283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c

Analysis

max time kernel
205s
max time network
167s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
Size

506KB
MD5

372656a7afe1d76f989611d3af60968f
SHA1

479ba87ea89e90441e9f52a7fa153a4f655eb01e
SHA256

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c
SHA512

add8752831831aa0b54f58929999f1f2b114807344af921df4a1922a7b3d91965a4dfeed0b185fc3967d536e085e86e4dc9261338eed9a612ffd97dd75c7615c
SSDEEP

6144:FuLziM8pQnuuudy/TuuuZqcoxBIU9CdGKuuue+dVJwiVrHtfkK5PHxE1pz7nAWEt:FuniMIyCRcB5CdGqyvaK5PGqWzu7

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

ubfei.exeubfei.exe

pid process

524 ubfei.exe
1736 ubfei.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

340 cmd.exe
Loads dropped DLL 1 IoCs

Processes:

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

pid process

604 283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

pid	process
524	ubfei.exe
1736	ubfei.exe

pid	process
340	cmd.exe

pid	process
604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ubfei.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\Currentversion\Run	ubfei.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run\{1B42F262-C298-EA16-B1F4-3F1AD13AE004} = "C:\\Users\\Admin\\AppData\\Roaming\\Tabis\\ubfei.exe"	ubfei.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exeubfei.exe

description	pid	process	target process
PID 1232 set thread context of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 524 set thread context of 1736	524	ubfei.exe	ubfei.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Privacy	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

ubfei.exe

pid	process
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe
1736	ubfei.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

description	pid	process
Token: SeSecurityPrivilege	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
Token: SeSecurityPrivilege	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
Token: SeSecurityPrivilege	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exeubfei.exeubfei.exe

description	pid	process	target process
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1232 wrote to memory of 604	1232	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 604 wrote to memory of 524	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	ubfei.exe
PID 604 wrote to memory of 524	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	ubfei.exe
PID 604 wrote to memory of 524	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	ubfei.exe
PID 604 wrote to memory of 524	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 524 wrote to memory of 1736	524	ubfei.exe	ubfei.exe
PID 1736 wrote to memory of 1120	1736	ubfei.exe	taskhost.exe
PID 1736 wrote to memory of 1120	1736	ubfei.exe	taskhost.exe
PID 1736 wrote to memory of 1120	1736	ubfei.exe	taskhost.exe
PID 1736 wrote to memory of 1120	1736	ubfei.exe	taskhost.exe
PID 1736 wrote to memory of 1120	1736	ubfei.exe	taskhost.exe
PID 1736 wrote to memory of 1180	1736	ubfei.exe	Dwm.exe
PID 1736 wrote to memory of 1180	1736	ubfei.exe	Dwm.exe
PID 1736 wrote to memory of 1180	1736	ubfei.exe	Dwm.exe
PID 1736 wrote to memory of 1180	1736	ubfei.exe	Dwm.exe
PID 1736 wrote to memory of 1180	1736	ubfei.exe	Dwm.exe
PID 1736 wrote to memory of 1252	1736	ubfei.exe	Explorer.EXE
PID 1736 wrote to memory of 1252	1736	ubfei.exe	Explorer.EXE
PID 1736 wrote to memory of 1252	1736	ubfei.exe	Explorer.EXE
PID 1736 wrote to memory of 1252	1736	ubfei.exe	Explorer.EXE
PID 1736 wrote to memory of 1252	1736	ubfei.exe	Explorer.EXE
PID 1736 wrote to memory of 604	1736	ubfei.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1736 wrote to memory of 604	1736	ubfei.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1736 wrote to memory of 604	1736	ubfei.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1736 wrote to memory of 604	1736	ubfei.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 1736 wrote to memory of 604	1736	ubfei.exe	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
PID 604 wrote to memory of 340	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	cmd.exe
PID 604 wrote to memory of 340	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	cmd.exe
PID 604 wrote to memory of 340	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	cmd.exe
PID 604 wrote to memory of 340	604	283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe	cmd.exe
PID 1736 wrote to memory of 340	1736	ubfei.exe	cmd.exe
PID 1736 wrote to memory of 340	1736	ubfei.exe	cmd.exe
PID 1736 wrote to memory of 340	1736	ubfei.exe	cmd.exe
PID 1736 wrote to memory of 340	1736	ubfei.exe	cmd.exe
PID 1736 wrote to memory of 340	1736	ubfei.exe	cmd.exe
PID 1736 wrote to memory of 324	1736	ubfei.exe	conhost.exe
PID 1736 wrote to memory of 1792	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1792	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1792	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1792	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1792	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 240	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 240	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 240	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 240	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 240	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1232	1736	ubfei.exe	DllHost.exe
PID 1736 wrote to memory of 1232	1736	ubfei.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
"C:\Users\Admin\AppData\Local\Temp\283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1232

C:\Users\Admin\AppData\Local\Temp\283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe
"C:\Users\Admin\AppData\Local\Temp\283d13bed1144e840de187c197bdcbdbfcc8b2409dd9bec5bababb8801804c3c.exe"
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:604

C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe
"C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:524

C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe
"C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1736

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp7ed52496.bat"
4⤵
- Deletes itself
PID:340

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1180

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1120

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "893045353-1456147261-104959956-2121376635-6773171731648246522967199941-780502757"
1⤵
PID:324

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1792

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:240

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1232

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp7ed52496.bat

Filesize
307B

MD5
fa4524276b1b1ee2098bb938f349ce6b

SHA1
f66244541b0be05c08822aafee29368fa15c587f

SHA256
178da2145f8549de2d2715b668cbf520c2e757c35039814b8c140782666d017d

SHA512
7cb95aa80cc6e9751f38195eccd7d4ecb0a4d21270957ff75919f71369a3a2a437f9220ee052304736661575254a86d4eef1ce8ae69c35481697ee92511e7489

