Overview

overview

10

Static

static

8

ab4ba0518f...93.exe

windows7-x64

10

ab4ba0518f...93.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    165s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693.exe

  • Size

    822KB

  • MD5

    35a799cc4f89847b0f61c901d7f4bdaf

  • SHA1

    2533f7d078fee6726cda9b8e15fa35ba0e6f2911

  • SHA256

    ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

  • SHA512

    5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

  • SSDEEP

    3072:XD80DhgAPXSOYjEC8nxEp4l79pEvkMDGQA40diM:XDzhnPCOS8n+s7epiQAN

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 14 IoCs
    evasion
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • UAC bypass 3 TTPs 4 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 4 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables taskbar notifications via registry modification
    evasion
  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Sets file execution options in registry 2 TTPs 64 IoCs
    persistence
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops startup file 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 15 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs
  • System policy modification 1 TTPs 6 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693.exe
    "C:\Users\Admin\AppData\Local\Temp\ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\\svchost.exe
      2⤵
        PID:952
      • C:\Users\Admin\AppData\Local\Temp\ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693.exe
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:636
        • C:\Users\Admin\E696D64614\winlogon.exe
          "C:\Users\Admin\E696D64614\winlogon.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1188
          • C:\Windows\SysWOW64\svchost.exe
            C:\Windows\system32\\svchost.exe
            4⤵
              PID:1132
            • C:\Users\Admin\E696D64614\winlogon.exe
              4⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1040
              • C:\Users\Admin\E696D64614\winlogon.exe
                "C:\Users\Admin\E696D64614\winlogon.exe"
                5⤵
                • Modifies firewall policy service
                • Modifies security service
                • Modifies visibility of file extensions in Explorer
                • Modifies visiblity of hidden/system files in Explorer
                • UAC bypass
                • Windows security bypass
                • Disables RegEdit via registry modification
                • Drops file in Drivers directory
                • Executes dropped EXE
                • Sets file execution options in registry
                • Drops startup file
                • Windows security modification
                • Adds Run key to start application
                • Checks whether UAC is enabled
                • Modifies Control Panel
                • Modifies Internet Explorer settings
                • Modifies Internet Explorer start page
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                • System policy modification
                PID:1056
      • C:\Windows\system32\wbem\unsecapp.exe
        C:\Windows\system32\wbem\unsecapp.exe -Embedding
        1⤵
          PID:240
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1600
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:316
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:209928 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:672

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          af5f3edcc5c42af19df5a9637b0a6964

          SHA1

          e8fe31cf10a2a7dbd22eafd34f1deeb1cf283d48

          SHA256

          9a0f77f3cce19edf7216c9745a34ac8d7123462f76dcb8fd901b23a6be9dd96b

          SHA512

          ede2af144a198e413cf1c0e4b5cf5c9e77b8ffd6a3f82e81154019076cf7f6448d1b82346d1c0f48f60a37c728c23bc9e1133447752feab64f5211ed18276e6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          f7801fe8b983652ae788bc952856c2ed

          SHA1

          f3898da21792b146a9f856e87ed3520d76277fb8

          SHA256

          faa1bc8a9887e2dc694ff645546ea16cb96ac4bd1b0c460aef95f2cced100d6b

          SHA512

          ac642881315553a5a50ee7ab20015809f90c297cdf674f34a1e709859aa1b89fcb9caca242333e862b379cbd2b35991b6e54de56d2e643487f9aa4f984b93a39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
          Filesize

          1KB

          MD5

          7055fbc792b81e2fcdb72da9d3e6ad81

          SHA1

          dec614359d5d9e76c20aadd3d467037e6a9665ff

          SHA256

          0eb7311d9c9d181942fd9c9ff0217a360ae91829d0dd6df95a8247625eccae34

          SHA512

          b1a94b289211cba78d11888c30d2e6b16fb21fc21476c69e8c9ae618f169ca02f6ddaeac72e1e8bce3a0ea9f4bfbd4e47005703963b6cdf46773d27c34e16f5d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
          Filesize

          1KB

          MD5

          ad6d84486c3194ab2f71ef94912fdddc

          SHA1

          89aeb9ea77a27510b11762db5acef5654b62ea4b

          SHA256

          437fe72dd5a616c3db9a8e0c4823731abdd627641879ed511e9cf86994492789

          SHA512

          0e37e80588d96a6fb9fe34c0d34d688bb64f3540185fa9e2cb1ed0504229003f3bc31be717a390d3acc668bbfb7a1645cc52bb9e4235afc85a23653ead8ad09a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          7d278f0c8451c89c8396a9a5e47ecc71

