4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d

Analysis

max time kernel
168s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
Size

655KB
MD5

516b9a0a882672f941a722eeabc8ab70
SHA1

9c35b10281205aa98d78ddc23cdbede26f9fb81a
SHA256

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d
SHA512

0c5fb006c87b6e7723c400c9788ec373959a85fcb4006f5b855a8e0e8b435b05c205deffd3fb90d7a0a09fd8531ac883a772ffd8e93721b42abc691f00380345
SSDEEP

12288:2BN6g5Cja8iiUsfjzmNSvRRhb8TNPJTqmuKS+Oy07vtwODlNd7hHlViqVrTAgr+W:6N5p8zUsfHXTN85JemFS+Oy07vtwODlT

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

Processes:

mscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exe

pid process

1712 mscorsvw.exe
460
1220 mscorsvw.exe
856 mscorsvw.exe
1844 mscorsvw.exe
Loads dropped DLL 2 IoCs

Processes:

pid process

460
460

pid	process
1712	mscorsvw.exe
460
1220	mscorsvw.exe
856	mscorsvw.exe
1844	mscorsvw.exe

pid	process
460
460

Drops file in System32 directory 13 IoCs

Processes:

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exemscorsvw.exe

description	ioc	process
File opened for modification	\??\c:\windows\system32\dllhost.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	\??\c:\windows\system32\jgkeiiei.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	mscorsvw.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	mscorsvw.exe
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	mscorsvw.exe
File opened for modification	\??\c:\windows\system32\alg.exe	mscorsvw.exe
File opened for modification	\??\c:\windows\SysWOW64\dllhost.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	\??\c:\windows\SysWOW64\bocfadnn.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\system32\alg.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	\??\c:\windows\SysWOW64\obcbkioa.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe

Drops file in Windows directory 23 IoCs

Processes:

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exemscorsvw.exemscorsvw.exemscorsvw.exemscorsvw.exe

description	ioc	process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.log	mscorsvw.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	\??\c:\windows\microsoft.net\framework64\v4.0.30319\qfghbicl.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock	mscorsvw.exe
File created	\??\c:\windows\microsoft.net\framework64\v2.0.50727\aljejakd.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File created	\??\c:\windows\microsoft.net\framework\v4.0.30319\menegefh.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen_service.lock	mscorsvw.exe
File created	\??\c:\windows\microsoft.net\framework64\v4.0.30319\oofjdcfk.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen_service.log	mscorsvw.exe
File created	\??\c:\windows\microsoft.net\framework\v2.0.50727\pdmjciel.tmp	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	mscorsvw.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Adobe AIR Updater.exe4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Adobe AIR Updater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Adobe AIR Updater.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exemscorsvw.exemscorsvw.exemscorsvw.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
Token: SeTakeOwnershipPrivilege	1712	mscorsvw.exe
Token: SeShutdownPrivilege	856	mscorsvw.exe
Token: SeShutdownPrivilege	1844	mscorsvw.exe
Token: SeShutdownPrivilege	856	mscorsvw.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe

description	pid	process	target process
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe
PID 1372 wrote to memory of 520	1372	4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe	Adobe AIR Updater.exe

C:\Users\Admin\AppData\Local\Temp\4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe
"C:\Users\Admin\AppData\Local\Temp\4ba6e9817d81fc721aa8558544d9bee8626d1171b6fc64405150ce6f0488c21d.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -eula
2⤵
- Checks processor information in registry
PID:520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x568
1⤵
PID:824

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1712

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:856

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
644KB

MD5
1a1b22cb6954af7d7e9797632281bd6e

SHA1
0f97c4e698f4b23ff8e4a95ababe9af0d5f84be0

SHA256
0da8cc748777f622620a7b091a89e083696a8efaf0d9358359b17d5c311ab2a3

SHA512
6158a0c399ccf244059fcf9fbcff96e20ae4c548ca5970a953e48920eb8372c1f85cb4b5d9adaddc1287669a64c6cf566b18a460eead009513767c9091f63d31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
644KB

MD5
1a1b22cb6954af7d7e9797632281bd6e

SHA1
0f97c4e698f4b23ff8e4a95ababe9af0d5f84be0

SHA256
0da8cc748777f622620a7b091a89e083696a8efaf0d9358359b17d5c311ab2a3

SHA512
6158a0c399ccf244059fcf9fbcff96e20ae4c548ca5970a953e48920eb8372c1f85cb4b5d9adaddc1287669a64c6cf566b18a460eead009513767c9091f63d31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
670KB

