Overview

overview

10

Static

static

7

update.exe

windows7-x64

10

update.exe

windows10-1703-x64

10

Resubmissions

28/11/2022, 09:53

221128-lwp4eaea33 10

17/11/2022, 04:28

221117-e328zsdf69 10

07/11/2022, 10:35

221107-mm272secgj 10

Analysis

  • max time kernel
    66s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 10:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update.exe

  • Size

    60.2MB

  • MD5

    b77955061c0f46de8059c20128ebb156

  • SHA1

    bd9ba700caec09387bfcf97bd9cc0a2e846836ca

  • SHA256

    ca94c8bbbb10febb8187f8c709affaa91911f646cf0ac99e857bf45b3a709091

  • SHA512

    83f07b66be1138e5f3f1c1f2504d3222bcc1bb1c1626a98e2346408cde7c771a64a998fa38c23ac66097f0b610f70c6309ea914e0c9c95ecff588a385aeb69aa

  • SSDEEP

    1572864:DdjkMwgaV4gRNzu1zCcFA4o/UDDvX94UKfytNxZhDa:FJGuMzuHnXDKfeN5Da

Score
10/10
discoveryevasionpersistencethemidatrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Blocks application from running via registry modification 27 IoCs

    Adds application to list of disallowed applications.

    evasion
  • Modifies Windows Firewall 1 TTPs 7 IoCs
    evasion
  • Stops running service(s) 3 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Modifies file permissions 1 TTPs 16 IoCs
    discovery
  • Themida packer 40 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies WinLogon 2 TTPs 3 IoCs
    persistence
  • AutoIT Executable 24 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\update.exe
    "C:\Users\Admin\AppData\Local\Temp\update.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • UAC bypass
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Blocks application from running via registry modification
    • Checks BIOS information in registry
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Modifies WinLogon
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:844
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c sc delete swprv
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Windows\system32\sc.exe
        sc delete swprv
        3⤵
        • Launches sc.exe
        PID:280
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AppModule" dir=in action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1368
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall set allprofiles state on
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1288
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="AMD" dir=in action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:976
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Blocking" protocol=TCP localport=445 action=block dir=IN
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1748
      • C:\Windows\system32\netsh.exe
        netsh advfirewall firewall add rule name="Port Blocking" protocol=TCP localport=445 action=block dir=IN
        3⤵
        • Modifies Windows Firewall
        PID:1104
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Blocking" protocol=UDP localport=445 action=block dir=IN
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:388
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Block" protocol=TCP localport=139 action=block dir=IN
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:556
      • C:\Windows\system32\netsh.exe
        netsh advfirewall firewall add rule name="Port Block" protocol=TCP localport=139 action=block dir=IN
        3⤵
        • Modifies Windows Firewall
        PID:684
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c netsh advfirewall firewall add rule name="Port Block" protocol=UDP localport=139 action=block dir=IN
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:672
      • C:\Windows\system32\netsh.exe
        netsh advfirewall firewall add rule name="Port Block" protocol=UDP localport=139 action=block dir=IN
        3⤵
        • Modifies Windows Firewall
        PID:1108
    • C:\ProgramData\Setup\Game.exe
      C:\ProgramData\Setup\Game.exe -pnaxui
      2⤵
        PID:1596
        • C:\ProgramData\RealtekHD\GameGuard.exe
          "C:\ProgramData\RealtekHD\GameGuard.exe"
          3⤵
            PID:1664
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny Администраторы:(OI)(CI)(F)
              4⤵
                PID:1772
                • C:\Windows\system32\icacls.exe
                  icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny Администраторы:(OI)(CI)(F)
                  5⤵
                  • Modifies file permissions
                  PID:2228
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny System:(OI)(CI)(F)
                4⤵
                  PID:1020
                  • C:\Windows\system32\icacls.exe
                    icacls "c:\programdata\microsoft\clr_optimization_v4.0.30318_64" /deny System:(OI)(CI)(F)
                    5⤵
                    • Modifies file permissions
                    PID:2352
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c icacls "C:\Windows\Fonts\Mysql" /deny Администраторы:(OI)(CI)(F)
                  4⤵
                    PID:1636
                    • C:\Windows\system32\icacls.exe
                      icacls "C:\Windows\Fonts\Mysql" /deny Администраторы:(OI)(CI)(F)
                      5⤵
                      • Modifies file permissions
                      PID:2056
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c icacls "C:\Windows\Fonts\Mysql" /deny System:(OI)(CI)(F)
                    4⤵
                      PID:1956
                      • C:\Windows\system32\icacls.exe
                        icacls "C:\Windows\Fonts\Mysql" /deny System:(OI)(CI)(F)
                        5⤵
                        • Modifies file permissions
                        PID:2012
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c icacls C:\Windows\speechstracing /deny Администраторы:(OI)(CI)(F)
                      4⤵
                        PID:1044
                        • C:\Windows\system32\icacls.exe
                          icacls C:\Windows\speechstracing /deny Администраторы:(OI)(CI)(F)
                          5⤵
                          • Modifies file permissions
                          PID:2300
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c icacls c:\programdata\Malwarebytes /deny Администраторы:(F)
                        4⤵
                          PID:1012
                          • C:\Windows\system32\icacls.exe
                            icacls c:\programdata\Malwarebytes /deny Администраторы:(F)
                            5⤵
                            • Modifies file permissions
                            PID:1548
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c icacls C:\Windows\speechstracing /deny system:(OI)(CI)(F)
                          4⤵
                            PID:1332
                            • C:\Windows\system32\icacls.exe
                              icacls C:\Windows\speechstracing /deny system:(OI)(CI)(F)
                              5⤵
                              • Modifies file permissions
                              PID:2256
