33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

Analysis

max time kernel
147s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Size

908KB
MD5

4bc98da44d484e742119656b09e3f0de
SHA1

780261feebc73ea6e0324c4f8bf1e4da2ff404dc
SHA256

33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33
SHA512

831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19
SSDEEP

24576:CvevZ4WU4ECTrheJ6wGNpr7LZ5idp0FUE/:CvuKeTEJBGNr5Amb

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Drivers\npf.sys	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe
File created	C:\Windows\SysWOW64\Drivers\npf.sys	wsnhost.exe

Executes dropped EXE 9 IoCs

pid	Process
1152	wsnhost.exe
4780	wsnhost.exe
3696	wsnhost.exe
3660	wsnhost.exe
3532	wsnhost.exe
2632	wsnhost.exe
4260	wsnhost.exe
3616	wsnhost.exe
2384	wsnhost.exe

Checks BIOS information in registry 2 TTPs 20 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wsnhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wsnhost.exe

Loads dropped DLL 30 IoCs

pid	Process
4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
1152	wsnhost.exe
1152	wsnhost.exe
1152	wsnhost.exe
4780	wsnhost.exe
4780	wsnhost.exe
4780	wsnhost.exe
3696	wsnhost.exe
3696	wsnhost.exe
3696	wsnhost.exe
3660	wsnhost.exe
3660	wsnhost.exe
3660	wsnhost.exe
3532	wsnhost.exe
3532	wsnhost.exe
3532	wsnhost.exe
2632	wsnhost.exe
2632	wsnhost.exe
2632	wsnhost.exe
4260	wsnhost.exe
4260	wsnhost.exe
4260	wsnhost.exe
3616	wsnhost.exe
3616	wsnhost.exe
3616	wsnhost.exe
2384	wsnhost.exe
2384	wsnhost.exe
2384	wsnhost.exe

Drops file in System32 directory 40 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
File created	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\packet.dll	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File opened for modification	C:\Windows\SysWOW64\wsnhost.exe	wsnhost.exe
File created	C:\Windows\SysWOW64\wpcap.dll	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\jxptvi\ = "f~T\x7fAyhDJev\\]WEEfpUQnv"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Ze[FnCwdxixj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\ZQ[FnCwc\|pg^"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\yFzfmcdfRw\ = "qZVExRiah_cGfhN\\pWH]pcr"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "ISrqOIaXsQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\jxptvi\ = "f~T\x7fAyhDJev\\]WEEfpUQnv"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Z][FnCwkkdXE"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "`"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJe@R\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJe@R\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\kbywjsaC\ = "zO\x7fzCtmMApyNQGZ\\P]fS\\T"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeGR\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "LSrqOIaYxQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\jxptvi\ = "f~T\x7fAyhDJev\\]WEEfpUQnv"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "HSrqOIaX\|Qr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\kbywjsaC\ = "zO\x7fzCtmMApyNQGZ\\P]fS\\T"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "`"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Yy[FnCwRS[qq"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\kbywjsaC\ = "zO\x7fzCtmMApyNQGZ\\P]fS\\T"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "BSrqOIaYIQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\tnfkLBUdcolhz\ = "A^p\|\\uhw\\bWQFYkelbjx\\gchAFv@du"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\ = "DesktopStoreRemediationHandler"	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeAR\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Z}[FnCwLw\|xI"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\ZU[FnCwO~UGQ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "LSrqOIaYxQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "CSrqOIaYIQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Za[FnCwHzLXe"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\kbywjsaC\ = "zO\x7fzCtmMApyNQGZ\\P]fS\\T"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "p"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\ZE[FnCwCdqXf"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeJR\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeKR\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeFR\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\yljwKkyFaZaqi\ = "x`YXwzevk}WIVesm[M]GYQnoDlJWMYZH"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\yFzfmcdfRw\ = "qZVExRiah_cGfhN\\pWH]pcr"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\kbywjsaC\ = "zO\x7fzCtmMApyNQGZ\\P]fS\\T"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "@"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "p"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\[I[FnCwMdgV\x7f"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "`"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "p"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "P"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Yu[FnCwgvzcQ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Zu[FnCwu}TeB"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "`"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Y}[FnCw^\|R~Z"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "@"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\[E[FnCwM}\\{c"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "CSrqOIaYxQr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "@"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Yi[FnCwPBlyM"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\InProcServer32\ = "%SystemRoot%\\SysWow64\\twinui.dll"	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\XpwewDZqPg\ = "RVZfu[wSJeER\x7fsxDnj"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\dtqNlMqxfyest\ = "P"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\InProcServer32\ThreadingModel = "Both"	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\[U[FnCw^Tw[`"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "HSrqOIaX\|Qr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\jxptvi\ = "f~T\x7fAyhDJev\\]WEEfpUQnv"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "MSrqOIaX^Qr_rH}XfyJ"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\ZI[FnCw^mvQ\\"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\FvmPfFilqJue\ = "iMNesk\\Ye[FnCwvsG~y"	wsnhost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\Wndwzzxyo\ = "ASrqOIaYZQr_rH}XfyJ"	wsnhost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA}\yljwKkyFaZaqi	wsnhost.exe

