fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f

Analysis

max time kernel
144s
max time network
143s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2023, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe
Size

828KB
MD5

372678b14eddcb8cf2f5a0c3e75a311b
SHA1

d0935ba7798db5dbc48bdca2c9d0d82a7528adcf
SHA256

fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f
SHA512

3655851f78950def2718d9504c64691390edad255471ec1db6899719524061c3e49f65c586be25ab5047e8cde3e128c73b687268e87c702e61aeb8327d0b0e1a
SSDEEP

12288:Ty903levChx7/WC4klZxefgb+KvDkEgUKN1pR1oIlDv2FUJo2kmMNWg:TyUlevE/f4klGVKwEo2AkmNg

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	it578060.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	it578060.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	it578060.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	it578060.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	it578060.exe

Executes dropped EXE 6 IoCs

pid	Process
4180	ziDe6576.exe
3916	zisC3131.exe
4900	it578060.exe
2136	jr532870.exe
2340	kp337412.exe
5104	lr643307.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	it578060.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	ziDe6576.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	ziDe6576.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	zisC3131.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	zisC3131.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4376	5104	WerFault.exe	72
4412	5104	WerFault.exe	72
2576	5104	WerFault.exe	72
4304	5104	WerFault.exe	72
8	5104	WerFault.exe	72
4112	5104	WerFault.exe	72
3992	5104	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4900	it578060.exe
4900	it578060.exe
2136	jr532870.exe
2136	jr532870.exe
2340	kp337412.exe
2340	kp337412.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	it578060.exe
Token: SeDebugPrivilege	2136	jr532870.exe
Token: SeDebugPrivilege	2340	kp337412.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4180	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	66
PID 3640 wrote to memory of 4180	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	66
PID 3640 wrote to memory of 4180	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	66
PID 4180 wrote to memory of 3916	4180	ziDe6576.exe	67
PID 4180 wrote to memory of 3916	4180	ziDe6576.exe	67
PID 4180 wrote to memory of 3916	4180	ziDe6576.exe	67
PID 3916 wrote to memory of 4900	3916	zisC3131.exe	68
PID 3916 wrote to memory of 4900	3916	zisC3131.exe	68
PID 3916 wrote to memory of 2136	3916	zisC3131.exe	69
PID 3916 wrote to memory of 2136	3916	zisC3131.exe	69
PID 3916 wrote to memory of 2136	3916	zisC3131.exe	69
PID 4180 wrote to memory of 2340	4180	ziDe6576.exe	71
PID 4180 wrote to memory of 2340	4180	ziDe6576.exe	71
PID 4180 wrote to memory of 2340	4180	ziDe6576.exe	71
PID 3640 wrote to memory of 5104	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	72
PID 3640 wrote to memory of 5104	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	72
PID 3640 wrote to memory of 5104	3640	fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe	72

C:\Users\Admin\AppData\Local\Temp\fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe
"C:\Users\Admin\AppData\Local\Temp\fe130c0a9e560f6fcf10e5b265cb1b6b150f26c509966b5b3ba9b09b8cf0794f.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziDe6576.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziDe6576.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zisC3131.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zisC3131.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it578060.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it578060.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr532870.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr532870.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2136
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp337412.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp337412.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2340
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr643307.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr643307.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 640
    3⤵
    - Program crash
    PID:4376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 712
    3⤵
    - Program crash
    PID:4412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 836
    3⤵
    - Program crash
    PID:2576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 848
    3⤵
    - Program crash
    PID:4304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 884
    3⤵
    - Program crash
    PID:8
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 872
    3⤵
    - Program crash
    PID:4112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 1080
    3⤵
    - Program crash
    PID:3992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr643307.exe

Filesize
256KB

MD5
6937c0a4dc552f43fe61735b99525b86

SHA1
a09145234236b47ddcc6d1945498576541f46d7d

SHA256
4443e01dedc5e1b3b1c0fb3d53c43cb0b951374f0e81f35fccac7b6df4768625

SHA512
46b887ede9c8c64d6801eaf4955e4b7f7e9f3cc3fc9f1858017ae30a3345708c4164f29b40254a6aa7a9edba2fc3c852063896c9c6046a77b147ad38c3621b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr643307.exe

Filesize
256KB

MD5
6937c0a4dc552f43fe61735b99525b86

SHA1
a09145234236b47ddcc6d1945498576541f46d7d

SHA256
4443e01dedc5e1b3b1c0fb3d53c43cb0b951374f0e81f35fccac7b6df4768625

SHA512
46b887ede9c8c64d6801eaf4955e4b7f7e9f3cc3fc9f1858017ae30a3345708c4164f29b40254a6aa7a9edba2fc3c852063896c9c6046a77b147ad38c3621b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziDe6576.exe

Filesize
569KB

MD5
147a9b1f9bf0ede70f4e34dced446e07

SHA1
8eacc95a3964d5ac4eee75c7753c99be23ddb250

SHA256
3f0418b9c6f772a8c158344d7e2988ebe8eb1b0bf98443b0a696d3f1fd200ba7

SHA512
ab7958474d622f470d7c5369d91f7e7cf48cd7eaa17ca4fc834c54fe2bf49ba4553158d28f52e8687cd7c29cb0d886dc9378613a4bf93ca066576016f1f880df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziDe6576.exe

Filesize
569KB

MD5
147a9b1f9bf0ede70f4e34dced446e07

SHA1
8eacc95a3964d5ac4eee75c7753c99be23ddb250

SHA256
3f0418b9c6f772a8c158344d7e2988ebe8eb1b0bf98443b0a696d3f1fd200ba7

SHA512
ab7958474d622f470d7c5369d91f7e7cf48cd7eaa17ca4fc834c54fe2bf49ba4553158d28f52e8687cd7c29cb0d886dc9378613a4bf93ca066576016f1f880df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp337412.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp337412.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zisC3131.exe

