0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe
Size

939KB
MD5

b596edf7ebfb3a944a94685a207677bd
SHA1

e6776df73c784fec5de9c79bce860081d2915ed2
SHA256

0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879
SHA512

4518583947197b9a4afc0011d1ec2f1d051fbf02cbdde4ec9649b5f48da76b60697ad594da188fb6e364ea6eb2793a2e2fa6975164d693b4919b11322b9fedf5
SSDEEP

24576:kiUmSB/o5d1ubcvg4nZmSjtJLzxAeWtDMXuFc+d3oC8:k/mU/ohubcvNmSJJLzxrEDMXPmo

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Graff.vbs	Graff.exe

Executes dropped EXE 64 IoCs

pid	Process
2128	Graff.exe
2220	Graff.exe
2856	Graff.exe
2800	Graff.exe
2780	Graff.exe
2768	Graff.exe
2764	Graff.exe
2420	Graff.exe
1792	Graff.exe
808	Graff.exe
2432	Graff.exe
1616	Graff.exe
1932	Graff.exe
2940	Graff.exe
2164	Graff.exe
2996	Graff.exe
684	Graff.exe
596	Graff.exe
1248	Graff.exe
1992	Graff.exe
1648	Graff.exe
536	Graff.exe
3064	Graff.exe
820	Graff.exe
1028	Graff.exe
2160	Graff.exe
1692	Graff.exe
1232	Graff.exe
2788	Graff.exe
2848	Graff.exe
2604	Graff.exe
2916	Graff.exe
2760	Graff.exe
2608	Graff.exe
2768	Graff.exe
2456	Graff.exe
748	Graff.exe
1668	Graff.exe
1996	Graff.exe
1644	Graff.exe
1916	Graff.exe
824	Graff.exe
2884	Graff.exe
2940	Graff.exe
2976	Graff.exe
732	Graff.exe
2068	Graff.exe
932	Graff.exe
596	Graff.exe
1728	Graff.exe
1768	Graff.exe
1092	Graff.exe
1648	Graff.exe
2320	Graff.exe
328	Graff.exe
560	Graff.exe
1820	Graff.exe
1184	Graff.exe
2340	Graff.exe
1580	Graff.exe
1732	Graff.exe
2332	Graff.exe
2520	Graff.exe
1472	Graff.exe

