d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8

Analysis

max time kernel
147s
max time network
93s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18/04/2023, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe
Size

938KB
MD5

9ffe8b57e0f779ae39ae8a6674fca5df
SHA1

3873c0a9c86a6c7bf54bf948f1d263ae42c17c16
SHA256

d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8
SHA512

d7bf0819c9ebef7a48b907978d0b42214867d843ff0aefc549e5b8dd7eb765200da270d1461b138a265c86cd36afdaab61dcb82ab668a29c39c7f6d11eb90834
SSDEEP

24576:qyyrjok2/mDKnVOymPpIi+qqcHTgOkfpRn71BK:xy4jLVOyCpL93AR7

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	it339384.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	it339384.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	it339384.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	it339384.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	it339384.exe

Executes dropped EXE 6 IoCs

pid	Process
2508	zipu1134.exe
2980	ziex4686.exe
3244	it339384.exe
2088	jr793738.exe
1864	kp136410.exe
2616	lr111350.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	it339384.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	zipu1134.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	zipu1134.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	ziex4686.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	ziex4686.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
3420	2616	WerFault.exe	72
4848	2616	WerFault.exe	72
3892	2616	WerFault.exe	72
3652	2616	WerFault.exe	72
1288	2616	WerFault.exe	72
2880	2616	WerFault.exe	72
4180	2616	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3244	it339384.exe
3244	it339384.exe
2088	jr793738.exe
2088	jr793738.exe
1864	kp136410.exe
1864	kp136410.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3244	it339384.exe
Token: SeDebugPrivilege	2088	jr793738.exe
Token: SeDebugPrivilege	1864	kp136410.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2508	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	66
PID 2468 wrote to memory of 2508	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	66
PID 2468 wrote to memory of 2508	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	66
PID 2508 wrote to memory of 2980	2508	zipu1134.exe	67
PID 2508 wrote to memory of 2980	2508	zipu1134.exe	67
PID 2508 wrote to memory of 2980	2508	zipu1134.exe	67
PID 2980 wrote to memory of 3244	2980	ziex4686.exe	68
PID 2980 wrote to memory of 3244	2980	ziex4686.exe	68
PID 2980 wrote to memory of 2088	2980	ziex4686.exe	69
PID 2980 wrote to memory of 2088	2980	ziex4686.exe	69
PID 2980 wrote to memory of 2088	2980	ziex4686.exe	69
PID 2508 wrote to memory of 1864	2508	zipu1134.exe	71
PID 2508 wrote to memory of 1864	2508	zipu1134.exe	71
PID 2508 wrote to memory of 1864	2508	zipu1134.exe	71
PID 2468 wrote to memory of 2616	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	72
PID 2468 wrote to memory of 2616	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	72
PID 2468 wrote to memory of 2616	2468	d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe	72

C:\Users\Admin\AppData\Local\Temp\d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe
"C:\Users\Admin\AppData\Local\Temp\d04646e43bc475be1844c4dc543b5b4589eb78373217b99ad5a6bdc23f224fa8.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zipu1134.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zipu1134.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziex4686.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziex4686.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it339384.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it339384.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr793738.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr793738.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2088
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp136410.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp136410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1864
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr111350.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr111350.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 616
    3⤵
    - Program crash
    PID:3420
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 696
    3⤵
    - Program crash
    PID:4848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 840
    3⤵
    - Program crash
    PID:3892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 856
    3⤵
    - Program crash
    PID:3652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 908
    3⤵
    - Program crash
    PID:1288
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 884
    3⤵
    - Program crash
    PID:2880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 1072
    3⤵
    - Program crash
    PID:4180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr111350.exe

Filesize
382KB

MD5
68fef23b69b71a8eea7e7fdc11d859ec

SHA1
03c5d3ce3c6a7c87d490deaac0cef3229430b818

SHA256
efccc1f4d10fc8260295ab2593396cdd1ddaf3a90254d94107e4fe8c90c6f2c6

SHA512
46196397db247e461a7fe7e61a97f0c5c18d38bc473e5ee68208a08286e0fcd934a147537a80e4602b793d5c5c9d3424b73b5e45202ec7c0d682798bf9584893

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr111350.exe

Filesize
382KB

MD5
68fef23b69b71a8eea7e7fdc11d859ec

SHA1
03c5d3ce3c6a7c87d490deaac0cef3229430b818

SHA256
efccc1f4d10fc8260295ab2593396cdd1ddaf3a90254d94107e4fe8c90c6f2c6

SHA512
46196397db247e461a7fe7e61a97f0c5c18d38bc473e5ee68208a08286e0fcd934a147537a80e4602b793d5c5c9d3424b73b5e45202ec7c0d682798bf9584893

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zipu1134.exe

Filesize
623KB

MD5
f10a8a9634fa4d53708c18d560fe23cb

SHA1
e9f2ffd184d51059492aa63f516b74d9f9673fc2

SHA256
cfd5878e6b02db889ee2c36ae9af0a1dabd03de10b9c16e1f3bbc285e017b73c

SHA512
d65f923f7d7839ef6898e08fa696dcd1fb17213a808f27fa336a1c70b8a1c74b441621a8c0df830c45ac7a6b6c1a040055e6cab846df34227b4d154f7a61905f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zipu1134.exe