NTFS ADS 10 IoCs

description	ioc	Process
File created	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe
File opened for modification	C:\ProgramData\TEMP:466F9D5D	wsnhost.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: 33	4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Token: SeIncBasePriorityPrivilege	4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
Token: 33	1152	wsnhost.exe
Token: SeIncBasePriorityPrivilege	1152	wsnhost.exe
Token: 33	4780	wsnhost.exe
Token: SeIncBasePriorityPrivilege	4780	wsnhost.exe
Token: 33	3696	wsnhost.exe
Token: SeIncBasePriorityPrivilege	3696	wsnhost.exe
Token: 33	3660	wsnhost.exe
Token: SeIncBasePriorityPrivilege	3660	wsnhost.exe
Token: 33	3532	wsnhost.exe
Token: SeIncBasePriorityPrivilege	3532	wsnhost.exe
Token: 33	2632	wsnhost.exe
Token: SeIncBasePriorityPrivilege	2632	wsnhost.exe
Token: 33	4260	wsnhost.exe
Token: SeIncBasePriorityPrivilege	4260	wsnhost.exe
Token: 33	3616	wsnhost.exe
Token: SeIncBasePriorityPrivilege	3616	wsnhost.exe
Token: 33	2384	wsnhost.exe
Token: SeIncBasePriorityPrivilege	2384	wsnhost.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 1152	4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe	78
PID 4528 wrote to memory of 1152	4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe	78
PID 4528 wrote to memory of 1152	4528	33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe	78
PID 1152 wrote to memory of 4780	1152	wsnhost.exe	79
PID 1152 wrote to memory of 4780	1152	wsnhost.exe	79
PID 1152 wrote to memory of 4780	1152	wsnhost.exe	79
PID 4780 wrote to memory of 3696	4780	wsnhost.exe	88
PID 4780 wrote to memory of 3696	4780	wsnhost.exe	88
PID 4780 wrote to memory of 3696	4780	wsnhost.exe	88
PID 3696 wrote to memory of 3660	3696	wsnhost.exe	89
PID 3696 wrote to memory of 3660	3696	wsnhost.exe	89
PID 3696 wrote to memory of 3660	3696	wsnhost.exe	89
PID 3660 wrote to memory of 3532	3660	wsnhost.exe	90
PID 3660 wrote to memory of 3532	3660	wsnhost.exe	90
PID 3660 wrote to memory of 3532	3660	wsnhost.exe	90
PID 3532 wrote to memory of 2632	3532	wsnhost.exe	91
PID 3532 wrote to memory of 2632	3532	wsnhost.exe	91
PID 3532 wrote to memory of 2632	3532	wsnhost.exe	91
PID 2632 wrote to memory of 4260	2632	wsnhost.exe	92
PID 2632 wrote to memory of 4260	2632	wsnhost.exe	92
PID 2632 wrote to memory of 4260	2632	wsnhost.exe	92
PID 4260 wrote to memory of 3616	4260	wsnhost.exe	93
PID 4260 wrote to memory of 3616	4260	wsnhost.exe	93
PID 4260 wrote to memory of 3616	4260	wsnhost.exe	93
PID 3616 wrote to memory of 2384	3616	wsnhost.exe	94
PID 3616 wrote to memory of 2384	3616	wsnhost.exe	94
PID 3616 wrote to memory of 2384	3616	wsnhost.exe	94

