Overview

overview

8

Static

static

7

7b9746e3e3...5b.exe

windows7-x64

8

7b9746e3e3...5b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 23:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7b9746e3e321d7bda0255ed4c124805b.exe

  • Size

    1.7MB

  • MD5

    7b9746e3e321d7bda0255ed4c124805b

  • SHA1

    65088e783562197dfdd74d3272f011de90683d2d

  • SHA256

    4d88dc4b9db2126c4cf634506bf3ce4807c0acc3c3209d95aad97a8895bc34de

  • SHA512

    3510d7540fb40e7fcb975e2c0d9a219a44141b21e28bd1c5dac9095e68802970dea6097648e10e7fed6aa9cb422fcb555b23f9b91cd0fe11118e4b652862a1ef

  • SSDEEP

    6144:BRBJwguBi0kzlMdR15RRRRRRgFgUEC1J:BRBW6GR5RRRRRRgFgUz

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 42 IoCs
    persistence
  • Executes dropped EXE 57 IoCs
  • Loads dropped DLL 20 IoCs
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 62 IoCs
    persistence
  • Suspicious use of SetThreadContext 40 IoCs
  • Drops file in Windows directory 21 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of SetWindowsHookEx 40 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe
    "C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe
      "C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe
        C:\Users\Admin\AppData\Local\Temp\7b9746e3e321d7bda0255ed4c124805b.exe
        3⤵
        • Modifies Installed Components in the registry
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Windows\SysWOW64\svchost.exe
          svchost.exe
          4⤵
          • Modifies Installed Components in the registry
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:2704
          • C:\Windows\InstallDir\Server.exe
            "C:\Windows\InstallDir\Server.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3012
            • C:\Windows\InstallDir\Server.exe
              "C:\Windows\InstallDir\Server.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2708
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                7⤵
                  PID:2668
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  7⤵
                    PID:2652
                  • C:\Windows\InstallDir\Server.exe
                    C:\Windows\InstallDir\Server.exe
                    7⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Adds Run key to start application
                    • Drops file in Windows directory
                    • Suspicious use of SetWindowsHookEx
                    PID:2716
              • C:\Windows\InstallDir\Server.exe
                "C:\Windows\InstallDir\Server.exe"
                5⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of SetWindowsHookEx
                PID:2980
                • C:\Windows\InstallDir\Server.exe
                  "C:\Windows\InstallDir\Server.exe"
                  6⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2880
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    7⤵
                      PID:2888
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      7⤵
                        PID:2468
                      • C:\Windows\InstallDir\Server.exe
                        C:\Windows\InstallDir\Server.exe
                        7⤵
                        • Modifies Installed Components in the registry
                        • Executes dropped EXE
                        • Adds Run key to start application
                        • Drops file in Windows directory
                        • Suspicious use of SetWindowsHookEx
                        PID:2772
                  • C:\Windows\InstallDir\Server.exe
                    "C:\Windows\InstallDir\Server.exe"
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of SetThreadContext
                    • Suspicious use of SetWindowsHookEx
                    PID:2584
                    • C:\Windows\InstallDir\Server.exe
                      "C:\Windows\InstallDir\Server.exe"
                      6⤵
                      • Executes dropped EXE
                      • Suspicious use of SetThreadContext
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2928
                      • C:\Program Files\Internet Explorer\iexplore.exe
                        "C:\Program Files\Internet Explorer\iexplore.exe"
                        7⤵
                          PID:2908
                        • C:\Program Files\Internet Explorer\iexplore.exe
                          "C:\Program Files\Internet Explorer\iexplore.exe"
                          7⤵
                            PID:2960
                          • C:\Windows\InstallDir\Server.exe
                            C:\Windows\InstallDir\Server.exe
                            7⤵
                            • Modifies Installed Components in the registry
                            • Executes dropped EXE
                            • Adds Run key to start application
                            • Drops file in Windows directory
                            • Suspicious use of SetWindowsHookEx
                            PID:528
                      • C:\Windows\InstallDir\Server.exe
                        "C:\Windows\InstallDir\Server.exe"
                        5⤵
                        • Executes dropped EXE
                        • Suspicious use of SetThreadContext
                        • Suspicious use of SetWindowsHookEx
                        PID:2356
                        • C:\Windows\InstallDir\Server.exe
                          "C:\Windows\InstallDir\Server.exe"
                          6⤵
                          • Executes dropped EXE
                          • Suspicious use of SetThreadContext
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1220
                          • C:\Program Files\Internet Explorer\iexplore.exe
                            "C:\Program Files\Internet Explorer\iexplore.exe"
                            7⤵
                              PID:904
                            • C:\Program Files\Internet Explorer\iexplore.exe
                              "C:\Program Files\Internet Explorer\iexplore.exe"
                              7⤵
                                PID:1312
                              • C:\Windows\InstallDir\Server.exe
                                C:\Windows\InstallDir\Server.exe
                                7⤵
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Adds Run key to start application
                                • Drops file in Windows directory
                                • Suspicious use of SetWindowsHookEx
                                PID:2024
                          • C:\Windows\InstallDir\Server.exe
                            "C:\Windows\InstallDir\Server.exe"
                            5⤵
                            • Executes dropped EXE
                            • Suspicious use of SetThreadContext
                            • Suspicious use of SetWindowsHookEx
                            PID:588
                            • C:\Windows\InstallDir\Server.exe
                              "C:\Windows\InstallDir\Server.exe"
                              6⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              • Suspicious behavior: EnumeratesProcesses
                              PID:400
                              • C:\Program Files\Internet Explorer\iexplore.exe
                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                7⤵
                                  PID:1176
                                • C:\Windows\InstallDir\Server.exe
                                  C:\Windows\InstallDir\Server.exe
                                  7⤵
                                  • Modifies Installed Components in the registry
                                  • Executes dropped EXE
                                  • Adds Run key to start application
                                  • Drops file in Windows directory
                                  • Suspicious use of SetWindowsHookEx
                                  PID:1928
                                • C:\Program Files\Internet Explorer\iexplore.exe
                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                  7⤵