Filesize
623KB

MD5
f10a8a9634fa4d53708c18d560fe23cb

SHA1
e9f2ffd184d51059492aa63f516b74d9f9673fc2

SHA256
cfd5878e6b02db889ee2c36ae9af0a1dabd03de10b9c16e1f3bbc285e017b73c

SHA512
d65f923f7d7839ef6898e08fa696dcd1fb17213a808f27fa336a1c70b8a1c74b441621a8c0df830c45ac7a6b6c1a040055e6cab846df34227b4d154f7a61905f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp136410.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp136410.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziex4686.exe

Filesize
469KB

MD5
613730c8219861bf8276aef921655f6a

SHA1
9d82c6f7f6c345a14d93cb33e1221408ceef31ab

SHA256
d893730807ba193fe81a6ddffcf29b23a24c8e68461e581e5cf30aa011b72d37

SHA512
2899fe37d9de69211aa20b193ec35b3fcc5a7d327a0b92c5b9a25837fcc506a82e5e53cca1e046b6e6d51c35aca66b59c6580fe5437a7f3f7fac8682fe80f6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziex4686.exe

Filesize
469KB

MD5
613730c8219861bf8276aef921655f6a

SHA1
9d82c6f7f6c345a14d93cb33e1221408ceef31ab

SHA256
d893730807ba193fe81a6ddffcf29b23a24c8e68461e581e5cf30aa011b72d37

SHA512
2899fe37d9de69211aa20b193ec35b3fcc5a7d327a0b92c5b9a25837fcc506a82e5e53cca1e046b6e6d51c35aca66b59c6580fe5437a7f3f7fac8682fe80f6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it339384.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it339384.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr793738.exe

Filesize
485KB

MD5
cf663fc97672d63ab84f60bb3a3b1d95

SHA1
80aa0aa07c8ad35e9c2b40b2339d0748fd459e43

SHA256
f8d8e563171a3cb4ddd46295461f80497c449a00e0ab18ca3a9f145e8885d6ea

SHA512
bff271d6bf24ad1dc2e925fe9260ce1953226759014bba4e11b07977ff226d1a1b93aa6ed0a0daf52452447c7d5e71eec2d22653267ee362e517148a31a0bf92

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr793738.exe

Filesize
485KB

MD5
cf663fc97672d63ab84f60bb3a3b1d95

SHA1
80aa0aa07c8ad35e9c2b40b2339d0748fd459e43

SHA256
f8d8e563171a3cb4ddd46295461f80497c449a00e0ab18ca3a9f145e8885d6ea

SHA512
bff271d6bf24ad1dc2e925fe9260ce1953226759014bba4e11b07977ff226d1a1b93aa6ed0a0daf52452447c7d5e71eec2d22653267ee362e517148a31a0bf92

Download Submit
memory/1864-965-0x0000000000110000-0x0000000000138000-memory.dmp

Filesize
160KB

Download
memory/1864-966-0x0000000006E90000-0x0000000006EA0000-memory.dmp

Filesize
64KB

Download
memory/1864-967-0x0000000006EA0000-0x0000000006EEB000-memory.dmp

Filesize
300KB

Download
memory/2088-182-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-200-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-153-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/2088-154-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/2088-155-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-156-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-158-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-160-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-162-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-164-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-166-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-168-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-170-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-172-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-174-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-176-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-178-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-180-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-184-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-152-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/2088-186-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-188-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-190-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-192-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-194-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-196-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-198-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-151-0x0000000000820000-0x0000000000866000-memory.dmp

Filesize
280KB

Download
memory/2088-202-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-204-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-206-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-208-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-210-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-214-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-212-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-216-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-218-0x0000000002850000-0x0000000002885000-memory.dmp

Filesize
212KB

Download
memory/2088-947-0x0000000007F90000-0x0000000008596000-memory.dmp

Filesize
6.0MB

Download
memory/2088-948-0x0000000002970000-0x0000000002982000-memory.dmp

Filesize
72KB

Download
memory/2088-949-0x0000000007980000-0x0000000007A8A000-memory.dmp

Filesize
1.0MB

Download
memory/2088-950-0x00000000029B0000-0x00000000029EE000-memory.dmp

Filesize
248KB

Download
memory/2088-951-0x0000000005080000-0x00000000050CB000-memory.dmp

Filesize
300KB

Download
memory/2088-952-0x00000000050F0000-0x0000000005100000-memory.dmp

Filesize
64KB

Download
memory/2088-953-0x0000000007CB0000-0x0000000007D16000-memory.dmp

Filesize
408KB

Download
memory/2088-954-0x0000000008970000-0x0000000008A02000-memory.dmp

Filesize
584KB

Download
memory/2088-955-0x0000000008A20000-0x0000000008A70000-memory.dmp

Filesize
320KB

Download
memory/2088-150-0x0000000002850000-0x000000000288A000-memory.dmp

Filesize
232KB

Download
memory/2088-149-0x0000000005100000-0x00000000055FE000-memory.dmp

Filesize
5.0MB

Download
memory/2088-148-0x00000000025F0000-0x000000000262C000-memory.dmp

Filesize
240KB

Download
memory/2088-956-0x0000000008A90000-0x0000000008B06000-memory.dmp

Filesize
472KB

Download
memory/2088-957-0x0000000008B60000-0x0000000008D22000-memory.dmp

Filesize
1.8MB

Download
memory/2088-958-0x0000000008D30000-0x000000000925C000-memory.dmp

Filesize
5.2MB

Download
memory/2088-959-0x0000000009380000-0x000000000939E000-memory.dmp

Filesize
120KB

Download
memory/2616-973-0x0000000000900000-0x0000000000935000-memory.dmp

Filesize
212KB

Download
memory/3244-142-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download