Filesize
415KB

MD5
727bff8eb41e52d8b87aa707bde98a9b

SHA1
2258bb6730b2cd78958ba58a62d34ba506c6c653

SHA256
98f7616bf9026a598f030316864417075cd56a8e347c2feb1036b2b7ef7b3106

SHA512
dcebb980810e1470c5f602af234ab8f4c5a9b08e1d3dc4d816d8e12a12609dd7079e9133ad0ee1fda7ade03eaaa640924599b1387cb993463fc359c091538196

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\zisC3131.exe

Filesize
415KB

MD5
727bff8eb41e52d8b87aa707bde98a9b

SHA1
2258bb6730b2cd78958ba58a62d34ba506c6c653

SHA256
98f7616bf9026a598f030316864417075cd56a8e347c2feb1036b2b7ef7b3106

SHA512
dcebb980810e1470c5f602af234ab8f4c5a9b08e1d3dc4d816d8e12a12609dd7079e9133ad0ee1fda7ade03eaaa640924599b1387cb993463fc359c091538196

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it578060.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it578060.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr532870.exe

Filesize
360KB

MD5
0c67b1193a3561e8af8a87d6b828a287

SHA1
938708df45bcf36366bc0f026795bcc100dec5e9

SHA256
bbe0b093beb05d5093087d215ae44ea8159c57e4d85e510c752d32aa6c81731c

SHA512
76036c907ca9b0ed482a14ca9dd90101247edbe30530d1c0a84fc07247f3e3aac253606fdbff181523536c6183c83e62ad9ea15fc1188fb1f176cfe5e6860cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr532870.exe

Filesize
360KB

MD5
0c67b1193a3561e8af8a87d6b828a287

SHA1
938708df45bcf36366bc0f026795bcc100dec5e9

SHA256
bbe0b093beb05d5093087d215ae44ea8159c57e4d85e510c752d32aa6c81731c

SHA512
76036c907ca9b0ed482a14ca9dd90101247edbe30530d1c0a84fc07247f3e3aac253606fdbff181523536c6183c83e62ad9ea15fc1188fb1f176cfe5e6860cc8

Download Submit
memory/2136-183-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-198-0x0000000007250000-0x0000000007260000-memory.dmp

Filesize
64KB

Download
memory/2136-148-0x0000000007250000-0x0000000007260000-memory.dmp

Filesize
64KB

Download
memory/2136-149-0x0000000007250000-0x0000000007260000-memory.dmp

Filesize
64KB

Download
memory/2136-150-0x0000000007260000-0x000000000775E000-memory.dmp

Filesize
5.0MB

Download
memory/2136-151-0x0000000007770000-0x00000000077AA000-memory.dmp

Filesize
232KB

Download
memory/2136-152-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-153-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-155-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-157-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-159-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-161-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-163-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-165-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-167-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-169-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-171-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-173-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-175-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-177-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-179-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-181-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-146-0x0000000004C60000-0x0000000004C9C000-memory.dmp

Filesize
240KB

Download
memory/2136-185-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-187-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-189-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-191-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-193-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-195-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-147-0x0000000002C50000-0x0000000002C96000-memory.dmp

Filesize
280KB

Download
memory/2136-197-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-200-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-202-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-204-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-206-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-208-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-210-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-212-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-214-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-216-0x0000000007770000-0x00000000077A5000-memory.dmp

Filesize
212KB

Download
memory/2136-945-0x000000000A2B0000-0x000000000A8B6000-memory.dmp

Filesize
6.0MB

Download
memory/2136-946-0x0000000009D30000-0x0000000009D42000-memory.dmp

Filesize
72KB

Download
memory/2136-947-0x0000000009D60000-0x0000000009E6A000-memory.dmp

Filesize
1.0MB

Download
memory/2136-948-0x0000000009E80000-0x0000000009EBE000-memory.dmp

Filesize
248KB

Download
memory/2136-949-0x0000000007250000-0x0000000007260000-memory.dmp

Filesize
64KB

Download
memory/2136-950-0x0000000009F00000-0x0000000009F4B000-memory.dmp

Filesize
300KB

Download
memory/2136-951-0x000000000A190000-0x000000000A1F6000-memory.dmp

Filesize
408KB

Download
memory/2136-952-0x000000000AE50000-0x000000000AEE2000-memory.dmp

Filesize
584KB

Download
memory/2136-953-0x000000000B000000-0x000000000B050000-memory.dmp

Filesize
320KB

Download
memory/2136-954-0x000000000B070000-0x000000000B0E6000-memory.dmp

Filesize
472KB

Download
memory/2136-955-0x000000000B120000-0x000000000B13E000-memory.dmp

Filesize
120KB

Download
memory/2136-956-0x000000000B1D0000-0x000000000B392000-memory.dmp

Filesize
1.8MB

Download
memory/2136-957-0x000000000B3B0000-0x000000000B8DC000-memory.dmp

Filesize
5.2MB

Download
memory/2340-963-0x0000000000A90000-0x0000000000AB8000-memory.dmp

Filesize
160KB

Download
memory/2340-964-0x0000000007810000-0x000000000785B000-memory.dmp

Filesize
300KB

Download
memory/2340-965-0x0000000007B40000-0x0000000007B50000-memory.dmp

Filesize
64KB

Download
memory/4900-140-0x0000000000840000-0x000000000084A000-memory.dmp

Filesize
40KB

Download
memory/5104-971-0x0000000002CB0000-0x0000000002CE5000-memory.dmp

Filesize
212KB

Download