                                    PID:1296
                              • C:\Windows\InstallDir\Server.exe
                                "C:\Windows\InstallDir\Server.exe"
                                5⤵
                                • Executes dropped EXE
                                • Suspicious use of SetThreadContext
                                • Suspicious use of SetWindowsHookEx
                                PID:2536
                                • C:\Windows\InstallDir\Server.exe
                                  "C:\Windows\InstallDir\Server.exe"
                                  6⤵
                                  • Executes dropped EXE
                                  • Suspicious use of SetThreadContext
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1952
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                    7⤵
                                      PID:1972
                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                      7⤵
                                        PID:1728
                                      • C:\Windows\InstallDir\Server.exe
                                        C:\Windows\InstallDir\Server.exe
                                        7⤵
                                        • Modifies Installed Components in the registry
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • Drops file in Windows directory
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2004
                                  • C:\Windows\InstallDir\Server.exe
                                    "C:\Windows\InstallDir\Server.exe"
                                    5⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetThreadContext
                                    • Suspicious use of SetWindowsHookEx
                                    PID:1708
                                    • C:\Windows\InstallDir\Server.exe
                                      "C:\Windows\InstallDir\Server.exe"
                                      6⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetThreadContext
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1404
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                        7⤵
                                          PID:1732
                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                          7⤵
                                            PID:1612
                                          • C:\Windows\InstallDir\Server.exe
                                            C:\Windows\InstallDir\Server.exe
                                            7⤵
                                            • Modifies Installed Components in the registry
                                            • Executes dropped EXE
                                            • Adds Run key to start application
                                            • Drops file in Windows directory
                                            • Suspicious use of SetWindowsHookEx
                                            PID:1536
                                      • C:\Windows\InstallDir\Server.exe
                                        "C:\Windows\InstallDir\Server.exe"
                                        5⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetThreadContext
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2216
                                        • C:\Windows\InstallDir\Server.exe
                                          "C:\Windows\InstallDir\Server.exe"
                                          6⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2604
                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                            7⤵
                                              PID:2756
                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                              7⤵
                                                PID:2988
                                              • C:\Windows\InstallDir\Server.exe
                                                C:\Windows\InstallDir\Server.exe
                                                7⤵
                                                • Modifies Installed Components in the registry
                                                • Executes dropped EXE
                                                • Adds Run key to start application
                                                • Drops file in Windows directory
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2764
                                          • C:\Windows\InstallDir\Server.exe
                                            "C:\Windows\InstallDir\Server.exe"
                                            5⤵
                                            • Executes dropped EXE
                                            • Suspicious use of SetThreadContext
                                            • Suspicious use of SetWindowsHookEx
                                            PID:2248
                                            • C:\Windows\InstallDir\Server.exe
                                              "C:\Windows\InstallDir\Server.exe"
                                              6⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetThreadContext
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:808
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                7⤵
                                                  PID:3016
                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                  7⤵
                                                    PID:3028
                                                  • C:\Windows\InstallDir\Server.exe
                                                    C:\Windows\InstallDir\Server.exe
                                                    7⤵
                                                    • Modifies Installed Components in the registry
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • Drops file in Windows directory
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3008
                                              • C:\Windows\InstallDir\Server.exe
                                                "C:\Windows\InstallDir\Server.exe"
                                                5⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2172
                                                • C:\Windows\InstallDir\Server.exe
                                                  "C:\Windows\InstallDir\Server.exe"
                                                  6⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1920
                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                    7⤵
                                                      PID:2876
                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                      7⤵
                                                        PID:2340
                                                      • C:\Windows\InstallDir\Server.exe
                                                        C:\Windows\InstallDir\Server.exe
                                                        7⤵
                                                        • Modifies Installed Components in the registry
                                                        • Executes dropped EXE
                                                        • Adds Run key to start application
                                                        • Drops file in Windows directory
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:564
                                                  • C:\Windows\InstallDir\Server.exe
                                                    "C:\Windows\InstallDir\Server.exe"
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:328
                                                    • C:\Windows\InstallDir\Server.exe
                                                      "C:\Windows\InstallDir\Server.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetThreadContext
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:1628
                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                        7⤵
                                                          PID:2360
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                          7⤵
                                                            PID:2016
                                                          • C:\Windows\InstallDir\Server.exe
                                                            C:\Windows\InstallDir\Server.exe
                                                            7⤵
                                                            • Modifies Installed Components in the registry
                                                            • Executes dropped EXE
                                                            • Adds Run key to start application
                                                            • Drops file in Windows directory
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:2364
                                                      • C:\Windows\InstallDir\Server.exe
                                                        "C:\Windows\InstallDir\Server.exe"
                                                        5⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetThreadContext
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:1516
                                                        • C:\Windows\InstallDir\Server.exe
                                                          "C:\Windows\InstallDir\Server.exe"
                                                          6⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetThreadContext
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1880
                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                            7⤵
                                                              PID:1800
                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                              7⤵
                                                                PID:2112
                                                              • C:\Windows\InstallDir\Server.exe
                                                                C:\Windows\InstallDir\Server.exe
                                                                7⤵
                                                                • Modifies Installed Components in the registry
                                                                • Executes dropped EXE
                                                                • Adds Run key to start application
                                                                • Drops file in Windows directory
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:1976
                                                          • C:\Windows\InstallDir\Server.exe
                                                            "C:\Windows\InstallDir\Server.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of SetThreadContext
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:644
                                                            • C:\Windows\InstallDir\Server.exe
                                                              "C:\Windows\InstallDir\Server.exe"
                                                              6⤵
                                                              • Executes dropped EXE
                                                              • Suspicious use of SetThreadContext
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2400
                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                7⤵
                                                                  PID:1028
                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                  7⤵
                                                                    PID:1996
                                                                  • C:\Windows\InstallDir\Server.exe
                                                                    C:\Windows\InstallDir\Server.exe
                                                                    7⤵
                                                                    • Modifies Installed Components in the registry
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    • Drops file in Windows directory
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:2784
                                                              • C:\Windows\InstallDir\Server.exe
                                                                "C:\Windows\InstallDir\Server.exe"
                                                                5⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of SetThreadContext
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2404
                                                                • C:\Windows\InstallDir\Server.exe
                                                                  "C:\Windows\InstallDir\Server.exe"
                                                                  6⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of SetThreadContext
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1208
                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                    7⤵
                                                                      PID:2728
                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                      7⤵
                                                                        PID:2804
                                                                      • C:\Windows\InstallDir\Server.exe
                                                                        C:\Windows\InstallDir\Server.exe
                                                                        7⤵
                                                                        • Modifies Installed Components in the registry
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • Drops file in Windows directory
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:1924
                                                                  • C:\Windows\InstallDir\Server.exe
                                                                    "C:\Windows\InstallDir\Server.exe"
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of SetThreadContext
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:2740
                                                                    • C:\Windows\InstallDir\Server.exe
                                                                      "C:\Windows\InstallDir\Server.exe"
                                                                      6⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetThreadContext
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2768
                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                        7⤵
                                                                          PID:2136
                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                          7⤵
                                                                            PID:2140
                                                                          • C:\Windows\InstallDir\Server.exe
                                                                            C:\Windows\InstallDir\Server.exe
                                                                            7⤵
                                                                            • Modifies Installed Components in the registry
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            • Drops file in Windows directory
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2148
                                                                      • C:\Windows\InstallDir\Server.exe
                                                                        "C:\Windows\InstallDir\Server.exe"
