Overview

overview

10

Static

static

3

4faa3a9109...cs.exe

windows7-x64

10

4faa3a9109...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    24s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 06:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4faa3a9109863c4bf060666ebd439880_NeikiAnalytics.exe

  • Size

    180KB

  • MD5

    4faa3a9109863c4bf060666ebd439880

  • SHA1

    41d56c0ba86abbf7b95d778245f0ee684a116d68

  • SHA256

    a9f5e358261965ae07810304bc9be7c6ad8b4b52b497f832b53cd6ed4c078bc5

  • SHA512

    a24c13dc0b0bdb16590ad0ee13b60e2e03a3386dc31245968bc969153e36d525d4811706a5578706a5fadd947b3d18f0c6e5860a25507953a8a71417cb17eaa6

  • SSDEEP

    3072:GJ/pqKJlAX6JlS1CSDfIBbEPEYcu1VX11MVxgZ0TI:i64mABbEPau1VXsKWTI

Score
10/10
salitybackdoorevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies WinLogon for persistence 2 TTPs 4 IoCs
    persistence
  • Modifies firewall policy service 2 TTPs 6 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 12 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Windows directory 35 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1256
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1348
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1408
          • C:\Users\Admin\AppData\Local\Temp\4faa3a9109863c4bf060666ebd439880_NeikiAnalytics.exe
            "C:\Users\Admin\AppData\Local\Temp\4faa3a9109863c4bf060666ebd439880_NeikiAnalytics.exe"
            2⤵
            • Modifies WinLogon for persistence
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Loads dropped DLL
            • Windows security modification
            • Adds Run key to start application
            • Checks whether UAC is enabled
            • Enumerates connected drives
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1692
            • C:\Windows\system\Fun.exe
              C:\Windows\system\Fun.exe
              3⤵
              • Modifies WinLogon for persistence
              • Executes dropped EXE
              • Adds Run key to start application
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2360
              • C:\Windows\SVIQ.EXE
                C:\Windows\SVIQ.EXE
                4⤵
                • Modifies WinLogon for persistence
                • Modifies firewall policy service
                • UAC bypass
                • Windows security bypass
                • Executes dropped EXE
                • Windows security modification
                • Adds Run key to start application
                • Checks whether UAC is enabled
                • Drops file in System32 directory
                • Drops file in Windows directory
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                • System policy modification
                PID:2800
                • C:\Windows\system\Fun.exe
                  C:\Windows\system\Fun.exe
                  5⤵
                    PID:980
                  • C:\Windows\system\Fun.exe
                    C:\Windows\system\Fun.exe
                    5⤵
                      PID:1240
                      • C:\Windows\SVIQ.EXE
                        C:\Windows\SVIQ.EXE
                        6⤵
                          PID:2452
                      • C:\Windows\system\Fun.exe
                        C:\Windows\system\Fun.exe
                        5⤵
                          PID:572
                          • C:\Windows\SVIQ.EXE
                            C:\Windows\SVIQ.EXE
                            6⤵
                              PID:2660
                          • C:\Windows\system\Fun.exe
                            C:\Windows\system\Fun.exe
                            5⤵
                              PID:2328
                              • C:\Windows\SVIQ.EXE
                                C:\Windows\SVIQ.EXE
                                6⤵
                                  PID:864
                              • C:\Windows\system\Fun.exe
                                C:\Windows\system\Fun.exe
                                5⤵
                                  PID:2044
                                  • C:\Windows\SVIQ.EXE
                                    C:\Windows\SVIQ.EXE
                                    6⤵
                                      PID:2600
                                  • C:\Windows\system\Fun.exe
                                    C:\Windows\system\Fun.exe
                                    5⤵
                                      PID:2300
                                      • C:\Windows\SVIQ.EXE
                                        C:\Windows\SVIQ.EXE
                                        6⤵
                                          PID:780
                                      • C:\Windows\system\Fun.exe
                                        C:\Windows\system\Fun.exe
                                        5⤵
                                          PID:1364
                                          • C:\Windows\SVIQ.EXE
                                            C:\Windows\SVIQ.EXE
                                            6⤵
                                              PID:2328
                                          • C:\Windows\system\Fun.exe
                                            C:\Windows\system\Fun.exe
                                            5⤵
                                              PID:2224
                                              • C:\Windows\SVIQ.EXE
                                                C:\Windows\SVIQ.EXE
                                                6⤵
                                                  PID:468
                                              • C:\Windows\system\Fun.exe
                                                C:\Windows\system\Fun.exe
                                                5⤵
                                                  PID:2536
                                                  • C:\Windows\SVIQ.EXE
                                                    C:\Windows\SVIQ.EXE
                                                    6⤵
                                                      PID:1112
                                                  • C:\Windows\system\Fun.exe
                                                    C:\Windows\system\Fun.exe
                                                    5⤵
                                                      PID:1588
                                                      • C:\Windows\SVIQ.EXE
                                                        C:\Windows\SVIQ.EXE
                                                        6⤵
                                                          PID:2856
                                                      • C:\Windows\system\Fun.exe
                                                        C:\Windows\system\Fun.exe
                                                        5⤵
                                                          PID:2548
                                                          • C:\Windows\SVIQ.EXE
                                                            C:\Windows\SVIQ.EXE
                                                            6⤵
                                                              PID:1192
                                                          • C:\Windows\system\Fun.exe
                                                            C:\Windows\system\Fun.exe
                                                            5⤵
                                                              PID:1316
                                                              • C:\Windows\SVIQ.EXE
                                                                C:\Windows\SVIQ.EXE
                                                                6⤵
                                                                  PID:2072
                                                              • C:\Windows\system\Fun.exe
                                                                C:\Windows\system\Fun.exe
                                                                5⤵
                                                                  PID:2108
                                                                  • C:\Windows\SVIQ.EXE
                                                                    C:\Windows\SVIQ.EXE
                                                                    6⤵
                                                                      PID:1556
                                                                  • C:\Windows\system\Fun.exe
                                                                    C:\Windows\system\Fun.exe
                                                                    5⤵
                                                                      PID:2452
                                                                      • C:\Windows\SVIQ.EXE
                                                                        C:\Windows\SVIQ.EXE
                                                                        6⤵
                                                                          PID:1284
                                                                      • C:\Windows\system\Fun.exe
                                                                        C:\Windows\system\Fun.exe
                                                                        5⤵
                                                                          PID:1720
                                                                          • C:\Windows\SVIQ.EXE
                                                                            C:\Windows\SVIQ.EXE
                                                                            6⤵
                                                                              PID:2960
                                                                          • C:\Windows\system\Fun.exe
                                                                            C:\Windows\system\Fun.exe
                                                                            5⤵
                                                                              PID:460
                                                                              • C:\Windows\SVIQ.EXE
                                                                                C:\Windows\SVIQ.EXE
                                                                                6⤵
                                                                                  PID:2732
                                                                              • C:\Windows\system\Fun.exe
                                                                                C:\Windows\system\Fun.exe
                                                                                5⤵
                                                                                  PID:2716
                                                                                  • C:\Windows\SVIQ.EXE
                                                                                    C:\Windows\SVIQ.EXE
                                                                                    6⤵
                                                                                      PID:1704
                                                                                  • C:\Windows\system\Fun.exe
