cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b

Analysis

max time kernel
151s
max time network
114s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Size

242KB
MD5

fe4311b404e699859ea561e5feb3e10e
SHA1

22556f60a83fd9db90f3b5b90daf890e1ae2b806
SHA256

cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b
SHA512

f540b6f44103a7e217fe2bf2d7a3159cf8b3241b890f8bd1571622b3508c66c1362b93044c0e66af5715d3aada720139c628dd0f5480fe31969156db29e458eb
SSDEEP

3072:FOWyECwLDiiviXUPbvSCl9PxHi7lkm6ZX8PwX6xO/FLZ+M7cestqkec/H0pJ8mf1:FuzwLDnSMbxZHIOX84Kxat+MYJP/l+1

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
912	rufi.exe

Deletes itself 1 IoCs

pid	Process
1632	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\Currentversion\Run	rufi.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\Currentversion\Run	rufi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\Efqiul = "C:\\Users\\Admin\\AppData\\Roaming\\Ifgiy\\rufi.exe"	rufi.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1832 set thread context of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6B290672-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe
912	rufi.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeSecurityPrivilege	1632	cmd.exe
Token: SeManageVolumePrivilege	1144	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1144	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1144	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1144	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 912	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	27
PID 1832 wrote to memory of 912	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	27
PID 1832 wrote to memory of 912	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	27
PID 1832 wrote to memory of 912	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	27
PID 912 wrote to memory of 1256	912	rufi.exe	19
PID 912 wrote to memory of 1256	912	rufi.exe	19
PID 912 wrote to memory of 1256	912	rufi.exe	19
PID 912 wrote to memory of 1256	912	rufi.exe	19
PID 912 wrote to memory of 1256	912	rufi.exe	19
PID 912 wrote to memory of 1340	912	rufi.exe	18
PID 912 wrote to memory of 1340	912	rufi.exe	18
PID 912 wrote to memory of 1340	912	rufi.exe	18
PID 912 wrote to memory of 1340	912	rufi.exe	18
PID 912 wrote to memory of 1340	912	rufi.exe	18
PID 912 wrote to memory of 1384	912	rufi.exe	17
PID 912 wrote to memory of 1384	912	rufi.exe	17
PID 912 wrote to memory of 1384	912	rufi.exe	17
PID 912 wrote to memory of 1384	912	rufi.exe	17
PID 912 wrote to memory of 1384	912	rufi.exe	17
PID 912 wrote to memory of 1832	912	rufi.exe	25
PID 912 wrote to memory of 1832	912	rufi.exe	25
PID 912 wrote to memory of 1832	912	rufi.exe	25
PID 912 wrote to memory of 1832	912	rufi.exe	25
PID 912 wrote to memory of 1832	912	rufi.exe	25
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 1832 wrote to memory of 1632	1832	cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe	28
PID 912 wrote to memory of 872	912	rufi.exe	29
PID 912 wrote to memory of 872	912	rufi.exe	29
PID 912 wrote to memory of 872	912	rufi.exe	29
PID 912 wrote to memory of 872	912	rufi.exe	29
PID 912 wrote to memory of 872	912	rufi.exe	29
PID 912 wrote to memory of 2012	912	rufi.exe	30
PID 912 wrote to memory of 2012	912	rufi.exe	30
PID 912 wrote to memory of 2012	912	rufi.exe	30
PID 912 wrote to memory of 2012	912	rufi.exe	30
PID 912 wrote to memory of 2012	912	rufi.exe	30
PID 912 wrote to memory of 1144	912	rufi.exe	31
PID 912 wrote to memory of 1144	912	rufi.exe	31
PID 912 wrote to memory of 1144	912	rufi.exe	31
PID 912 wrote to memory of 1144	912	rufi.exe	31
PID 912 wrote to memory of 1144	912	rufi.exe	31
PID 912 wrote to memory of 1108	912	rufi.exe	32
PID 912 wrote to memory of 1108	912	rufi.exe	32
PID 912 wrote to memory of 1108	912	rufi.exe	32
PID 912 wrote to memory of 1108	912	rufi.exe	32
PID 912 wrote to memory of 1108	912	rufi.exe	32
PID 912 wrote to memory of 752	912	rufi.exe	33
PID 912 wrote to memory of 752	912	rufi.exe	33
PID 912 wrote to memory of 752	912	rufi.exe	33
PID 912 wrote to memory of 752	912	rufi.exe	33
PID 912 wrote to memory of 752	912	rufi.exe	33
PID 912 wrote to memory of 1004	912	rufi.exe	34
PID 912 wrote to memory of 1004	912	rufi.exe	34
PID 912 wrote to memory of 1004	912	rufi.exe	34
PID 912 wrote to memory of 1004	912	rufi.exe	34
PID 912 wrote to memory of 1004	912	rufi.exe	34
PID 912 wrote to memory of 836	912	rufi.exe	35

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1384
- C:\Users\Admin\AppData\Local\Temp\cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe
  "C:\Users\Admin\AppData\Local\Temp\cc4c5ce07f26dfd38a4dcc21e591c8ab6bdad9884959d2484ea0a8eab46e865b.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe
    "C:\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:912
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp0ef99324.bat"
    3⤵
    - Deletes itself
    - Suspicious use of AdjustPrivilegeToken
    PID:1632

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1340

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1256

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "343020632-785470017-15358480201065781552-1115254160-1389585127-1486184166-1436803432"
1⤵
PID:872

