f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6

Analysis

max time kernel
148s
max time network
94s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2023, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe
Size

827KB
MD5

f68d925cb037645724c3d985364cb3bf
SHA1

e8653d6a211a691ccf951de21c91b28e2c47bbbd
SHA256

f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6
SHA512

736a059bf1d54f4d911e7c305508c092a727aac56a539ce3cc033e5b4fb348f50bb30948590b15511298274724efde941001379cae52d528717f3fa59f365954
SSDEEP

24576:Xyl9+gA3eQ6b2s29gnWATPk8pMsAf6/jRz725:ilMt6b2F9gnWh8upC/Q

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	it896957.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	it896957.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	it896957.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	it896957.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	it896957.exe

Executes dropped EXE 6 IoCs

pid	Process
2488	zidj7493.exe
2560	ziHh3760.exe
3172	it896957.exe
3892	jr791644.exe
1964	kp411059.exe
4040	lr531544.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	it896957.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	zidj7493.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	zidj7493.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	ziHh3760.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	ziHh3760.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2580	4040	WerFault.exe	72
5048	4040	WerFault.exe	72
3904	4040	WerFault.exe	72
1408	4040	WerFault.exe	72
3928	4040	WerFault.exe	72
4736	4040	WerFault.exe	72
3488	4040	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3172	it896957.exe
3172	it896957.exe
3892	jr791644.exe
3892	jr791644.exe
1964	kp411059.exe
1964	kp411059.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3172	it896957.exe
Token: SeDebugPrivilege	3892	jr791644.exe
Token: SeDebugPrivilege	1964	kp411059.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2488	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	66
PID 2156 wrote to memory of 2488	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	66
PID 2156 wrote to memory of 2488	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	66
PID 2488 wrote to memory of 2560	2488	zidj7493.exe	67
PID 2488 wrote to memory of 2560	2488	zidj7493.exe	67
PID 2488 wrote to memory of 2560	2488	zidj7493.exe	67
PID 2560 wrote to memory of 3172	2560	ziHh3760.exe	68
PID 2560 wrote to memory of 3172	2560	ziHh3760.exe	68
PID 2560 wrote to memory of 3892	2560	ziHh3760.exe	69
PID 2560 wrote to memory of 3892	2560	ziHh3760.exe	69
PID 2560 wrote to memory of 3892	2560	ziHh3760.exe	69
PID 2488 wrote to memory of 1964	2488	zidj7493.exe	71
PID 2488 wrote to memory of 1964	2488	zidj7493.exe	71
PID 2488 wrote to memory of 1964	2488	zidj7493.exe	71
PID 2156 wrote to memory of 4040	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	72
PID 2156 wrote to memory of 4040	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	72
PID 2156 wrote to memory of 4040	2156	f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe	72

C:\Users\Admin\AppData\Local\Temp\f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe
"C:\Users\Admin\AppData\Local\Temp\f9aee415a399e8abd0fba5b04405c726a45cd5ea93ea43d0a07efc90e7d0c1f6.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zidj7493.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zidj7493.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziHh3760.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziHh3760.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it896957.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it896957.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr791644.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr791644.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp411059.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp411059.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1964
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr531544.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr531544.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 616
    3⤵
    - Program crash
    PID:2580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 696
    3⤵
    - Program crash
    PID:5048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 832
    3⤵
    - Program crash
    PID:3904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 844
    3⤵
    - Program crash
    PID:1408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 872
    3⤵
    - Program crash
    PID:3928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 848
    3⤵
    - Program crash
    PID:4736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 1080
    3⤵
    - Program crash
    PID:3488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr531544.exe

Filesize
256KB

MD5
29d5723187610e96b5a4723eaf91c8ad

SHA1
055b7e5ae5440b82d001ee2500b96072ec9e3522

SHA256
b9d764777b81f560dde92ad97e707c8d597dd99a78ff0f949e9c74b744b43718

SHA512
58b2eea69affdd121c07ab6d17c0040a7ca77ebe9c48a79fb91656168e61d33edbaf7f5dc5c2c16a96d9cd0985fc2f7fabd30a49631720e4934ce7f2d68ab3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lr531544.exe

Filesize
256KB

MD5
29d5723187610e96b5a4723eaf91c8ad

SHA1
055b7e5ae5440b82d001ee2500b96072ec9e3522

SHA256
b9d764777b81f560dde92ad97e707c8d597dd99a78ff0f949e9c74b744b43718

SHA512
58b2eea69affdd121c07ab6d17c0040a7ca77ebe9c48a79fb91656168e61d33edbaf7f5dc5c2c16a96d9cd0985fc2f7fabd30a49631720e4934ce7f2d68ab3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zidj7493.exe

Filesize
568KB

MD5
5380db20e95ccde5287d4f981ee97a86

SHA1
948939290247d045099e46c9bd0ee0e4a74563db

SHA256
04620d416bfa1c63478823de83c7e35386a133f283d31dac5976dcff482325d4

SHA512
77696bef417c3b20d9aef589bebdfb7c0034f1b2a58b9b5ba27bd29c5503137d8f157899d006725e8170d8171312c9e93a12f2b933e24165e3984af55b1cf4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zidj7493.exe

Filesize
568KB

MD5
5380db20e95ccde5287d4f981ee97a86

SHA1
948939290247d045099e46c9bd0ee0e4a74563db

SHA256
04620d416bfa1c63478823de83c7e35386a133f283d31dac5976dcff482325d4

SHA512
77696bef417c3b20d9aef589bebdfb7c0034f1b2a58b9b5ba27bd29c5503137d8f157899d006725e8170d8171312c9e93a12f2b933e24165e3984af55b1cf4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp411059.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp411059.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziHh3760.exe

