Overview

overview

10

Static

static

Microsoft.exe

windows7-x64

10

Microsoft.exe

windows10-1703-x64

8

Microsoft.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-08-2022 07:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Microsoft.exe

  • Size

    4.0MB

  • MD5

    083f54e1891baeb8783adc6ee775fc41

  • SHA1

    9f7b44476da46086e38f89f4eb2b9900629082a4

  • SHA256

    b55abbc07b02308c5315aa31de307ca62665d340806114a1992536584a5895d1

  • SHA512

    4c0ab2a86af49ed0fd129095962e11baa9fa9a9e0276473832be6c47bb8918c5c39a2f228a06e6f7d2aaa8d791c75645102ee5674ba44a9e3b9dc079c936d8ab

  • SSDEEP

    98304:Zwa9JkoXTaSRr+aV1uHIx5gjSTBvq+TYIMV3hMAo:Zr9UY5g0v0g

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 9 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 15 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 25 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Microsoft.exe
    "C:\Users\Admin\AppData\Local\Temp\Microsoft.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\Microsoft.msi AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\Microsoft.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1661178651 "
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:4608
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4484
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 4D492D9E0E6733A6F6FE51B774888CAD C
      2⤵
      • Loads dropped DLL
      PID:3624
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:368
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 6E39084A8437525B154ED8E26B18466A
        2⤵
        • Loads dropped DLL
        PID:1256
      • C:\Windows\Installer\MSI5397.tmp
        "C:\Windows\Installer\MSI5397.tmp" "C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4944
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:4620
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
        1⤵
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:428
      • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
        "C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        PID:1508
      • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
        "C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe" 600 0
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4300
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\system32\svchost.exe 601 0
          2⤵
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4468
          • C:\Windows\SysWOW64\userinit.exe
            C:\Windows\system32\userinit.exe 609 4468
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:208

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Discovery

      Query Registry

      2
      T1012

      Peripheral Device Discovery

      2
      T1120

      System Information Discovery

      2
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
        Filesize

        192KB

        MD5

        8a8db1e20dc508af5a81fc00b1929468

        SHA1

        32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

        SHA256

        386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

        SHA512

        9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

        Download Submit
      • C:\Program Files (x86)\BitDefender\Handler\bdreinit.exe
        Filesize

        192KB

        MD5

        8a8db1e20dc508af5a81fc00b1929468

        SHA1

        32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

        SHA256

        386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

        SHA512

        9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

        Download Submit
      • C:\Program Files (x86)\BitDefender\Handler\log.dat
        Filesize

        199KB

        MD5

        4d46b087b62183d86c53bf05ce4e2c8d

        SHA1

        174bd3886bd598f621eb758f469f69e85532f5c0

        SHA256

        49686cbde9535055fa48a0742bbe765f9d6ec1104e7efa8f71d1894f2d7d7873

        SHA512

        cf87b40dd69306285adff88de6050c1d456c34b2056e8f98ca7cf046459b6839afe67f4b13e25e5162ab311f1033a004b7e1bdc2955a10e8490eaef0f882a117

        Download Submit
      • C:\Program Files (x86)\BitDefender\Handler\log.dll
        Filesize

        139KB

        MD5

        c55b6938f885c07d627c15165c21390a

        SHA1

        9d2e460fd11791e78eb7fbc1357c973493293572

        SHA256

        f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

        SHA512

        9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

        Download Submit
      • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
        Filesize

        192KB

        MD5

        8a8db1e20dc508af5a81fc00b1929468

        SHA1

        32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

        SHA256

        386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

        SHA512

        9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

        Download Submit
      • C:\Program Files (x86)\Microsoft Office\Microsoft\bdreinit.exe
        Filesize

        192KB

        MD5

        8a8db1e20dc508af5a81fc00b1929468

        SHA1

        32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

        SHA256

        386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

        SHA512

        9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

        Download Submit
      • C:\Program Files (x86)\Microsoft Office\Microsoft\log.dat
        Filesize

        199KB

        MD5

        4d46b087b62183d86c53bf05ce4e2c8d

        SHA1

        174bd3886bd598f621eb758f469f69e85532f5c0

        SHA256

        49686cbde9535055fa48a0742bbe765f9d6ec1104e7efa8f71d1894f2d7d7873

        SHA512

        cf87b40dd69306285adff88de6050c1d456c34b2056e8f98ca7cf046459b6839afe67f4b13e25e5162ab311f1033a004b7e1bdc2955a10e8490eaef0f882a117