          SHA1

          0876608ff61336ce9a0801c449c11455f37dbac6

          SHA256

          656973b41f5690df6718f776a48d672fa902b4885da678c426808411a1e92fa2

          SHA512

          d93e7970f75a126b5fc7aa177c42968c54e5425ab8d17d37c8bde69f120e35497d2e1d1511d0015f50462789db33ae96a7cd10a3ae4ccd34417b6f0c1a7d2c33

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          e95621732f6792c7e4c0507d4ac24f09

          SHA1

          538163eae799e60a66a5cbbca87dc633b7ffd215

          SHA256

          9af61c9331e9b08f1b577af99043f6893912b3ef03d4d9f3a43f4f99492f55b8

          SHA512

          54b9bb35e4931ea53c8ef28161f9038cea6ef119d9c51566ad9cfac31186951a202ee6541e40a6d33b67b333871f97284122ba5a3a487d91cb1865acbb0b3990

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\84AFE219AEC53B0C9251F5E19EF019BD_2C9D5E6D83DF507CBE6C15521D5D3562
          Filesize

          466B

          MD5

          dd0b064b6d0ea3e577e7f491c5c4e66a

          SHA1

          20ac7e0029ccee13637702337e9301ed58ccda40

          SHA256

          1366159d03731092a33281fcc37c2c321d23b01bff777b2f6f055605dc6cd50d

          SHA512

          3ad1937e4b62c4b506df7149127f946344e3eba586f036807a26ab5086c1a01e72682dd69cbaaec0e939360927bffb056a0e91fccf86ad8183f6839e9bd63814

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2a4b0263ec203e87a1f6f5cd0ce48cea

          SHA1

          d9a12c4bbcf8fdbaa0dd6136bc582ad985d54269

          SHA256

          a6f5ac6b2fd71226b6b5bb83df68c938e17f01ea325d5c4062302bb1ed7f7edd

          SHA512

          bf3849a6bf063ed77e8bc1b77525bfe9a41c6f61d89cc3cdaf5c8e3c1168e692cce42e295a9bd8dc1f496552dda527562bbb15cc19163b46a23936baf6e22b6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          871d20538b749418b8f6dfbc2912870f

          SHA1

          ca963eb4c5dbd8772a30b7ffbe9ce3f3125a6cff

          SHA256

          0c45e0324d7b4a1f78f3378e2ed07588f2db05e9c1b67a81a2cbd24a5952f639

          SHA512

          2072608e9e65db45f6e40855fb19beaaaaf58b85f4e5eb6096b491b6de88b329b4e0e79a0b165f1cb18219e06a4160213d0823a555cf7b65fc9c55adfc0c0999

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          15071a489cb6f744fdcf1043716cdb93

          SHA1

          30babbf73327c1423d243d300cc99b5a67d90d7d

          SHA256

          de637fe29c7e735e7f3f2f9089547bc296466769be3784a3d1e7d03cf6546117

          SHA512

          2bd8288a0dab5fad1956d6e08d5975a5373c8a210cdb1dd148cd78263a10b1069789f1ab178003997dff6a9236019b442542dbf23bf8a5ea8c6778cc9b52f0e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          448c6ba4ea928d589ae140ba96986855

          SHA1

          56f04d575966b21ccde7625adde5b3ca7cac6200

          SHA256

          d08745e9177bee8c410ea69ffe596836331352f0280bf240df0bcb903ae4adaa

          SHA512

          bd2bd8d6ab2709e2355b6c46148044c782725181c98bcc73ee9652e7e537abdffdb9accd42f175438ce953066698a73299dda6a521a2dd9789791bb93cb44993

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f1dba0069f9e595e8573de8637001389

          SHA1

          073bea0de61672bf6b022c90161bc60b101f88ed

          SHA256

          d40854c34edab7af5f175b826ed2edee0de6fbaf6f2d337e55dff0bacc9f40b2

          SHA512

          04b8f363a859b9ffbdc4f8591f1e2e87881d41da4afb01648bb1198e2cd16f553ec3dae77c5fa3677bf22d3045b8ef52d81fb1953260c068a8753750957ba10e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f2f19c82e369fb4f32c86629969ad0ad