                                                                                    C:\Windows\system\Fun.exe
                                                                                    5⤵
                                                                                      PID:2560
                                                                                      • C:\Windows\SVIQ.EXE
                                                                                        C:\Windows\SVIQ.EXE
                                                                                        6⤵
                                                                                          PID:2812
                                                                                      • C:\Windows\system\Fun.exe
                                                                                        C:\Windows\system\Fun.exe
                                                                                        5⤵
                                                                                          PID:1720
                                                                                          • C:\Windows\SVIQ.EXE
                                                                                            C:\Windows\SVIQ.EXE
                                                                                            6⤵
                                                                                              PID:2524
                                                                                          • C:\Windows\system\Fun.exe
                                                                                            C:\Windows\system\Fun.exe
                                                                                            5⤵
                                                                                              PID:1716
                                                                                              • C:\Windows\SVIQ.EXE
                                                                                                C:\Windows\SVIQ.EXE
                                                                                                6⤵
                                                                                                  PID:960
                                                                                              • C:\Windows\system\Fun.exe
                                                                                                C:\Windows\system\Fun.exe
                                                                                                5⤵
                                                                                                  PID:2084
                                                                                                  • C:\Windows\SVIQ.EXE
                                                                                                    C:\Windows\SVIQ.EXE
                                                                                                    6⤵
                                                                                                      PID:2468
                                                                                                  • C:\Windows\system\Fun.exe
                                                                                                    C:\Windows\system\Fun.exe
                                                                                                    5⤵
                                                                                                      PID:2308
                                                                                                      • C:\Windows\SVIQ.EXE
                                                                                                        C:\Windows\SVIQ.EXE
                                                                                                        6⤵
                                                                                                          PID:2296
                                                                                                      • C:\Windows\system\Fun.exe
                                                                                                        C:\Windows\system\Fun.exe
                                                                                                        5⤵
                                                                                                          PID:1576
                                                                                                          • C:\Windows\SVIQ.EXE
                                                                                                            C:\Windows\SVIQ.EXE
                                                                                                            6⤵
                                                                                                              PID:2568
                                                                                                          • C:\Windows\system\Fun.exe
                                                                                                            C:\Windows\system\Fun.exe
                                                                                                            5⤵
                                                                                                              PID:1692
                                                                                                              • C:\Windows\SVIQ.EXE
                                                                                                                C:\Windows\SVIQ.EXE
                                                                                                                6⤵
                                                                                                                  PID:1912
                                                                                                          • C:\Windows\dc.exe
                                                                                                            C:\Windows\dc.exe
                                                                                                            3⤵
                                                                                                            • Modifies WinLogon for persistence
                                                                                                            • Executes dropped EXE
                                                                                                            • Adds Run key to start application
                                                                                                            • Drops file in System32 directory
                                                                                                            • Drops file in Windows directory
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                            PID:2696
                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                              C:\Windows\system\Fun.exe
                                                                                                              4⤵
                                                                                                                PID:2976
                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                  5⤵
                                                                                                                    PID:2716
                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                  4⤵
                                                                                                                    PID:1604
                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                      5⤵
                                                                                                                        PID:2548
                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                      4⤵
                                                                                                                        PID:984
                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                          5⤵
                                                                                                                            PID:2600
                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                          4⤵
                                                                                                                            PID:1588
                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                              5⤵
                                                                                                                                PID:1236
                                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                                              C:\Windows\system\Fun.exe
                                                                                                                              4⤵
                                                                                                                                PID:1164
                                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                                  5⤵
                                                                                                                                    PID:2692
                                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                                  4⤵
                                                                                                                                    PID:3056
                                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                                      5⤵
                                                                                                                                        PID:2124
                                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                                      4⤵
                                                                                                                                        PID:956
                                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                                          5⤵
                                                                                                                                            PID:1608
                                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                                          4⤵
                                                                                                                                            PID:2384
                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                                              5⤵
                                                                                                                                                PID:2312