Loads dropped DLL 1 IoCs

pid	Process
1036	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1036-13-0x0000000000F20000-0x0000000001121000-memory.dmp	autoit_exe
behavioral1/memory/2128-24-0x0000000000C50000-0x0000000001050000-memory.dmp	autoit_exe
behavioral1/memory/2128-28-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2220-40-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2856-51-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2800-62-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2780-74-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2764-86-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2768-85-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2764-97-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2420-107-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1792-117-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/808-127-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2432-138-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1616-148-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1932-159-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2940-169-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2164-170-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2164-180-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2996-191-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/684-201-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/596-202-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/596-212-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1248-213-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1248-223-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1648-235-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1992-234-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/536-246-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1648-245-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/536-255-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/3064-265-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/820-275-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1028-285-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2160-295-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1692-296-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1692-304-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1232-315-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2788-316-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2788-326-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2848-337-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2604-338-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2604-347-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2916-355-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2760-362-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2608-371-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2768-379-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2456-389-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/748-397-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1668-398-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1668-406-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1996-415-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1644-417-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2760-416-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1644-425-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1916-426-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/1916-434-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/824-436-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2768-435-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/824-444-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2884-452-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2940-460-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2976-468-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/2068-478-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe
behavioral1/memory/732-477-0x0000000000160000-0x0000000000361000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1036-0-0x0000000000F20000-0x0000000001121000-memory.dmp	upx
behavioral1/files/0x0008000000019228-9.dat	upx
behavioral1/memory/2128-15-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1036-13-0x0000000000F20000-0x0000000001121000-memory.dmp	upx
behavioral1/memory/2220-29-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2128-28-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2856-41-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2220-40-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2800-52-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2856-51-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2780-64-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2800-62-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2768-75-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2780-74-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2764-86-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2768-85-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2420-95-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2764-97-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2420-107-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1792-108-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1792-117-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/808-127-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2432-138-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1616-136-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1932-149-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1616-148-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1932-159-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2940-169-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2164-170-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2164-180-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2996-181-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2996-191-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/684-201-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/596-202-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/596-212-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1248-213-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1248-223-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1992-224-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1648-235-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1992-234-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/536-246-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1648-245-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/536-255-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/3064-265-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/820-275-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1028-285-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2160-295-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1692-296-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1692-304-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/1232-315-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2788-316-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2788-326-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2848-327-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2848-337-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2604-338-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2604-347-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2916-355-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2608-363-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2760-362-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2768-372-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2608-371-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2456-380-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2768-379-0x0000000000160000-0x0000000000361000-memory.dmp	upx
behavioral1/memory/2456-389-0x0000000000160000-0x0000000000361000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Graff.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 2128	1036	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 1036 wrote to memory of 2128	1036	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 1036 wrote to memory of 2128	1036	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 1036 wrote to memory of 2128	1036	0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe	30
PID 2128 wrote to memory of 2220	2128	Graff.exe	31
PID 2128 wrote to memory of 2220	2128	Graff.exe	31
PID 2128 wrote to memory of 2220	2128	Graff.exe	31
PID 2128 wrote to memory of 2220	2128	Graff.exe	31
PID 2220 wrote to memory of 2856	2220	Graff.exe	32
PID 2220 wrote to memory of 2856	2220	Graff.exe	32
PID 2220 wrote to memory of 2856	2220	Graff.exe	32
PID 2220 wrote to memory of 2856	2220	Graff.exe	32
PID 2856 wrote to memory of 2800	2856	Graff.exe	33
PID 2856 wrote to memory of 2800	2856	Graff.exe	33
PID 2856 wrote to memory of 2800	2856	Graff.exe	33
PID 2856 wrote to memory of 2800	2856	Graff.exe	33
PID 2800 wrote to memory of 2780	2800	Graff.exe	34
PID 2800 wrote to memory of 2780	2800	Graff.exe	34
PID 2800 wrote to memory of 2780	2800	Graff.exe	34
PID 2800 wrote to memory of 2780	2800	Graff.exe	34
PID 2780 wrote to memory of 2768	2780	Graff.exe	35
PID 2780 wrote to memory of 2768	2780	Graff.exe	35
PID 2780 wrote to memory of 2768	2780	Graff.exe	35
PID 2780 wrote to memory of 2768	2780	Graff.exe	35
PID 2768 wrote to memory of 2764	2768	Graff.exe	36
PID 2768 wrote to memory of 2764	2768	Graff.exe	36
PID 2768 wrote to memory of 2764	2768	Graff.exe	36
PID 2768 wrote to memory of 2764	2768	Graff.exe	36
PID 2764 wrote to memory of 2420	2764	Graff.exe	37
PID 2764 wrote to memory of 2420	2764	Graff.exe	37
PID 2764 wrote to memory of 2420	2764	Graff.exe	37
PID 2764 wrote to memory of 2420	2764	Graff.exe	37
PID 2420 wrote to memory of 1792	2420	Graff.exe	38
PID 2420 wrote to memory of 1792	2420	Graff.exe	38
PID 2420 wrote to memory of 1792	2420	Graff.exe	38
PID 2420 wrote to memory of 1792	2420	Graff.exe	38
PID 1792 wrote to memory of 808	1792	Graff.exe	39
PID 1792 wrote to memory of 808	1792	Graff.exe	39
PID 1792 wrote to memory of 808	1792	Graff.exe	39
PID 1792 wrote to memory of 808	1792	Graff.exe	39
PID 808 wrote to memory of 2432	808	Graff.exe	41
PID 808 wrote to memory of 2432	808	Graff.exe	41
PID 808 wrote to memory of 2432	808	Graff.exe	41
PID 808 wrote to memory of 2432	808	Graff.exe	41
PID 2432 wrote to memory of 1616	2432	Graff.exe	42
PID 2432 wrote to memory of 1616	2432	Graff.exe	42
PID 2432 wrote to memory of 1616	2432	Graff.exe	42
PID 2432 wrote to memory of 1616	2432	Graff.exe	42
PID 1616 wrote to memory of 1932	1616	Graff.exe	43
PID 1616 wrote to memory of 1932	1616	Graff.exe	43
PID 1616 wrote to memory of 1932	1616	Graff.exe	43
PID 1616 wrote to memory of 1932	1616	Graff.exe	43
PID 1932 wrote to memory of 2940	1932	Graff.exe	44
PID 1932 wrote to memory of 2940	1932	Graff.exe	44
PID 1932 wrote to memory of 2940	1932	Graff.exe	44
PID 1932 wrote to memory of 2940	1932	Graff.exe	44
PID 2940 wrote to memory of 2164	2940	Graff.exe	45
PID 2940 wrote to memory of 2164	2940	Graff.exe	45
PID 2940 wrote to memory of 2164	2940	Graff.exe	45
PID 2940 wrote to memory of 2164	2940	Graff.exe	45
PID 2164 wrote to memory of 2996	2164	Graff.exe	46
PID 2164 wrote to memory of 2996	2164	Graff.exe	46
PID 2164 wrote to memory of 2996	2164	Graff.exe	46
PID 2164 wrote to memory of 2996	2164	Graff.exe	46

