369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412

Analysis

max time kernel
148s
max time network
93s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2023, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe
Size

966KB
MD5

fd2335365a2fd5c14b4945df5bacdbf1
SHA1

c8da9294452f53ea5758b3cf0c1d4c062502275d
SHA256

369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412
SHA512

07091a27fe022ef07a20e1121aca048961498f6d2516c89016f63a59b526bb71f07ee786d722ee66ad4a6203be95be7a16ac225f227941e47014f8ee9b5364b9
SSDEEP

24576:uyOIX7giRGCobbTsiz7ogPZUrNRAAo6/MeFxaO:9B7vGCobHswZUrNRT/zx

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pr655954.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pr655954.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pr655954.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pr655954.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pr655954.exe

Executes dropped EXE 6 IoCs

pid	Process
1716	un959602.exe
1436	un457099.exe
4408	pr655954.exe
1072	qu489934.exe
4988	rk049242.exe
3996	si822915.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pr655954.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pr655954.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un959602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un959602.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un457099.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	un457099.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2040	3996	WerFault.exe	73
4884	3996	WerFault.exe	73
4148	3996	WerFault.exe	73
1452	3996	WerFault.exe	73
2884	3996	WerFault.exe	73
3080	3996	WerFault.exe	73
3016	3996	WerFault.exe	73

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4408	pr655954.exe
4408	pr655954.exe
1072	qu489934.exe
1072	qu489934.exe
4988	rk049242.exe
4988	rk049242.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4408	pr655954.exe
Token: SeDebugPrivilege	1072	qu489934.exe
Token: SeDebugPrivilege	4988	rk049242.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 1716	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	67
PID 4220 wrote to memory of 1716	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	67
PID 4220 wrote to memory of 1716	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	67
PID 1716 wrote to memory of 1436	1716	un959602.exe	68
PID 1716 wrote to memory of 1436	1716	un959602.exe	68
PID 1716 wrote to memory of 1436	1716	un959602.exe	68
PID 1436 wrote to memory of 4408	1436	un457099.exe	69
PID 1436 wrote to memory of 4408	1436	un457099.exe	69
PID 1436 wrote to memory of 4408	1436	un457099.exe	69
PID 1436 wrote to memory of 1072	1436	un457099.exe	70
PID 1436 wrote to memory of 1072	1436	un457099.exe	70
PID 1436 wrote to memory of 1072	1436	un457099.exe	70
PID 1716 wrote to memory of 4988	1716	un959602.exe	72
PID 1716 wrote to memory of 4988	1716	un959602.exe	72
PID 1716 wrote to memory of 4988	1716	un959602.exe	72
PID 4220 wrote to memory of 3996	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	73
PID 4220 wrote to memory of 3996	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	73
PID 4220 wrote to memory of 3996	4220	369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe	73

C:\Users\Admin\AppData\Local\Temp\369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe
"C:\Users\Admin\AppData\Local\Temp\369118b263e9eaa35715379c4736e40bb757e349789910c70f95077265642412.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un959602.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un959602.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un457099.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un457099.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr655954.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr655954.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu489934.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu489934.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1072
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk049242.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk049242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4988
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si822915.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si822915.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 616
    3⤵
    - Program crash
    PID:2040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 696
    3⤵
    - Program crash
    PID:4884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 836
    3⤵
    - Program crash
    PID:4148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 844
    3⤵
    - Program crash
    PID:1452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 872
    3⤵
    - Program crash
    PID:2884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 884
    3⤵
    - Program crash
    PID:3080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 1080
    3⤵
    - Program crash
    PID:3016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si822915.exe

Filesize
256KB

MD5
133171cece74d18b422dffb1572b0f57

SHA1
b92aede6b23ab9802a517a2db7695e99c007e9a9

SHA256
0c4e44995751cfd305b08422ea1ba4bb039c5a71d373e67bac725c6730b206db

SHA512
d5868378bd98a10ffb114b83982923db61070ceb7515666298519f3a66521b7c688fcf5ed7d8056d346c1ce34c93f07e0061d107c23ab06bd2ae142f59255523

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si822915.exe

Filesize
256KB

MD5
133171cece74d18b422dffb1572b0f57

SHA1
b92aede6b23ab9802a517a2db7695e99c007e9a9

SHA256
0c4e44995751cfd305b08422ea1ba4bb039c5a71d373e67bac725c6730b206db

SHA512
d5868378bd98a10ffb114b83982923db61070ceb7515666298519f3a66521b7c688fcf5ed7d8056d346c1ce34c93f07e0061d107c23ab06bd2ae142f59255523