                                                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                                                              C:\Windows\system\Fun.exe
                                                                                                                                              4⤵
                                                                                                                                                PID:1892
                                                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                                                  5⤵
                                                                                                                                                    PID:1548
                                                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                                                  4⤵
                                                                                                                                                    PID:880
                                                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                                                      5⤵
                                                                                                                                                        PID:1616
                                                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                                                      4⤵
                                                                                                                                                        PID:1704
                                                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                                                          5⤵
                                                                                                                                                            PID:2444
                                                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                                                          4⤵
                                                                                                                                                            PID:1328
                                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                                                              5⤵
                                                                                                                                                                PID:2480
                                                                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                                                                              C:\Windows\system\Fun.exe
                                                                                                                                                              4⤵
                                                                                                                                                                PID:1740
                                                                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                                                                  5⤵
                                                                                                                                                                    PID:3016
                                                                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                                                                  4⤵
                                                                                                                                                                    PID:1936
                                                                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:2716
                                                                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                                                                      4⤵
                                                                                                                                                                        PID:2504
                                                                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                                                                          5⤵
                                                                                                                                                                            PID:1388
                                                                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                                                                          4⤵
                                                                                                                                                                            PID:2692
                                                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                                                                              5⤵
                                                                                                                                                                                PID:1088
                                                                                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                                                                                              C:\Windows\system\Fun.exe
                                                                                                                                                                              4⤵
                                                                                                                                                                                PID:2392
                                                                                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:2340
                                                                                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:1556
                                                                                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:2128
                                                                                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:2860
                                                                                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:2668
                                                                                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:1600
                                                                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:2744
                                                                                                                                                                                            • C:\Windows\system\Fun.exe
                                                                                                                                                                                              C:\Windows\system\Fun.exe
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:2144
                                                                                                                                                                                                • C:\Windows\SVIQ.EXE
                                                                                                                                                                                                  C:\Windows\SVIQ.EXE
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                    PID:1624
                                                                                                                                                                                                • C:\Windows\system\Fun.exe
                                                                                                                                                                                                  C:\Windows\system\Fun.exe
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:2840
                                                                                                                                                                                                    • C:\Windows\SVIQ.EXE
                                                                                                                                                                                                      C:\Windows\SVIQ.EXE
                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                        PID:2008
                                                                                                                                                                                                    • C:\Windows\system\Fun.exe
                                                                                                                                                                                                      C:\Windows\system\Fun.exe
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:1688
                                                                                                                                                                                                        • C:\Windows\SVIQ.EXE
                                                                                                                                                                                                          C:\Windows\SVIQ.EXE
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:2632
                                                                                                                                                                                                        • C:\Windows\system\Fun.exe
                                                                                                                                                                                                          C:\Windows\system\Fun.exe
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:804
                                                                                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                                                                                              C:\Windows\SVIQ.EXE
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:2616
                                                                                                                                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:1120
                                                                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:2156
                                                                                                                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:2320