C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe
"C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Users\Admin\AppData\Local\misruling\Graff.exe
  "C:\Users\Admin\AppData\Local\Temp\0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\misruling\Graff.exe
    "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Users\Admin\AppData\Local\misruling\Graff.exe
      "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2800
      - C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:808
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        17⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        18⤵
        Executes dropped EXE
        
        PID:684
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:596
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        21⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        22⤵
        Executes dropped EXE
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        23⤵
        Executes dropped EXE
        
        PID:536
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        25⤵
        Executes dropped EXE
        
        PID:820
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        27⤵
        Executes dropped EXE
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        28⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        29⤵
        Executes dropped EXE
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        31⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        32⤵
        Executes dropped EXE
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        33⤵
        Executes dropped EXE
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        34⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        35⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        36⤵
        Executes dropped EXE
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        37⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        38⤵
        Executes dropped EXE
        
        PID:748
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        40⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        41⤵
        Executes dropped EXE
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        42⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:824
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        45⤵
        Executes dropped EXE
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        46⤵
        Executes dropped EXE
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:732
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        48⤵
        Executes dropped EXE
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:596
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        51⤵
        Executes dropped EXE
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        55⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        56⤵
        Executes dropped EXE
        
        PID:328
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        58⤵
        Executes dropped EXE
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        59⤵
        Executes dropped EXE
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        60⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        63⤵
        Executes dropped EXE
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        64⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        65⤵
        Executes dropped EXE
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        66⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        67⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        68⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        69⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        70⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        72⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        74⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        75⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        77⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        82⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        84⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        85⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        86⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        89⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        91⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        92⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        96⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        99⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        100⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        101⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        102⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        106⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        108⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        109⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        110⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        111⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        114⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:576
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        121⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        122⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        123⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        126⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        127⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        128⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        131⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        132⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        133⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        134⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        135⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        138⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        139⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        140⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        141⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        142⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        145⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        146⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        148⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        151⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        152⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\misruling\Graff.exe
        
        "C:\Users\Admin\AppData\Local\misruling\Graff.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autA988.tmp