C:\Users\Admin\AppData\Local\Temp\33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe
"C:\Users\Admin\AppData\Local\Temp\33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Loads dropped DLL
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\wsnhost.exe
  C:\Windows\system32\wsnhost.exe 1448 "C:\Users\Admin\AppData\Local\Temp\33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Checks BIOS information in registry
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1152
- - C:\Windows\SysWOW64\wsnhost.exe
    C:\Windows\system32\wsnhost.exe 1468 "C:\Windows\SysWOW64\wsnhost.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Checks BIOS information in registry
    - Loads dropped DLL
    - Drops file in System32 directory
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4780
  - - C:\Windows\SysWOW64\wsnhost.exe
      C:\Windows\system32\wsnhost.exe 1472 "C:\Windows\SysWOW64\wsnhost.exe"
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Checks BIOS information in registry
      Loads dropped DLL
      Drops file in System32 directory
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3696
    - - C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1476 "C:\Windows\SysWOW64\wsnhost.exe"
        5⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3660
      - C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1480 "C:\Windows\SysWOW64\wsnhost.exe"
        6⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3532
        
        C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1452 "C:\Windows\SysWOW64\wsnhost.exe"
        7⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1488 "C:\Windows\SysWOW64\wsnhost.exe"
        8⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4260
        
        C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1492 "C:\Windows\SysWOW64\wsnhost.exe"
        9⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3616
        
        C:\Windows\SysWOW64\wsnhost.exe
        
        C:\Windows\system32\wsnhost.exe 1496 "C:\Windows\SysWOW64\wsnhost.exe"
        10⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks BIOS information in registry
        Loads dropped DLL
        Drops file in System32 directory
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:2384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
c3498e5026fdeee8cef37962f4e1609d

SHA1
310adf35dbe3efdc60e90fbdb0653a4d483beda9

SHA256
97ee3b8a18a093dd54a666b0dd3ad910e9305cec748db6a403d4fd14e538ee5e

SHA512
ab4e87b343d2448eb9bbf8b342606b505b4ccb5e9d6260a155493a1baa948fdce86e20d587f679c305b7eaafa422105ac2c9239922ee3db7f5c7fc7e3cc32f69

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
67ec78b457bf3b9fe6e1091ff8a9ef44

SHA1
339c4cd8a4cb56f545efbdec100c7eeb816b31b9

SHA256
1be97ec35d2e76fae8ba2e52fcc9980558c2601c5003bdccbac1427a1873da2f

SHA512
d44ed57a6447b86ca03dc17ea4cfa2a156a38cc58fffaee7b98c6c53ecd197cabbf820ba8530b5f278e1fc750b414264de1e994d9eeb03ad84b4526294b68bae

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
dc680a572e770b41dc4d832792ded43a

SHA1
24521594d0ca014bba91cdb758031214a4d6f88a

SHA256
ebfdc83e4671db3ee4f77fc840a992e6012f23b36b5f510b2ab9af921d95e8f5

SHA512
27af262a1cda3c787c3048a0f1a43b8962ff860a0ab7cade81b9038437f676f0ca3940395e2aef4fb02a53b0a1140bef268545aa4e4bfc0fb73182ca1e92d6ae

