Overview

overview

10

Static

static

8

c577649923...63.exe

windows7-x64

10

c577649923...63.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 06:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c577649923bdabe3666fef4cc7c091da0ab618723d1a842f943195c60a603463.exe

  • Size

    42KB

  • MD5

    0190aa691ecb51be01cb7debbb4177be

  • SHA1

    6850673e1d151c4d63b4a97eb1faa70d6cdbd3ba

  • SHA256

    c577649923bdabe3666fef4cc7c091da0ab618723d1a842f943195c60a603463

  • SHA512

    3d975be4d16e1c154437e574058ad18f41b9e4115cd51d78a77e9a6f51bc2b466573a0bf3859304125dc35e0d4727c1378a3b9f27ce5756a2f8650724842559d

  • SSDEEP

    768:gyz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D88888888885:hzOCay4wV339rPjzbpLwRJ9pSdoIs

Score
10/10
aspackv2evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 8 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 4 IoCs
    evasion
  • ASPack v2.12-2.42 21 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 15 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 29 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 47 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c577649923bdabe3666fef4cc7c091da0ab618723d1a842f943195c60a603463.exe
    "C:\Users\Admin\AppData\Local\Temp\c577649923bdabe3666fef4cc7c091da0ab618723d1a842f943195c60a603463.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\recycled\SVCHOST.EXE
      C:\recycled\SVCHOST.EXE :agent
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4304
      • C:\recycled\SVCHOST.EXE
        C:\recycled\SVCHOST.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1836
      • C:\recycled\SPOOLSV.EXE
        C:\recycled\SPOOLSV.EXE :agent
        3⤵
        • Modifies WinLogon for persistence
        • Modifies visibility of file extensions in Explorer
        • Modifies visiblity of hidden/system files in Explorer
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4476
        • C:\recycled\SVCHOST.EXE
          C:\recycled\SVCHOST.EXE :agent
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:4272
        • C:\recycled\SPOOLSV.EXE
          C:\recycled\SPOOLSV.EXE :agent
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:3208
        • C:\recycled\CTFMON.EXE
          C:\recycled\CTFMON.EXE :agent
          4⤵
          • Modifies WinLogon for persistence
          • Modifies visibility of file extensions in Explorer
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4868
          • C:\recycled\SVCHOST.EXE
            C:\recycled\SVCHOST.EXE :agent
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:4276
          • C:\recycled\SPOOLSV.EXE
            C:\recycled\SPOOLSV.EXE :agent
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:4512
          • C:\recycled\CTFMON.EXE
            C:\recycled\CTFMON.EXE :agent
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:4376
      • C:\recycled\CTFMON.EXE
        C:\recycled\CTFMON.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3828
    • C:\recycled\SPOOLSV.EXE
      C:\recycled\SPOOLSV.EXE :agent
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1928
    • C:\recycled\CTFMON.EXE
      C:\recycled\CTFMON.EXE :agent
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3916
    • C:\recycled\SVCHOST.EXE
      C:\recycled\SVCHOST.EXE :agent
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1052
    • C:\recycled\SPOOLSV.EXE
      C:\recycled\SPOOLSV.EXE :agent
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3264
    • C:\recycled\CTFMON.EXE
      C:\recycled\CTFMON.EXE :agent
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:212
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\c577649923bdabe3666fef4cc7c091da0ab618723d1a842f943195c60a603463.doc" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Hidden Files and Directories

2
T1158

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit
  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    0d2d62cb06c8b1d1db8a31f9ca4d58bc

    SHA1

    49be69548e7021648d0675c17999f61fc5323af0

    SHA256

    6a4e89f24ceb56eef8fd89bfc968af5533ea57cca4fa87ea703d3a84c6d19237

    SHA512

    3bb1d6d6f610010610d1d5e434e4ff5ea00af53ecbd44929e662f427abd452023ef181fa154630d500606993b23fe36c3a4611fa6acf49b105cff86cef3f6965

    Download Submit
  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    5962ba1e4be4c01eaae8af3e40a06e59

    SHA1

    75d4f5aef873cde65309c044f69e69088b8a63f9

    SHA256

    1e4c6d7f24374ccc35e83f30c9eb5b2fe05e0d0fb835b083734c51a79bf85aa1

    SHA512

    93c7991bd71cf0c3e50068cac84c5c96bca27c486c083514b06d9a055d6d71f944b8e63be9e5e552e126e4a8521fdd478716997d764dd5714bc5f6291bab7c4d