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2012

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1108

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:752

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1004

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:836

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1728

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp0ef99324.bat

Filesize
307B

MD5
bbd213c55c44435e287761b9e40fb55c

SHA1
6fd14a584ef0839cd1228483c35d3084a63451b1

SHA256
e8182e7d64466e1479f5fa4cf75c603acbb5b337d4ee0ee4198e54edc4bd5fc3

SHA512
7cb673c8de9061d0c59430e1720af2ca0ef0114307778e910be35e3127b037db8e09854b24aa35a166b5c8e78da010c633333e1e71c6116feaa0e25c733532b9

Download Submit
C:\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe

Filesize
242KB

MD5
35a43546267ed7b6cd863c6528fb9a16

SHA1
f93b56d4c2c7246a75ab987c0a50f63a48dc7660

SHA256
087396a04a40a9bbfe3e5f2d6ada8286f00fff0b618f806df1ab61c9a2304f53

SHA512
631d389c89e8539c7fb7eb7deb59cf43863e64b0bf2238db9781f23bd06d5a22fb8c36fa34903b1f8e6b8a5a51451520c6ed528d1c467300e78759a8ab9c2ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe

Filesize
242KB

MD5
35a43546267ed7b6cd863c6528fb9a16

SHA1
f93b56d4c2c7246a75ab987c0a50f63a48dc7660

SHA256
087396a04a40a9bbfe3e5f2d6ada8286f00fff0b618f806df1ab61c9a2304f53

SHA512
631d389c89e8539c7fb7eb7deb59cf43863e64b0bf2238db9781f23bd06d5a22fb8c36fa34903b1f8e6b8a5a51451520c6ed528d1c467300e78759a8ab9c2ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Yfseuf\cunia.icp

Filesize
4KB

MD5
1f981c6e8956ad4eaac92a1398e05ae2

SHA1
7bca7f1a92c4e1852ae161ebda6f257ca0940d48

SHA256
0471826c4952279ae8a5d26c85cea3491d00794e8c0bf59fd148e1b43622f18b

SHA512
c830b9252a62bc061b856baf0559ca8086f369fc2c775991a0d918b5d899bc2bfe5b477ce4a4a7eb349685a02b7f54d5c88d7da4bb6c134e6fd0154067dec1e7

Download Submit
\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe

Filesize
242KB

MD5
35a43546267ed7b6cd863c6528fb9a16

SHA1
f93b56d4c2c7246a75ab987c0a50f63a48dc7660

SHA256
087396a04a40a9bbfe3e5f2d6ada8286f00fff0b618f806df1ab61c9a2304f53

SHA512
631d389c89e8539c7fb7eb7deb59cf43863e64b0bf2238db9781f23bd06d5a22fb8c36fa34903b1f8e6b8a5a51451520c6ed528d1c467300e78759a8ab9c2ebd

Download Submit
\Users\Admin\AppData\Roaming\Ifgiy\rufi.exe

Filesize
242KB

MD5
35a43546267ed7b6cd863c6528fb9a16

SHA1
f93b56d4c2c7246a75ab987c0a50f63a48dc7660

SHA256
087396a04a40a9bbfe3e5f2d6ada8286f00fff0b618f806df1ab61c9a2304f53

SHA512
631d389c89e8539c7fb7eb7deb59cf43863e64b0bf2238db9781f23bd06d5a22fb8c36fa34903b1f8e6b8a5a51451520c6ed528d1c467300e78759a8ab9c2ebd

Download Submit
memory/912-77-0x0000000000450000-0x0000000000483000-memory.dmp

Filesize
204KB

Download
memory/912-246-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/912-63-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/912-78-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1256-68-0x0000000001D40000-0x0000000001D7C000-memory.dmp

Filesize
240KB

Download
memory/1256-69-0x0000000001D40000-0x0000000001D7C000-memory.dmp

Filesize
240KB

Download
memory/1256-70-0x0000000001D40000-0x0000000001D7C000-memory.dmp

Filesize
240KB

Download
memory/1256-67-0x0000000001D40000-0x0000000001D7C000-memory.dmp

Filesize
240KB

Download
memory/1256-65-0x0000000001D40000-0x0000000001D7C000-memory.dmp

Filesize
240KB

Download
memory/1340-73-0x00000000001D0000-0x000000000020C000-memory.dmp

Filesize
240KB

Download
memory/1340-74-0x00000000001D0000-0x000000000020C000-memory.dmp

Filesize
240KB

Download
memory/1340-75-0x00000000001D0000-0x000000000020C000-memory.dmp

Filesize
240KB

Download
memory/1340-76-0x00000000001D0000-0x000000000020C000-memory.dmp

Filesize
240KB

Download
memory/1384-84-0x0000000002200000-0x000000000223C000-memory.dmp

Filesize
240KB

Download
memory/1384-81-0x0000000002200000-0x000000000223C000-memory.dmp

Filesize
240KB

Download
memory/1384-82-0x0000000002200000-0x000000000223C000-memory.dmp

Filesize
240KB

Download
memory/1384-83-0x0000000002200000-0x000000000223C000-memory.dmp

Filesize
240KB

Download
memory/1632-117-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-113-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-231-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-107-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-109-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-115-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-123-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-129-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-133-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-98-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-102-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-101-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-100-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-131-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-105-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-111-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-127-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-125-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-119-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1632-121-0x0000000000050000-0x000000000008C000-memory.dmp

Filesize
240KB

Download
memory/1832-91-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-56-0x0000000000330000-0x0000000000363000-memory.dmp

Filesize
204KB

Download
memory/1832-57-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-94-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-93-0x0000000000330000-0x0000000000363000-memory.dmp

Filesize
204KB

Download
memory/1832-92-0x00000000009E0000-0x0000000000A25000-memory.dmp

Filesize
276KB

Download
memory/1832-89-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-54-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-87-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-229-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1832-230-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-88-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-90-0x00000000009E0000-0x0000000000A1C000-memory.dmp

Filesize
240KB

Download
memory/1832-55-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download