                                                                                                                                                                                                            Network

                                                                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                            Reconnaissance

                                                                                                                                                                                                            Resource Development

                                                                                                                                                                                                            Initial Access

                                                                                                                                                                                                            Execution

                                                                                                                                                                                                            Persistence

                                                                                                                                                                                                            Boot or Logon Autostart Execution

                                                                                                                                                                                                            2
                                                                                                                                                                                                            T1547

                                                                                                                                                                                                            Registry Run Keys / Startup Folder

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1547.001

                                                                                                                                                                                                            Winlogon Helper DLL

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1547.004

                                                                                                                                                                                                            Create or Modify System Process

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1543

                                                                                                                                                                                                            Windows Service

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1543.003

                                                                                                                                                                                                            Privilege Escalation

                                                                                                                                                                                                            Abuse Elevation Control Mechanism

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1548

                                                                                                                                                                                                            Bypass User Account Control

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1548.002

                                                                                                                                                                                                            Boot or Logon Autostart Execution

                                                                                                                                                                                                            2
                                                                                                                                                                                                            T1547

                                                                                                                                                                                                            Registry Run Keys / Startup Folder

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1547.001

                                                                                                                                                                                                            Winlogon Helper DLL

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1547.004

                                                                                                                                                                                                            Create or Modify System Process

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1543

                                                                                                                                                                                                            Windows Service

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1543.003

                                                                                                                                                                                                            Defense Evasion

                                                                                                                                                                                                            Abuse Elevation Control Mechanism

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1548

                                                                                                                                                                                                            Bypass User Account Control

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1548.002

                                                                                                                                                                                                            Impair Defenses

                                                                                                                                                                                                            3
                                                                                                                                                                                                            T1562

                                                                                                                                                                                                            Disable or Modify Tools

                                                                                                                                                                                                            3
                                                                                                                                                                                                            T1562.001

                                                                                                                                                                                                            Modify Registry

                                                                                                                                                                                                            7
                                                                                                                                                                                                            T1112

                                                                                                                                                                                                            Credential Access

                                                                                                                                                                                                            Discovery

                                                                                                                                                                                                            Peripheral Device Discovery

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1120

                                                                                                                                                                                                            Query Registry

                                                                                                                                                                                                            1
                                                                                                                                                                                                            T1012

                                                                                                                                                                                                            System Information Discovery

                                                                                                                                                                                                            2
                                                                                                                                                                                                            T1082

                                                                                                                                                                                                            Lateral Movement

                                                                                                                                                                                                            Collection

                                                                                                                                                                                                            Command and Control

                                                                                                                                                                                                            Exfiltration

                                                                                                                                                                                                            Impact

                                                                                                                                                                                                            Replay Monitor

                                                                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                                                                            Downloads

                                                                                                                                                                                                            • C:\Windows\SVIQ.EXE
                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              180KB

                                                                                                                                                                                                              MD5

                                                                                                                                                                                                              4faa3a9109863c4bf060666ebd439880

                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                              41d56c0ba86abbf7b95d778245f0ee684a116d68

                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                              a9f5e358261965ae07810304bc9be7c6ad8b4b52b497f832b53cd6ed4c078bc5

                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                              a24c13dc0b0bdb16590ad0ee13b60e2e03a3386dc31245968bc969153e36d525d4811706a5578706a5fadd947b3d18f0c6e5860a25507953a8a71417cb17eaa6

                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                            • C:\Windows\SYSTEM.INI
                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              257B

                                                                                                                                                                                                              MD5

                                                                                                                                                                                                              bf68b1c2b0376fc11dbf39508a7df141

                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                              a45dbc05600ec795072fcfa52a54a11bd1fbc20c

                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                              9990a911933b9ba72cc2d574b4cedfa2cc6212c67dda6495598b9e3882d959fc

                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                              4520914ea7943db744ed93523ddb6eff25008f4cc4524c02b4288ff36f339c823151d5f386d0fa9f6627044e6b5afec2339fcdde43a6279902b8f3720240c032

                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                            • C:\Windows\wininit.ini
                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              41B

                                                                                                                                                                                                              MD5

                                                                                                                                                                                                              e839977c0d22c9aa497b0b1d90d8a372

                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                              b5048e501399138796b38f3d3666e1a88c397e83

