096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397

Analysis

max time kernel
150s
max time network
136s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
Size

430KB
MD5

0293b0e8ea13001b4843d5e4789fecb5
SHA1

40b0c6fe4282dedf4ac6bf5b33cd4c5043acec4c
SHA256

096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397
SHA512

9250305ebdf939a7df43494f72f6daf6ac2a5b80ec5538daf4a645cfd4b30cbf112771f71465900b1bd8bf5af075540aac51e634c63136483359245e46e9f26d
SSDEEP

6144:HSVmOP10ZtoTBJ+MYoitoEARvQNHF0mjbiwE5C+naXCUjHgILr/P:EmO6ZtoTr9JRv2HumjbM1aXC+r/P

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1136	810F3B42B36.exe
2044	Iu81739.exe

Loads dropped DLL 4 IoCs

pid	Process
1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
1136	810F3B42B36.exe
1136	810F3B42B36.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN	Iu81739.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\4W1W8C6FXUVEVJZYNIMDKNGKPZN = "C:\\Bsdhga6.zip\\810F3B42B36.exe /q"	Iu81739.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ShownServiceDownBalloon = "0"	Iu81739.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PhishingFilter	Iu81739.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 = "0"	Iu81739.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery	Iu81739.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\ClearBrowsingHistoryOnExit = "0"	Iu81739.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DBControl	Iu81739.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DBControl	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
1136	810F3B42B36.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe
2044	Iu81739.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
Token: SeDebugPrivilege	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
Token: SeDebugPrivilege	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
Token: SeDebugPrivilege	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
Token: SeDebugPrivilege	1136	810F3B42B36.exe
Token: SeDebugPrivilege	1136	810F3B42B36.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe
Token: SeDebugPrivilege	2044	Iu81739.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1136	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe	27
PID 1948 wrote to memory of 1136	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe	27
PID 1948 wrote to memory of 1136	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe	27
PID 1948 wrote to memory of 1136	1948	096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe	27
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 1136 wrote to memory of 2044	1136	810F3B42B36.exe	28
PID 2044 wrote to memory of 1948	2044	Iu81739.exe	16
PID 2044 wrote to memory of 1948	2044	Iu81739.exe	16
PID 2044 wrote to memory of 1948	2044	Iu81739.exe	16
PID 2044 wrote to memory of 1948	2044	Iu81739.exe	16

C:\Users\Admin\AppData\Local\Temp\096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe
"C:\Users\Admin\AppData\Local\Temp\096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Bsdhga6.zip\810F3B42B36.exe
  "C:\Bsdhga6.zip\810F3B42B36.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1136
- - C:\Users\Admin\AppData\Local\Temp\Iu81739.exe
    "C:\Users\Admin\AppData\Local\Temp\Iu81739.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies Internet Explorer Phishing Filter
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Bsdhga6.zip\24B062BC0ACC9B8

Filesize
78KB

MD5
b3c5b91d03cbe09f185ac4dcbf3c379b

SHA1
8407aff0e02e2f03bc4c12d630e71e4f734eb787

SHA256
27b1e551bf985246b49e3b7b3b42c6fafa684c170f8edbcae738a6711e453c0e

SHA512
7a9ec93d72cb90ba1a779210cdc94cc5c8d5bff8dc75066e9f8296d326b83da4439ec208871619c456056a24a2222dcc64f0d10257f4745b4ca6718aae17c686

Download Submit
C:\Bsdhga6.zip\810F3B42B36.exe

Filesize
430KB

MD5
0293b0e8ea13001b4843d5e4789fecb5

SHA1
40b0c6fe4282dedf4ac6bf5b33cd4c5043acec4c

SHA256
096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397

SHA512
9250305ebdf939a7df43494f72f6daf6ac2a5b80ec5538daf4a645cfd4b30cbf112771f71465900b1bd8bf5af075540aac51e634c63136483359245e46e9f26d

Download Submit
C:\Bsdhga6.zip\810F3B42B36.exe

Filesize
430KB

MD5
0293b0e8ea13001b4843d5e4789fecb5

SHA1
40b0c6fe4282dedf4ac6bf5b33cd4c5043acec4c

SHA256
096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397

SHA512
9250305ebdf939a7df43494f72f6daf6ac2a5b80ec5538daf4a645cfd4b30cbf112771f71465900b1bd8bf5af075540aac51e634c63136483359245e46e9f26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Iu81739.exe

Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
\Bsdhga6.zip\810F3B42B36.exe

Filesize
430KB

MD5
0293b0e8ea13001b4843d5e4789fecb5

SHA1
40b0c6fe4282dedf4ac6bf5b33cd4c5043acec4c

SHA256
096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397

SHA512
9250305ebdf939a7df43494f72f6daf6ac2a5b80ec5538daf4a645cfd4b30cbf112771f71465900b1bd8bf5af075540aac51e634c63136483359245e46e9f26d