Filesize
414KB

MD5
bc032b8208c0db06e280c13adb599d4f

SHA1
dcba0605e0d1d719250274dc07463e7f40018dff

SHA256
6b73b9bbca17d083a36b97f7aa216973d4e944f2309d5c3cfa13517dd04d2a10

SHA512
d4bb9a1b2960957b8cf8ebdd4d4195e3b48feb1996c6da78b6ca2b6aaa8700bb7b5b5ea79d5d6362c1c611df9b86ab8132c090cca29a92caada6c47543f5604c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ziHh3760.exe

Filesize
414KB

MD5
bc032b8208c0db06e280c13adb599d4f

SHA1
dcba0605e0d1d719250274dc07463e7f40018dff

SHA256
6b73b9bbca17d083a36b97f7aa216973d4e944f2309d5c3cfa13517dd04d2a10

SHA512
d4bb9a1b2960957b8cf8ebdd4d4195e3b48feb1996c6da78b6ca2b6aaa8700bb7b5b5ea79d5d6362c1c611df9b86ab8132c090cca29a92caada6c47543f5604c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it896957.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\it896957.exe

Filesize
11KB

MD5
7e93bacbbc33e6652e147e7fe07572a0

SHA1
421a7167da01c8da4dc4d5234ca3dd84e319e762

SHA256
850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

SHA512
250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr791644.exe

Filesize
360KB

MD5
3c3048176a5d549348ee1857e951db00

SHA1
447b0f400ab18c2f0c83b86e04e6e7870e9f183d

SHA256
a390d67cca8820e86d83fb3ed917cb9f0ea15641644f2666186e35edc437545f

SHA512
5ce19af3b6a8234c2e4b0b95d4e5ed1f6579c35097c023291e75b194f2ad252f9dbec1497428f1c156d79dd38b057734da417c03f27c8fc6aedd2897537ef422

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\jr791644.exe

Filesize
360KB

MD5
3c3048176a5d549348ee1857e951db00

SHA1
447b0f400ab18c2f0c83b86e04e6e7870e9f183d

SHA256
a390d67cca8820e86d83fb3ed917cb9f0ea15641644f2666186e35edc437545f

SHA512
5ce19af3b6a8234c2e4b0b95d4e5ed1f6579c35097c023291e75b194f2ad252f9dbec1497428f1c156d79dd38b057734da417c03f27c8fc6aedd2897537ef422

Download Submit
memory/1964-967-0x0000000007470000-0x00000000074BB000-memory.dmp

Filesize
300KB

Download
memory/1964-966-0x00000000006D0000-0x00000000006F8000-memory.dmp

Filesize
160KB

Download
memory/1964-968-0x00000000073E0000-0x00000000073F0000-memory.dmp

Filesize
64KB

Download
memory/3172-142-0x00000000003D0000-0x00000000003DA000-memory.dmp

Filesize
40KB

Download
memory/3892-182-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-202-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-152-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/3892-154-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/3892-155-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-156-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-158-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-160-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-162-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-164-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-166-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-168-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-170-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-172-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-174-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-176-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-178-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-180-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-151-0x0000000002CF0000-0x0000000002D36000-memory.dmp

Filesize
280KB

Download
memory/3892-184-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-186-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-188-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-190-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-192-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-194-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-196-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-198-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-153-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/3892-200-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-204-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-206-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-208-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-210-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-212-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-214-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-216-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-218-0x0000000004C30000-0x0000000004C65000-memory.dmp

Filesize
212KB

Download
memory/3892-947-0x0000000009B90000-0x000000000A196000-memory.dmp

Filesize
6.0MB

Download
memory/3892-948-0x000000000A200000-0x000000000A212000-memory.dmp

Filesize
72KB

Download
memory/3892-949-0x000000000A230000-0x000000000A33A000-memory.dmp

Filesize
1.0MB

Download
memory/3892-950-0x000000000A350000-0x000000000A38E000-memory.dmp

Filesize
248KB

Download
memory/3892-951-0x000000000A3D0000-0x000000000A41B000-memory.dmp

Filesize
300KB

Download
memory/3892-952-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/3892-953-0x000000000A660000-0x000000000A6C6000-memory.dmp

Filesize
408KB

Download
memory/3892-954-0x000000000AD10000-0x000000000ADA2000-memory.dmp

Filesize
584KB

Download
memory/3892-955-0x000000000AEE0000-0x000000000AF56000-memory.dmp

Filesize
472KB

Download
memory/3892-150-0x0000000004C30000-0x0000000004C6A000-memory.dmp

Filesize
232KB

Download
memory/3892-149-0x0000000007310000-0x000000000780E000-memory.dmp

Filesize
5.0MB

Download
memory/3892-148-0x0000000004990000-0x00000000049CC000-memory.dmp

Filesize
240KB

Download
memory/3892-956-0x000000000AFA0000-0x000000000B162000-memory.dmp

Filesize
1.8MB

Download
memory/3892-957-0x000000000B180000-0x000000000B6AC000-memory.dmp

Filesize
5.2MB

Download
memory/3892-958-0x000000000B7C0000-0x000000000B7DE000-memory.dmp

Filesize
120KB

Download
memory/3892-959-0x0000000006CC0000-0x0000000006D10000-memory.dmp

Filesize
320KB

Download
memory/4040-974-0x0000000002BA0000-0x0000000002BD5000-memory.dmp

Filesize
212KB

Download