                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                              478db7f82fd7ef4860f7acd2f534ec303175500d7f4e1e36161d31c900d234e2

                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                              4c8ba5a26b6f738f8d25c32d019cee63e9a32d28e3aeb8fe31b965d7603c24a3539e469c8eb569747b47dadc9c43cdd1066ddb37ed8138bee5d0c74b5d0c275d

                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                            • C:\cwbbpm.exe
                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              100KB

                                                                                                                                                                                                              MD5

                                                                                                                                                                                                              0e7c8c26adbd2f4c2ad576e887e7f2da

                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                              cdc9e3d50de203f13e185f73c28e547617222fe9

                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                              e592776ce0e8f6fad749b66dc7c6321419a1ec75134218b1ff159e90baa93572

                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                              b00599b7cac581eedc21de2d80b43f74277cf70a481479ac15f712161d381ed4b32e9fe227d0570f7c3d1b7118a52ca640d5a1e14556d62de9d143e6e402cbfa

                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                            • memory/468-675-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/468-671-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/572-435-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/572-415-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/780-615-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/780-611-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/864-497-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/956-595-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/956-572-0x00000000027C0000-0x00000000027EF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/980-217-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/980-251-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/984-406-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/984-407-0x0000000002540000-0x0000000002542000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              8KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/984-375-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/984-394-0x0000000002540000-0x000000000256F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1112-722-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1112-718-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1164-500-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1164-520-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1164-513-0x00000000026E0000-0x000000000270F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1236-455-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1240-303-0x00000000003C0000-0x00000000003EF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1240-284-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1240-315-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1256-29-0x0000000001E60000-0x0000000001E62000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              8KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1364-651-0x00000000004A0000-0x00000000004CF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1364-656-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1548-702-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1588-451-0x00000000003C0000-0x00000000003EF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1588-458-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1604-371-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1604-343-0x0000000000470000-0x000000000049F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1608-576-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1608-573-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-142-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-47-0x0000000005890000-0x00000000058BF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-2-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-24-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-16-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-27-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-26-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-28-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-40-0x0000000002390000-0x0000000002392000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              8KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-25-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-23-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-39-0x0000000002390000-0x0000000002392000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              8KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-38-0x00000000023E0000-0x00000000023E1000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              4KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-36-0x00000000023E0000-0x00000000023E1000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              4KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-35-0x0000000002390000-0x0000000002392000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              8KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-154-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-22-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-42-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-135-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-41-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-53-0x0000000005890000-0x00000000058BF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-0-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-106-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-134-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-132-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-111-0x00000000059D0000-0x00000000059FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-128-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-131-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1692-129-0x00000000025B0000-0x000000000363E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1892-698-0x00000000003D0000-0x00000000003FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/1892-703-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2044-553-0x00000000004B0000-0x00000000004DF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2044-558-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2124-538-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2224-670-0x0000000002670000-0x000000000269F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2224-676-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2300-616-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2300-610-0x00000000003C0000-0x00000000003EF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2300-597-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2312-632-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2312-636-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2328-478-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2328-655-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2328-493-0x0000000002650000-0x000000000267F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2328-498-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2360-155-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2360-83-0x0000000000390000-0x00000000003BF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2384-637-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2384-631-0x00000000003C0000-0x00000000003EF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2384-618-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2452-309-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2536-717-0x0000000002770000-0x000000000279F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2548-344-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2548-348-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2600-401-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2600-557-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2600-395-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2660-432-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2692-518-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-374-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-321-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-112-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-438-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-220-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-685-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-559-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-521-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2696-617-0x00000000039D0000-0x00000000039FF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2716-275-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2716-271-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-283-0x0000000005F60000-0x0000000005F8F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-84-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-596-0x00000000059E0000-0x0000000005A0F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-158-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-638-0x00000000059E0000-0x0000000005A0F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-159-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-540-0x00000000059E0000-0x0000000005A0F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-413-0x0000000006320000-0x000000000634F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-657-0x00000000059E0000-0x0000000005A0F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-156-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-172-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-704-0x00000000059E0000-0x0000000005A0F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-170-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-308-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-477-0x0000000006320000-0x000000000634F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-171-0x00000000036E0000-0x000000000476E000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              16.6MB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2800-216-0x00000000058A0000-0x00000000058CF000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2976-221-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/2976-279-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/3056-522-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download

                                                                                                                                                                                                            • memory/3056-539-0x0000000000400000-0x000000000042F000-memory.dmp

                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                              188KB

                                                                                                                                                                                                              Download