                                                                        5⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious use of SetThreadContext
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2956
                                                                        • C:\Windows\InstallDir\Server.exe
                                                                          "C:\Windows\InstallDir\Server.exe"
                                                                          6⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of SetThreadContext
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2568
                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                            7⤵
                                                                              PID:2996
                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                              7⤵
                                                                                PID:2028
                                                                              • C:\Windows\InstallDir\Server.exe
                                                                                C:\Windows\InstallDir\Server.exe
                                                                                7⤵
                                                                                • Modifies Installed Components in the registry
                                                                                • Executes dropped EXE
                                                                                • Adds Run key to start application
                                                                                • Drops file in Windows directory
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:1396
                                                                          • C:\Windows\InstallDir\Server.exe
                                                                            "C:\Windows\InstallDir\Server.exe"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetThreadContext
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2772
                                                                            • C:\Windows\InstallDir\Server.exe
                                                                              "C:\Windows\InstallDir\Server.exe"
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              • Suspicious use of SetThreadContext
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:2936
                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                7⤵
                                                                                  PID:2884
                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                  7⤵
                                                                                    PID:2924
                                                                                  • C:\Windows\InstallDir\Server.exe
                                                                                    C:\Windows\InstallDir\Server.exe
                                                                                    7⤵
                                                                                    • Modifies Installed Components in the registry
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    • Drops file in Windows directory
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:784
                                                                              • C:\Windows\InstallDir\Server.exe
                                                                                "C:\Windows\InstallDir\Server.exe"
                                                                                5⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetThreadContext
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:1580
                                                                                • C:\Windows\InstallDir\Server.exe
                                                                                  "C:\Windows\InstallDir\Server.exe"
                                                                                  6⤵
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of SetThreadContext
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:596
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                    7⤵
                                                                                      PID:2344
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      7⤵
                                                                                        PID:2368
                                                                                      • C:\Windows\InstallDir\Server.exe
                                                                                        C:\Windows\InstallDir\Server.exe
                                                                                        7⤵
                                                                                        • Modifies Installed Components in the registry
                                                                                        • Executes dropped EXE
                                                                                        • Adds Run key to start application
                                                                                        • Drops file in Windows directory
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:2124
                                                                                  • C:\Windows\InstallDir\Server.exe
                                                                                    "C:\Windows\InstallDir\Server.exe"
                                                                                    5⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:2188
                                                                                    • C:\Windows\InstallDir\Server.exe
                                                                                      "C:\Windows\InstallDir\Server.exe"
                                                                                      6⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of SetThreadContext
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:2476
                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                        7⤵
                                                                                          PID:1796
                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                          7⤵
                                                                                            PID:576
                                                                                          • C:\Windows\InstallDir\Server.exe
                                                                                            C:\Windows\InstallDir\Server.exe
                                                                                            7⤵
                                                                                            • Modifies Installed Components in the registry
                                                                                            • Executes dropped EXE
                                                                                            • Adds Run key to start application
                                                                                            • Drops file in Windows directory
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:2496
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                    3⤵
                                                                                      PID:2472
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      3⤵
                                                                                        PID:2688