          SHA1

          41fa0bc175357b93281f830951230023b8bc4433

          SHA256

          333708c38e81c4cf0431ee442644c33276aa755d1e15578fe848823e8ed83e82

          SHA512

          086eebe013ca13ac485ca568cb3a16b750f9160d8abf949095032f296055b9922aaef05d32f6dd81c94e7199615a0d6dfd5a1928232a099e92a785b330ecea77

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          62b47e74094579be48aa5beaf7b7c655

          SHA1

          469b5e98e913b05e3a91f94a5c9b5eeb87404c56

          SHA256

          2081be04b7f0f94c7d7050a1260cbf76984a0c2829b4dbbc52c83041cba2f92e

          SHA512

          108f91fb45dd18deefc2798329c054d2005dcbd8ebdc847605daf5fdc523ced66808b45b2109f9b256bc942738648e914a805e6efc801133dfef125dee75679a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26
          Filesize

          470B

          MD5

          90d7fd1b5bf9c4e87deed583aaefd06a

          SHA1

          8a4bee6a5ab51336330f2f87a3f057f336554519

          SHA256

          2fb6a927e688f993c57eef31f3978dcc07fa21d0d4ddb18a1305a057b1ffbf52

          SHA512

          2cb143fe7ef1916bbb1b4b3c4e156305934f76e48ea185dcd7d711fef6a0079499a26afc4065aaaca69a52c549276dbbf8f0aa03a1d6e14d3e39d1f51eb0f099

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          565146b1c6376511b7d736fd200c2d8f

          SHA1

          c169a20fa173d9f8fd4c85255b92ab26fcf0e568

          SHA256

          76e5cf5d371a2a9b410b702382f96368076941f96914f3313cf94a6ed881a7a3

          SHA512

          319c8a7df082669d0aa29f8efc7cfb70041cbab7b099532d0742438ad10203b44e65f1f9f813a5d20f613af80219f4bbad9e47bed160ef40087f769cac19c947

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\K2JGFX06\www6.buscaid[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QBKUY9H9.txt
          Filesize

          593B

          MD5

          9b06ae3b86ebb91f4fbb14e67d07f824

          SHA1

          903771432cb5b9248ca0da04191d95a8d8ce9d4e

          SHA256

          c99e8c13200e11c984bf1c2b376eec860f34ddaf36362e18249c0d52c15d1491

          SHA512

          ce077061c80895029b7ea0261a29744bb9f562d1ab496835923b561031c650f7e0d3e7d91b480530abf93e26733889878bd35957f398d7dd7cba2c183c9d075f

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • C:\Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • \Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • \Users\Admin\E696D64614\winlogon.exe
          Filesize

          822KB

          MD5

          35a799cc4f89847b0f61c901d7f4bdaf

          SHA1

          2533f7d078fee6726cda9b8e15fa35ba0e6f2911

          SHA256

          ab4ba0518f0c4162d509c0c5cf96d0819fe675817a9bf8ea95962c71ebf4b693

          SHA512

          5544e1c523867db5a4fa8ae3cc46565347ee547eeeed9b353997211ec17254a0263045d5cc09f901a371952be393d30b94e674dbb6b76a2becb69e74ba346458

          Download Submit

        • memory/636-69-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-68-0x0000000076221000-0x0000000076223000-memory.dmp

          Filesize

          8KB

          Download

        • memory/636-56-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-57-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-59-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-60-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-61-0x000000000041AA90-mapping.dmp

          Download

        • memory/636-63-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-64-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-65-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/636-75-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/952-55-0x0000000000000000-mapping.dmp

          Download

        • memory/968-54-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download

        • memory/1040-82-0x000000000041AA90-mapping.dmp

          Download

        • memory/1040-91-0x0000000000400000-0x000000000041C000-memory.dmp

          Filesize

          112KB

          Download

        • memory/1056-96-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1056-92-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1056-93-0x00000000004416B0-mapping.dmp

          Download

        • memory/1056-102-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1056-101-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1056-97-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1056-122-0x0000000003CD0000-0x0000000004D32000-memory.dmp

          Filesize

          16.4MB

          Download

        • memory/1132-74-0x0000000000000000-mapping.dmp

          Download

        • memory/1188-72-0x0000000000000000-mapping.dmp

          Download

        • memory/1188-85-0x0000000000400000-0x0000000000437000-memory.dmp

          Filesize

          220KB

          Download