af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

Analysis

max time kernel
149s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
Size

253KB
MD5

f4037c5d487a38bcd26742bd87cbbea7
SHA1

fa88b727c277f21b3c05181c825dd5d049706ea5
SHA256

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772
SHA512

6cbe352be0479466f1759b3c5ffe8d6e0256256646f39107a827b94651db1d2559acf530e666fb8b9949dc3910397c996c6bbe946b7994d4763257a624ee2e49
SSDEEP

3072:duXkNMP/YnLTTXh9xdZGoKdVnUIg9IijpkvwM8AtGyI0sSE0ggriZIjU2FCiBhcI:5MHYLTv3ZURwM1GyZsSTriafFp+98thl

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 64 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1780-54-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1780-58-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-60-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-61-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-64-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-65-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1780-68-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-69-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-75-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/948-85-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/268-92-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/268-103-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/668-109-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/668-119-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1760-126-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1760-136-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1812-141-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1812-152-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/960-160-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/960-170-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/684-177-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/684-187-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1584-194-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1584-205-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/844-211-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/844-221-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1476-228-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1476-239-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/784-245-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/288-261-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/428-277-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/848-293-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1628-309-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1780-340-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1780-350-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1524-357-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1524-368-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/556-374-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/556-384-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1704-391-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1520-407-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1796-423-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/2032-439-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1948-455-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/544-471-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1648-487-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1648-497-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/920-504-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/920-514-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1312-521-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1580-537-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1580-547-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/980-554-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/980-564-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1552-571-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1400-587-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/884-603-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/884-613-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1644-620-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/1644-630-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/808-637-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/808-647-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/324-654-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral1/memory/2012-670-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 38 IoCs

pid	Process
1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
684	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1584	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
844	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
288	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
428	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
848	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1628	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1608	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
556	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1704	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1520	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1796	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2032	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
544	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1648	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
920	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1312	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1580	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
980	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1552	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1400	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
884	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1644	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
808	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
324	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2012	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe

Suspicious use of SetThreadContext 37 IoCs

description	pid	Process	procid_target
PID 1780 set thread context of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 948 set thread context of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 268 set thread context of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 668 set thread context of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 1760 set thread context of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1812 set thread context of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 960 set thread context of 684	960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	34
PID 684 set thread context of 1584	684	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	35
PID 1584 set thread context of 844	1584	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	36
PID 844 set thread context of 1476	844	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	37
PID 1476 set thread context of 784	1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	38
PID 784 set thread context of 288	784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	39
PID 288 set thread context of 428	288	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	40
PID 428 set thread context of 848	428	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	41
PID 848 set thread context of 1628	848	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	42
PID 1628 set thread context of 1608	1628	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	43
PID 1608 set thread context of 1780	1608	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	44
PID 1780 set thread context of 1524	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	45
PID 1524 set thread context of 556	1524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	46
PID 556 set thread context of 1704	556	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	47
PID 1704 set thread context of 1520	1704	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	48
PID 1520 set thread context of 1796	1520	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	49
PID 1796 set thread context of 2032	1796	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	50
PID 2032 set thread context of 1948	2032	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	51
PID 1948 set thread context of 544	1948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	52
PID 544 set thread context of 1648	544	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	53
PID 1648 set thread context of 920	1648	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	54
PID 920 set thread context of 1312	920	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	55
PID 1312 set thread context of 1580	1312	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	56
PID 1580 set thread context of 980	1580	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	57
PID 980 set thread context of 1552	980	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	58
PID 1552 set thread context of 1400	1552	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	59
PID 1400 set thread context of 884	1400	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	60
PID 884 set thread context of 1644	884	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	61
PID 1644 set thread context of 808	1644	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	62
PID 808 set thread context of 324	808	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	63
PID 324 set thread context of 2012	324	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	64

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
684	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1584	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
844	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
288	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
428	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
848	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1628	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1608	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
556	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1704	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1520	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1796	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2032	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
544	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1648	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
920	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1312	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1580	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
980	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1552	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1400	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
884	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1644	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
808	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
324	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2012	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 1780 wrote to memory of 948	1780	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	28
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 948 wrote to memory of 268	948	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	29
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 268 wrote to memory of 668	268	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	30
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 668 wrote to memory of 1760	668	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	31
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1760 wrote to memory of 1812	1760	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	32
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 1812 wrote to memory of 960	1812	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	33
PID 960 wrote to memory of 684	960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	34
PID 960 wrote to memory of 684	960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	34
PID 960 wrote to memory of 684	960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	34
PID 960 wrote to memory of 684	960	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	34

C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
"C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
      4⤵
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:668
    - - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        5⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        6⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        7⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        8⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        9⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        10⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        11⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        12⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        13⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        14⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        15⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        16⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        17⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        18⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        19⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        20⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        21⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        22⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        23⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        24⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        25⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        26⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        27⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        28⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        29⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        30⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        31⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        32⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        33⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        34⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        35⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        36⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        37⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        38⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetWindowsHookEx
        
        PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-103-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/268-92-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/288-261-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/324-654-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/428-277-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/544-471-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/556-384-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/556-374-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/668-109-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/668-119-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/684-187-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/684-177-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/784-245-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/808-647-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/808-637-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/844-221-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/844-211-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/848-293-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/884-613-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/884-603-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-504-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/920-514-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-85-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-65-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-69-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-75-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-64-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-61-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-60-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/948-59-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-170-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/960-160-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/980-554-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/980-564-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1312-521-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1400-587-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1476-228-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1476-239-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1520-407-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1524-368-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1524-357-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1552-571-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1580-547-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1580-537-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1584-205-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1584-194-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1628-309-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1644-620-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1644-630-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1648-497-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1648-487-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1704-391-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1760-126-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1760-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1780-340-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1780-54-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1780-350-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1780-58-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1780-68-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1796-423-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1812-141-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1812-152-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1948-455-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2012-670-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2032-439-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download