d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb1ed66915bff236bd93218863d05dda.exe
Size

616KB
MD5

cb1ed66915bff236bd93218863d05dda
SHA1

203b5e01cd8e696971e817768bdbd0c4ea6dbebb
SHA256

d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323
SHA512

e6481682ce4cd185b6177516b80f78d2b1715eb79f33a37e724fad3ed6138e30f9fedbf6c33a25ddec4ec94e927aa6c368cfc05ba04fa1291841ce56bb987109
SSDEEP

12288:qso7xlyGjQVVHxAt8PySuBxoBvAdLGVSXh/O:qpxZ8kAvA6SRW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1760	plog.exe
2596	plog.exe
2508	plog.exe
2600	plog.exe
2484	plog.exe
2532	plog.exe
2400	plog.exe
2984	plog.exe
2672	plog.exe
2680	plog.exe
2028	plog.exe
2308	plog.exe
1552	plog.exe
1072	plog.exe
568	plog.exe
2356	plog.exe
804	plog.exe
2668	plog.exe
2408	plog.exe
2692	plog.exe
1956	plog.exe
2972	plog.exe
2992	plog.exe
2748	plog.exe
2268	plog.exe
1400	plog.exe
1824	plog.exe
928	plog.exe
1524	plog.exe
944	plog.exe
1408	plog.exe
2848	plog.exe
1752	plog.exe
2312	plog.exe
1044	plog.exe
2864	plog.exe
1720	plog.exe
2136	plog.exe
2728	plog.exe
1760	plog.exe
2880	plog.exe
1904	plog.exe
2496	plog.exe
2580	plog.exe
2520	plog.exe
2588	plog.exe
2196	plog.exe
2528	plog.exe
2424	plog.exe
2388	plog.exe
2364	plog.exe
2416	plog.exe
2348	plog.exe
1596	plog.exe
1924	plog.exe
1864	plog.exe
1588	plog.exe
1448	plog.exe
2028	plog.exe
1716	plog.exe
1600	plog.exe
540	plog.exe
2656	plog.exe
1368	plog.exe