        Download Submit
      • C:\Program Files (x86)\Microsoft Office\Microsoft\log.dll
        Filesize

        139KB

        MD5

        c55b6938f885c07d627c15165c21390a

        SHA1

        9d2e460fd11791e78eb7fbc1357c973493293572

        SHA256

        f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

        SHA512

        9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\MSI7FE4.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Microsoft.msi
        Filesize

        1.5MB

        MD5

        df26d42194e934122c73559987f3ab84

        SHA1

        c526f8e1f8f4b22c0b62f76af448c63a7e5f2073

        SHA256

        eec36f5b2d28bb8076648f96899def8e297347322dd7d13368234680eaaee01d

        SHA512

        e62bd5773649251dfaa4870b2e5f6ebff6e69dd18ac4ecdeb296d0826b02b4a76d878037ea183a2653044afe5b807cee15c9fd1d7032bb6e75e761609e8f30b1

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Microsoft1.cab
        Filesize

        351KB

        MD5

        a66bc9849ba7d090a983e1aa64275e9a

        SHA1

        86f35c1a29cde722c2c822c46e4c4eac0b360f4a

        SHA256

        1b1a6809886af74850a817d23854ada702af6e6f094ac477049faa46c317d9cc

        SHA512

        e1a5f7b65bbca6a6eba9bcfaa278882961e3d0ad3b03a18a6fdda91558372d9a902d6ebe2f203d5b1174145eb84b3b5ebfe9fc78bb1d081f34d72b9b03993f90

        Download Submit
      • C:\Windows\Installer\MSI4844.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • C:\Windows\Installer\MSI4D75.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • C:\Windows\Installer\MSI4E80.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • C:\Windows\Installer\MSI4F8A.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • C:\Windows\Installer\MSI5142.tmp
        Filesize

        529KB

        MD5

        aab600da7532150b6fd984f3c6e6d781

        SHA1

        30c95ec5f80d8595221c9f37c0f172ea2ce7b917

        SHA256

        c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

        SHA512

        70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

        Download Submit
      • C:\Windows\Installer\MSI522E.tmp
        Filesize

        529KB

        MD5

        aab600da7532150b6fd984f3c6e6d781

        SHA1

        30c95ec5f80d8595221c9f37c0f172ea2ce7b917

        SHA256

        c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

        SHA512

        70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

        Download Submit
      • C:\Windows\Installer\MSI5397.tmp
        Filesize

        401KB

        MD5

        8c7085c86a4b14296f6e76525f20c828

        SHA1

        6113087876f86c9247bc4080c08ce1ae578d9a99

        SHA256

        beeaa8bfc97d87c1739611a88d3f4fa9a561cecbc5379309543dd850cc3f956c

        SHA512

        97dcbe469ec14114b90c0c52c289af173c6078b8aad3f9bb78c212278f1980d2750ce8bfba6b1ac0aaf72aa956f4c0be0c471ffbc7e811d4affa5896d36367e0

        Download Submit
      • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
        Filesize

        25.0MB

        MD5

        8b7ddb38e783f2fdd5673daa60cfcd09

        SHA1

        69cf064df5388dbae4203c99a85271d2ae40c725

        SHA256

        19c90a60443f9b1c0158d28b892e6d963dddb3a00720025d43e226cecd9c0b73

        SHA512

        f037a3242be9f45f1c63a97338e5854f828b821730f1da3d67febb9775576d14bb0aba0b4dc783730109f318d7f096adab998def0911e0713a84b4ea669fba56

        Download Submit
      • \??\Volume{5f334692-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{77f20257-456d-4dcd-a204-31ed62586c71}_OnDiskSnapshotProp
        Filesize

        5KB

        MD5

        7fa67915620f98810aa49c84ea820988

        SHA1

        d8fa8c98f74a94c4eb14eaedfbfbea1c96f32225

        SHA256

        f2ac33e84ceb85d6e286b3ba386a72303105349831d11036c5d89c56affe3367

        SHA512

        cda1f324110fa2e121054111cbbcbb18681e09a1543576df80250d925b0c4e7024ea071ae59e7bd70e461aac57300fc8549436a5f57b2efaa2b87979eb172a8a