Filesize
404KB

MD5
3c6ee36cb897ba9651caa319d175c099

SHA1
64581e446ba5cb91b30e7c498bf56e09c6059bff

SHA256
adad26344bae088fd07486c0e39dcefa09c3ee980e3d209c40b48c6b030d836f

SHA512
90ad70dba89254c1b62220fa0ad21758c86dbbf934ba5ae579b394f0983d4bc9a5eec6d8d545326dfeb56f343baa538d2d27f0562c3fc32af42606efbac5a2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dews

Filesize
481KB

MD5
dc5a9959d2cea2ee2bca9f5c0c114cab

SHA1
6e7c122d8a6a16c36e8f27d29d0de0a07651fcdb

SHA256
5787df4931839f750020ee47850bfed8f345212a3ad1722f9bfd5fbd04fe1d81

SHA512
f196ed4901770e0ce36395b99438e46a137d856269cad57e783d951c287ffa5d5268c73b42333d8d86d6128a1eb4426e2c14b5d49ccc58ea47de59895d44d6dd

Download Submit
\Users\Admin\AppData\Local\misruling\Graff.exe

Filesize
939KB

MD5
b596edf7ebfb3a944a94685a207677bd

SHA1
e6776df73c784fec5de9c79bce860081d2915ed2

SHA256
0d9239013e7f6fab8aab618ce46b5225d0283da9f81d937cae7a3988a127f879

SHA512
4518583947197b9a4afc0011d1ec2f1d051fbf02cbdde4ec9649b5f48da76b60697ad594da188fb6e364ea6eb2793a2e2fa6975164d693b4919b11322b9fedf5

Download Submit
memory/328-544-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/536-255-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/536-246-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/560-551-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/596-212-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/596-202-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/596-501-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/684-201-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/732-477-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/732-469-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/748-388-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/748-397-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/808-127-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/820-275-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/824-436-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/824-444-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/932-494-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1028-285-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1036-7-0x00000000008A0000-0x0000000000CA0000-memory.dmp

Filesize
4.0MB

Download
memory/1036-0-0x0000000000F20000-0x0000000001121000-memory.dmp

Filesize
2.0MB

Download
memory/1036-63-0x00000000008A0000-0x0000000000CA0000-memory.dmp

Filesize
4.0MB

Download
memory/1036-13-0x0000000000F20000-0x0000000001121000-memory.dmp

Filesize
2.0MB

Download
memory/1092-522-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1184-565-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1232-315-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1248-223-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1248-213-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1580-579-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1616-136-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1616-148-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1644-425-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1644-417-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1648-529-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1648-245-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1648-235-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1668-398-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1668-406-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1692-296-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1692-304-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1728-508-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1732-586-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1768-515-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1792-108-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1792-117-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1820-558-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1916-426-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1916-434-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1932-149-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1932-159-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1992-224-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1992-234-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1996-415-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/1996-407-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2068-478-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2068-486-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2128-24-0x0000000000C50000-0x0000000001050000-memory.dmp

Filesize
4.0MB

Download
memory/2128-28-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2128-15-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2160-295-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2164-170-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2164-180-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2220-40-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2220-29-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2220-37-0x0000000000B70000-0x0000000000F70000-memory.dmp

Filesize
4.0MB

Download
memory/2320-537-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2332-593-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2340-572-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2420-95-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2420-107-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2432-138-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2456-389-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2456-380-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2520-600-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2604-347-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2604-338-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2608-363-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2608-371-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2760-416-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2760-362-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2760-916-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2764-86-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2764-97-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2768-75-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2768-435-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2768-372-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2768-85-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2768-379-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2780-74-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2780-64-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2788-326-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2788-316-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2800-62-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2800-52-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2848-337-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2848-327-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2856-51-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2856-41-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2884-452-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2916-355-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2940-460-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2940-169-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2976-530-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2976-468-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2976-461-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2996-181-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/2996-191-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download
memory/3064-265-0x0000000000160000-0x0000000000361000-memory.dmp

Filesize
2.0MB

Download