0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-01-2025 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe
Size

939KB
MD5

b596edf7ebfb3a944a94685a207677bd
SHA1

e6776df73c784fec5de9c79bce860081d2915ed2
SHA256

0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879
SHA512

4518583947197b9a4afc0011d1ec2f1d051fbf02cbdde4ec9649b5f48da76b60697ad594da188fb6e364ea6eb2793a2e2fa6975164d693b4919b11322b9fedf5
SSDEEP

24576:kiUmSB/o5d1ubcvg4nZmSjtJLzxAeWtDMXuFc+d3oC8:k/mU/ohubcvNmSJJLzxrEDMXPmo

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Graff.vbs	Graff.exe

Executes dropped EXE 64 IoCs

pid	Process
2652	Graff.exe
2700	Graff.exe
2596	Graff.exe
2608	Graff.exe
2612	Graff.exe
2732	Graff.exe
1164	Graff.exe
2220	Graff.exe
2068	Graff.exe
2056	Graff.exe
756	Graff.exe
840	Graff.exe
2748	Graff.exe
1600	Graff.exe
768	Graff.exe
1644	Graff.exe
580	Graff.exe
1476	Graff.exe
2156	Graff.exe
2428	Graff.exe
1784	Graff.exe
900	Graff.exe
1560	Graff.exe
2360	Graff.exe
1956	Graff.exe
2504	Graff.exe
1616	Graff.exe
3056	Graff.exe
2760	Graff.exe
2804	Graff.exe
2600	Graff.exe
2556	Graff.exe
1748	Graff.exe
2612	Graff.exe
1792	Graff.exe
2992	Graff.exe
2400	Graff.exe
1756	Graff.exe
2112	Graff.exe
2032	Graff.exe
1248	Graff.exe
2852	Graff.exe
1440	Graff.exe
1796	Graff.exe
2884	Graff.exe
768	Graff.exe
1504	Graff.exe
832	Graff.exe
1640	Graff.exe
1572	Graff.exe
2440	Graff.exe
1356	Graff.exe
1444	Graff.exe
1784	Graff.exe
1880	Graff.exe
2484	Graff.exe
1488	Graff.exe
1568	Graff.exe
884	Graff.exe
892	Graff.exe
2096	Graff.exe
3036	Graff.exe
2020	Graff.exe
2716	Graff.exe

