928
        5⤵
        Program crash
        
        PID:3336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 1016
        5⤵
        Program crash
        
        PID:3012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 980
        5⤵
        Program crash
        
        PID:4432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 1044
        5⤵
        Program crash
        
        PID:3812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 1084
        5⤵
        Program crash
        
        PID:4912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 1124
        5⤵
        Program crash
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 568
        6⤵
        Program crash
        
        PID:1984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 916
        6⤵
        Program crash
        
        PID:4812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 932
        6⤵
        Program crash
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1000
        6⤵
        Program crash
        
        PID:2268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1044
        6⤵
        Program crash
        
        PID:4256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1060
        6⤵
        Program crash
        
        PID:4280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 952
        6⤵
        Program crash
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 568
        7⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 944
        7⤵
        Program crash
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1016
        7⤵
        Program crash
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 980
        7⤵
        Program crash
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1044
        7⤵
        Program crash
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1008
        7⤵
        Program crash
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1108
        7⤵
        Program crash
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 568
        8⤵
        Program crash
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 920
        8⤵
        Program crash
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 928
        8⤵
        Program crash
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 1000
        8⤵
        Program crash
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 1044
        8⤵
        Program crash
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 1020
        8⤵
        Program crash
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 1056
        8⤵
        Program crash
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 568
        9⤵
        Program crash
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 920
        9⤵
        Program crash
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 892
        9⤵
        Program crash
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1004
        9⤵
        Program crash
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1044
        9⤵
        Program crash
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1020
        9⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1056
        9⤵
        Program crash
        
        PID:2516
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        9⤵
        Loads dropped DLL
        Checks processor information in registry
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1128
        9⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        9⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 568
        10⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 860
        10⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1008
        10⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 952
        10⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1044
        10⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1088
        10⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1132
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        10⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 568
        11⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 928
        11⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 948
        11⤵
        
        PID:520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 908
        11⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 1044
        11⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 1084
        11⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 1112
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe
        
        "C:\Users\Admin\AppData\Local\Temp\b5848a83437d7d0e1a3b9590a1bd4298f51b1d06892fca5b6a562d9831f77966.exe"
        11⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        11⤵
        
        PID:3076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 1180
        11⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        10⤵
        Loads dropped DLL
        Checks processor information in registry
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 1168
        10⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        8⤵
        Loads dropped DLL
        Checks processor information in registry
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 1172
        8⤵
        Program crash
        
        PID:4744
        
        C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        7⤵
        Blocklisted process makes network request
        Loads dropped DLL
        Checks processor information in registry
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1152
        7⤵
        Program crash
        
        PID:1432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 1132
        6⤵
        Program crash
        
        PID:2688
      - C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        6⤵
        Blocklisted process makes network request
        Loads dropped DLL
        Checks processor information in registry
        
        PID:528
    - - C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
        5⤵
        Blocklisted process makes network request
        Loads dropped DLL
        Checks processor information in registry
        
        PID:824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 1016
        5⤵
        Program crash
        
        PID:1296
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      Checks processor information in registry
      PID:4272
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 1172
      4⤵
      Program crash
      PID:4852
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - Checks processor information in registry
    PID:4992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 876
    3⤵
    - Program crash
    PID:4972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 1160
  2⤵
  - Program crash
  PID:3756
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll,start
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 14026
    3⤵
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    PID:380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
340B

MD5
4feca3183f30994f882e2091f1086257

SHA1
206761c23c3d6b12357181954d9a4a304b3c7c46

SHA256
6b50ad4a5269f7344143e289047acbc4ad5782e0a578588e63e09f95132f8be3

SHA512
83490b6496c0d0491a55e65283ba4857348ceb35a8665ecb5cf3a0147d4fedd112153db98ff66cdcfa3e28681c2e76acca6a6eee083f228890b30e451e0e25e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
2ef6e29beb5a5675bdbd051fd7abd481

SHA1
e6d9bc93290fb739c9584a5526dd35357760a023

SHA256
e4623252cce1170f93d5ad1f8116b716d8b7a88a4b5a9bd1129feeda882a038c

SHA512
383195bc6c69cbc6991ea3e4c20c64fc64345b84817a9741955e1631fd0fbc72b1dce2da60a3f35ebde75e443f499044d7befc5ea679db7c4239bf0eaebeb839

Download Submit
C:\Users\Admin\AppData\Local\Temp\36ac939d-7c03-41e3-bce6-853cd9d3ec6b\1713683155.pri

Filesize
3KB

MD5
3d2f97aca704836e5a440db3c2b2d5f8

SHA1
b4710c16a79a3880ec3df0ba37a27dbb60021b0b

SHA256
af2fc4069e6e84d29d5a4cd37c52713337ffac0c2df1f2cc02c1ade946a817db

SHA512
e55f72d13fb241c124c43ad69f90ca4eaf7bb696505990925e997f6ffe3fda775bc3892437694ee596ed42a11dbc83496cd4f22fa1b61ac45db81bf0ac8980a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\36ac939d-7c03-41e3-bce6-853cd9d3ec6b\1713683155.pri