                                                                                  Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          1.7MB

                                                                                          MD5

                                                                                          0a65a83623dc3c03e3e947c8018722a1

                                                                                          SHA1

                                                                                          e49feb43290f273830472215ddfc2818cfcec7dc

                                                                                          SHA256

                                                                                          a54302bc79a0922cb0ce738084577313f9fa731bd406ff5b44e5e21739fed68c

                                                                                          SHA512

                                                                                          0ccb8abe3b2120dea337e7c7a12a25459561887aee6dc71218cf76900e5b3e36633ba91aee47ad0e8119f76b415d4f48facbf6ad0e8326b83593c317f66de070

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Roaming\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          1.7MB

                                                                                          MD5

                                                                                          26768295e09fdfb2191e4332d366e36c

                                                                                          SHA1

                                                                                          5e9765df140f060df3e0672cc1b911a6df8d3a1b

                                                                                          SHA256

                                                                                          96fdf90dd50c0b43a78873d5af3bca568dbc8e01362ca7397953cbb04e6f5ed7

                                                                                          SHA512

                                                                                          ec4ac0a08a83c8f0e058d2d5b9b8739fe667a36faaca36c6dcf9c9e05043b7f1aaf2339dfe1c640c03abee0da45a732ea76e61dbb46963f4c68ea7f42c8a9386

                                                                                          Download Submit

                                                                                        • C:\Windows\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          576KB

                                                                                          MD5

                                                                                          07a345d0fc733c3e217a6cff4e590a59

                                                                                          SHA1

                                                                                          d6707a01f2cf8a4ba1752cd0eb4f026e2e440720

                                                                                          SHA256

                                                                                          b32b3c1fc92bcb8e945d58b783f57088688c6dfb8fd98460f05ebde6f7f27dec

                                                                                          SHA512

                                                                                          00c8d74a0778a19859e9bd1506456a2e9747c9f65099751482104fc646d2321f588a9846a7d6076cfa819346f7f8654321aa6808e25e9a244c99401326d5deb2

                                                                                          Download Submit

                                                                                        • C:\Windows\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          1.7MB

                                                                                          MD5

                                                                                          7b9746e3e321d7bda0255ed4c124805b

                                                                                          SHA1

                                                                                          65088e783562197dfdd74d3272f011de90683d2d

                                                                                          SHA256

                                                                                          4d88dc4b9db2126c4cf634506bf3ce4807c0acc3c3209d95aad97a8895bc34de

                                                                                          SHA512

                                                                                          3510d7540fb40e7fcb975e2c0d9a219a44141b21e28bd1c5dac9095e68802970dea6097648e10e7fed6aa9cb422fcb555b23f9b91cd0fe11118e4b652862a1ef

                                                                                          Download Submit

                                                                                        • C:\Windows\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          1.3MB

