Overview

overview

7

Static

static

49ebef70fa...6d.exe

windows7_x64

7

49ebef70fa...6d.exe

windows10_x64

7

Analysis

  • max time kernel
    21s
  • max time network
    104s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    11-11-2020 11:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49ebef70fa634005cfe5fa3be7b8e2167c64328ebaf3f41e10121b7b1368cd6d.exe

  • Size

    473KB

  • MD5

    a818e774faa8c61bbdd722f7b15dae05

  • SHA1

    000c4faff5a58bebb9b36d458f4107183d13d486

  • SHA256

    49ebef70fa634005cfe5fa3be7b8e2167c64328ebaf3f41e10121b7b1368cd6d

  • SHA512

    a93de176ab006d03edc98577e7daaadd8a0e06bedbebb5e56005f49d0fce203d2e37ed3d35e077012c4be5984f12be42c95a20044c3af75108bc486ef5e8a252

Score
7/10
discoveryspyware

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spyware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • JavaScript code in executable 1 IoCs
  • Program crash 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 522 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49ebef70fa634005cfe5fa3be7b8e2167c64328ebaf3f41e10121b7b1368cd6d.exe
    "C:\Users\Admin\AppData\Local\Temp\49ebef70fa634005cfe5fa3be7b8e2167c64328ebaf3f41e10121b7b1368cd6d.exe"
    1⤵
    • Loads dropped DLL
    PID:4760
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 732
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3788
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 844
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 820
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 892
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4196
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1184
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1288
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:616
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1328
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1272
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1180
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1344
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1376
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2440
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1216
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1428
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1468
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4744
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1316
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1152
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4648
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1460
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2840
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1372
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1192
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3480
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1208
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3892
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1240
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1460
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1136
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1404
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1348
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1744
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1296
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1620
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 620
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2892
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1624
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1664
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3336
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1712
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4504
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1180
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4088
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1692
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4608
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1448
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:3956
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1228
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:2948
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1580
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:748
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1752
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:5080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1796
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:4820
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 1452
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      PID:1588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\LocalLow\nb98wqnehe8bw89hb\freebl3.dll
    MD5

    60acd24430204ad2dc7f148b8cfe9bdc

    SHA1

    989f377b9117d7cb21cbe92a4117f88f9c7693d9

    SHA256

    9876c53134dbbec4dcca67581f53638eba3fea3a15491aa3cf2526b71032da97

    SHA512

    626c36e9567f57fa8ec9c36d96cbadede9c6f6734a7305ecfb9f798952bbacdfa33a1b6c4999ba5b78897dc2ec6f91870f7ec25b2ceacbaee4be942fe881db01

    Download Submit
  • \Users\Admin\AppData\LocalLow\nb98wqnehe8bw89hb\freebl3.dll
    MD5

    60acd24430204ad2dc7f148b8cfe9bdc

    SHA1

    989f377b9117d7cb21cbe92a4117f88f9c7693d9

    SHA256

    9876c53134dbbec4dcca67581f53638eba3fea3a15491aa3cf2526b71032da97

    SHA512

    626c36e9567f57fa8ec9c36d96cbadede9c6f6734a7305ecfb9f798952bbacdfa33a1b6c4999ba5b78897dc2ec6f91870f7ec25b2ceacbaee4be942fe881db01

    Download Submit
  • \Users\Admin\AppData\LocalLow\nb98wqnehe8bw89hb\mozglue.dll
    MD5

    eae9273f8cdcf9321c6c37c244773139

    SHA1

    8378e2a2f3635574c106eea8419b5eb00b8489b0

    SHA256

    a0c6630d4012ae0311ff40f4f06911bcf1a23f7a4762ce219b8dffa012d188cc

    SHA512

    06e43e484a89cea9ba9b9519828d38e7c64b040f44cdaeb321cbda574e7551b11fea139ce3538f387a0a39a3d8c4cba7f4cf03e4a3c98db85f8121c2212a9097

    Download Submit
  • \Users\Admin\AppData\LocalLow\nb98wqnehe8bw89hb\nss3.dll
    MD5

    02cc7b8ee30056d5912de54f1bdfc219

    SHA1

    a6923da95705fb81e368ae48f93d28522ef552fb

    SHA256

    1989526553fd1e1e49b0fea8036822ca062d3d39c4cab4a37846173d0f1753d5

    SHA512

    0d5dfcf4fb19b27246fa799e339d67cd1b494427783f379267fb2d10d615ffb734711bab2c515062c078f990a44a36f2d15859b1dacd4143dcc35b5c0cee0ef5

    Download Submit
  • \Users\Admin\AppData\LocalLow\nb98wqnehe8bw89hb\softokn3.dll
    MD5

    4e8df049f3459fa94ab6ad387f3561ac

    SHA1

    06ed392bc29ad9d5fc05ee254c2625fd65925114

    SHA256

    25a4dae37120426ab060ebb39b7030b3e7c1093cc34b0877f223b6843b651871

    SHA512

    3dd4a86f83465989b2b30c240a7307edd1b92d5c1d5c57d47eff287dc9daa7bace157017908d82e00be90f08ff5badb68019ffc9d881440229dcea5038f61cd6