Filesize
3KB

MD5
3d2f97aca704836e5a440db3c2b2d5f8

SHA1
b4710c16a79a3880ec3df0ba37a27dbb60021b0b

SHA256
af2fc4069e6e84d29d5a4cd37c52713337ffac0c2df1f2cc02c1ade946a817db

SHA512
e55f72d13fb241c124c43ad69f90ca4eaf7bb696505990925e997f6ffe3fda775bc3892437694ee596ed42a11dbc83496cd4f22fa1b61ac45db81bf0ac8980a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\36ac939d-7c03-41e3-bce6-853cd9d3ec6b\1713683155.pri

Filesize
3KB

MD5
3d2f97aca704836e5a440db3c2b2d5f8

SHA1
b4710c16a79a3880ec3df0ba37a27dbb60021b0b

SHA256
af2fc4069e6e84d29d5a4cd37c52713337ffac0c2df1f2cc02c1ade946a817db

SHA512
e55f72d13fb241c124c43ad69f90ca4eaf7bb696505990925e997f6ffe3fda775bc3892437694ee596ed42a11dbc83496cd4f22fa1b61ac45db81bf0ac8980a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\65674a6f-b481-48cb-93bf-10db39452100\3516841636.pri

Filesize
2KB

MD5
6f0067066c578e540dd4276c2b8e03ae

SHA1
a9eef9032b9a005aa6de0d398d542f5714f3d829

SHA256
9cc023bd420a9582336fc2ecdb3d8d21fd7f9a3e8dfd824b5ea3266864bd6a4f

SHA512
db4aa55c2afbea8380ccc3302011d0945f76cde0b3d8703e8df0aea5a964a1bf65f940ec88e9fe3b98560fda5e83e13c2a47f9a8ff300accadacb11c86b94e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\65674a6f-b481-48cb-93bf-10db39452100\3516841636.pri

Filesize
2KB

MD5
6f0067066c578e540dd4276c2b8e03ae

SHA1
a9eef9032b9a005aa6de0d398d542f5714f3d829

SHA256
9cc023bd420a9582336fc2ecdb3d8d21fd7f9a3e8dfd824b5ea3266864bd6a4f

SHA512
db4aa55c2afbea8380ccc3302011d0945f76cde0b3d8703e8df0aea5a964a1bf65f940ec88e9fe3b98560fda5e83e13c2a47f9a8ff300accadacb11c86b94e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\65674a6f-b481-48cb-93bf-10db39452100\3516841636.pri

Filesize
2KB

MD5
6f0067066c578e540dd4276c2b8e03ae

SHA1
a9eef9032b9a005aa6de0d398d542f5714f3d829

SHA256
9cc023bd420a9582336fc2ecdb3d8d21fd7f9a3e8dfd824b5ea3266864bd6a4f

SHA512
db4aa55c2afbea8380ccc3302011d0945f76cde0b3d8703e8df0aea5a964a1bf65f940ec88e9fe3b98560fda5e83e13c2a47f9a8ff300accadacb11c86b94e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\8757935e-b863-42bf-af21-285a935a7fd9\3950266016.pri

Filesize
3KB

MD5
2bf467eb5b9849766bbeaf369f660932

SHA1
379ecc09f68d991e26b042e05733249f24abf6f1

SHA256
d94477eb5e0e2211a80cceeaaa6e4ca2d3a2fa601399a3c3d305b91c79f729fb

SHA512
a61ee3201065c8e6a486d7e51273ff753364af636247cb7181fa92d0c21a60e76b5c7b46a21cd6e0c6b8de7b32f92738129983e7ccb7ac992cd1061b4aa33f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\8757935e-b863-42bf-af21-285a935a7fd9\3950266016.pri

Filesize
3KB

MD5
2bf467eb5b9849766bbeaf369f660932

SHA1
379ecc09f68d991e26b042e05733249f24abf6f1

SHA256
d94477eb5e0e2211a80cceeaaa6e4ca2d3a2fa601399a3c3d305b91c79f729fb

SHA512
a61ee3201065c8e6a486d7e51273ff753364af636247cb7181fa92d0c21a60e76b5c7b46a21cd6e0c6b8de7b32f92738129983e7ccb7ac992cd1061b4aa33f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
b163b776519da306467ff9d1eff5356c

SHA1
9d214fe1cfdccbe5a590cf947f9045b74dfa7426

SHA256
76ba28d02233c54a5e64c04837ff2fae512a5a8c78ad3ffcfdf5aed26c0796d0

SHA512
ec67f2a40779512c6d9a612f12a9e0ac9e7503227851ebde62d429ad594d0234a62da5c6217ba8542e20d76930992a0b846b9b0ee07e556e27546e19166fe088

