3e605855ed4bbc789477d2feddce2781b56d195311e17f753fc65d709b1f2321

Analysis

max time kernel
132s
max time network
123s
resource
win7v191014

Sharing

Copy URL

Twitter E-mail

General

Target

VBS_ed167804673b6f89dc6657e71ae971c4.5
Sample

191122-86l54m21sj
SHA256

3e605855ed4bbc789477d2feddce2781b56d195311e17f753fc65d709b1f2321

Score

N/A

Malware Config

Signatures

Drops file in system dir 20 IoCs

description	ioc	pid	Process
File created (read-only)	C:\Windows\Temp\WER5CDE.tmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5CDE.tmp	2024	WerFault.exe
File created	C:\Windows\Temp\WER5CDE.tmp.appcompat.txt	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5CDE.tmp.appcompat.txt	2024	WerFault.exe
File opened for modification	C:\Windows\Temp\WER5CDE.tmp.appcompat.txt	2024	WerFault.exe
File created (read-only)	C:\Windows\Temp\WER5D7B.tmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5D7B.tmp	2024	WerFault.exe
File created	C:\Windows\Temp\WER5D7B.tmp.WERInternalMetadata.xml	2024	WerFault.exe
File opened for modification	C:\Windows\Temp\WER5D7B.tmp.WERInternalMetadata.xml	2024	WerFault.exe
File created (read-only)	C:\Windows\Temp\WER5D8C.tmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5D8C.tmp	2024	WerFault.exe
File created	C:\Windows\Temp\WER5D8C.tmp.hdmp	2024	WerFault.exe
File created (read-only)	C:\Windows\Temp\WER764A.tmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER764A.tmp	2024	WerFault.exe
File created	C:\Windows\Temp\WER764A.tmp.mdmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5D7B.tmp.WERInternalMetadata.xml	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER5D8C.tmp.hdmp	2024	WerFault.exe
File deleted	C:\Windows\Temp\WER764A.tmp.mdmp	2024	WerFault.exe
File opened for modification	C:\Windows\setupact.log	1104	svchost.exe
File opened for modification	C:\Windows\setuperr.log	1104	svchost.exe

Checks system information in the registry (likely anti-VM) 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	pid	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	2024	WerFault.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	2024	WerFault.exe

Modifies service 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

description	ioc	pid	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\CSC\Parameters\OnlineCachingLatencyThreshold = "32000"	1104	svchost.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\CSC\Parameters\PeerCachingLatencyThreshold = "80"	1104	svchost.exe

Uses Task Scheduler COM API 1 TTPs 12 IoCs

persistence

Query Registry

T1012

description	ioc	pid	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	1104	svchost.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	1104	svchost.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\TreatAs	1104	svchost.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\Progid	1104	svchost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\ProgID\	1104	svchost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\	1104	svchost.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	1104	svchost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32\InprocServer32	1104	svchost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32\	1104	svchost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32\ThreadingModel	1104	svchost.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocHandler32	1104	svchost.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocHandler	1104	svchost.exe

Program crash 1 IoCs

pid	Process
2024	WerFault.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2024	1100	svchost.exe	27
PID 1120 wrote to memory of 288	1120	WScript.exe	28
PID 288 wrote to memory of 1984	288	wscript.exe	29
PID 1984 wrote to memory of 1512	1984	wscript.exe	30
PID 1512 wrote to memory of 1236	1512	wscript.exe	31
PID 1236 wrote to memory of 1708	1236	wscript.exe	32
PID 1708 wrote to memory of 756	1708	wscript.exe	33
PID 756 wrote to memory of 1516	756	wscript.exe	34
PID 1516 wrote to memory of 824	1516	wscript.exe	35
PID 824 wrote to memory of 2020	824	wscript.exe	36
PID 2020 wrote to memory of 2044	2020	wscript.exe	37
PID 2044 wrote to memory of 1464	2044	wscript.exe	38
PID 1464 wrote to memory of 848	1464	wscript.exe	39
PID 848 wrote to memory of 752	848	wscript.exe	40
PID 752 wrote to memory of 2028	752	wscript.exe	41
PID 2028 wrote to memory of 1128	2028	wscript.exe	42
PID 1128 wrote to memory of 1980	1128	wscript.exe	43
PID 1980 wrote to memory of 1320	1980	wscript.exe	44
PID 1320 wrote to memory of 1956	1320	wscript.exe	45
PID 1956 wrote to memory of 1348	1956	wscript.exe	46
PID 1348 wrote to memory of 1284	1348	wscript.exe	47
PID 1284 wrote to memory of 1436	1284	wscript.exe	48
PID 1436 wrote to memory of 316	1436	wscript.exe	49
PID 316 wrote to memory of 1336	316	wscript.exe	50
PID 1336 wrote to memory of 1416	1336	wscript.exe	51
PID 1100 wrote to memory of 1112	1100	svchost.exe	52
PID 1104 wrote to memory of 1728	1104	svchost.exe	56