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c icacls c:\programdata\Malwarebytes /deny System:(F)
                            4⤵
                              PID:836
                              • C:\Windows\system32\icacls.exe
                                icacls c:\programdata\Malwarebytes /deny System:(F)
                                5⤵
                                • Modifies file permissions
                                PID:2268
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c icacls C:\Programdata\MB3Install /deny Администраторы:(F)
                              4⤵
                                PID:588
                                • C:\Windows\system32\icacls.exe
                                  icacls C:\Programdata\MB3Install /deny Администраторы:(F)
                                  5⤵
                                  • Modifies file permissions
                                  PID:2244
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c icacls C:\Programdata\MB3Install /deny System:(F)
                                4⤵
                                  PID:388
                                  • C:\Windows\system32\icacls.exe
                                    icacls C:\Programdata\MB3Install /deny System:(F)
                                    5⤵
                                    • Modifies file permissions
                                    PID:2200
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c icacls C:\Programdata\Indus /deny System:(OI)(CI)(F)
                                  4⤵
                                    PID:1660
                                    • C:\Windows\system32\icacls.exe
                                      icacls C:\Programdata\Indus /deny System:(OI)(CI)(F)
                                      5⤵
                                      • Modifies file permissions
                                      PID:464
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c icacls C:\Programdata\Indus /deny Администраторы:(OI)(CI)(F)
                                    4⤵
                                      PID:1860
                                      • C:\Windows\system32\icacls.exe
                                        icacls C:\Programdata\Indus /deny Администраторы:(OI)(CI)(F)
                                        5⤵
                                        • Modifies file permissions
                                        PID:904
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c icacls C:\AdwCleaner /deny Администраторы:(OI)(CI)(F)
                                      4⤵
                                        PID:1396
                                        • C:\Windows\system32\icacls.exe
                                          icacls C:\AdwCleaner /deny Администраторы:(OI)(CI)(F)
                                          5⤵
                                          • Modifies file permissions
                                          PID:1764
                                      • C:\Windows\system32\cmd.exe
                                        C:\Windows\system32\cmd.exe /c icacls "C:\Program Files\ByteFence" /deny Администраторы:(OI)(CI)(F)
                                        4⤵
                                          PID:2092
                                          • C:\Windows\system32\icacls.exe
                                            icacls "C:\Program Files\ByteFence" /deny Администраторы:(OI)(CI)(F)
                                            5⤵
                                            • Modifies file permissions
                                            PID:2216
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c icacls C:\KVRT_Data /deny Администраторы:(OI)(CI)(F)
                                          4⤵
                                            PID:2432
                                            • C:\Windows\system32\icacls.exe
                                              icacls C:\KVRT_Data /deny Администраторы:(OI)(CI)(F)
                                              5⤵
                                              • Modifies file permissions
                                              PID:2460
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /c icacls C:\KVRT_Data /deny system:(OI)(CI)(F)
                                            4⤵
                                              PID:2492
                                              • C:\Windows\system32\icacls.exe
                                                icacls C:\KVRT_Data /deny system:(OI)(CI)(F)
                                                5⤵
                                                • Modifies file permissions
                                                PID:2524
                                          • C:\ProgramData\RealtekHD\taskhost.exe
                                            "C:\ProgramData\RealtekHD\taskhost.exe"
                                            3⤵
                                              PID:832
                                          • C:\ProgramData\Setup\svchost.exe
                                            C:/ProgramData/Setup/svchost.exe -pnaxui
                                            2⤵
                                              PID:2288
                                          • C:\Windows\system32\netsh.exe
                                            netsh advfirewall firewall add rule name="AppModule" dir=in action=allow program="C:\ProgramData\WindowsTask\AppModule.exe" enable=yes
                                            1⤵
                                            • Modifies Windows Firewall
                                            PID:1304
                                          • C:\Windows\system32\netsh.exe
                                            netsh advfirewall set allprofiles state on
                                            1⤵
                                            • Modifies Windows Firewall
                                            PID:1164
                                          • C:\Windows\system32\netsh.exe
                                            netsh advfirewall firewall add rule name="AMD" dir=in action=allow program="C:\ProgramData\WindowsTask\AMD.exe" enable=yes
                                            1⤵
                                            • Modifies Windows Firewall
                                            PID:776
                                          • C:\Windows\system32\netsh.exe
                                            netsh advfirewall firewall add rule name="Port Blocking" protocol=UDP localport=445 action=block dir=IN
                                            1⤵
                                            • Modifies Windows Firewall
                                            PID:1356
                                          • C:\Windows\system32\taskmgr.exe
                                            "C:\Windows\system32\taskmgr.exe" /4
                                            1⤵
                                              PID:2280