Loads dropped DLL 64 IoCs

pid	Process
1692	cb1ed66915bff236bd93218863d05dda.exe
1692	cb1ed66915bff236bd93218863d05dda.exe
1760	plog.exe
1760	plog.exe
2596	plog.exe
2596	plog.exe
2508	plog.exe
2508	plog.exe
2600	plog.exe
2600	plog.exe
2484	plog.exe
2484	plog.exe
2532	plog.exe
2532	plog.exe
2400	plog.exe
2400	plog.exe
2984	plog.exe
2984	plog.exe
2672	plog.exe
2672	plog.exe
2680	plog.exe
2680	plog.exe
2028	plog.exe
2028	plog.exe
2308	plog.exe
2308	plog.exe
1552	plog.exe
1552	plog.exe
1072	plog.exe
1072	plog.exe
568	plog.exe
568	plog.exe
2356	plog.exe
2356	plog.exe
804	plog.exe
804	plog.exe
2668	plog.exe
2668	plog.exe
2408	plog.exe
2408	plog.exe
2692	plog.exe
2692	plog.exe
1956	plog.exe
1956	plog.exe
2972	plog.exe
2972	plog.exe
2992	plog.exe
2992	plog.exe
2748	plog.exe
2748	plog.exe
2268	plog.exe
2268	plog.exe
1400	plog.exe
1400	plog.exe
1824	plog.exe
1824	plog.exe
928	plog.exe
928	plog.exe
1524	plog.exe
1524	plog.exe
944	plog.exe
944	plog.exe
1408	plog.exe
1408	plog.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 1760	1692	cb1ed66915bff236bd93218863d05dda.exe	28
PID 1692 wrote to memory of 1760	1692	cb1ed66915bff236bd93218863d05dda.exe	28
PID 1692 wrote to memory of 1760	1692	cb1ed66915bff236bd93218863d05dda.exe	28
PID 1692 wrote to memory of 1760	1692	cb1ed66915bff236bd93218863d05dda.exe	28
PID 1760 wrote to memory of 2596	1760	plog.exe	29
PID 1760 wrote to memory of 2596	1760	plog.exe	29
PID 1760 wrote to memory of 2596	1760	plog.exe	29
PID 1760 wrote to memory of 2596	1760	plog.exe	29
PID 2596 wrote to memory of 2508	2596	plog.exe	30
PID 2596 wrote to memory of 2508	2596	plog.exe	30
PID 2596 wrote to memory of 2508	2596	plog.exe	30
PID 2596 wrote to memory of 2508	2596	plog.exe	30
PID 2508 wrote to memory of 2600	2508	plog.exe	31
PID 2508 wrote to memory of 2600	2508	plog.exe	31
PID 2508 wrote to memory of 2600	2508	plog.exe	31
PID 2508 wrote to memory of 2600	2508	plog.exe	31
PID 2600 wrote to memory of 2484	2600	plog.exe	32
PID 2600 wrote to memory of 2484	2600	plog.exe	32
PID 2600 wrote to memory of 2484	2600	plog.exe	32
PID 2600 wrote to memory of 2484	2600	plog.exe	32
PID 2484 wrote to memory of 2532	2484	plog.exe	33
PID 2484 wrote to memory of 2532	2484	plog.exe	33
PID 2484 wrote to memory of 2532	2484	plog.exe	33
PID 2484 wrote to memory of 2532	2484	plog.exe	33
PID 2532 wrote to memory of 2400	2532	plog.exe	34
PID 2532 wrote to memory of 2400	2532	plog.exe	34
PID 2532 wrote to memory of 2400	2532	plog.exe	34
PID 2532 wrote to memory of 2400	2532	plog.exe	34
PID 2400 wrote to memory of 2984	2400	plog.exe	35
PID 2400 wrote to memory of 2984	2400	plog.exe	35
PID 2400 wrote to memory of 2984	2400	plog.exe	35
PID 2400 wrote to memory of 2984	2400	plog.exe	35
PID 2984 wrote to memory of 2672	2984	plog.exe	36
PID 2984 wrote to memory of 2672	2984	plog.exe	36
PID 2984 wrote to memory of 2672	2984	plog.exe	36
PID 2984 wrote to memory of 2672	2984	plog.exe	36
PID 2672 wrote to memory of 2680	2672	plog.exe	37
PID 2672 wrote to memory of 2680	2672	plog.exe	37
PID 2672 wrote to memory of 2680	2672	plog.exe	37
PID 2672 wrote to memory of 2680	2672	plog.exe	37
PID 2680 wrote to memory of 2028	2680	plog.exe	38
PID 2680 wrote to memory of 2028	2680	plog.exe	38
PID 2680 wrote to memory of 2028	2680	plog.exe	38
PID 2680 wrote to memory of 2028	2680	plog.exe	38
PID 2028 wrote to memory of 2308	2028	plog.exe	39
PID 2028 wrote to memory of 2308	2028	plog.exe	39
PID 2028 wrote to memory of 2308	2028	plog.exe	39
PID 2028 wrote to memory of 2308	2028	plog.exe	39
PID 2308 wrote to memory of 1552	2308	plog.exe	40
PID 2308 wrote to memory of 1552	2308	plog.exe	40
PID 2308 wrote to memory of 1552	2308	plog.exe	40
PID 2308 wrote to memory of 1552	2308	plog.exe	40
PID 1552 wrote to memory of 1072	1552	plog.exe	41
PID 1552 wrote to memory of 1072	1552	plog.exe	41
PID 1552 wrote to memory of 1072	1552	plog.exe	41
PID 1552 wrote to memory of 1072	1552	plog.exe	41
PID 1072 wrote to memory of 568	1072	plog.exe	42
PID 1072 wrote to memory of 568	1072	plog.exe	42
PID 1072 wrote to memory of 568	1072	plog.exe	42
PID 1072 wrote to memory of 568	1072	plog.exe	42
PID 568 wrote to memory of 2356	568	plog.exe	43
PID 568 wrote to memory of 2356	568	plog.exe	43
PID 568 wrote to memory of 2356	568	plog.exe	43
PID 568 wrote to memory of 2356	568	plog.exe	43