                                                                                          MD5

                                                                                          e238e20e882adc9376168296112e0676

                                                                                          SHA1

                                                                                          ef78d184a7e458b5c84b5f33d87bfcb94d6267f0

                                                                                          SHA256

                                                                                          3b15d72da2a8f861f145d355c841b22ef4d8aa0ce5a40765d2cc57b391456a2b

                                                                                          SHA512

                                                                                          f7281df8a7381b9c3f77d70de23d3c2a657f5072b877238d0340256c2e3b5b7be5cff5ae66e6b7d889d6d840fc61df566fc874cc4173ae4e1106355033e952f3

                                                                                          Download Submit

                                                                                        • C:\Windows\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          832KB

                                                                                          MD5

                                                                                          aa07a5ef51abcfba38f6ee246a5e60ab

                                                                                          SHA1

                                                                                          7fdde6f551b610b7ba312128d7cc61c2707f3e42

                                                                                          SHA256

                                                                                          c7e1c8432567888025d6944ca41c6d2970cee69ee0fe2bd970456fcba921b807

                                                                                          SHA512

                                                                                          dbf763c1d7954286c011953ef99f9ca8770c198052434f4dbc7c1dcb3b1a50b768c189fd2b3bcf75d660b7812f14c50b63ca72fb3d7116158e1c59fe5c849fe0

                                                                                          Download Submit

                                                                                        • C:\Windows\InstallDir\Server.exe
                                                                                          Filesize

                                                                                          64KB

                                                                                          MD5

                                                                                          cb8f5978d35a1dc0c75b5d230913b631

                                                                                          SHA1

                                                                                          a0366e3ad713bba7ad385d61494687bc8ca46693

                                                                                          SHA256

                                                                                          a4e2dfc073b9c78022aa02ec2daa6093be6c8c882169777728d104454c82007f

                                                                                          SHA512

                                                                                          10d865d4b4f9df0e2b32c8aa413f297e6082cddd879e78d792c524b3c9165dcb6ab6b7c372f12804b79fc0057a8178079fd3adb4dd7703c646c215890f88c8ca

                                                                                          Download Submit

                                                                                        • memory/328-346-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/400-178-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/400-163-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/588-161-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/808-300-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/808-285-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1208-452-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1208-438-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1220-148-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1220-132-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1404-238-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1404-223-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1516-374-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/1628-363-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1628-348-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1708-222-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/1712-0-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/1712-6-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/1720-8-0x00000000023D0000-0x0000000002581000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/1720-18-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1720-7-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1720-5-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1720-4-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1720-3-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1880-379-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1880-395-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1920-331-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1920-316-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1936-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                          Download

                                                                                        • memory/1936-20-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-10-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-12-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-29-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-28-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-9-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-14-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-21-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1936-22-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/1952-193-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/1952-208-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2172-314-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2216-252-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2248-283-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2356-130-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2400-424-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2400-410-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2404-436-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2404-433-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2536-191-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2568-488-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2604-254-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2604-269-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2704-403-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-428-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-246-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-123-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-458-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-27-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2704-277-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-33-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-431-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-84-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-307-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-91-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-146-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-393-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-338-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-340-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2704-372-0x00000000024A0000-0x0000000002651000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2708-54-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2708-43-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2716-57-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2716-55-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2716-58-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2716-60-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2716-61-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2740-462-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/2768-478-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2768-464-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2772-86-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2772-83-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2772-92-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2772-90-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2772-87-0x0000000010000000-0x000000001031C000-memory.dmp

                                                                                          Filesize

                                                                                          3.1MB

                                                                                          Download

                                                                                        • memory/2880-71-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2880-82-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2928-101-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2928-116-0x0000000000400000-0x0000000000466000-memory.dmp

                                                                                          Filesize

                                                                                          408KB

                                                                                          Download

                                                                                        • memory/2980-69-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/3012-35-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download

                                                                                        • memory/3012-41-0x0000000000400000-0x00000000005B1000-memory.dmp

                                                                                          Filesize

                                                                                          1.7MB

                                                                                          Download