9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444

Analysis

max time kernel
148s
max time network
94s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2023 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe
Size

1.1MB
MD5

04eaa2ad847b7b6b668a8aede461c079
SHA1

223f658f231ed71041cf52400490c1713e39a9c2
SHA256

9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444
SHA512

2ac005f6aca4bc04a17ca0f3b26ea1453d008b33c30bc9762cbc3668f37b4e98c7a92b1b6bd672509709fb2738a4a8f4b06610a00b656b1a5b97cfd9b38f63d9
SSDEEP

24576:Cy2opRczYIf159suSMeKCobMzLO3wR7/vP8eFXyGKb1k:pRcMIf79suSMepoqS3Y7/vkQyGK

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pr951007.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pr951007.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pr951007.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pr951007.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pr951007.exe

Executes dropped EXE 6 IoCs

pid	Process
5064	un809096.exe
968	un720514.exe
4060	pr951007.exe
1060	qu559452.exe
4272	rk378469.exe
4788	si021877.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pr951007.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pr951007.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un809096.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un809096.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un720514.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	un720514.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
3544	4788	WerFault.exe	72
3620	4788	WerFault.exe	72
2696	4788	WerFault.exe	72
4864	4788	WerFault.exe	72
1516	4788	WerFault.exe	72
1204	4788	WerFault.exe	72
4832	4788	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4060	pr951007.exe
4060	pr951007.exe
1060	qu559452.exe
1060	qu559452.exe
4272	rk378469.exe
4272	rk378469.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4060	pr951007.exe
Token: SeDebugPrivilege	1060	qu559452.exe
Token: SeDebugPrivilege	4272	rk378469.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 5064	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	66
PID 4640 wrote to memory of 5064	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	66
PID 4640 wrote to memory of 5064	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	66
PID 5064 wrote to memory of 968	5064	un809096.exe	67
PID 5064 wrote to memory of 968	5064	un809096.exe	67
PID 5064 wrote to memory of 968	5064	un809096.exe	67
PID 968 wrote to memory of 4060	968	un720514.exe	68
PID 968 wrote to memory of 4060	968	un720514.exe	68
PID 968 wrote to memory of 4060	968	un720514.exe	68
PID 968 wrote to memory of 1060	968	un720514.exe	69
PID 968 wrote to memory of 1060	968	un720514.exe	69
PID 968 wrote to memory of 1060	968	un720514.exe	69
PID 5064 wrote to memory of 4272	5064	un809096.exe	71
PID 5064 wrote to memory of 4272	5064	un809096.exe	71
PID 5064 wrote to memory of 4272	5064	un809096.exe	71
PID 4640 wrote to memory of 4788	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	72
PID 4640 wrote to memory of 4788	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	72
PID 4640 wrote to memory of 4788	4640	9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe	72

C:\Users\Admin\AppData\Local\Temp\9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe
"C:\Users\Admin\AppData\Local\Temp\9aba7fbd4a91451284dd7199fa1327df53c4cd39cbbd526832d66854c63c3444.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un809096.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un809096.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:5064
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un720514.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un720514.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:968
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr951007.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr951007.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu559452.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu559452.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1060
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk378469.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk378469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4272
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si021877.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si021877.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 616
    3⤵
    - Program crash
    PID:3544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 696
    3⤵
    - Program crash
    PID:3620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 836
    3⤵
    - Program crash
    PID:2696
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 844
    3⤵
    - Program crash
    PID:4864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 880
    3⤵
    - Program crash
    PID:1516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 856
    3⤵
    - Program crash
    PID:1204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 1072
    3⤵
    - Program crash
    PID:4832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si021877.exe

Filesize
383KB

MD5
2f48eceffa84683ff4b8ccdebef8faff

SHA1
ea4bb2eda1e80107e9747fffbf241ae08ef51940

SHA256
16aa08f548c2563ea6569e3c23213e34dea6ef04289e96d7ebb0178cb4614af7

SHA512
e97983cb5af6a7c314de180a3a1e642a467406e476d6c60486e4764e1d7f3af6fa7c02fa04bfbd14cc89b4b976e1332e4a94c50a854bbab94f3a46b6e1e62696