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
b163b776519da306467ff9d1eff5356c

SHA1
9d214fe1cfdccbe5a590cf947f9045b74dfa7426

SHA256
76ba28d02233c54a5e64c04837ff2fae512a5a8c78ad3ffcfdf5aed26c0796d0

SHA512
ec67f2a40779512c6d9a612f12a9e0ac9e7503227851ebde62d429ad594d0234a62da5c6217ba8542e20d76930992a0b846b9b0ee07e556e27546e19166fe088

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\HMAHKCMS-20220812-1715.log

Filesize
59KB

MD5
0d8a13360ce2ff8ac5c7c1fb1e076a51

SHA1
90172eead484de8ebeada4063cc5cc14c53fcacb

SHA256
88ea40be3a67af7a6f49a226f174fca668a4e68beca7670e3d2be0c3cee13a20

SHA512
b287d05c2e2cc095c7096a37f191b725dfab36abfdfebe4e2d8419da11cab4438e5502f91be447154061ac33ec7e6dbea5f9ccf055434ce7438acc3d74f08116

Download Submit
C:\Users\Admin\AppData\Local\Temp\HMAHKCMS-20220812-1715.log

Filesize
59KB

MD5
0d8a13360ce2ff8ac5c7c1fb1e076a51

SHA1
90172eead484de8ebeada4063cc5cc14c53fcacb

SHA256
88ea40be3a67af7a6f49a226f174fca668a4e68beca7670e3d2be0c3cee13a20

SHA512
b287d05c2e2cc095c7096a37f191b725dfab36abfdfebe4e2d8419da11cab4438e5502f91be447154061ac33ec7e6dbea5f9ccf055434ce7438acc3d74f08116

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
25KB

MD5
b90acd601990c58e3e02861ee4db7a8a

SHA1
5bfd3f2d96b7e5e87d972b9e1f067be0828c4fa5

SHA256
f8f166baa75f51dca6c20c4ca46cb54199651d6892f1288f174f1e2787acd6db

SHA512
74599f9a8c4b0af9b8163673ff025ac979ba548f8bf187a994eefb2cbc5a558911241c751b9a0d790b9a0f897c693ef3a994b909add6fb4ba15dac685f665330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20220812_170737911.html

Filesize
1011KB

MD5
84e1f7f16673cb90eed24ad13dac8638

SHA1
2f711796c7e9ad63fab8ed2092619115fd8b40ee

SHA256
97a12f8345e4c134eccd71463c4f418bebbab86b4fe084d2729296932117c89d

SHA512
103e4103fb6d6870208dea860036260275d69583d3c11cb3781ba55444f107eb600101316dd43b2c30a8abf563f19c824ae5488c45a9b0e00eba5a9dc80a6d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Seeesisuoeiaqit.tmp

Filesize
3.5MB

MD5
30d9bc7452d5819b304b121c517a8f73

SHA1
ea1b8ffa9f4918a90dfd7f574b5b0694bedb1d01

SHA256
364c226e4aadbfbe0ba89b0eeb4e8346462cf33f8e4a26ba9cf6501f196f3710

SHA512
db2e7649e3bbfa81234442e70666bf966edf904f3f33551940af6c77dada6cd958be81c003c34d71eb929e3f7ce3d3aa4665135fb67f420092b03931209c8fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Seeesisuoeiaqit.tmp

Filesize
3.5MB

MD5
30d9bc7452d5819b304b121c517a8f73

SHA1
ea1b8ffa9f4918a90dfd7f574b5b0694bedb1d01

SHA256
364c226e4aadbfbe0ba89b0eeb4e8346462cf33f8e4a26ba9cf6501f196f3710

SHA512
db2e7649e3bbfa81234442e70666bf966edf904f3f33551940af6c77dada6cd958be81c003c34d71eb929e3f7ce3d3aa4665135fb67f420092b03931209c8fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Seeesisuoeiaqit.tmp

Filesize
3.5MB

MD5
30d9bc7452d5819b304b121c517a8f73

SHA1
ea1b8ffa9f4918a90dfd7f574b5b0694bedb1d01

SHA256
364c226e4aadbfbe0ba89b0eeb4e8346462cf33f8e4a26ba9cf6501f196f3710

SHA512
db2e7649e3bbfa81234442e70666bf966edf904f3f33551940af6c77dada6cd958be81c003c34d71eb929e3f7ce3d3aa4665135fb67f420092b03931209c8fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\adb5b809-dcd8-4d1f-89b5-ac5f00a9179c\1253081315.pri

Filesize
3KB

MD5
68b2d64b878603ee02fcebb9899c38e1

SHA1
fb517f2c2a85e6dc1d78096e8f92dbd860bccb48

SHA256
ceb103d831d43292b43e7c04016f586f89f7b6ca382905c51399e6fe13e471c6

SHA512
0e6db2b4484db790fc8ebeeee1d073986e4971766927d2ff4f7bcb08ec66e30a16a80d03b6866748fbbc91a59b0f11afb241ee9bb3b4d8783222c83a3e16e6fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-4236.log

