42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802

Analysis

max time kernel
167s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 11:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe
Size

260KB
MD5

e8a7307f1acfc2666767a13d3781931f
SHA1

b7c0138e3e5fd4ccbd3a6e3d1d9df33cbdcfa207
SHA256

42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802
SHA512

dabe9a37abd85e29912d016087d3de3b184b015da3c6d2e06fc8a28f62ea13e487730de0d29d794e6abf1f24037c756a68eda1a9207179f733fa7feff991f895
SSDEEP

6144:vCjWDc83SYtXGLdTUAw1mBu7hPF4Rx1bVuhbApPwA:vCjWxjWhZyhPFGHbVuhbmP

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4124	GBLG80.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4928-139-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral2/memory/4928-141-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral2/memory/4928-142-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral2/memory/4928-145-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral2/memory/4928-148-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral2/memory/4928-159-0x0000000000400000-0x0000000000444000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 1240 set thread context of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 set thread context of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 4124 set thread context of 3976	4124	GBLG80.exe	93

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4124	GBLG80.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1844	msedge.exe
1844	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe
4928	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 4928	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	82
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 1240 wrote to memory of 1360	1240	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	84
PID 4928 wrote to memory of 4124	4928	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	85
PID 4928 wrote to memory of 4124	4928	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	85
PID 4928 wrote to memory of 4124	4928	42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe	85
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 4124 wrote to memory of 3976	4124	GBLG80.exe	93
PID 3976 wrote to memory of 1844	3976	AppLaunch.exe	94
PID 3976 wrote to memory of 1844	3976	AppLaunch.exe	94
PID 1844 wrote to memory of 68	1844	msedge.exe	95
PID 1844 wrote to memory of 68	1844	msedge.exe	95
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98
PID 1844 wrote to memory of 4260	1844	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe
"C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe
  "C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Users\Admin\AppData\Local\Temp\GBLG80.exe
    "C:\Users\Admin\AppData\Local\Temp\GBLG80.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4124
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=AppLaunch.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        5⤵
        Enumerates system info in registry
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1844
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffe537b46f8,0x7ffe537b4708,0x7ffe537b4718
        6⤵
        
        PID:68
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
        6⤵
        
        PID:4260
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
        6⤵
        
        PID:4192
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
        6⤵
        
        PID:2900
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
        6⤵
        
        PID:3212
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
        6⤵
        
        PID:380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 /prefetch:8
        6⤵
        
        PID:524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
        6⤵
        
        PID:720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11858439699101169097,5605659358507542568,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
        6⤵
        
        PID:1280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=AppLaunch.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        5⤵
        
        PID:2184
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe537b46f8,0x7ffe537b4708,0x7ffe537b4718
        6⤵
        
        PID:2596
- C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe
  "C:\Users\Admin\AppData\Local\Temp\42b14a149ad3d9d5e9f5e6863e33c44d6333a3b3ca18f9ec915412720a4d9802.exe"
  2⤵
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b4b103831d353776ed8bfcc7676f9df

SHA1
40f33a3f791fda49a35224a469cc67b94ca53a23

SHA256
bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85

SHA512
5cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b4b103831d353776ed8bfcc7676f9df

SHA1
40f33a3f791fda49a35224a469cc67b94ca53a23

SHA256
bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85

SHA512
5cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GBLG80.exe

Filesize
239KB

MD5
7e19038bf810452444507e923af1293b

SHA1
ee47f842dcd607e721293665136d65239c7d0b89

SHA256
d81800d71979f662036525ffc37ac7fb4d87ee975809ab5155960013eec19f61

SHA512
d04ee02519a510d568dc8cabc46fb535550ca13120650020c1a32ed220ff2342854f5a37e6c559dd43c5a6ab5e3c2b914972933d184ff944fa57abdb9c202f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GBLG80.exe

Filesize
239KB

MD5
7e19038bf810452444507e923af1293b

SHA1
ee47f842dcd607e721293665136d65239c7d0b89

SHA256
d81800d71979f662036525ffc37ac7fb4d87ee975809ab5155960013eec19f61

SHA512
d04ee02519a510d568dc8cabc46fb535550ca13120650020c1a32ed220ff2342854f5a37e6c559dd43c5a6ab5e3c2b914972933d184ff944fa57abdb9c202f2b

Download Submit
memory/1240-149-0x00000000007C1000-0x00000000007C3000-memory.dmp

Filesize
8KB

Download
memory/1240-134-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1240-137-0x00000000007C1000-0x00000000007C3000-memory.dmp

Filesize
8KB

Download
memory/1240-150-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1240-136-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/1240-135-0x00000000007A0000-0x00000000007A2000-memory.dmp

Filesize
8KB

Download
memory/1360-147-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3976-157-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4124-155-0x0000000073BA0000-0x0000000074151000-memory.dmp

Filesize
5.7MB

Download
memory/4124-154-0x0000000073BA0000-0x0000000074151000-memory.dmp

Filesize
5.7MB

Download
memory/4124-158-0x0000000073BA0000-0x0000000074151000-memory.dmp

Filesize
5.7MB

Download
memory/4928-148-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4928-145-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4928-159-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4928-142-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4928-141-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4928-139-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download