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si021877.exe

Filesize
383KB

MD5
2f48eceffa84683ff4b8ccdebef8faff

SHA1
ea4bb2eda1e80107e9747fffbf241ae08ef51940

SHA256
16aa08f548c2563ea6569e3c23213e34dea6ef04289e96d7ebb0178cb4614af7

SHA512
e97983cb5af6a7c314de180a3a1e642a467406e476d6c60486e4764e1d7f3af6fa7c02fa04bfbd14cc89b4b976e1332e4a94c50a854bbab94f3a46b6e1e62696

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un809096.exe

Filesize
765KB

MD5
aca878605446f47a781475b02ebca610

SHA1
36a6a1cf19237f508b546ce88c4acd98edc52958

SHA256
388417d687a2866222686ee3bbbe53b1bee154c23f7af8f11199093045abc731

SHA512
ed79d574632435788c4c0ca8625fcbf9045d601082646c788e1066e12d1fc26a809bfb3e78d2eba97054116022ccf8b08d6e9c2f823456369db625ccf33c6866

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un809096.exe

Filesize
765KB

MD5
aca878605446f47a781475b02ebca610

SHA1
36a6a1cf19237f508b546ce88c4acd98edc52958

SHA256
388417d687a2866222686ee3bbbe53b1bee154c23f7af8f11199093045abc731

SHA512
ed79d574632435788c4c0ca8625fcbf9045d601082646c788e1066e12d1fc26a809bfb3e78d2eba97054116022ccf8b08d6e9c2f823456369db625ccf33c6866

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk378469.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk378469.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un720514.exe

Filesize
612KB

MD5
7e11f3e17774931a7ab0bb44d24d2704

SHA1
e35d12c036579f6bf0711bcecd75bea16ab6a758

SHA256
4e374d5e1536b3e18ba3b4df08f64385abb6a042611bd581a822969820c1edf5

SHA512
af2b36d5df35a9904931e965d9a073353f43fddc0c5e9e12aa452e2777c2cd0f704609a74de27faaf65f98573a0cc9aa2e46c8223c14cfceecbaca3977d0db6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un720514.exe

Filesize
612KB

MD5
7e11f3e17774931a7ab0bb44d24d2704

SHA1
e35d12c036579f6bf0711bcecd75bea16ab6a758

SHA256
4e374d5e1536b3e18ba3b4df08f64385abb6a042611bd581a822969820c1edf5

SHA512
af2b36d5df35a9904931e965d9a073353f43fddc0c5e9e12aa452e2777c2cd0f704609a74de27faaf65f98573a0cc9aa2e46c8223c14cfceecbaca3977d0db6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr951007.exe

Filesize
404KB

MD5
2e33edaca0e5c9d5b8948701c3bdbbee

SHA1
40b77bfe6567614653da065c77a58fd211d66071

SHA256
9ca0c93a8d2cb6e6392126e872a7eeb22d7913ad393ecf5cff52ac56d81151da

SHA512
6effd630bb4dee16fa9181c29ff6194c88f076e1b96ad7b1e4546de06a449d65ac144983ff76bba4f7d0e26415905eab76c636e0ecb05bb30df03ee515fe628d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr951007.exe

Filesize
404KB

MD5
2e33edaca0e5c9d5b8948701c3bdbbee

SHA1
40b77bfe6567614653da065c77a58fd211d66071

SHA256
9ca0c93a8d2cb6e6392126e872a7eeb22d7913ad393ecf5cff52ac56d81151da

SHA512
6effd630bb4dee16fa9181c29ff6194c88f076e1b96ad7b1e4546de06a449d65ac144983ff76bba4f7d0e26415905eab76c636e0ecb05bb30df03ee515fe628d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu559452.exe

Filesize
487KB

MD5
28a74534b6662f44f3012d343f9c2b8b

SHA1
13f96764af3f4aaab5709bd87f132555a1198464

SHA256
9f2dc676ee5b47c8010426e9edfc4353fececacfb185bc8344fd17a598fa9534

SHA512
3a4b424a9ce307ff3b70ad194aff1c7da26acba48cc56019e3706ea39d5993cecf9c6ef33f7da448f75834fc37705d5aa1a017ae05776324dc5125dc5e8f59db