Filesize
470B

MD5
e4fccdcc4926a68e29c2deb0134a0b18

SHA1
c1c2601ffa1b90d20f7ee210460a00a7cf4f589e

SHA256
e0d2ddccf3a07a1bd298cabb40eb5de80dde4d5e9f57204c0e3cfd9f827aa264

SHA512
eb04c8912027377f104f2da47d73106df9e09d1c71702295e14b9aad234a586456c75515ab65867fe129075b1ecee9153602135b5be12180f832808745b0bbb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b1d02180-c8d1-4f95-a31c-fb567fb0c70a\1713683155.pri

Filesize
3KB

MD5
3d2f97aca704836e5a440db3c2b2d5f8

SHA1
b4710c16a79a3880ec3df0ba37a27dbb60021b0b

SHA256
af2fc4069e6e84d29d5a4cd37c52713337ffac0c2df1f2cc02c1ade946a817db

SHA512
e55f72d13fb241c124c43ad69f90ca4eaf7bb696505990925e997f6ffe3fda775bc3892437694ee596ed42a11dbc83496cd4f22fa1b61ac45db81bf0ac8980a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
1KB

MD5
621a47a8f8d37f4b160bcb1f2472349b

SHA1
e9fc4762b404194d65c9c528e12f6da2296a1bd7

SHA256
8f1adbb2fbc6e7f241bed096976a5785e82aa88458898db62f13363384bb7c3c

SHA512
a546fc741e96e80b4cbd5fa33d2af866522323250f658e956a5c97fced8891161a41fa62b3c98c38134ca275adeddf8ea545b872f91fab625cdb70c9fee881a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
ef6cba98b56b621b1e4eccf16ee4bcfa

SHA1
eef325df8f5120f6593ec7c14249f9bcff1fce39

SHA256
83550d2afd2def565036b12a57f4fb8a0e449c0abba4d8842fbf57e270f88441

SHA512
2f65d79cd8b9a00fa97238ade3bf7159a3487d67d2cff003d503bb11fcaade1799260b2e49ba716b514adcec8579593328a91bb7c44675df177469e328570749

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
ef6cba98b56b621b1e4eccf16ee4bcfa

SHA1
eef325df8f5120f6593ec7c14249f9bcff1fce39

SHA256
83550d2afd2def565036b12a57f4fb8a0e449c0abba4d8842fbf57e270f88441

SHA512
2f65d79cd8b9a00fa97238ade3bf7159a3487d67d2cff003d503bb11fcaade1799260b2e49ba716b514adcec8579593328a91bb7c44675df177469e328570749

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
ef6cba98b56b621b1e4eccf16ee4bcfa

SHA1
eef325df8f5120f6593ec7c14249f9bcff1fce39

SHA256
83550d2afd2def565036b12a57f4fb8a0e449c0abba4d8842fbf57e270f88441

SHA512
2f65d79cd8b9a00fa97238ade3bf7159a3487d67d2cff003d503bb11fcaade1799260b2e49ba716b514adcec8579593328a91bb7c44675df177469e328570749

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

Filesize
2KB

MD5
92777c1cea53223a7a7d20156782a82a

SHA1
77d8f3ad40229692626e99f597f31631645f66d4

SHA256
6b679e0418f66a1416ec3b58c4592465f88c8d13d3e89596b011a76bbd89526c

SHA512
61ed84dd1d304af47f0c658721a3ff88a66a6820c67a3de8fcd54522ddc607b94da7a4bc83b7145573bf7189197e739c9f2beea2bda02a5ae192b36f2cd3cfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

Filesize
2KB

MD5
92777c1cea53223a7a7d20156782a82a

SHA1
77d8f3ad40229692626e99f597f31631645f66d4

SHA256
6b679e0418f66a1416ec3b58c4592465f88c8d13d3e89596b011a76bbd89526c

SHA512
61ed84dd1d304af47f0c658721a3ff88a66a6820c67a3de8fcd54522ddc607b94da7a4bc83b7145573bf7189197e739c9f2beea2bda02a5ae192b36f2cd3cfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

Filesize
2KB

MD5
92777c1cea53223a7a7d20156782a82a

SHA1
77d8f3ad40229692626e99f597f31631645f66d4

SHA256
6b679e0418f66a1416ec3b58c4592465f88c8d13d3e89596b011a76bbd89526c

SHA512
61ed84dd1d304af47f0c658721a3ff88a66a6820c67a3de8fcd54522ddc607b94da7a4bc83b7145573bf7189197e739c9f2beea2bda02a5ae192b36f2cd3cfd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI6D36.txt