    Download Submit
  • \Users\Admin\AppData\LocalLow\sqlite3.dll
    MD5

    f964811b68f9f1487c2b41e1aef576ce

    SHA1

    b423959793f14b1416bc3b7051bed58a1034025f

    SHA256

    83bc57dcf282264f2b00c21ce0339eac20fcb7401f7c5472c0cd0c014844e5f7

    SHA512

    565b1a7291c6fcb63205907fcd9e72fc2e11ca945afc4468c378edba882e2f314c2ac21a7263880ff7d4b84c2a1678024c1ac9971ac1c1de2bfa4248ec0f98c4

    Download Submit
  • memory/212-125-0x0000000004C70000-0x0000000004C71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/212-122-0x0000000004340000-0x0000000004341000-memory.dmp
    Filesize

    4KB

    Download
  • memory/416-213-0x0000000004A70000-0x0000000004A71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/416-210-0x0000000004240000-0x0000000004241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/616-22-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/616-25-0x0000000005520000-0x0000000005521000-memory.dmp
    Filesize

    4KB

    Download
  • memory/748-284-0x0000000004B20000-0x0000000004B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/748-280-0x00000000041F0000-0x00000000041F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-221-0x0000000004F80000-0x0000000004F81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/804-224-0x00000000057B0000-0x00000000057B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1136-214-0x0000000004200000-0x0000000004201000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1136-217-0x0000000004A40000-0x0000000004A41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1172-9-0x0000000004EF0000-0x0000000004EF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1172-6-0x00000000047C0000-0x00000000047C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1272-29-0x0000000004F50000-0x0000000004F51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1272-26-0x0000000004620000-0x0000000004621000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1588-450-0x0000000005010000-0x0000000005011000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1588-453-0x0000000005740000-0x0000000005741000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1600-35-0x0000000005600000-0x0000000005601000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1600-32-0x0000000004DC0000-0x0000000004DC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1620-230-0x0000000004B50000-0x0000000004B51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1620-233-0x0000000005480000-0x0000000005481000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-228-0x0000000005600000-0x0000000005601000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1744-225-0x0000000004DD0000-0x0000000004DD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1900-38-0x0000000004A00000-0x0000000004A01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1900-41-0x0000000005330000-0x0000000005331000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2440-45-0x0000000004FB0000-0x0000000004FB1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2440-42-0x0000000004680000-0x0000000004681000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2840-130-0x0000000004A20000-0x0000000004A21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2840-133-0x0000000005250000-0x0000000005251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2844-114-0x0000000004920000-0x0000000004921000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2844-117-0x0000000005050000-0x0000000005051000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2888-49-0x0000000004EC0000-0x0000000004EC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2888-53-0x00000000057F0000-0x00000000057F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2892-234-0x0000000004C80000-0x0000000004C81000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2892-237-0x0000000005630000-0x0000000005631000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2948-276-0x0000000004A50000-0x0000000004A51000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2948-279-0x0000000005400000-0x0000000005401000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3336-245-0x0000000004A40000-0x0000000004A41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3336-242-0x0000000004210000-0x0000000004211000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3480-205-0x0000000005620000-0x0000000005621000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3480-202-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3788-5-0x0000000005090000-0x0000000005091000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3788-3-0x0000000004960000-0x0000000004961000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3788-2-0x0000000004960000-0x0000000004961000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3860-13-0x0000000005640000-0x0000000005641000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3860-10-0x0000000004F10000-0x0000000004F11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3892-209-0x0000000004FF0000-0x0000000004FF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3892-206-0x00000000046C0000-0x00000000046C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3956-272-0x00000000045D0000-0x00000000045D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3956-275-0x0000000004F00000-0x0000000004F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4084-241-0x0000000005430000-0x0000000005431000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4084-238-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4088-250-0x00000000041F0000-0x00000000041F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4088-253-0x0000000004B20000-0x0000000004B21000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4196-14-0x0000000003FE0000-0x0000000003FE1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4196-17-0x0000000004790000-0x0000000004791000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4348-21-0x0000000005520000-0x0000000005521000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4348-18-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4504-246-0x0000000004A90000-0x0000000004A91000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4504-249-0x00000000053C0000-0x00000000053C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-259-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-268-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-261-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-262-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-264-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-263-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-265-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-267-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-266-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-254-0x0000000004DA0000-0x0000000004DA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-270-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-269-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-271-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-257-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-258-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4608-260-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4648-129-0x0000000005130000-0x0000000005131000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4648-126-0x0000000004800000-0x0000000004801000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4684-141-0x0000000005480000-0x0000000005481000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4684-137-0x0000000004AD0000-0x0000000004AD1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4744-118-0x0000000004B60000-0x0000000004B61000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4744-121-0x0000000005290000-0x0000000005291000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4760-36-0x0000000003E40000-0x0000000003E41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4760-0-0x00000000020FC000-0x00000000020FD000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4760-37-0x0000000003E40000-0x0000000003E41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4760-1-0x0000000003CC0000-0x0000000003CC1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4820-446-0x0000000004A00000-0x0000000004A01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4820-449-0x0000000005240000-0x0000000005241000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5080-360-0x0000000004770000-0x0000000004771000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5080-364-0x0000000005120000-0x0000000005121000-memory.dmp
    Filesize

    4KB

    Download