af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772

Analysis

max time kernel
318s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
Size

253KB
MD5

f4037c5d487a38bcd26742bd87cbbea7
SHA1

fa88b727c277f21b3c05181c825dd5d049706ea5
SHA256

af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772
SHA512

6cbe352be0479466f1759b3c5ffe8d6e0256256646f39107a827b94651db1d2559acf530e666fb8b9949dc3910397c996c6bbe946b7994d4763257a624ee2e49
SSDEEP

3072:duXkNMP/YnLTTXh9xdZGoKdVnUIg9IijpkvwM8AtGyI0sSE0ggriZIjU2FCiBhcI:5MHYLTv3ZURwM1GyZsSTriafFp+98thl

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 64 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/3976-132-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3976-136-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4680-138-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3976-140-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4680-141-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4680-147-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1416-156-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3976-158-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4680-159-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1416-163-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1764-170-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1764-175-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4488-181-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4488-185-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2212-192-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2212-196-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1856-203-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1856-210-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3800-214-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3800-219-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2220-225-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2220-229-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1264-236-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1264-240-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/360-247-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/360-251-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4708-258-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4708-263-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2636-269-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2636-274-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4548-280-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4548-285-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4964-291-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4964-295-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4040-302-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4040-306-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2872-313-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2872-317-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4880-324-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4880-329-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3476-335-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3476-340-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4524-346-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4524-351-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1476-357-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/1476-361-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3044-368-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3044-373-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3132-379-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3132-383-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4284-390-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3968-400-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3968-405-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/368-411-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/368-415-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2424-422-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/2424-427-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3240-433-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/3240-438-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/968-444-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/968-452-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/968-454-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4144-460-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect
behavioral2/memory/4116-466-0x0000000000400000-0x0000000000420000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 35 IoCs

pid	Process
3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1856	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3800	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2220	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1264	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
360	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4708	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2636	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4548	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4964	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4040	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2872	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3044	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3132	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4284	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
368	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2424	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3240	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4144	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4116	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4136	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4684	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe

Suspicious use of SetThreadContext 34 IoCs

description	pid	Process	procid_target
PID 3976 set thread context of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 4680 set thread context of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 1416 set thread context of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1764 set thread context of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 4488 set thread context of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 2212 set thread context of 1856	2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	87
PID 1856 set thread context of 3800	1856	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	88
PID 3800 set thread context of 2220	3800	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	89
PID 2220 set thread context of 1264	2220	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	90
PID 1264 set thread context of 360	1264	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	91
PID 360 set thread context of 4708	360	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	92
PID 4708 set thread context of 2636	4708	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	93
PID 2636 set thread context of 4548	2636	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	94
PID 4548 set thread context of 4964	4548	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	95
PID 4964 set thread context of 4040	4964	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	96
PID 4040 set thread context of 2872	4040	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	97
PID 2872 set thread context of 4880	2872	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	98
PID 4880 set thread context of 3476	4880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	99
PID 3476 set thread context of 4524	3476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	100
PID 4524 set thread context of 1476	4524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	101
PID 1476 set thread context of 3044	1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	102
PID 3044 set thread context of 3132	3044	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	103
PID 3132 set thread context of 4284	3132	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	104
PID 4284 set thread context of 3968	4284	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	105
PID 3968 set thread context of 368	3968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	106
PID 368 set thread context of 2424	368	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	107
PID 2424 set thread context of 3240	2424	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	108
PID 3240 set thread context of 968	3240	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	109
PID 968 set thread context of 4144	968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	110
PID 4144 set thread context of 4116	4144	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	112
PID 4116 set thread context of 880	4116	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	113
PID 880 set thread context of 4136	880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	114
PID 4136 set thread context of 784	4136	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	115
PID 784 set thread context of 4684	784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	116

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1856	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3800	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2220	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1264	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
360	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4708	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2636	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4548	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4964	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4040	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2872	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4524	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
1476	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3044	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3132	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4284	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
368	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
2424	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
3240	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
968	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4144	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4116	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
880	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4136	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
784	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
4684	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 3976 wrote to memory of 4680	3976	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	81
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 4680 wrote to memory of 1416	4680	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	82
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1416 wrote to memory of 1764	1416	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	84
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 1764 wrote to memory of 4488	1764	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	85
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 4488 wrote to memory of 2212	4488	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	86
PID 2212 wrote to memory of 1856	2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	87
PID 2212 wrote to memory of 1856	2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	87
PID 2212 wrote to memory of 1856	2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	87
PID 2212 wrote to memory of 1856	2212	af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe	87

C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
"C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
      4⤵
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        5⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        6⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        7⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        8⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        9⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        10⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        11⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        12⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        13⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        14⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        15⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        16⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        17⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        18⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        19⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        20⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        21⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        22⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        23⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        24⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        25⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        26⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        27⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        28⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        29⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        30⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        31⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        32⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        33⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        34⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\af544578960bd111381e95901967cd3f633bf3d79b58558199c93dfd229e6772.exe
        
        35⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious use of SetWindowsHookEx
        
        PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/360-247-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/360-251-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/368-411-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/368-415-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/880-482-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/880-477-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/968-454-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/968-444-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/968-452-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-240-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1264-236-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1416-163-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1416-156-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1476-357-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1476-361-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1764-175-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1764-170-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1856-203-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1856-210-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2212-196-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2212-192-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-225-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-229-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2424-427-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2424-422-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2636-269-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2636-274-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2872-317-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2872-313-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3044-373-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3044-368-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3132-383-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3132-379-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3240-433-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3240-438-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3476-340-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3476-335-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3800-214-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3800-219-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3968-405-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3968-400-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-158-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-136-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3976-140-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4040-306-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4040-302-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4116-466-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4116-471-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4144-460-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4284-390-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4488-185-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4488-181-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4524-351-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4524-346-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4548-285-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4548-280-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-159-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-147-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-141-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4680-138-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4708-263-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4708-258-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4880-324-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4880-329-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4964-291-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4964-295-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download