Loads dropped DLL 1 IoCs

pid	Process
3028	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/3028-13-0x0000000000100000-0x0000000000301000-memory.dmp	autoit_exe
behavioral1/memory/2652-29-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2700-30-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2700-38-0x0000000000760000-0x0000000000B60000-memory.dmp	autoit_exe
behavioral1/memory/2700-41-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2596-53-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2608-63-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2612-64-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/3028-72-0x0000000002AA0000-0x0000000002CA1000-memory.dmp	autoit_exe
behavioral1/memory/2612-75-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2732-76-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2732-84-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1164-96-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2220-106-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2068-116-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2056-117-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2056-127-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/756-137-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/840-148-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2748-149-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2748-160-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1600-170-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/768-171-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/768-181-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1644-182-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1644-192-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/580-202-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1476-212-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2156-222-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2428-223-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2428-233-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1784-234-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1784-244-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/900-255-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1560-266-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2360-276-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1956-277-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1956-287-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2504-288-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2504-298-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/3056-309-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1616-308-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/3056-320-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2760-330-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2804-340-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2600-348-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2556-356-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1748-363-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2612-371-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2992-380-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1792-379-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2992-387-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2400-396-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1756-397-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2112-406-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1756-405-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2112-413-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2032-421-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1248-422-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1248-430-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2852-431-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2852-439-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/1440-441-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe
behavioral1/memory/2992-440-0x0000000001270000-0x0000000001471000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000100000-0x0000000000301000-memory.dmp	upx
behavioral1/files/0x00290000000150a7-9.dat	upx
behavioral1/memory/2652-16-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/3028-13-0x0000000000100000-0x0000000000301000-memory.dmp	upx
behavioral1/memory/2652-29-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2700-30-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2700-41-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2596-42-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2596-53-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2608-51-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2608-63-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2612-64-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/3028-72-0x0000000002AA0000-0x0000000002CA1000-memory.dmp	upx
behavioral1/memory/2612-75-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2732-76-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2732-84-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1164-86-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1164-96-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2220-106-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2068-116-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2056-117-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2056-127-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/840-138-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/756-137-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/840-148-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2748-149-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1600-158-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2748-160-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1600-170-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/768-171-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/768-181-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1644-182-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1644-192-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/580-202-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1476-212-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2156-222-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2428-223-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2428-233-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1784-234-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1784-244-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/900-245-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/900-255-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1560-256-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1560-266-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2360-276-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1956-277-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1956-287-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2504-288-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2504-298-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/3056-309-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1616-308-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2760-319-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/3056-320-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2760-330-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2804-340-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2600-348-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2556-356-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1748-363-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2612-371-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2992-380-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/1792-379-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2992-387-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2400-388-0x0000000001270000-0x0000000001471000-memory.dmp	upx
behavioral1/memory/2400-396-0x0000000001270000-0x0000000001471000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2652	3028	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 3028 wrote to memory of 2652	3028	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 3028 wrote to memory of 2652	3028	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 3028 wrote to memory of 2652	3028	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 2652 wrote to memory of 2700	2652	Graff.exe	31
PID 2652 wrote to memory of 2700	2652	Graff.exe	31
PID 2652 wrote to memory of 2700	2652	Graff.exe	31
PID 2652 wrote to memory of 2700	2652	Graff.exe	31
PID 2700 wrote to memory of 2596	2700	Graff.exe	32
PID 2700 wrote to memory of 2596	2700	Graff.exe	32
PID 2700 wrote to memory of 2596	2700	Graff.exe	32
PID 2700 wrote to memory of 2596	2700	Graff.exe	32
PID 2596 wrote to memory of 2608	2596	Graff.exe	33
PID 2596 wrote to memory of 2608	2596	Graff.exe	33
PID 2596 wrote to memory of 2608	2596	Graff.exe	33
PID 2596 wrote to memory of 2608	2596	Graff.exe	33
PID 2608 wrote to memory of 2612	2608	Graff.exe	34
PID 2608 wrote to memory of 2612	2608	Graff.exe	34
PID 2608 wrote to memory of 2612	2608	Graff.exe	34
PID 2608 wrote to memory of 2612	2608	Graff.exe	34
PID 2612 wrote to memory of 2732	2612	Graff.exe	35
PID 2612 wrote to memory of 2732	2612	Graff.exe	35
PID 2612 wrote to memory of 2732	2612	Graff.exe	35
PID 2612 wrote to memory of 2732	2612	Graff.exe	35
PID 2732 wrote to memory of 1164	2732	Graff.exe	36
PID 2732 wrote to memory of 1164	2732	Graff.exe	36
PID 2732 wrote to memory of 1164	2732	Graff.exe	36
PID 2732 wrote to memory of 1164	2732	Graff.exe	36
PID 1164 wrote to memory of 2220	1164	Graff.exe	37
PID 1164 wrote to memory of 2220	1164	Graff.exe	37
PID 1164 wrote to memory of 2220	1164	Graff.exe	37
PID 1164 wrote to memory of 2220	1164	Graff.exe	37
PID 2220 wrote to memory of 2068	2220	Graff.exe	38
PID 2220 wrote to memory of 2068	2220	Graff.exe	38
PID 2220 wrote to memory of 2068	2220	Graff.exe	38
PID 2220 wrote to memory of 2068	2220	Graff.exe	38
PID 2068 wrote to memory of 2056	2068	Graff.exe	39
PID 2068 wrote to memory of 2056	2068	Graff.exe	39
PID 2068 wrote to memory of 2056	2068	Graff.exe	39
PID 2068 wrote to memory of 2056	2068	Graff.exe	39
PID 2056 wrote to memory of 756	2056	Graff.exe	40
PID 2056 wrote to memory of 756	2056	Graff.exe	40
PID 2056 wrote to memory of 756	2056	Graff.exe	40
PID 2056 wrote to memory of 756	2056	Graff.exe	40
PID 756 wrote to memory of 840	756	Graff.exe	41
PID 756 wrote to memory of 840	756	Graff.exe	41
PID 756 wrote to memory of 840	756	Graff.exe	41
PID 756 wrote to memory of 840	756	Graff.exe	41
PID 840 wrote to memory of 2748	840	Graff.exe	42
PID 840 wrote to memory of 2748	840	Graff.exe	42
PID 840 wrote to memory of 2748	840	Graff.exe	42
PID 840 wrote to memory of 2748	840	Graff.exe	42
PID 2748 wrote to memory of 1600	2748	Graff.exe	43
PID 2748 wrote to memory of 1600	2748	Graff.exe	43
PID 2748 wrote to memory of 1600	2748	Graff.exe	43
PID 2748 wrote to memory of 1600	2748	Graff.exe	43
PID 1600 wrote to memory of 768	1600	Graff.exe	44
PID 1600 wrote to memory of 768	1600	Graff.exe	44
PID 1600 wrote to memory of 768	1600	Graff.exe	44
PID 1600 wrote to memory of 768	1600	Graff.exe	44
PID 768 wrote to memory of 1644	768	Graff.exe	45
PID 768 wrote to memory of 1644	768	Graff.exe	45
PID 768 wrote to memory of 1644	768	Graff.exe	45
PID 768 wrote to memory of 1644	768	Graff.exe	45

C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe
"C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\misruling\Graff.exe
  "C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\misruling\Graff.exe
    "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\misruling\Graff.exe
      "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:756
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:840
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        18⤵
        Executes dropped EXE
        
        PID:580
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        19⤵
        Executes dropped EXE
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        20⤵
        Executes dropped EXE
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        22⤵
        Executes dropped EXE
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        23⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        25⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        30⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        31⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        34⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        36⤵
        Executes dropped EXE
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        37⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        38⤵
        Executes dropped EXE
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        39⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        40⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        41⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        42⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        44⤵
        Executes dropped EXE
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        45⤵
        Executes dropped EXE
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        46⤵
        Executes dropped EXE
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        47⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        49⤵
        Executes dropped EXE
        