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
c9b8fc7c96ebe9db0da0a2c1ef3eba98

SHA1
08509933c9731c385da6c6c4c498ed8301f1640b

SHA256
722ea0041093e80adba0199ee66981251405f43cafb1d97f55343096cd7069f3

SHA512
d32fd4f93ef71d9d70f00791121aafff98375cba78e2fb0cc339025ec9077d7ae1ffb8332b538dde196f3ddeafe109858e3aadadf71fbabfe7a0ce81f6a41801

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
0cebb5b4ad24fbfc49d8deb3a3c76cca

SHA1
de56f03eb933ebfe49c5902f0dfe343a3f652b2c

SHA256
7db1759f90759eead60ba27e9c3fe6a2a0a9c0df2875def18d2d92c3f409d784

SHA512
916ea0c8802128b429dec65178e94475d8993e08de6b8600ebaf7734b0e069bdffd538b1dd457c1f591ef0d569ab10d9493efe4ec190a73d42c3b7875395885b

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
34114c3deaf56a951384665a7a3838c9

SHA1
c26288c4e425a0a3e4ab3df603b1335d3f95363c

SHA256
a32d5b62ad3b142d19181e4f7dcda8cc5f2108909ad287e339e9c4481492f62f

SHA512
bcf968bda65c119364649ad4a47a45808675b6e95752d4d5e5ef73b40c0230077caef7acf4913c730f5e558dafb7d7f11bcfc455dae539bff6e17be3f4e4d5c4

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
b8a128f2ad7cd8b90d56a1b8734d82d7

SHA1
7186f02c5e7502fe9257cd68649cb0cf9f20fbf2

SHA256
19e7717bbd95b06bdd88f2c4b675deab1d0a620a1b164fc41b344419d193a190

SHA512
e8da757efb1c543d6399764722ace03ccf43c78fe64f69e72cc31133041581d1d8ad3e33843cd1913cbcfbd782027673e17e1acac3031445cf765d14b74ba626

Download Submit
C:\ProgramData\TEMP:466F9D5D

Filesize
138B

MD5
681f9530e9f376a6075d69e4e9bb2fbd

SHA1
5eeaf1eb8946695b2aa675faa60b0570c8084a28

SHA256
502f3d9a6b74bea0c6e091965c38e68b70f5923d0cb8de4ef5562be7ab880296

SHA512
dade00f0f81d04b4e97676ef898a56f0cdc6dce6447410e4e543c56d182d0bf6890f08ffb591ced743b5b3f546159f6d7421785a198efe81dc52463222c6babc

Download Submit
C:\Windows\SysWOW64\drivers\NPF.sys

Filesize
41KB

MD5
243126da7ba441d7c7c3262dcf435a9c

SHA1
42616f7034c0f12e3e4a2166ebe082eb3f08223a

SHA256
80d36efd5b3abb82c421149d423e5019c21f203f085ae2655429a44bb5a9f5c0

SHA512
f5539774d89e8f025da97e7b49d143b7224fcf899db967a34445de70f9228ea5e2d5daffe6444492ce82a3dfb2734786e09140277c208ec1e64580ad74883e68

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\packet.dll

Filesize
86KB

MD5
3eb0beb8e318646104362537570fc6bc

SHA1
3cb48ea9073fcca5835adad307e14ebf0cfe7279

SHA256
ab3f8c80b85aae70f89c8e7919d7dd147c2bc3ec68769e0bdb05fcc4083e3643

SHA512
db5fd16749641de6282d36af7b1921f908850ece3429ffe5ad33d990431bf4990f0314d28af082394af1f4d66516d9d89806a38e2801c34b4dd1ccb69bfafe47

