Overview

overview

10

Static

static

8

469fd65670...f0.exe

windows7-x64

10

469fd65670...f0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    469fd656707a9e995050780b15d1c9c05f7e7850f18f7ece3c9f9b8bfe3177f0.exe

  • Size

    255KB

  • MD5

    1cfd38e26a69b5131995dba56e0fdaeb

  • SHA1

    07aa7e5b70a48346043873cf61460e251146e0aa

  • SHA256

    469fd656707a9e995050780b15d1c9c05f7e7850f18f7ece3c9f9b8bfe3177f0

  • SHA512

    b5f8048843937307f60302062b6e1b109bbcc735eb83555e24c728867071b65441675f8e4587993dbea7cc31315c14a0d7633a205cd96b37fb1d3bc139bf9b84

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJo:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIH

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Executes dropped EXE 6 IoCs
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • UPX packed file 37 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 16 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 53 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\469fd656707a9e995050780b15d1c9c05f7e7850f18f7ece3c9f9b8bfe3177f0.exe
    "C:\Users\Admin\AppData\Local\Temp\469fd656707a9e995050780b15d1c9c05f7e7850f18f7ece3c9f9b8bfe3177f0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\SysWOW64\aizylfexbp.exe
      aizylfexbp.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1160
      • C:\Windows\SysWOW64\bvihyrar.exe
        C:\Windows\system32\bvihyrar.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        PID:1204
    • C:\Windows\SysWOW64\wofqovtlwhhgckl.exe
      wofqovtlwhhgckl.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1360
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c ohqqjgyfjqnbr.exe
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1552
        • C:\Windows\SysWOW64\ohqqjgyfjqnbr.exe
          ohqqjgyfjqnbr.exe
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          PID:1032
    • C:\Windows\SysWOW64\ohqqjgyfjqnbr.exe
      ohqqjgyfjqnbr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1648
    • C:\Windows\SysWOW64\bvihyrar.exe
      bvihyrar.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:576
    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Windows\mydoc.rtf"
      2⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:1908
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:436
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x598
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1768
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    969d699262f4065fa2aa7059c6ecc92f

    SHA1

    3aac6a4a9d93c2f0d8d53bf71be5223329a6b4eb

    SHA256

    8844509e59afe9d60b9745f1c353ae8478a18cf3de48176ecd5ae0919170ab42

    SHA512

    ec5372ce0c0b3464f2cc99d00a4bbc298c80ffbc25ba1032a54a8df7ebc7799b0146be2d57993f942ae4a90ecfd4305662499aee5bb97da984b1293405434efa

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    ec2809aae6ab9bfe04e9cfa5c41c61fe

    SHA1

    5de347fc62566eb30fa81a8a06d85681da1997fa

    SHA256

    0c33219f581682af831d5cac654a9d366ec6d2bd70eed0b6ff7fcc967d8601f7

    SHA512

    57959e8207e7e9cd4726469d3332d1dbb587e438d3cc4f07d12e769cd16f507c8c77886d10b6432e07271ee061f4e0d0b0e56a0fc7505a4d428e5bbd9464c4f4

    Download Submit
  • C:\Users\Admin\Music\BlockSkip.doc.exe
    Filesize

    255KB

    MD5

    05376fc12bb12bc75436f5f30537fe17

    SHA1

    001166408fe3a2e4fde08af1ad04e7c6d68ff05d

    SHA256

    c57cc26e569be9c1bfdfba25354a1d959cf82667418b3ead813cad716384a4db

    SHA512

    1023c271626cd45de15c4702d30425162b273d99d1e928fcf695c06e18e67ff03f96e470215c38cbd6c12762e9e45365b8b7cccc2c872a31cc75e0ed65f1a675

    Download Submit
  • C:\Users\Admin\Music\BlockSkip.doc.exe
    Filesize

    255KB

    MD5

    05376fc12bb12bc75436f5f30537fe17

    SHA1

    001166408fe3a2e4fde08af1ad04e7c6d68ff05d

    SHA256

    c57cc26e569be9c1bfdfba25354a1d959cf82667418b3ead813cad716384a4db

    SHA512

    1023c271626cd45de15c4702d30425162b273d99d1e928fcf695c06e18e67ff03f96e470215c38cbd6c12762e9e45365b8b7cccc2c872a31cc75e0ed65f1a675