                                            Network

                                            MITRE ATT&CK Enterprise v6

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\ProgramData\RealtekHD\GameGuard.exe
                                              Filesize

                                              5.0MB

                                              MD5

                                              32198d6a8e26f4e103885fc4eef3c2d7

                                              SHA1

                                              f35a0abab275eececc6410f69c5d041d14f3684e

                                              SHA256

                                              fc110064f6cee1dfb6793283a7bf1964347b1e6b29a0db8efc70dd77c15c85a1

                                              SHA512

                                              d25eaad411040c4b3dc8892594c717d820a0e2dc2bc10d68217a52351764691c8e1e17bc55c1e67fe550e3ffde1e01ab60e6dae8f75b5e1c182733bbc950485e

                                              Download Submit

                                            • C:\ProgramData\RealtekHD\GameGuard.exe
                                              Filesize

                                              5.0MB

                                              MD5

                                              32198d6a8e26f4e103885fc4eef3c2d7

                                              SHA1

                                              f35a0abab275eececc6410f69c5d041d14f3684e

                                              SHA256

                                              fc110064f6cee1dfb6793283a7bf1964347b1e6b29a0db8efc70dd77c15c85a1

                                              SHA512

                                              d25eaad411040c4b3dc8892594c717d820a0e2dc2bc10d68217a52351764691c8e1e17bc55c1e67fe550e3ffde1e01ab60e6dae8f75b5e1c182733bbc950485e

                                              Download Submit

                                            • C:\ProgramData\RealtekHD\taskhost.exe
                                              Filesize

                                              26.9MB

                                              MD5

                                              cc9e9d0f8d112e9b934cbd0b91138c18

                                              SHA1

                                              fcf04eb677a9e69f914f9950670472aef5c395a0

                                              SHA256

                                              f6243dc3ec9e29664ff68b89cec1a0fbdec028263535a68b73b8a2b0c8658208

                                              SHA512

                                              d299eabbd7c92d454115aa9fb6f8543c819084c94ec56929ce8aea4d55ca327b1ce6a085466a5d61d6ded1694b1244677b29990d3544396f039e2184f5613f1c

                                              Download Submit

                                            • C:\ProgramData\RealtekHD\taskhost.exe
                                              Filesize