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu559452.exe

Filesize
487KB

MD5
28a74534b6662f44f3012d343f9c2b8b

SHA1
13f96764af3f4aaab5709bd87f132555a1198464

SHA256
9f2dc676ee5b47c8010426e9edfc4353fececacfb185bc8344fd17a598fa9534

SHA512
3a4b424a9ce307ff3b70ad194aff1c7da26acba48cc56019e3706ea39d5993cecf9c6ef33f7da448f75834fc37705d5aa1a017ae05776324dc5125dc5e8f59db

Download Submit
memory/1060-987-0x0000000007E60000-0x0000000007E72000-memory.dmp

Filesize
72KB

Download
memory/1060-989-0x0000000007FB0000-0x0000000007FEE000-memory.dmp

Filesize
248KB

Download
memory/1060-998-0x0000000008DE0000-0x000000000930C000-memory.dmp

Filesize
5.2MB

Download
memory/1060-997-0x0000000008C10000-0x0000000008DD2000-memory.dmp

Filesize
1.8MB

Download
memory/1060-996-0x0000000008B40000-0x0000000008B5E000-memory.dmp

Filesize
120KB

Download
memory/1060-995-0x0000000008A90000-0x0000000008B06000-memory.dmp

Filesize
472KB

Download
memory/1060-994-0x0000000008A20000-0x0000000008A70000-memory.dmp

Filesize
320KB

Download
memory/1060-993-0x0000000008980000-0x0000000008A12000-memory.dmp

Filesize
584KB

Download
memory/1060-992-0x00000000082C0000-0x0000000008326000-memory.dmp

Filesize
408KB

Download
memory/1060-991-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/1060-990-0x0000000008030000-0x000000000807B000-memory.dmp

Filesize
300KB

Download
memory/1060-988-0x0000000007E90000-0x0000000007F9A000-memory.dmp

Filesize
1.0MB

Download
memory/1060-986-0x00000000077E0000-0x0000000007DE6000-memory.dmp

Filesize
6.0MB

Download
memory/1060-227-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-225-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-223-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-221-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-219-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-217-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-215-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-213-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-211-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-209-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-188-0x0000000004CC0000-0x0000000004CFC000-memory.dmp

Filesize
240KB

Download
memory/1060-189-0x0000000004D80000-0x0000000004DBA000-memory.dmp

Filesize
232KB

Download
memory/1060-190-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-191-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-193-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-195-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-197-0x0000000000820000-0x0000000000866000-memory.dmp

Filesize
280KB

Download
memory/1060-199-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/1060-201-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/1060-202-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-198-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-205-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/1060-203-0x0000000004E50000-0x0000000004E60000-memory.dmp

Filesize
64KB

Download
memory/1060-207-0x0000000004D80000-0x0000000004DB5000-memory.dmp

Filesize
212KB

Download
memory/4060-167-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-151-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-147-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-181-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-180-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-179-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-178-0x0000000000400000-0x000000000080A000-memory.dmp

Filesize
4.0MB

Download
memory/4060-177-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-175-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-173-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-171-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-148-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-169-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-150-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-183-0x0000000000400000-0x000000000080A000-memory.dmp

Filesize
4.0MB

Download
memory/4060-165-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-149-0x0000000004F60000-0x0000000004F70000-memory.dmp

Filesize
64KB

Download
memory/4060-161-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-159-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-157-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-155-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-153-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-163-0x0000000002900000-0x0000000002912000-memory.dmp

Filesize
72KB

Download
memory/4060-146-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/4060-145-0x0000000002900000-0x0000000002918000-memory.dmp

Filesize
96KB

Download
memory/4060-143-0x00000000023F0000-0x000000000240A000-memory.dmp

Filesize
104KB

Download
memory/4060-144-0x0000000004F70000-0x000000000546E000-memory.dmp

Filesize
5.0MB

Download
memory/4272-1006-0x0000000006DB0000-0x0000000006DFB000-memory.dmp

Filesize
300KB

Download
memory/4272-1005-0x0000000006D20000-0x0000000006D30000-memory.dmp

Filesize
64KB

Download
memory/4272-1004-0x0000000000010000-0x0000000000038000-memory.dmp

Filesize
160KB

Download
memory/4788-1012-0x00000000009F0000-0x0000000000A25000-memory.dmp

Filesize
212KB

Download