Download Submit
\Bsdhga6.zip\810F3B42B36.exe

Filesize
430KB

MD5
0293b0e8ea13001b4843d5e4789fecb5

SHA1
40b0c6fe4282dedf4ac6bf5b33cd4c5043acec4c

SHA256
096c225f39e1b4274a23ad15392e71da94d5bb7e9b61e1a3d6b50bcacf7cc397

SHA512
9250305ebdf939a7df43494f72f6daf6ac2a5b80ec5538daf4a645cfd4b30cbf112771f71465900b1bd8bf5af075540aac51e634c63136483359245e46e9f26d

Download Submit
\Users\Admin\AppData\Local\Temp\Iu81739.exe

Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
\Users\Admin\AppData\Local\Temp\Iu81739.exe

Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
memory/1136-69-0x0000000000220000-0x000000000026E000-memory.dmp

Filesize
312KB

Download
memory/1136-59-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download
memory/1136-67-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1948-139-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-133-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-149-0x00000000754A0000-0x00000000755A0000-memory.dmp

Filesize
1024KB

Download
memory/1948-147-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-146-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-145-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1948-144-0x0000000002660000-0x00000000026A2000-memory.dmp

Filesize
264KB

Download
memory/1948-143-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-142-0x000000000BB06000-0x000000000BB08000-memory.dmp

Filesize
8KB

Download
memory/1948-141-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-111-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-140-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-54-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1948-138-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-137-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-136-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-134-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-148-0x00000000003E0000-0x00000000003E5000-memory.dmp

Filesize
20KB

Download
memory/1948-130-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-129-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-127-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-125-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-97-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-98-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/1948-99-0x0000000000740000-0x00000000007AE000-memory.dmp

Filesize
440KB

Download
memory/1948-122-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-121-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-120-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-119-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-118-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-117-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-116-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-108-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-115-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/1948-114-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-87-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-89-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-113-0x00000000754A0000-0x00000000755A0000-memory.dmp

Filesize
1024KB

Download
memory/2044-112-0x00000000754A0000-0x00000000755A0000-memory.dmp

Filesize
1024KB

Download
memory/2044-109-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/2044-106-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/2044-105-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-104-0x0000000000930000-0x0000000000972000-memory.dmp

Filesize
264KB

Download
memory/2044-103-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2044-102-0x00000000001F0000-0x00000000001F5000-memory.dmp

Filesize
20KB

Download
memory/2044-101-0x0000000000220000-0x000000000026E000-memory.dmp

Filesize
312KB

Download
memory/2044-123-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-100-0x0000000001000000-0x0000000001004000-memory.dmp

Filesize
16KB

Download
memory/2044-96-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-95-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-126-0x000000000BB04000-0x000000000BB06000-memory.dmp

Filesize
8KB

Download
memory/2044-124-0x000000000BB05000-0x000000000BB07000-memory.dmp

Filesize
8KB

Download
memory/2044-128-0x0000000000480000-0x0000000000485000-memory.dmp

Filesize
20KB

Download
memory/2044-94-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-93-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-131-0x0000000075E60000-0x0000000075E95000-memory.dmp

Filesize
212KB

Download
memory/2044-92-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-132-0x0000000002AA0000-0x0000000002AD5000-memory.dmp

Filesize
212KB

Download
memory/2044-91-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-90-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-110-0x000000000BB06000-0x000000000BB08000-memory.dmp

Filesize
8KB

Download
memory/2044-88-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-86-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-85-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-84-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-83-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-82-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-81-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-80-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-79-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-78-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-62-0x0000000000220000-0x000000000026E000-memory.dmp

Filesize
312KB

Download
memory/2044-150-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-151-0x000000000BB18000-0x000000000BB1A000-memory.dmp

Filesize
8KB

Download
memory/2044-153-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/2044-152-0x0000000000220000-0x000000000026E000-memory.dmp

Filesize
312KB

Download
memory/2044-154-0x0000000077030000-0x00000000771B0000-memory.dmp

Filesize
1.5MB

Download
memory/2044-155-0x0000000075E60000-0x0000000075E95000-memory.dmp

Filesize
212KB

Download
memory/2044-156-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-157-0x000000000BB18000-0x000000000BB1A000-memory.dmp

Filesize
8KB

Download
memory/2044-158-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-159-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-160-0x000000000BB05000-0x000000000BB07000-memory.dmp

Filesize
8KB

Download
memory/2044-161-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download
memory/2044-162-0x0000000075160000-0x0000000075324000-memory.dmp

Filesize
1.8MB

Download