Filesize
427KB

MD5
c1e3fbe55cf80921238239448fefc5b4

SHA1
fb623ce2243609ddb5fb36fa9ae1ac3765894a10

SHA256
7c7b42c9eb564e900c1255470033943179fcf6a5d41ec28999c20723db28da27

SHA512
31a7252b74d8d1c338062bc6cf7e773e9b161c331e8f14fa153cfd228597d9d113011919482a3d27068096d08faa5b8c82f93753dffc4eac295fff8eaf73142b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI6D36.txt

Filesize
427KB

MD5
c1e3fbe55cf80921238239448fefc5b4

SHA1
fb623ce2243609ddb5fb36fa9ae1ac3765894a10

SHA256
7c7b42c9eb564e900c1255470033943179fcf6a5d41ec28999c20723db28da27

SHA512
31a7252b74d8d1c338062bc6cf7e773e9b161c331e8f14fa153cfd228597d9d113011919482a3d27068096d08faa5b8c82f93753dffc4eac295fff8eaf73142b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI6D5D.txt

Filesize
415KB

MD5
5746eaeeaf3a8f270cc8703faf2989c2

SHA1
7dce15b949ccb4c1d0de8c7cad641b79d403f690

SHA256
96fade558e2c3242530cd22369d8484b54454799393aff59505b289c0d2d320b

SHA512
31c198c630682aef72d31cbb9a7df6000b9a75b274c2c5f0aa3f6e9fd2c91a185b2a1f2aee7b76e72e9358ff899f852329844e926e9adb766202a1741c52e89e

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI6D5D.txt

Filesize
11KB

MD5
86fd368f1bfd0b87df83108fe7155744

SHA1
57f824b7cb6e0c9addf5e24dc16791ec7fa4b5dd

SHA256
f56681d7a7bf3bd050ba3fe6d82135fe7143ca66f7d6d45d326d8c03e3f47446

SHA512
922ffb7dcbf5fe20b062cf7955452a98f11f8b63e256e74cfaa6aa2d1de019c5d1f520e0d11ce06be6f75fd8abb0f5003159be8eed5772dab3381034cd806245

Download Submit
C:\Users\Admin\AppData\Local\Temp\f80db9fd-af25-4938-9920-bed15f7e488d\3020113183.pri

Filesize
3KB

MD5
74569c19169a2e038295d05562d5da96

SHA1
fceaadfa602836b9f411753a8c397c45d75dc764

SHA256
4abc493ec8a55236df2e2ce505f53ecc9934c94a379189e7c901aa68ae005593

SHA512
1e4c79d9f1bb357c3b093b49e2f2b6629c99c38a835b43cd2ebeb4f97715989e68722c9b7ef2d0d4447eefccce67a1b9744357015de30e96464406ab1a306575

Download Submit
C:\Users\Admin\AppData\Local\Temp\f80db9fd-af25-4938-9920-bed15f7e488d\3020113183.pri

Filesize
3KB

MD5
74569c19169a2e038295d05562d5da96

SHA1
fceaadfa602836b9f411753a8c397c45d75dc764

SHA256
4abc493ec8a55236df2e2ce505f53ecc9934c94a379189e7c901aa68ae005593

SHA512
1e4c79d9f1bb357c3b093b49e2f2b6629c99c38a835b43cd2ebeb4f97715989e68722c9b7ef2d0d4447eefccce67a1b9744357015de30e96464406ab1a306575

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
266KB

MD5
b583c04abd54a1dbb7baeeee25bc195c

SHA1
c59e2e67bdaaab7bb01f4e5107a26e3bb15f8c33

SHA256
db7bec75b01820de79ccb93e5e28b556b03c0f7db708c8496271f5c491fa5f5b

SHA512
9d4765307d5e531c645745d097bee05bab1053864bafc3afae78090fe47ec85fc0b4055c0a67dfa4265abfc66124b65d0e3dc38719b236b2e0bfca1e4cec0d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9NBLGGH5Q1ZL_0_0010_.Public.InstallAgent.dat

Filesize
59KB

MD5
2a2397d66a4f17eaed59a7904ee8d1c2

SHA1
a0b08f8ea5c9abf6a67c50ed480a6e2f4c9b2ae7

SHA256
01391b3f059bf8de4f4cf1bcd556b896f24689bb2461a426cbc2b9522b1f6b0d

SHA512
4f4a9f901bf4ebd6f33f1b78691e32a1dc124f8486bf8e50a41e57512365dcabead47cbb0387a429c503b3ceec09ab58f02111527d45f8e2c9b738f1251af2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9NBLGGH5Q1ZL_0_0010_.Public.InstallAgent.dat