Download Submit
C:\Users\Admin\AppData\Roaming\Egudcu\kegu.xuw

Filesize
398B

MD5
d4af279b1c4c14a5ce882b495bdd6ff1

SHA1
0e59a3926f40923b0329108400d9495950c59c72

SHA256
e272cb66aafc4dfeeba4c88d055bec0f1dacc1f732644f372581dca1d7f5f60a

SHA512
8a04c645ac8115485d983998ed3af57e1f0c37a92668612fad2d550a5639aa36d78081c62fface0b169dc2a0050f5a244578dd62d1aa0a21a245173d063bbc02

Download Submit
C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe

Filesize
506KB

MD5
36cb35336abde84a01dbd245dd984cd2

SHA1
4c7f57fa12aad449f3efdb586c3bd1ae477fb8ae

SHA256
95a3092d50e64989c48c47bbf0dca980aebcd56b4826058cd31692983d61b5f4

SHA512
3e3fe7b29c6cc7f100494adfb097195039f95fc730b35d4df88e0217df3be4acd24f16bdb64fa61ff848ba279746bec39f590c4784aac8ce97e171fd2ca3e3c7

Download Submit
C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe

Filesize
506KB

MD5
36cb35336abde84a01dbd245dd984cd2

SHA1
4c7f57fa12aad449f3efdb586c3bd1ae477fb8ae

SHA256
95a3092d50e64989c48c47bbf0dca980aebcd56b4826058cd31692983d61b5f4

SHA512
3e3fe7b29c6cc7f100494adfb097195039f95fc730b35d4df88e0217df3be4acd24f16bdb64fa61ff848ba279746bec39f590c4784aac8ce97e171fd2ca3e3c7

Download Submit
C:\Users\Admin\AppData\Roaming\Tabis\ubfei.exe

Filesize
506KB

MD5
36cb35336abde84a01dbd245dd984cd2

SHA1
4c7f57fa12aad449f3efdb586c3bd1ae477fb8ae

SHA256
95a3092d50e64989c48c47bbf0dca980aebcd56b4826058cd31692983d61b5f4

SHA512
3e3fe7b29c6cc7f100494adfb097195039f95fc730b35d4df88e0217df3be4acd24f16bdb64fa61ff848ba279746bec39f590c4784aac8ce97e171fd2ca3e3c7

Download Submit
\Users\Admin\AppData\Roaming\Tabis\ubfei.exe

Filesize
506KB

MD5
36cb35336abde84a01dbd245dd984cd2

SHA1
4c7f57fa12aad449f3efdb586c3bd1ae477fb8ae

SHA256
95a3092d50e64989c48c47bbf0dca980aebcd56b4826058cd31692983d61b5f4

SHA512
3e3fe7b29c6cc7f100494adfb097195039f95fc730b35d4df88e0217df3be4acd24f16bdb64fa61ff848ba279746bec39f590c4784aac8ce97e171fd2ca3e3c7

Download Submit
memory/240-129-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/240-130-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/240-132-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/240-131-0x0000000000210000-0x0000000000237000-memory.dmp

Filesize
156KB

Download
memory/340-115-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/340-107-0x0000000000000000-mapping.dmp

Download
memory/340-117-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/340-116-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/340-114-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/524-68-0x0000000000000000-mapping.dmp

Download
memory/604-62-0x0000000000413048-mapping.dmp

Download
memory/604-66-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-58-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-59-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-63-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-65-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-111-0x0000000000300000-0x0000000000327000-memory.dmp

Filesize
156KB

Download
memory/604-110-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/604-109-0x0000000000300000-0x0000000000383000-memory.dmp

Filesize
524KB

Download
memory/604-103-0x0000000000300000-0x0000000000327000-memory.dmp

Filesize
156KB

Download
memory/604-104-0x0000000000300000-0x0000000000327000-memory.dmp

Filesize
156KB

Download
memory/604-105-0x0000000000300000-0x0000000000327000-memory.dmp

Filesize
156KB

Download
memory/604-106-0x0000000000300000-0x0000000000327000-memory.dmp

Filesize
156KB

Download
memory/1120-87-0x0000000001B70000-0x0000000001B97000-memory.dmp

Filesize
156KB

Download
memory/1120-85-0x0000000001B70000-0x0000000001B97000-memory.dmp

Filesize
156KB

Download
memory/1120-88-0x0000000001B70000-0x0000000001B97000-memory.dmp

Filesize
156KB

Download
memory/1120-86-0x0000000001B70000-0x0000000001B97000-memory.dmp

Filesize
156KB

Download
memory/1180-91-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1180-92-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1180-94-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1180-93-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1232-54-0x0000000074C41000-0x0000000074C43000-memory.dmp

Filesize
8KB

Download
memory/1252-100-0x0000000002AF0000-0x0000000002B17000-memory.dmp

Filesize
156KB

Download
memory/1252-97-0x0000000002AF0000-0x0000000002B17000-memory.dmp

Filesize
156KB

Download
memory/1252-98-0x0000000002AF0000-0x0000000002B17000-memory.dmp

Filesize
156KB

Download
memory/1252-99-0x0000000002AF0000-0x0000000002B17000-memory.dmp

Filesize
156KB

Download
memory/1736-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1736-108-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1736-78-0x0000000000413048-mapping.dmp

Download
memory/1792-123-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1792-126-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1792-125-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download
memory/1792-124-0x0000000001B60000-0x0000000001B87000-memory.dmp

Filesize
156KB

Download