C:\Users\Admin\AppData\Local\Temp\cb1ed66915bff236bd93218863d05dda.exe
"C:\Users\Admin\AppData\Local\Temp\cb1ed66915bff236bd93218863d05dda.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\plog.exe
  C:\Windows\system32\plog.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Windows\SysWOW64\plog.exe
    C:\Windows\system32\plog.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Windows\SysWOW64\plog.exe
      C:\Windows\system32\plog.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2600
      - C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2400
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2672
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2680
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2308
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:1552
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1072
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:568
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        17⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2356
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:804
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        19⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2668
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2408
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        21⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2692
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        22⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1956
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        23⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2972
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        24⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2992
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        25⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2748
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        26⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2268
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        27⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1400
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        28⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1824
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        29⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:928
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        30⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1524
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        31⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:944
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        32⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1408
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        33⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2848
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1752
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2312
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1044
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        37⤵
        Executes dropped EXE
        
        PID:2864
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        38⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2136
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2728
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        41⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1760
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2880
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1904
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2496
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2580
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2520
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        47⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2588
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2196
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        49⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2528
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        50⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2424
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        51⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2388
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        52⤵
        Executes dropped EXE
        
        PID:2364
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        53⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2416
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2348
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        55⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1596
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1924
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1864
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1588
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1448
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2028
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1716
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        62⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1600
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        63⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2656
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        65⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1368
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        66⤵
        Drops file in Windows directory
        
        PID:804
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        67⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        68⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2408
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        69⤵
        Drops file in Windows directory
        
        PID:2692
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        70⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1956
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        71⤵
        Drops file in System32 directory
        
        PID:2100
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        72⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        73⤵
        Drops file in Windows directory
        
        PID:2264
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        74⤵
        Drops file in System32 directory
        
        PID:2456
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        75⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        76⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1668
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        77⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2232
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        78⤵
        Drops file in Windows directory
        
        PID:1748
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        79⤵
        Drops file in Windows directory
        
        PID:768
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        80⤵
        Drops file in Windows directory
        
        PID:552
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        81⤵
        Drops file in Windows directory
        
        PID:1352
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        82⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2320
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        83⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        84⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1512
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        85⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1680
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        86⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        87⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        88⤵
        Drops file in System32 directory
        
        PID:1140
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        89⤵
        Drops file in Windows directory
        
        PID:2152
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        90⤵
        Drops file in System32 directory
        
        PID:2164
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        91⤵
        Drops file in Windows directory
        
        PID:2592
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        92⤵
        
        PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\logkey.ini

Filesize
49B

MD5
32ef43c0ff7c19c471f26f0adf79552f

SHA1
6b95614e9f517433b069514c30fe28c63b700704

SHA256
aefd2987974a7604fcfd13fa48ad624a5c0f94b93c83d208f7c56785c0b68f00

SHA512
dcf34d3b4def6ae2822f63493652adc57cb79a6a7430aae8438571e4425c1643818094aac3832d8d470b46783da984addc336c581bb4806cc56e3c909524aa09

Download Submit
C:\Windows\SysWOW64\swon4.exe

Filesize
616KB

MD5
cb1ed66915bff236bd93218863d05dda

SHA1
203b5e01cd8e696971e817768bdbd0c4ea6dbebb

SHA256
d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323

SHA512
e6481682ce4cd185b6177516b80f78d2b1715eb79f33a37e724fad3ed6138e30f9fedbf6c33a25ddec4ec94e927aa6c368cfc05ba04fa1291841ce56bb987109