Filesize
59KB

MD5
2a2397d66a4f17eaed59a7904ee8d1c2

SHA1
a0b08f8ea5c9abf6a67c50ed480a6e2f4c9b2ae7

SHA256
01391b3f059bf8de4f4cf1bcd556b896f24689bb2461a426cbc2b9522b1f6b0d

SHA512
4f4a9f901bf4ebd6f33f1b78691e32a1dc124f8486bf8e50a41e57512365dcabead47cbb0387a429c503b3ceec09ab58f02111527d45f8e2c9b738f1251af2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9NBLGGH5Q1ZL_0_0010_.Public.InstallAgent.dat

Filesize
59KB

MD5
2a2397d66a4f17eaed59a7904ee8d1c2

SHA1
a0b08f8ea5c9abf6a67c50ed480a6e2f4c9b2ae7

SHA256
01391b3f059bf8de4f4cf1bcd556b896f24689bb2461a426cbc2b9522b1f6b0d

SHA512
4f4a9f901bf4ebd6f33f1b78691e32a1dc124f8486bf8e50a41e57512365dcabead47cbb0387a429c503b3ceec09ab58f02111527d45f8e2c9b738f1251af2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9NBLGGH6J6VK_0_0010_.Public.InstallAgent.dat

Filesize
74KB

MD5
5cf7529165ca134ed2a5465a654b49b7

SHA1
7af255da7685598e6bdc1085ff39755e45aba7b8

SHA256
04194ee3cd35e3a9b398433516d7ec8c04d15e6ede5b95932bce44b5bf29ed08

SHA512
90db8db369535945c378357cc8b90e77671f9d62ad2ae1a4923dba07bc695660932d2f243e9627d61aa34e0a5409f7b977da77422ff59e35a934a65f640e37b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9PHNB71MKR4J_0_0010_.Public.InstallAgent.dat

Filesize
64KB

MD5
efd344e33c47f0c6058aa188e07b50d0

SHA1
46af7722495b1926acf3fbb758c27f68a613d4bd

SHA256
605f40d42b2e7a9d0698999609dca21bebd1d97a91a8bb4b97b228bbdc472b53

SHA512
f0ff57f6065a931a2a0967062fa76485fe9fde3cbb53a2125a29656053ba49c5b8b30bd1714603da1da32c94e433429c0d79d78c010dcf26e913acc54ab2d6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9PHNB71MKR4J_0_0010_.Public.InstallAgent.dat

Filesize
64KB

MD5
efd344e33c47f0c6058aa188e07b50d0

SHA1
46af7722495b1926acf3fbb758c27f68a613d4bd

SHA256
605f40d42b2e7a9d0698999609dca21bebd1d97a91a8bb4b97b228bbdc472b53

SHA512
f0ff57f6065a931a2a0967062fa76485fe9fde3cbb53a2125a29656053ba49c5b8b30bd1714603da1da32c94e433429c0d79d78c010dcf26e913acc54ab2d6bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRCWFTB_0_0010_.Public.InstallAgent.dat

Filesize
65KB

MD5
dc7e6cc5a47edc01738a38ad70f9a8b3

SHA1
c07046f0a19ad63d830fc97b6d9a79c3ede32f42

SHA256
34d45b244945e8c37900145bb52afc763074b301ca5153d369ddb900199fccca

SHA512
8ac5a5ba64c70e608b5cef3e06aca9f7bc9a9da0a9e4c9527a1b24384109306b4e93f2e1cb19375fef7c972ee9ec15361d4b34bb0eb7f97d93c4d836a6a93f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRCWFTB_0_0010_.Public.InstallAgent.dat

Filesize
65KB

MD5
dc7e6cc5a47edc01738a38ad70f9a8b3

SHA1
c07046f0a19ad63d830fc97b6d9a79c3ede32f42

SHA256
34d45b244945e8c37900145bb52afc763074b301ca5153d369ddb900199fccca

SHA512
8ac5a5ba64c70e608b5cef3e06aca9f7bc9a9da0a9e4c9527a1b24384109306b4e93f2e1cb19375fef7c972ee9ec15361d4b34bb0eb7f97d93c4d836a6a93f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRFHV4V_0_0010_.Public.InstallAgent.dat

Filesize
72KB

MD5
021c1a52dccc80335fe8fb388a296edc

SHA1
18f9e579b8b07a8b27185f9ad16e947859e23db2

SHA256
93d2847cfa4e1326db6448b4dc363564d8dbc0e13978a4e709abc21aa7502d5d

SHA512
40ae980a23fb9302d2cdc5629b0034f1ba2004c55463851aac6c0b4f73e1d1e9db36a214783454b8acd2061db8b22ea01c2cd3645e5bcc2437bf0b5fe510d6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRFHVFW_0_0010_.Public.InstallAgent.dat

Filesize
85KB

MD5
7ccbd37d0a5066e728a7a420b90e6d34

SHA1
1ea2aa552a6cb2ef86bceec5c354f43424dbf469

SHA256
cc7bc6b4aa0ec6ca8c6492498c6ae1509aeebf56f114595085e8d55d3e2939ec

SHA512
1d62d50420806ed3bfef1e16f276bcee73e351116966f6131e8f454296f006a10a7349784118f4a726e6a44fa848bc0396c83139bd833581625f911dd9ed7273