MD5
47c1adc79f1a247d874b6d1ca80fb7eb

SHA1
1ca8d5e75b5dec27694055a42c7bf1e40067c48d

SHA256
e8ca84da851e5f179e4247f01355e4c9d8d6d81f3f3d8df81d952b7267c03cae

SHA512
f3491c08529a9c886d2ddf58f75dca814e019221e51e631a764999432fa6e09b6bc1a21ad4c2065401dee498061c31c1765c8b8917dc396fb679f5a8f5e889ea

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
670KB

MD5
47c1adc79f1a247d874b6d1ca80fb7eb

SHA1
1ca8d5e75b5dec27694055a42c7bf1e40067c48d

SHA256
e8ca84da851e5f179e4247f01355e4c9d8d6d81f3f3d8df81d952b7267c03cae

SHA512
f3491c08529a9c886d2ddf58f75dca814e019221e51e631a764999432fa6e09b6bc1a21ad4c2065401dee498061c31c1765c8b8917dc396fb679f5a8f5e889ea

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
621KB

MD5
887a556e21d89de9761b31bc239afa93

SHA1
8df42fdb5c7ea0ca03260015221f5d2a0ede1df9

SHA256
204f4f4855ea5e717772e69a76be3ccc7076fd2165fc026fb3e61af643195068

SHA512
3c9f6db0b33e7c871ecbd7f8ea55381138c8061b1d079f2c7905178261aff836e61677226539a83e63765f964dae8156b86567123fd1cf44fefd6bc70e21f9a5

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
621KB

MD5
887a556e21d89de9761b31bc239afa93

SHA1
8df42fdb5c7ea0ca03260015221f5d2a0ede1df9

SHA256
204f4f4855ea5e717772e69a76be3ccc7076fd2165fc026fb3e61af643195068

SHA512
3c9f6db0b33e7c871ecbd7f8ea55381138c8061b1d079f2c7905178261aff836e61677226539a83e63765f964dae8156b86567123fd1cf44fefd6bc70e21f9a5

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
648KB

MD5
b6845a000a18f8bb85b52f017e396bb2

SHA1
dbef999166de7d42d3cf8291dcb105814724b5da

SHA256
6002e7fede3c4fc22f1c21aa3b456747145402020b83c5972a0b78365cabf678

SHA512
fa56d38fa10d3e43bcb476563150e994ba00d21f04b4964e5077d153fcf4800a9c6ba8c4894697773c6fc2b09ede2970367475b619131fef2f2eb1c7a6db364b

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
648KB

MD5
b6845a000a18f8bb85b52f017e396bb2

SHA1
dbef999166de7d42d3cf8291dcb105814724b5da

SHA256
6002e7fede3c4fc22f1c21aa3b456747145402020b83c5972a0b78365cabf678

SHA512
fa56d38fa10d3e43bcb476563150e994ba00d21f04b4964e5077d153fcf4800a9c6ba8c4894697773c6fc2b09ede2970367475b619131fef2f2eb1c7a6db364b

Download Submit
\??\c:\windows\SysWOW64\svchost.exe

Filesize
579KB

MD5
54d87da6f771e38e54d5d63b336f43a6

SHA1
c8b80a356184b383aec269424092cf521a0d2f97

SHA256
8e48cd04d2f62ea6a356246d8f4f9fe74ae7289170987c5e129c1eafa76f555a

SHA512
03dbaa13528d4eee0be185264b9e5e1635cf9741f9a74b1c2cf32b18668dd5bfaf4360325381d884e3fb28c992b7515d7f1c9cb409a8f24af2622edfd2823eef

Download Submit
\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe

Filesize
595KB

MD5
04c2d0c2cf8a1417bbe0fc82a8e5ffd2

SHA1
8375bad4ddc25df0a5965e3c5b25f8570b078ca7

SHA256
98155b01beedb0d14273c1eebc9d7488ea4cefc5ef533fb7dbdbe111aae83ce7

SHA512
2f902ab0c03895be6cf60008cac9317ae0b1b2344d1697c266b1bd89360e57f14d60c5da36874f9e83d4826d084c365220970a067bbf0e18e1967f09a90d7074