Download Submit
C:\Windows\SysWOW64\swon4.exe

Filesize
539KB

MD5
f634eb7912311cdfa5726bbbba893f41

SHA1
b6edd96d85b5a31e9393e6dfba0f78651afc5c6e

SHA256
d5b8add07dbe776f478b745e8eceafb65fb61c16faefe88b7229ed4a18641e60

SHA512
7affba1bac448d176731f14e537a3bf7491d129ccaad19e67fb19cc34f2e70154e43f356010e92340d306f3dda145fbdc7eff8d97c039c7ae90fa5f331b6db29

Download Submit
C:\Windows\sk.exe

Filesize
616KB

MD5
0a4971ac367c7baf0373662420df5f7d

SHA1
05d90654dabad979b3788e1db762301f5eaf6f64

SHA256
83b887b536eb4bbc60355692350dbb5d963682c7d999009ee5a87763d17df0e4

SHA512
453e599cdad99ef2edfb511e4bd3f01d306559305e4e249c5cec51bf55afb32d2e69b01e1a5a7580e17b76f44937d50b2f08ebfea1a4b654c45207bab3e5d882

Download Submit
C:\Windows\sk.exe

Filesize
398KB

MD5
56c5d3dbf859c74e8305e01d575f12ed

SHA1
faa1ab0fd8284f156bc7741750dd586303a69597

SHA256
1138de9f8fdab6487e7c98c9d893a62c16164c5503556382e7d795a6e9a34cac

SHA512
ab48934d3ee53e335361333b6e69563f710ecea195cd39d357f5d1791d711ace0d504c91adc72177893efaffb371db883b8eef1152b59abd773199638241105d

Download Submit
C:\Windows\sk.exe

Filesize
616KB

MD5
8413da5160cf6afaec25fbba0704a713

SHA1
a45651633338deda396fc8703eda9334de88d641

SHA256
9cef63e1bc1658070f5ff3b81638c2968bef33cf3d028a4c10335d781d61db76

SHA512
ec4c5ee7a4f82b15ed1ef28bd2cc4e06c38032e6c3da2264a78f1a8625b4ad79f30835bed9329fb4c58e70015078ac9cb3b8d9b5ee9ae1164b6b0cd837d65a80

Download Submit
memory/540-375-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/568-144-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/568-148-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/804-158-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/804-154-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/804-386-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/928-212-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/928-208-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/944-221-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/944-217-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1044-242-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1044-246-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1072-139-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1072-143-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1368-381-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1400-199-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1400-203-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1408-222-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1408-226-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1448-352-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1448-356-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1524-216-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1552-134-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1552-138-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1588-351-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1596-338-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1596-334-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1600-371-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1600-367-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1668-432-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1692-12-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1692-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1716-362-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1716-366-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1720-256-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1720-252-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1752-232-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1752-236-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1760-270-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1760-23-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1760-14-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1788-427-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1824-207-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1864-347-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1904-280-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1904-276-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1924-343-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1924-339-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1956-178-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1956-406-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1956-174-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2028-124-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2028-128-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2028-357-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2028-361-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2136-257-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2136-261-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2196-300-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2196-304-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2268-198-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2268-194-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2308-133-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2308-129-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2312-241-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2312-237-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2348-333-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2348-329-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2356-149-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2356-153-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2364-320-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2364-324-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2388-315-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2388-319-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2400-81-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2400-89-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2408-164-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2408-396-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2408-168-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2416-328-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2424-314-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2424-310-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2484-58-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2484-67-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2496-281-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2496-285-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2508-37-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2508-45-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2520-294-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2528-309-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2528-305-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2532-78-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2532-69-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2580-290-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2580-286-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2588-299-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2588-295-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2596-35-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2596-26-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2600-47-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2600-57-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2656-376-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2656-380-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2668-159-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2668-163-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2672-111-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2672-103-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2680-122-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2680-113-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2692-401-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2692-169-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2692-173-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2728-266-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2728-262-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2748-189-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2748-193-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2820-391-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2848-231-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2848-227-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2864-251-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2864-247-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2880-275-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2880-271-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2972-179-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2972-183-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2984-100-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2984-91-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2992-184-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2992-188-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download