    Download Submit
  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    5962ba1e4be4c01eaae8af3e40a06e59

    SHA1

    75d4f5aef873cde65309c044f69e69088b8a63f9

    SHA256

    1e4c6d7f24374ccc35e83f30c9eb5b2fe05e0d0fb835b083734c51a79bf85aa1

    SHA512

    93c7991bd71cf0c3e50068cac84c5c96bca27c486c083514b06d9a055d6d71f944b8e63be9e5e552e126e4a8521fdd478716997d764dd5714bc5f6291bab7c4d

    Download Submit
  • C:\recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    2f768695be00af96295471a8e891d15b

    SHA1

    9a1ad8ded7637b9d815086732d9406e6259dca56

    SHA256

    c8e6653b4264927151521a00a337e6ec2a9008f400b93e027f000efb68daacaa

    SHA512

    f16d4d80f92298846d8ccef8446fe8a61fc503209f73c43ee259c7471d469302771af051a95994d77bdb62fba2b5aa3018b53f42a28e31107018d14806d6e660

    Download Submit
  • C:\recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f4d0c1ae92b0a41b6e880795f91e0d7d

    SHA1

    5b1491e33de94eff067fb9338efa7eaa61296e9d

    SHA256

    c07897f1b348a39be3fb84586c778dc3cf0fbbf07e1e753dc97542a8dbf38199

    SHA512

    208f7489be9560279557a45273cb0af9930701bd66c43759d0f009cdc07f67457db07c3a18d026210c73faf510c332b960dd8ac7ae27d43b3fb23ed65651a7a5

    Download Submit
  • C:\recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    1a753d5711dfbfe64863942e290e2c37

    SHA1

    b0ec0f7a2ddaa7bfa977c65a316e395c41bd6ec0

    SHA256

    a713f002962553a252f649de6e3e1afa3777ebd9a120fd352a10b8242e504f83

    SHA512

    f599bd870272a1a7f62b213e9ca875e44d0f7a8871feed4a577b2ce933ef8f362e21e045924f00e7310507b2095e2f8ec2b4bb0fdcb624680fcbbf18ed522e06

    Download Submit
  • memory/212-218-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/212-214-0x0000000000000000-mapping.dmp
    Download
  • memory/1052-203-0x0000000000000000-mapping.dmp
    Download
  • memory/1052-209-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1828-134-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1828-220-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1836-142-0x0000000000000000-mapping.dmp
    Download
  • memory/1836-146-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1928-198-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/1928-193-0x0000000000000000-mapping.dmp
    Download
  • memory/3208-158-0x0000000000000000-mapping.dmp
    Download
  • memory/3208-163-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/3264-208-0x0000000000000000-mapping.dmp
    Download
  • memory/3264-213-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/3828-188-0x0000000000000000-mapping.dmp
    Download
  • memory/3828-192-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/3916-204-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/3916-197-0x0000000000000000-mapping.dmp
    Download
  • memory/4196-224-0x00007FF811CF0000-0x00007FF811D00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-225-0x00007FF811CF0000-0x00007FF811D00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-223-0x00007FF811CF0000-0x00007FF811D00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-222-0x00007FF811CF0000-0x00007FF811D00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-221-0x00007FF811CF0000-0x00007FF811D00000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-226-0x00007FF80F3E0000-0x00007FF80F3F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4196-219-0x0000000000000000-mapping.dmp
    Download
  • memory/4196-227-0x00007FF80F3E0000-0x00007FF80F3F0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4272-154-0x0000000000000000-mapping.dmp
    Download
  • memory/4272-160-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4276-171-0x0000000000000000-mapping.dmp
    Download
  • memory/4276-177-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4304-137-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4304-135-0x0000000000000000-mapping.dmp
    Download
  • memory/4304-228-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4376-187-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4376-180-0x0000000000000000-mapping.dmp
    Download
  • memory/4476-229-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4476-147-0x0000000000000000-mapping.dmp
    Download
  • memory/4476-185-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4512-181-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4512-175-0x0000000000000000-mapping.dmp
    Download
  • memory/4868-186-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4868-230-0x0000000000400000-0x000000000041A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/4868-164-0x0000000000000000-mapping.dmp
    Download