Download Submit
\??\c:\windows\system32\alg.exe

Filesize
636KB

MD5
77aaebf772122f5dfe4c6edca7a422e8

SHA1
6610084412d23616718ff493c8fb3d52f2d0d568

SHA256
f378938eca2c0263c1e83a271b781929dd13362784762da9e589c556f40b524a

SHA512
c46f3813b4663062027bc0fec8d04740c5d0096cfb1dc1710b71ee6cbb37c665680deed4925f11a330164d071d9d6f520aca8054ccb6f0d04a5dcd9d5639cc8a

Download Submit
\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
644KB

MD5
1a1b22cb6954af7d7e9797632281bd6e

SHA1
0f97c4e698f4b23ff8e4a95ababe9af0d5f84be0

SHA256
0da8cc748777f622620a7b091a89e083696a8efaf0d9358359b17d5c311ab2a3

SHA512
6158a0c399ccf244059fcf9fbcff96e20ae4c548ca5970a953e48920eb8372c1f85cb4b5d9adaddc1287669a64c6cf566b18a460eead009513767c9091f63d31

Download Submit
\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

Filesize
644KB

MD5
1a1b22cb6954af7d7e9797632281bd6e

SHA1
0f97c4e698f4b23ff8e4a95ababe9af0d5f84be0

SHA256
0da8cc748777f622620a7b091a89e083696a8efaf0d9358359b17d5c311ab2a3

SHA512
6158a0c399ccf244059fcf9fbcff96e20ae4c548ca5970a953e48920eb8372c1f85cb4b5d9adaddc1287669a64c6cf566b18a460eead009513767c9091f63d31

Download Submit
\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Filesize
670KB

MD5
47c1adc79f1a247d874b6d1ca80fb7eb

SHA1
1ca8d5e75b5dec27694055a42c7bf1e40067c48d

SHA256
e8ca84da851e5f179e4247f01355e4c9d8d6d81f3f3d8df81d952b7267c03cae

SHA512
f3491c08529a9c886d2ddf58f75dca814e019221e51e631a764999432fa6e09b6bc1a21ad4c2065401dee498061c31c1765c8b8917dc396fb679f5a8f5e889ea

Download Submit
memory/520-275-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-283-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-251-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-252-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-250-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-249-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-255-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-256-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-254-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-253-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-259-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-260-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-258-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-257-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-262-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-261-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-263-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-264-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-267-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-266-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-265-0x0000000007C0F000-0x0000000007C11000-memory.dmp

Filesize
8KB

Download
memory/520-269-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-268-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-272-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-273-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-271-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-270-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-276-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-248-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-274-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-277-0x0000000007C10000-0x0000000007C14000-memory.dmp

Filesize
16KB

Download
memory/520-279-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-278-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-281-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-280-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-247-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-282-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-285-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-284-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-286-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-289-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-290-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-288-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-287-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-293-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-292-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-291-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-295-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-294-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-296-0x0000000007C13000-0x0000000007C17000-memory.dmp

Filesize
16KB

Download
memory/520-64-0x0000000000000000-mapping.dmp

Download
memory/520-74-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-75-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-76-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-243-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-244-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-77-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-78-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-246-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-245-0x0000000007C0C000-0x0000000007C10000-memory.dmp

Filesize
16KB

Download
memory/520-79-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/520-80-0x0000000005DD4000-0x0000000005DD8000-memory.dmp

Filesize
16KB

Download
memory/856-480-0x0000000000400000-0x0000000000663000-memory.dmp

Filesize
2.4MB

Download
memory/1220-476-0x0000000010000000-0x000000001028F000-memory.dmp

Filesize
2.6MB

Download
memory/1220-477-0x0000000010000000-0x000000001028F000-memory.dmp

Filesize
2.6MB

Download
memory/1372-419-0x0000000000400000-0x0000000000665000-memory.dmp

Filesize
2.4MB

Download
memory/1372-63-0x0000000000881000-0x0000000000885000-memory.dmp

Filesize
16KB

Download
memory/1372-55-0x0000000000400000-0x0000000000665000-memory.dmp

Filesize
2.4MB

Download
memory/1372-54-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1712-470-0x0000000010000000-0x000000001025B000-memory.dmp

Filesize
2.4MB

Download
memory/1712-465-0x0000000010000000-0x000000001025B000-memory.dmp

Filesize
2.4MB

Download
memory/1844-483-0x0000000140000000-0x0000000140295000-memory.dmp

Filesize
2.6MB

Download