    Download Submit
  • C:\Windows\SysWOW64\aizylfexbp.exe
    Filesize

    255KB

    MD5

    94cac2b174421822a48dd63cfd48e43c

    SHA1

    5fc9230f25f7a1a955275d1dc08ddeea4b3f9a5e

    SHA256

    d001c021905643b2d19bad3d03a3b4dacea47863147094755b31987ae16102e3

    SHA512

    ea1ffffd75f08c1f12aa60ce76be56b196864dd6ef0b910b9418b7f3e0b2b0c060c350d5f6e1cf57fe84b797a060ceafdf833d2da65243a672fc57e1c05fdcc8

    Download Submit
  • C:\Windows\SysWOW64\aizylfexbp.exe
    Filesize

    255KB

    MD5

    94cac2b174421822a48dd63cfd48e43c

    SHA1

    5fc9230f25f7a1a955275d1dc08ddeea4b3f9a5e

    SHA256

    d001c021905643b2d19bad3d03a3b4dacea47863147094755b31987ae16102e3

    SHA512

    ea1ffffd75f08c1f12aa60ce76be56b196864dd6ef0b910b9418b7f3e0b2b0c060c350d5f6e1cf57fe84b797a060ceafdf833d2da65243a672fc57e1c05fdcc8

    Download Submit
  • C:\Windows\SysWOW64\bvihyrar.exe
    Filesize

    255KB

    MD5

    3d2a15ecc3016c054bc7788a4bdfad4f

    SHA1

    fe528fa8f4dccfcc58376712623a8ccdc84a9c78

    SHA256

    24b81635d3883cad699015a74411ec017d9daae503dd33258682fba46613a0bf

    SHA512

    d23e4e6a2166bca9c02d81730f7d77b2b58ecd1b5ab82e7f3ef0507f311acd77649b9602f9eddb702f631e30f7b0fa487f7c34bde12538e0cc2f4f320c90deae

    Download Submit
  • C:\Windows\SysWOW64\bvihyrar.exe
    Filesize

    255KB

    MD5

    3d2a15ecc3016c054bc7788a4bdfad4f

    SHA1

    fe528fa8f4dccfcc58376712623a8ccdc84a9c78

    SHA256

    24b81635d3883cad699015a74411ec017d9daae503dd33258682fba46613a0bf

    SHA512

    d23e4e6a2166bca9c02d81730f7d77b2b58ecd1b5ab82e7f3ef0507f311acd77649b9602f9eddb702f631e30f7b0fa487f7c34bde12538e0cc2f4f320c90deae

    Download Submit
  • C:\Windows\SysWOW64\bvihyrar.exe
    Filesize

    255KB

    MD5

    3d2a15ecc3016c054bc7788a4bdfad4f

    SHA1

    fe528fa8f4dccfcc58376712623a8ccdc84a9c78

    SHA256

    24b81635d3883cad699015a74411ec017d9daae503dd33258682fba46613a0bf

    SHA512

    d23e4e6a2166bca9c02d81730f7d77b2b58ecd1b5ab82e7f3ef0507f311acd77649b9602f9eddb702f631e30f7b0fa487f7c34bde12538e0cc2f4f320c90deae

    Download Submit
  • C:\Windows\SysWOW64\ohqqjgyfjqnbr.exe
    Filesize

    255KB

    MD5

    5e72229755249adcd07d12c97527a03b

    SHA1

    73216db238307cf8e12442173d9646b744a84830

    SHA256

    1174701e40f4f9bd097b5f283778623dfbb5e80062f7d5b127b56a6019940c72

    SHA512

    890be46710e0febad63fb56490adc28e8164648f6a97846e114e9d187cf0c2562878da321f55f9e5c9947d919f862638073024d069de575d7905cdac0e9fafb2