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	WerFault.exe
Token: SeShutdownPrivilege	2024	WerFault.exe
Token: SeAuditPrivilege	1104	svchost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2024	WerFault.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:1120

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
- Suspicious use of WriteProcessMemory
PID:1100

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 800 -s 888
1⤵
- Drops file in system dir
- Checks system information in the registry (likely anti-VM)
- Program crash
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:2024

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:288

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1512

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1236

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:756

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1516

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:824

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:2044

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1464

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:848

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:752

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1128

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1980

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1320

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1956

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1348

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1284

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1436

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
- Suspicious use of WriteProcessMemory
PID:1336

C:\Windows\System32\wscript.exe
"C:\Windows\System32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\document4753.vbe.vbs ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___- ___-
1⤵
PID:1416

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_d3def383f3788b01f8f02d9898bb11d342697_cab_07e878d6"
1⤵
PID:1112

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
1⤵
- Drops file in system dir
- Modifies service
- Uses Task Scheduler COM API
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
PID:1104

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

MITRE ATT&CK Additional techniques

T1031

Replay Monitor

Loading Replay Monitor...

Downloads

memory/288-2-0x0000000002820000-0x0000000002824000-memory.dmp

Filesize
16KB

Download
memory/316-73-0x00000000027C0000-0x00000000027C4000-memory.dmp

Filesize
16KB

Download
memory/752-41-0x0000000002970000-0x0000000002974000-memory.dmp

Filesize
16KB

Download
memory/756-11-0x0000000002900000-0x0000000002904000-memory.dmp

Filesize
16KB

Download
memory/848-34-0x00000000027F0000-0x00000000027F4000-memory.dmp

Filesize
16KB

Download
memory/1120-1-0x00000000029B0000-0x00000000029B4000-memory.dmp

Filesize
16KB

Download
memory/1128-59-0x00000000029E0000-0x00000000029E4000-memory.dmp

Filesize
16KB

Download
memory/1236-5-0x00000000027E0000-0x00000000027E4000-memory.dmp

Filesize
16KB

Download
memory/1284-71-0x0000000002890000-0x0000000002894000-memory.dmp

Filesize
16KB

Download
memory/1320-68-0x0000000002A80000-0x0000000002A84000-memory.dmp

Filesize
16KB

Download
memory/1336-74-0x0000000002920000-0x0000000002924000-memory.dmp

Filesize
16KB

Download
memory/1348-70-0x0000000002AE0000-0x0000000002AE4000-memory.dmp

Filesize
16KB

Download
memory/1436-72-0x00000000028B0000-0x00000000028B4000-memory.dmp

Filesize
16KB

Download
memory/1464-31-0x00000000028E0000-0x00000000028E4000-memory.dmp

Filesize
16KB

Download
memory/1512-4-0x0000000002880000-0x0000000002884000-memory.dmp

Filesize
16KB

Download
memory/1516-13-0x0000000002850000-0x0000000002854000-memory.dmp

Filesize
16KB

Download
memory/1708-7-0x00000000027F0000-0x00000000027F4000-memory.dmp

Filesize
16KB

Download
memory/1956-69-0x00000000028C0000-0x00000000028C4000-memory.dmp

Filesize
16KB

Download
memory/1980-64-0x0000000002A60000-0x0000000002A64000-memory.dmp

Filesize
16KB

Download
memory/1984-3-0x0000000002790000-0x0000000002794000-memory.dmp

Filesize
16KB

Download
memory/2020-20-0x0000000002A30000-0x0000000002A34000-memory.dmp

Filesize
16KB

Download
memory/2024-39-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-51-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-24-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-25-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-26-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-27-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-28-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-29-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-30-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-22-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-32-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-33-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-21-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-35-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-36-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-37-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-38-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-0-0x0000000000B20000-0x0000000000B31000-memory.dmp

Filesize
68KB

Download
memory/2024-40-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-19-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-42-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-45-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-43-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-44-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-46-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-47-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-48-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-49-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-50-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-6-0x0000000001650000-0x0000000001661000-memory.dmp

Filesize
68KB

Download
memory/2024-52-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-53-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-54-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-55-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-56-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-57-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-58-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-18-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-60-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-61-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-62-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-63-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-17-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-65-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-66-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-67-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-16-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-15-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-14-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-12-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-10-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-9-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-8-0x0000000001810000-0x0000000001821000-memory.dmp

Filesize
68KB

Download
memory/2024-75-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2024-94-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2024-95-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2024-96-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2024-97-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2024-98-0x0000000001970000-0x0000000001981000-memory.dmp

Filesize
68KB

Download
memory/2044-23-0x0000000002840000-0x0000000002844000-memory.dmp

Filesize
16KB

Download