344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d

Analysis

max time kernel
147s
max time network
162s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
Size

184KB
MD5

3fd94d502bf7390aa5b01b94edf4bd50
SHA1

8261fffc67ea9055517270a5cb387b40d1ec7522
SHA256

344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d
SHA512

56b62dffef3894e9be0007a43afa6f0b1b3cb9017afd14415a8d464d8f0f9939ebb194a0e2bf2588fdff10f59e3225a8c6a4fbe37120ddbb321982d1dfac6cde
SSDEEP

3072:vdOsw7fNLbWBmdo90BPIGdLe1dZ2txz2LmfrIxN:VOpfNLPdoizKUF2LqIx

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Screen Saver Pro 3.1 = "C:\\Users\\Admin\\AppData\\Roaming\\ScreenSaverPro.scr"	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Izsesm = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Izsesm.exe"	iexplore.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	svchost.exe
File opened (read-only)	\??\T:	svchost.exe
File opened (read-only)	\??\U:	svchost.exe
File opened (read-only)	\??\W:	svchost.exe
File opened (read-only)	\??\D:	iexplore.exe
File opened (read-only)	\??\H:	svchost.exe
File opened (read-only)	\??\I:	svchost.exe
File opened (read-only)	\??\Q:	svchost.exe
File opened (read-only)	\??\M:	svchost.exe
File opened (read-only)	\??\S:	svchost.exe
File opened (read-only)	\??\V:	svchost.exe
File opened (read-only)	\??\F:	svchost.exe
File opened (read-only)	\??\G:	svchost.exe
File opened (read-only)	\??\K:	svchost.exe
File opened (read-only)	\??\O:	svchost.exe
File opened (read-only)	\??\Y:	svchost.exe
File opened (read-only)	\??\E:	svchost.exe
File opened (read-only)	\??\J:	svchost.exe
File opened (read-only)	\??\L:	svchost.exe
File opened (read-only)	\??\X:	svchost.exe
File opened (read-only)	\??\Z:	svchost.exe
File opened (read-only)	\??\B:	svchost.exe
File opened (read-only)	\??\N:	svchost.exe
File opened (read-only)	\??\P:	svchost.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1672 set thread context of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 576 set thread context of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376589566"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57B710D1-70C9-11ED-A503-626C2AE6DC56} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
Token: SeDebugPrivilege	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
Token: SeDebugPrivilege	864	svchost.exe
Token: SeDebugPrivilege	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
Token: SeDebugPrivilege	920	mspaint.exe
Token: SeDebugPrivilege	1028	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1296	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
920	mspaint.exe
1296	IEXPLORE.EXE
1296	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1672 wrote to memory of 576	1672	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 864	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 576 wrote to memory of 1652	576	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	29
PID 864 wrote to memory of 920	864	svchost.exe	30
PID 864 wrote to memory of 920	864	svchost.exe	30
PID 864 wrote to memory of 920	864	svchost.exe	30
PID 864 wrote to memory of 920	864	svchost.exe	30
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1028 wrote to memory of 1296	1028	iexplore.exe	33
PID 1028 wrote to memory of 1296	1028	iexplore.exe	33
PID 1028 wrote to memory of 1296	1028	iexplore.exe	33
PID 1028 wrote to memory of 1296	1028	iexplore.exe	33
PID 1652 wrote to memory of 576	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1652 wrote to memory of 576	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	27
PID 1652 wrote to memory of 864	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 1652 wrote to memory of 864	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	28
PID 1652 wrote to memory of 920	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	30
PID 1652 wrote to memory of 920	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	30
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1652 wrote to memory of 1028	1652	344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe	32
PID 1296 wrote to memory of 756	1296	IEXPLORE.EXE	36
PID 1296 wrote to memory of 756	1296	IEXPLORE.EXE	36
PID 1296 wrote to memory of 756	1296	IEXPLORE.EXE	36
PID 1296 wrote to memory of 756	1296	IEXPLORE.EXE	36

C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
"C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
  "C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious behavior: RenamesItself
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:576
- - C:\Windows\SysWOW64\svchost.exe
    "C:\Windows\system32\svchost.exe"
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\system32\mspaint.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:920
- - C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe
    "C:\Users\Admin\AppData\Local\Temp\344792acc9787542a7277330a0ac8ab3343db26ac6ab1643a5c532ddc9eed63d.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      Adds Run key to start application
      Enumerates connected drives
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1028
    - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1296
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:275457 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UAKORVQ9.txt

Filesize
537B

MD5
28fc47c3db0543ea56074a99d1740603

SHA1
21a689d5c3ab2e4992831062d33becb901fc5578

SHA256
8700c5c2638ed75ae36f36aaa26483faf19ba223ff7a41b26722ab3134d83be6

SHA512
10b373b9d6d49b13e79f542aa8f3393bedd2b20b1b7fb2d28a67f3ff43872682c7e64382b9019970a2a457ea97195b76383256f273eefee141383c8748251dc6

Download Submit
memory/576-287-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-176-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-58-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-59-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-55-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-62-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-61-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-66-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/576-67-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-112-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-100-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-103-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-107-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-56-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/576-95-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-97-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-120-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-116-0x00000000022F0000-0x000000000233E000-memory.dmp

Filesize
312KB

Download
memory/576-86-0x00000000002C0000-0x00000000002F9000-memory.dmp

Filesize
228KB

Download
memory/576-286-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/864-117-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/864-179-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/864-106-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/864-126-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/864-87-0x0000000000100000-0x0000000000121000-memory.dmp

Filesize
132KB

Download
memory/864-288-0x0000000000100000-0x0000000000121000-memory.dmp

Filesize
132KB

Download
memory/864-290-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/864-111-0x0000000000360000-0x00000000003AE000-memory.dmp

Filesize
312KB

Download
memory/920-185-0x0000000000500000-0x000000000054E000-memory.dmp

Filesize
312KB

Download
memory/920-91-0x0000000000A51000-0x0000000000A53000-memory.dmp

Filesize
8KB

Download
memory/920-291-0x0000000000500000-0x000000000054E000-memory.dmp

Filesize
312KB

Download
memory/1652-181-0x0000000000370000-0x00000000003BE000-memory.dmp

Filesize
312KB

Download
memory/1652-84-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-113-0x0000000000370000-0x00000000003BE000-memory.dmp

Filesize
312KB

Download
memory/1652-80-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-121-0x0000000000370000-0x00000000003BE000-memory.dmp

Filesize
312KB

Download
memory/1652-78-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-88-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-127-0x0000000000370000-0x00000000003BE000-memory.dmp

Filesize
312KB

Download
memory/1652-76-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-74-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-72-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-289-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1652-71-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1672-54-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1672-64-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download