Download Submit
C:\Users\Admin\AppData\Local\Temp\wct6514.tmp

Filesize
62KB

MD5
7185e716980842db27c3b3a88e1fe804

SHA1
e4615379cd4797629b4cc3da157f4d4a5412fb2b

SHA256
094754a618b102b7ad0800dd4c9c02c882cf2d1e7996ba864f422fa4312427e1

SHA512
dea331907f5f1de407ca07e24be7ad808fa43a0eef2d1b5009721f937ab2a8f77832e332d5ac3d9662e5b02ecaabbec0f4228af279fa6562be4dccb6c829246c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
685B

MD5
824fc93fa89adc100642a215633db877

SHA1
a5830573056c1789c9487c39c01a66fce3676186

SHA256
2a32bfa139f02b83b7f0399fe5bd3243909baf1a919ed759523e6f651f62bde6

SHA512
19e89b2a3d8ebd52ec0b28839e459168a9ba4441b73b99568598b0b4f853a049ad0aa29863d3dcd626d42e78ee681b8700b9049fa766fef80a343614bfec092e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
685B

MD5
824fc93fa89adc100642a215633db877

SHA1
a5830573056c1789c9487c39c01a66fce3676186

SHA256
2a32bfa139f02b83b7f0399fe5bd3243909baf1a919ed759523e6f651f62bde6

SHA512
19e89b2a3d8ebd52ec0b28839e459168a9ba4441b73b99568598b0b4f853a049ad0aa29863d3dcd626d42e78ee681b8700b9049fa766fef80a343614bfec092e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
685B

MD5
824fc93fa89adc100642a215633db877

SHA1
a5830573056c1789c9487c39c01a66fce3676186

SHA256
2a32bfa139f02b83b7f0399fe5bd3243909baf1a919ed759523e6f651f62bde6

SHA512
19e89b2a3d8ebd52ec0b28839e459168a9ba4441b73b99568598b0b4f853a049ad0aa29863d3dcd626d42e78ee681b8700b9049fa766fef80a343614bfec092e

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
\Users\Admin\AppData\Local\Temp\Dydhshsoe.dll

Filesize
3.2MB

MD5
7a5e00c00eb5faf67e2c4a15ef66507d

SHA1
aa351355abad825a2b5ff312561d21cd9ee405c0

SHA256
26da32db50a57bf5b9f73d929432e357b9d712d7162ce99e89d3da58aa8559f4

SHA512
3909ca4249e3ae25aa339d712e5130811e7cc23051689e3d9dcf23288ffd114a4acd1777f3cee054f8067299657d8189693b3cb2975622d58b2e67a39edc5fa1

Download Submit
memory/380-1137-0x0000000000AA0000-0x0000000000D48000-memory.dmp

Filesize
2.7MB

Download
memory/380-1130-0x00007FF620175FD0-mapping.dmp

Download
memory/380-1139-0x00000238FDDB0000-0x00000238FE069000-memory.dmp

Filesize
2.7MB

Download
memory/488-839-0x0000000000000000-mapping.dmp

Download
memory/488-1087-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/488-918-0x0000000003690000-0x0000000003C7E000-memory.dmp

Filesize
5.9MB

Download
memory/488-931-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/528-1397-0x0000000005AD0000-0x000000000662F000-memory.dmp

Filesize
11.4MB

Download
memory/528-268-0x0000000000000000-mapping.dmp

Download
memory/528-711-0x0000000000000000-mapping.dmp

Download
memory/528-437-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/528-390-0x00000000036C0000-0x0000000003CAF000-memory.dmp

Filesize
5.9MB

Download
memory/528-858-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/528-396-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/528-771-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/824-770-0x00000000040B0000-0x00000000043FD000-memory.dmp

Filesize
3.3MB

Download
memory/824-1314-0x00000000054F0000-0x000000000604F000-memory.dmp

Filesize
11.4MB

Download
memory/824-1313-0x00000000040B0000-0x00000000043FD000-memory.dmp

Filesize
3.3MB

Download
memory/824-1309-0x00000000054F0000-0x000000000604F000-memory.dmp

Filesize
11.4MB

Download
memory/824-644-0x00000000040B0000-0x00000000043FD000-memory.dmp

Filesize
3.3MB

Download
memory/824-590-0x0000000000000000-mapping.dmp

Download
memory/1668-1515-0x0000000000000000-mapping.dmp

Download
memory/1920-847-0x0000000000000000-mapping.dmp

Download
memory/1920-894-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1084-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1249-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/2088-1047-0x0000000000000000-mapping.dmp

Download
memory/2088-1199-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/2088-1160-0x0000000003710000-0x0000000003D04000-memory.dmp