    Download Submit
  • C:\Windows\SysWOW64\ohqqjgyfjqnbr.exe
    Filesize

    255KB

    MD5

    5e72229755249adcd07d12c97527a03b

    SHA1

    73216db238307cf8e12442173d9646b744a84830

    SHA256

    1174701e40f4f9bd097b5f283778623dfbb5e80062f7d5b127b56a6019940c72

    SHA512

    890be46710e0febad63fb56490adc28e8164648f6a97846e114e9d187cf0c2562878da321f55f9e5c9947d919f862638073024d069de575d7905cdac0e9fafb2

    Download Submit
  • C:\Windows\SysWOW64\ohqqjgyfjqnbr.exe
    Filesize

    255KB

    MD5

    5e72229755249adcd07d12c97527a03b

    SHA1

    73216db238307cf8e12442173d9646b744a84830

    SHA256

    1174701e40f4f9bd097b5f283778623dfbb5e80062f7d5b127b56a6019940c72

    SHA512

    890be46710e0febad63fb56490adc28e8164648f6a97846e114e9d187cf0c2562878da321f55f9e5c9947d919f862638073024d069de575d7905cdac0e9fafb2

    Download Submit
  • C:\Windows\SysWOW64\wofqovtlwhhgckl.exe
    Filesize

    255KB

    MD5

    f067fdbe64fa16a82fef2a26cce1f9ac

    SHA1

    91ee23b57c82983a46f7c05401e46974ca29b0f1

    SHA256

    9681391061d62485073a9f966b95d8dbc6078a4891f9d478a6336ea9b6c9946c

    SHA512

    84d238fda608e7b7b2449aa738a64a10529cb52b3d40733ecd14f590da1b24abc01345ebd9460858ccba50af44eb6d750f9419b769e7c844fdd3931c9303dabb

    Download Submit
  • C:\Windows\SysWOW64\wofqovtlwhhgckl.exe
    Filesize

    255KB

    MD5

    f067fdbe64fa16a82fef2a26cce1f9ac

    SHA1

    91ee23b57c82983a46f7c05401e46974ca29b0f1

    SHA256

    9681391061d62485073a9f966b95d8dbc6078a4891f9d478a6336ea9b6c9946c

    SHA512

    84d238fda608e7b7b2449aa738a64a10529cb52b3d40733ecd14f590da1b24abc01345ebd9460858ccba50af44eb6d750f9419b769e7c844fdd3931c9303dabb

    Download Submit
  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit
  • \??\c:\Program Files (x86)\Microsoft Office\Office14\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    ec2809aae6ab9bfe04e9cfa5c41c61fe

    SHA1

    5de347fc62566eb30fa81a8a06d85681da1997fa

    SHA256

    0c33219f581682af831d5cac654a9d366ec6d2bd70eed0b6ff7fcc967d8601f7

    SHA512

    57959e8207e7e9cd4726469d3332d1dbb587e438d3cc4f07d12e769cd16f507c8c77886d10b6432e07271ee061f4e0d0b0e56a0fc7505a4d428e5bbd9464c4f4

    Download Submit
  • \Windows\SysWOW64\aizylfexbp.exe
    Filesize

    255KB

    MD5

    94cac2b174421822a48dd63cfd48e43c

    SHA1

    5fc9230f25f7a1a955275d1dc08ddeea4b3f9a5e

    SHA256

    d001c021905643b2d19bad3d03a3b4dacea47863147094755b31987ae16102e3

    SHA512

    ea1ffffd75f08c1f12aa60ce76be56b196864dd6ef0b910b9418b7f3e0b2b0c060c350d5f6e1cf57fe84b797a060ceafdf833d2da65243a672fc57e1c05fdcc8

    Download Submit
  • \Windows\SysWOW64\bvihyrar.exe
    Filesize

    255KB

    MD5

    3d2a15ecc3016c054bc7788a4bdfad4f

    SHA1

    fe528fa8f4dccfcc58376712623a8ccdc84a9c78

    SHA256

    24b81635d3883cad699015a74411ec017d9daae503dd33258682fba46613a0bf

    SHA512

    d23e4e6a2166bca9c02d81730f7d77b2b58ecd1b5ab82e7f3ef0507f311acd77649b9602f9eddb702f631e30f7b0fa487f7c34bde12538e0cc2f4f320c90deae