                                              24.0MB

                                              MD5

                                              454e3d0f0e453781f79da2ae4753badf

                                              SHA1

                                              09ed752f8dde2b04eec6291ed128e0902d897995

                                              SHA256

                                              af7189df065284cacc983ce3107be3505db6ef4f8a3b40e1bf3195c8d0e8b797

                                              SHA512

                                              847a80487f5d5041d64968e2376c06c211272a6aa9942378356af99ee731ae38547bfcccd552d263920db263125a191256bce0563eb7386c33787581b72aa359

                                              Download Submit

                                            • C:\ProgramData\Setup\Game.exe
                                              Filesize

                                              30.5MB

                                              MD5

                                              d2dfa8f06c7b00770ef14c4378ced6f5

                                              SHA1

                                              b8b5bc2f0139d45195bd91101228a4b9f1e4def8

                                              SHA256

                                              551fd29693d6d8dc43019a9b68218c72db86858075864ffda951143b22e8cb19

                                              SHA512

                                              24d4b669132035d1d8948659a2a872c638ae968f4e3e1ec94da966cd332cf5bbada741bee2d72895304d8c8415096295756cf95b37a4a3c61a692373e13ea2af

                                              Download Submit

                                            • C:\ProgramData\Setup\Game.exe
                                              Filesize

                                              33.5MB

                                              MD5

                                              df2fcff88365ac7c8a61a49d904b2264

                                              SHA1

                                              3a8d976d2733f1b69c60e2c1cf6def54eaf625b3

                                              SHA256

                                              02a748f1413b71df2e84ffe35cbe253772f0157e43e4effc8bcc6b63057edb97

                                              SHA512

                                              6747aab5b3a507fc1ca68e8e853e8b1442a7f1da9d7970c6cdfcbb07d48a4d635e927ace8db048eda54a2883c4ba5e198360d1bc1b4f1ce1480275f70e57c7c9

                                              Download Submit

                                            • C:\ProgramData\Setup\svchost.exe
                                              Filesize

                                              4.6MB

                                              MD5

                                              800d018de27bd9b586e22fc0230cdfc5

                                              SHA1

                                              6b1d60a4ce8b566b5f1835814b913ccc532d949b

                                              SHA256

                                              182b75f3d2c1857ddf6e56eaf1bee6d00392cfb80ddfdb0164597643c5ea4958

                                              SHA512

                                              a214265c023abf7deb7a78fef0c9efc8379dbaa8797d5207450d422c1d0ebe73c218ac67b36e4a59bd1755e989b09dbf5c338093265a122c25a3eba20c3fab13

                                              Download Submit

                                            • C:\ProgramData\Setup\svchost.exe
                                              Filesize

                                              2.8MB

                                              MD5

                                              1575a2a17f54b20cf1c547e250c5e01d

                                              SHA1

                                              f578879e948812b6a98a62f5da44950eb65a335e

                                              SHA256

                                              d00991a761ef77c5ba0d59fc754cd971e3e9277d6e29da523477d1fb6ba345eb

                                              SHA512

                                              5275836b39c471f533a0ae5899312b3572a994cd61f37ae7416604749ea4f3671db3f5f1e1f92d83303d8c4ef73717306899eafc8059bf1ae858f03d3dcc4d04

                                              Download Submit

                                            • \ProgramData\RealtekHD\GameGuard.exe
                                              Filesize

                                              2.9MB

                                              MD5

                                              d5e2f38c79e9c2d6c8732fed4f9c656a

                                              SHA1

                                              4403df12e757e68f83eb2c2f74ffd45030d9e6c3

                                              SHA256

                                              e17117efb032f43e0f9872f582b2b72c1d0451d5366272a891e9bee7c689ff38

                                              SHA512

                                              22cabfb3034b251018a237fd491b6fd372ba90487ec0bba82743fea62efdade414b26b061d404bccbbc72c4d477692c61adf9a40bd7732b31a7000eedcb7015a

                                              Download Submit

                                            • \ProgramData\RealtekHD\GameGuard.exe
                                              Filesize

                                              2.9MB

                                              MD5

                                              d5e2f38c79e9c2d6c8732fed4f9c656a

                                              SHA1

                                              4403df12e757e68f83eb2c2f74ffd45030d9e6c3

                                              SHA256

                                              e17117efb032f43e0f9872f582b2b72c1d0451d5366272a891e9bee7c689ff38

                                              SHA512

                                              22cabfb3034b251018a237fd491b6fd372ba90487ec0bba82743fea62efdade414b26b061d404bccbbc72c4d477692c61adf9a40bd7732b31a7000eedcb7015a