        PID:832
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        52⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        53⤵
        Executes dropped EXE
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        54⤵
        Executes dropped EXE
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        56⤵
        Executes dropped EXE
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        57⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        58⤵
        Executes dropped EXE
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        59⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        60⤵
        Executes dropped EXE
        
        PID:884
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:892
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        63⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        65⤵
        Executes dropped EXE
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        66⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        70⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        71⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        72⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        73⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        74⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        75⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        76⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        77⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        78⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        79⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        80⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        81⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        83⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        85⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        87⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        89⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        92⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        94⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        95⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:616
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        98⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:236
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        101⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        103⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        106⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        107⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        108⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        109⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        110⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        111⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        112⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        113⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        114⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        115⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        116⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        117⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        118⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:840
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        122⤵
        System Location Discovery: System Language Discovery
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        124⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        126⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:440
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        131⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        132⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        133⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        134⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        141⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        142⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        145⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        146⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        148⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        149⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        150⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        153⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        154⤵
        
        PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut8B5E.tmp

Filesize
404KB

MD5
3c6ee36cb897ba9651caa319d175c099

SHA1
64581e446ba5cb91b30e7c498bf56e09c6059bff

SHA256
adad26344bae088fd07486c0e39dcefa09c3ee980e3d209c40b48c6b030d836f

SHA512
90ad70dba89254c1b62220fa0ad21758c86dbbf934ba5ae579b394f0983d4bc9a5eec6d8d545326dfeb56f343baa538d2d27f0562c3fc32af42606efbac5a2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dews

Filesize
481KB

MD5
dc5a9959d2cea2ee2bca9f5c0c114cab

SHA1
6e7c122d8a6a16c36e8f27d29d0de0a07651fcdb

SHA256
5787df4931839f750020ee47850bfed8f345212a3ad1722f9bfd5fbd04fe1d81

SHA512
f196ed4901770e0ce36395b99438e46a137d856269cad57e783d951c287ffa5d5268c73b42333d8d86d6128a1eb4426e2c14b5d49ccc58ea47de59895d44d6dd

Download Submit
\Users\Admin\AppData\Local\misruling\Graff.exe

Filesize
939KB

MD5
b596edf7ebfb3a944a94685a207677bd

SHA1
e6776df73c784fec5de9c79bce860081d2915ed2

SHA256
0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879

SHA512
4518583947197b9a4afc0011d1ec2f1d051fbf02cbdde4ec9649b5f48da76b60697ad594da188fb6e364ea6eb2793a2e2fa6975164d693b4919b11322b9fedf5

Download Submit
memory/580-202-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/756-137-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/768-474-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/768-181-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/768-171-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/832-490-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/840-138-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/840-148-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/884-567-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/892-574-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/900-245-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/900-255-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1164-86-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1164-96-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1248-422-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1248-430-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1356-518-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1440-449-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1440-441-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1444-525-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1476-212-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1488-553-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1504-482-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1560-266-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1560-256-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1568-560-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1572-504-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1600-158-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1600-170-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1616-308-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1640-497-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1644-192-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1644-182-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1748-363-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1756-397-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1756-405-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1784-234-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1784-532-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1784-244-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1792-379-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1796-450-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1796-458-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1880-539-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1956-287-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/1956-277-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2020-595-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2032-421-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2056-127-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2056-117-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2068-116-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2096-581-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2112-413-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2112-406-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2156-222-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2220-106-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2360-276-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2400-396-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2400-388-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2428-233-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2428-223-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2440-511-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2484-546-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2504-288-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2504-298-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2556-356-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2596-53-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2596-42-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2600-348-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2608-51-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2608-63-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2612-371-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2612-75-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2612-64-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2652-16-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2652-25-0x0000000000A70000-0x0000000000E70000-memory.dmp

Filesize
4.0MB

Download
memory/2652-29-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2700-30-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2700-38-0x0000000000760000-0x0000000000B60000-memory.dmp

Filesize
4.0MB

Download
memory/2700-41-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2732-76-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2732-84-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2748-149-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2748-160-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2760-319-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2760-330-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2804-340-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2852-431-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2852-439-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2884-459-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2884-466-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2992-380-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2992-440-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/2992-387-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/3028-72-0x0000000002AA0000-0x0000000002CA1000-memory.dmp

Filesize
2.0MB

Download
memory/3028-13-0x0000000000100000-0x0000000000301000-memory.dmp

Filesize
2.0MB

Download
memory/3028-14-0x0000000002AA0000-0x0000000002CA1000-memory.dmp

Filesize
2.0MB

Download
memory/3028-0-0x0000000000100000-0x0000000000301000-memory.dmp

Filesize
2.0MB

Download
memory/3028-7-0x0000000000900000-0x0000000000D00000-memory.dmp

Filesize
4.0MB

Download
memory/3036-588-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/3056-320-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download
memory/3056-309-0x0000000001270000-0x0000000001471000-memory.dmp

Filesize
2.0MB

Download