    Download Submit
  • \Windows\SysWOW64\bvihyrar.exe
    Filesize

    255KB

    MD5

    3d2a15ecc3016c054bc7788a4bdfad4f

    SHA1

    fe528fa8f4dccfcc58376712623a8ccdc84a9c78

    SHA256

    24b81635d3883cad699015a74411ec017d9daae503dd33258682fba46613a0bf

    SHA512

    d23e4e6a2166bca9c02d81730f7d77b2b58ecd1b5ab82e7f3ef0507f311acd77649b9602f9eddb702f631e30f7b0fa487f7c34bde12538e0cc2f4f320c90deae

    Download Submit
  • \Windows\SysWOW64\ohqqjgyfjqnbr.exe
    Filesize

    255KB

    MD5

    5e72229755249adcd07d12c97527a03b

    SHA1

    73216db238307cf8e12442173d9646b744a84830

    SHA256

    1174701e40f4f9bd097b5f283778623dfbb5e80062f7d5b127b56a6019940c72

    SHA512

    890be46710e0febad63fb56490adc28e8164648f6a97846e114e9d187cf0c2562878da321f55f9e5c9947d919f862638073024d069de575d7905cdac0e9fafb2

    Download Submit
  • \Windows\SysWOW64\ohqqjgyfjqnbr.exe
    Filesize

    255KB

    MD5

    5e72229755249adcd07d12c97527a03b

    SHA1

    73216db238307cf8e12442173d9646b744a84830

    SHA256

    1174701e40f4f9bd097b5f283778623dfbb5e80062f7d5b127b56a6019940c72

    SHA512

    890be46710e0febad63fb56490adc28e8164648f6a97846e114e9d187cf0c2562878da321f55f9e5c9947d919f862638073024d069de575d7905cdac0e9fafb2

    Download Submit
  • \Windows\SysWOW64\wofqovtlwhhgckl.exe
    Filesize

    255KB

    MD5

    f067fdbe64fa16a82fef2a26cce1f9ac

    SHA1

    91ee23b57c82983a46f7c05401e46974ca29b0f1

    SHA256

    9681391061d62485073a9f966b95d8dbc6078a4891f9d478a6336ea9b6c9946c

    SHA512

    84d238fda608e7b7b2449aa738a64a10529cb52b3d40733ecd14f590da1b24abc01345ebd9460858ccba50af44eb6d750f9419b769e7c844fdd3931c9303dabb

    Download Submit
  • memory/436-98-0x000007FEFBF61000-0x000007FEFBF63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/576-112-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/576-67-0x0000000000000000-mapping.dmp
    Download
  • memory/576-118-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/576-89-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1032-78-0x0000000000000000-mapping.dmp
    Download
  • memory/1032-91-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1032-114-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1160-86-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1160-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1160-110-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1204-92-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1204-117-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1204-115-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1204-82-0x0000000000000000-mapping.dmp
    Download
  • memory/1360-88-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1360-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1360-111-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1492-87-0x00000000032D0000-0x0000000003370000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1492-94-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1492-55-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1492-85-0x00000000032D0000-0x0000000003370000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1552-76-0x0000000000000000-mapping.dmp
    Download
  • memory/1648-71-0x0000000000000000-mapping.dmp
    Download
  • memory/1648-90-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1648-113-0x0000000000400000-0x00000000004A0000-memory.dmp
    Filesize

    640KB

    Download
  • memory/1908-101-0x0000000071A0D000-0x0000000071A18000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1908-97-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1908-96-0x0000000070A21000-0x0000000070A23000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1908-95-0x0000000072FA1000-0x0000000072FA4000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1908-102-0x000000006BEB1000-0x000000006BEB3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1908-116-0x0000000071A0D000-0x0000000071A18000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1908-93-0x0000000000000000-mapping.dmp
    Download
  • memory/1908-103-0x000000006BE71000-0x000000006BE73000-memory.dmp
    Filesize

    8KB

    Download