Filesize
6.0MB

Download
memory/2800-1238-0x0000000000000000-mapping.dmp

Download
memory/3076-1523-0x0000000000000000-mapping.dmp

Download
memory/3900-797-0x0000000003600000-0x0000000003BF6000-memory.dmp

Filesize
6.0MB

Download
memory/3900-833-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/3900-855-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/3900-702-0x0000000000000000-mapping.dmp

Download
memory/4036-142-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-151-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-131-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-132-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-127-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-126-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-129-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-133-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-134-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-135-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-136-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-137-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-130-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-124-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-138-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-139-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-140-0x00000000035D0000-0x0000000003BC3000-memory.dmp

Filesize
5.9MB

Download
memory/4036-141-0x0000000005570000-0x0000000005B90000-memory.dmp

Filesize
6.1MB

Download
memory/4036-143-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-144-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-145-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-146-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-147-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-240-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4036-117-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-148-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-149-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-220-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4036-150-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-125-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-128-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-152-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-185-0x00000000035D0000-0x0000000003BC3000-memory.dmp

Filesize
5.9MB

Download
memory/4036-187-0x0000000005570000-0x0000000005B90000-memory.dmp

Filesize
6.1MB

Download
memory/4036-153-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-122-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-121-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-154-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-155-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-156-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-157-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-120-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-158-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-159-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4036-160-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-161-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-162-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-163-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-164-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-165-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-166-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-167-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-168-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-169-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-118-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-116-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4036-119-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4272-1107-0x00000000053E0000-0x0000000005F3F000-memory.dmp

Filesize
11.4MB

Download
memory/4272-545-0x0000000004240000-0x000000000458D000-memory.dmp

Filesize
3.3MB

Download
memory/4272-477-0x0000000004240000-0x000000000458D000-memory.dmp

Filesize
3.3MB

Download
memory/4272-428-0x0000000000000000-mapping.dmp

Download
memory/4272-1112-0x00000000053E0000-0x0000000005F3F000-memory.dmp

Filesize
11.4MB

Download
memory/4272-1110-0x0000000004240000-0x000000000458D000-memory.dmp

Filesize
3.3MB

Download
memory/4352-584-0x0000000003680000-0x0000000003C70000-memory.dmp

Filesize
5.9MB

Download
memory/4352-597-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4352-523-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4352-497-0x0000000003680000-0x0000000003C70000-memory.dmp

Filesize
5.9MB

Download
memory/4352-420-0x0000000000000000-mapping.dmp

Download
memory/4356-214-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4356-293-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4356-177-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-180-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-181-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-171-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-183-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-172-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-184-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-173-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-182-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-186-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-174-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-189-0x00000000054B0000-0x0000000005AD0000-memory.dmp

Filesize
6.1MB

Download
memory/4356-208-0x0000000003610000-0x0000000003C09000-memory.dmp

Filesize
6.0MB

Download
memory/4356-170-0x0000000000000000-mapping.dmp

Download
memory/4356-223-0x0000000003610000-0x0000000003C09000-memory.dmp

Filesize
6.0MB

Download
memory/4356-224-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4356-179-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-175-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4356-178-0x0000000077C20000-0x0000000077DAE000-memory.dmp

Filesize
1.6MB

Download
memory/4748-432-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4748-225-0x0000000000000000-mapping.dmp

Download
memory/4748-1006-0x0000000005D00000-0x000000000685F000-memory.dmp

Filesize
11.4MB

Download
memory/4748-1232-0x0000000005D00000-0x000000000685F000-memory.dmp

Filesize
11.4MB

Download
memory/4748-289-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4908-1240-0x0000000000000000-mapping.dmp

Download
memory/4908-1346-0x0000000004C20000-0x000000000577F000-memory.dmp

Filesize
11.4MB

Download
memory/4908-1289-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4908-1345-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4948-1135-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4948-1208-0x0000000004CA0000-0x00000000057FF000-memory.dmp

Filesize
11.4MB

Download
memory/4948-1052-0x0000000000000000-mapping.dmp

Download
memory/4948-1229-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4948-1231-0x0000000004CA0000-0x00000000057FF000-memory.dmp

Filesize
11.4MB

Download
memory/4960-665-0x00000000036B0000-0x0000000003C9D000-memory.dmp

Filesize
5.9MB

Download
memory/4960-720-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4960-677-0x0000000000400000-0x0000000003215000-memory.dmp

Filesize
46.1MB

Download
memory/4960-577-0x0000000000000000-mapping.dmp

Download
memory/4992-1041-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4992-496-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download
memory/4992-1043-0x0000000005C30000-0x000000000678F000-memory.dmp

Filesize
11.4MB

Download
memory/4992-283-0x0000000000000000-mapping.dmp

Download
memory/4992-350-0x0000000000400000-0x000000000074D000-memory.dmp

Filesize
3.3MB

Download