        Download Submit
      • \Program Files (x86)\BitDefender\Handler\log.dll
        Filesize

        139KB

        MD5

        c55b6938f885c07d627c15165c21390a

        SHA1

        9d2e460fd11791e78eb7fbc1357c973493293572

        SHA256

        f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

        SHA512

        9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

        Download Submit
      • \Program Files (x86)\Microsoft Office\Microsoft\log.dll
        Filesize

        139KB

        MD5

        c55b6938f885c07d627c15165c21390a

        SHA1

        9d2e460fd11791e78eb7fbc1357c973493293572

        SHA256

        f534e7193ff51dcf12e4d1f09825a38e3f4992f88b071f288c6d628ec626582c

        SHA512

        9f225317c7f60621dfd43ccc9c4cfeef5cbaf8cf304702189283d8b74f179487d857a5ebeff87b40d008e71c369200b7a490babe39d4423fdbf55b8c39c1acd9

        Download Submit
      • \Users\Admin\AppData\Local\Temp\MSI7FE4.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • \Windows\Installer\MSI4844.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • \Windows\Installer\MSI4D75.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • \Windows\Installer\MSI4E80.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • \Windows\Installer\MSI4F8A.tmp
        Filesize

        377KB

        MD5

        316ed83688978925aa47a0c4d5662d2c

        SHA1

        96aaa52977cbd62ba865b35f9730c7c2861e5c2b

        SHA256

        da354085bcbca5ed614e754eb78a5aa9b879b8d5375625b6d1e34f5ea63c097e

        SHA512

        14eba103ed9cf5780e9bb59feb903159f928a6abdc0fdcede29d9cb59ea7df2cc379dc92d74e0c527ce98ee73b83fcf5fcc677ab82dcddcab581f7a87e9399e9

        Download Submit
      • \Windows\Installer\MSI5142.tmp
        Filesize

        529KB

        MD5

        aab600da7532150b6fd984f3c6e6d781

        SHA1

        30c95ec5f80d8595221c9f37c0f172ea2ce7b917

        SHA256

        c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

        SHA512

        70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

        Download Submit
      • \Windows\Installer\MSI522E.tmp
        Filesize

        529KB

        MD5

        aab600da7532150b6fd984f3c6e6d781

        SHA1

        30c95ec5f80d8595221c9f37c0f172ea2ce7b917

        SHA256

        c4241c23b49fcf5da34862aa43b801b9282d4613b2220effe2332150c13fb019

        SHA512

        70c41d7c5e76e169e1f41f96a8a68d1ca2a9206f87a46f08519b8301205cba40368ad1dd7a7266d2bed5a22d54dd1937f52eb18bc7d153608081bdc3e035ce06

        Download Submit
      • memory/208-655-0x0000000000000000-mapping.dmp
        Download
      • memory/368-334-0x0000000000000000-mapping.dmp
        Download
      • memory/1256-335-0x0000000000000000-mapping.dmp
        Download
      • memory/1508-601-0x00000000023B0000-0x00000000023E2000-memory.dmp
        Filesize

        200KB

        Download
      • memory/2696-144-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-151-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-154-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-155-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-156-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-157-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-158-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-159-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-160-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-161-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-162-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-163-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-164-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-165-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-166-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-167-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-168-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-169-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-170-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-171-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-172-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-173-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-174-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-175-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-176-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-177-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-178-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-179-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-180-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-181-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-182-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-120-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-152-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-153-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-121-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-150-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-149-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-148-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-147-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-146-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-145-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-119-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-143-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-142-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-141-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-137-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-140-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-139-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-138-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-136-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-135-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-122-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-134-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-133-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-132-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-131-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-130-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-129-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-128-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-127-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-126-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-125-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-124-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/2696-123-0x0000000077840000-0x00000000779CE000-memory.dmp
        Filesize

        1.6MB

        Download
      • memory/3624-199-0x0000000000000000-mapping.dmp
        Download
      • memory/4468-602-0x0000000000000000-mapping.dmp
        Download
      • memory/4608-264-0x0000000000000000-mapping.dmp
        Download
      • memory/4944-468-0x0000000000000000-mapping.dmp
        Download