                                              Download Submit

                                            • \ProgramData\RealtekHD\GameGuard.exe
                                              Filesize

                                              5.0MB

                                              MD5

                                              32198d6a8e26f4e103885fc4eef3c2d7

                                              SHA1

                                              f35a0abab275eececc6410f69c5d041d14f3684e

                                              SHA256

                                              fc110064f6cee1dfb6793283a7bf1964347b1e6b29a0db8efc70dd77c15c85a1

                                              SHA512

                                              d25eaad411040c4b3dc8892594c717d820a0e2dc2bc10d68217a52351764691c8e1e17bc55c1e67fe550e3ffde1e01ab60e6dae8f75b5e1c182733bbc950485e

                                              Download Submit

                                            • \ProgramData\RealtekHD\taskhost.exe
                                              Filesize

                                              2.9MB

                                              MD5

                                              989c3c66d674b29ac223e4dd69f94f24

                                              SHA1

                                              e458aeba23d53984190094987e26b12a6d76c69b

                                              SHA256

                                              5799e0187ca12f0e6634e386827acda318e061a604f54e4d65607552da287ef2

                                              SHA512

                                              be0d28459890a5b9004288beb07ad68f54d937f7a3e0adbf06a0949e22116fa073fd6a1099c95e2dd558e242e7a6b9560dc9d03eadecbc837e4ebeb6cf31159e

                                              Download Submit

                                            • \ProgramData\RealtekHD\taskhost.exe
                                              Filesize

                                              2.8MB

                                              MD5

                                              e13071d1395da5f71baff63ab77b09d8

                                              SHA1

                                              c71b6c75f967b1d12da5118c6c0ddd4bc7f6f19c

                                              SHA256

                                              c72177d5ded891a844f386102a9af0f4f10879372897318d8086deb042eaafb4

                                              SHA512

                                              f1b04a9b9df1e77eea16023724b10d02377679b6cb1fa93701527bc3f215f0f7f047de8a08f323618ccdb4cf4c498130500c7ea500d9f9a326cdb8e2bfae0e2c

                                              Download Submit

                                            • \ProgramData\RealtekHD\taskhost.exe
                                              Filesize

                                              28.0MB

                                              MD5

                                              e663f5fb810d74ce1e9fdb5ea06646c8

                                              SHA1

                                              11eab6d6f59aaf7c37f565f5b464e40060371bbf

                                              SHA256

                                              06b1184172989841e74d17880a2466cb8469665102916bcd3373ac50cd7e3c66

                                              SHA512

                                              771cdca722d3ac5e53316be18b327540dfd3c4217141c38cad29448f707a4a88500075791c3b0e35a3123ef6b24ac793f71ab2c7e4512f29e41383f7e8ded454

                                              Download Submit

                                            • memory/832-117-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-121-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-131-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/832-115-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/832-119-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-126-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-116-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-109-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-123-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-122-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-118-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/832-120-0x000000013F2F0000-0x0000000142612000-memory.dmp

                                              Filesize

                                              51.1MB

                                              Download

                                            • memory/844-62-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-66-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/844-65-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-57-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-58-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-59-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-60-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-56-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/844-64-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-54-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/844-61-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-63-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/844-55-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/1596-92-0x0000000074F01000-0x0000000074F03000-memory.dmp

                                              Filesize

                                              8KB

                                              Download

                                            • memory/1664-107-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-103-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-124-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-125-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/1664-113-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-104-0x0000000077020000-0x00000000771C9000-memory.dmp

                                              Filesize

                                              1.7MB

                                              Download

                                            • memory/1664-112-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-105-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-111-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-110-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-106-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/1664-108-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/2280-167-0x0000000140000000-0x00000001405E8000-memory.dmp

                                              Filesize

                                              5.9MB

                                              Download

                                            • memory/2280-172-0x000000013F710000-0x00000001402D8000-memory.dmp

                                              Filesize

                                              11.8MB

                                              Download

                                            • memory/2280-170-0x000000013F1D0000-0x0000000143493000-memory.dmp

                                              Filesize

                                              66.8MB

                                              Download

                                            • memory/2280-168-0x0000000140000000-0x00000001405E8000-memory.dmp

                                              Filesize

                                              5.9MB

                                              Download