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
234KB

MD5
cb0afba4f0fb6ca2b2ea0d2c3e86b588

SHA1
2459367892e012314b451e05de1f1162448a05fa

SHA256
1b0fe60175c88f7cd3f3765b2f0f3eb1530b2e5e5b51f89a83e0322de32bdcf7

SHA512
a4e2d66af68dee67be5883c4770c1339b6be4847a993619389404af6a7ec9763361d9a14c632ca6704f63d84b05483f4bea2ec035b466fdaf03ce68c5cbca128

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
C:\Windows\SysWOW64\wsnhost.exe

Filesize
908KB

MD5
4bc98da44d484e742119656b09e3f0de

SHA1
780261feebc73ea6e0324c4f8bf1e4da2ff404dc

SHA256
33759e4db5ed43cf4c787a6241b01c662c2bd3d54a4d82461dceade3fc199a33

SHA512
831132a6c55f156e3419393a972ac552c5049a2711df81c0348b7d267a9c1ad8e514db260b1aa9572e61c48eddfb7d245a8d7241e83a2eeeb190b8f1ae9ade19

Download Submit
memory/1152-181-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-171-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-190-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-157-0x00000000021B0000-0x0000000002249000-memory.dmp

Filesize
612KB

Download
memory/1152-163-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-164-0x00000000021B1000-0x0000000002222000-memory.dmp

Filesize
452KB

Download
memory/1152-166-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-168-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-169-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-170-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/1152-165-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2384-372-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2384-373-0x0000000002251000-0x00000000022C2000-memory.dmp

Filesize
452KB

Download
memory/2632-309-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/2632-310-0x0000000002241000-0x00000000022B2000-memory.dmp

Filesize
452KB

Download
memory/2632-319-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3532-294-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3532-285-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3532-272-0x00000000021B1000-0x0000000002222000-memory.dmp

Filesize
452KB

Download
memory/3532-270-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3616-363-0x0000000002141000-0x00000000021B2000-memory.dmp

Filesize
452KB

Download
memory/3616-374-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3616-362-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3616-360-0x0000000002141000-0x00000000021B2000-memory.dmp

Filesize
452KB

Download
memory/3616-354-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-243-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-237-0x00000000009F0000-0x0000000000A89000-memory.dmp

Filesize
612KB

Download
memory/3660-247-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-259-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-250-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-246-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-268-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-252-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-244-0x00000000009F1000-0x0000000000A62000-memory.dmp

Filesize
452KB

Download
memory/3660-249-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3660-256-0x0000000003250000-0x0000000003265000-memory.dmp

Filesize
84KB

Download
memory/3660-251-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-242-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-233-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-226-0x0000000002171000-0x00000000021E2000-memory.dmp

Filesize
452KB

Download
memory/3696-225-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-224-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-222-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-221-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-219-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-218-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/3696-211-0x0000000002170000-0x0000000002209000-memory.dmp

Filesize
612KB

Download
memory/4260-336-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4260-320-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4260-321-0x00000000007F1000-0x0000000000862000-memory.dmp

Filesize
452KB

Download
memory/4260-345-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-139-0x00000000007D1000-0x0000000000842000-memory.dmp

Filesize
452KB

Download
memory/4528-162-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-144-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-134-0x00000000007D0000-0x0000000000869000-memory.dmp

Filesize
612KB

Download
memory/4528-140-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-141-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-132-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-150-0x00000000023D0000-0x00000000023E5000-memory.dmp

Filesize
84KB

Download
memory/4528-143-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-146-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4528-145-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-192-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-197-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-199-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-198-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-196-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-203-0x0000000002D10000-0x0000000002D25000-memory.dmp

Filesize
84KB

Download
memory/4780-206-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-207-0x0000000002201000-0x0000000002272000-memory.dmp

Filesize
452KB

Download
memory/4780-216-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-193-0x0000000000400000-0x00000000005C2000-memory.dmp

Filesize
1.8MB

Download
memory/4780-195-0x0000000002201000-0x0000000002272000-memory.dmp

Filesize
452KB

Download
memory/4780-185-0x0000000002200000-0x0000000002299000-memory.dmp

Filesize
612KB

Download