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un959602.exe

Filesize
706KB

MD5
068da30bc39a716398c8343855c83375

SHA1
16c68f1ca2d6b349bde9185e9c60d6ac6f90a0e9

SHA256
1a5f158f7f21427c5208e5c6c1e9d8a1dd8b66f369d323b30a8a4308dd106423

SHA512
57d9820f3bccc311809ecc454be30aaf9d9e81a02a0a4aefc08ebeac5a5374380662fbd4a5c90a9c92f57603e0488ebddc8c072c611b11c4610cefc4afeb2f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un959602.exe

Filesize
706KB

MD5
068da30bc39a716398c8343855c83375

SHA1
16c68f1ca2d6b349bde9185e9c60d6ac6f90a0e9

SHA256
1a5f158f7f21427c5208e5c6c1e9d8a1dd8b66f369d323b30a8a4308dd106423

SHA512
57d9820f3bccc311809ecc454be30aaf9d9e81a02a0a4aefc08ebeac5a5374380662fbd4a5c90a9c92f57603e0488ebddc8c072c611b11c4610cefc4afeb2f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk049242.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk049242.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un457099.exe

Filesize
553KB

MD5
7f1c8105b090e440acc0bcb3dda68c54

SHA1
556fdec7bc3aa7e8a09e75fa6dd7108f4e2c35f2

SHA256
1281de2f8934b988e11d25d7e0f7df2cdf0f089c53ef324a1879fc232de3045b

SHA512
90ba7dd4b265352243bb5bc82710d28196509d966ad20ad4b3e6ee4467f68eb65a9568d8ba9ebfb1e9fedd81b5f8bd10cf5fa79e19ecbff2196868564d860558

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un457099.exe

Filesize
553KB

MD5
7f1c8105b090e440acc0bcb3dda68c54

SHA1
556fdec7bc3aa7e8a09e75fa6dd7108f4e2c35f2

SHA256
1281de2f8934b988e11d25d7e0f7df2cdf0f089c53ef324a1879fc232de3045b

SHA512
90ba7dd4b265352243bb5bc82710d28196509d966ad20ad4b3e6ee4467f68eb65a9568d8ba9ebfb1e9fedd81b5f8bd10cf5fa79e19ecbff2196868564d860558

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr655954.exe

Filesize
278KB

MD5
a7782a5700063b898bfc14e588cf4d90

SHA1
b553edc58704005eff3ce2ad406bd37862993da4

SHA256
0341c33066c568f7ac5c4b3621314644011792cfea546df77babe788261a3a48

SHA512
1be6c73c64a2e4e16d43a7454c26c3968e2a61b580381f2da7244eaac8755d7e50a3c326634eb524c1b61a7607386f63a7fb203781c733c90e36c0dd9f547875

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr655954.exe

Filesize
278KB

MD5
a7782a5700063b898bfc14e588cf4d90

SHA1
b553edc58704005eff3ce2ad406bd37862993da4

SHA256
0341c33066c568f7ac5c4b3621314644011792cfea546df77babe788261a3a48

SHA512
1be6c73c64a2e4e16d43a7454c26c3968e2a61b580381f2da7244eaac8755d7e50a3c326634eb524c1b61a7607386f63a7fb203781c733c90e36c0dd9f547875

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu489934.exe

Filesize
360KB

MD5
f881e3ad14e6c70fd29e7bd696c5a052

SHA1
1a87e2db69b6ea98f2f3955c377904d205b1f44c

SHA256
a874b4cc91044c10743942cca00c4846df806d227d59263ba13e6b5ab318639c

SHA512
9faba62c32ce7696498ae50428bc4f844ed16504443e87f2309df93dbd0e0747223734bb441616619d641cbf11e582ebabc870aa314d0e81965a9bb89ea34e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu489934.exe

Filesize
360KB

MD5
f881e3ad14e6c70fd29e7bd696c5a052

SHA1
1a87e2db69b6ea98f2f3955c377904d205b1f44c

SHA256
a874b4cc91044c10743942cca00c4846df806d227d59263ba13e6b5ab318639c

SHA512
9faba62c32ce7696498ae50428bc4f844ed16504443e87f2309df93dbd0e0747223734bb441616619d641cbf11e582ebabc870aa314d0e81965a9bb89ea34e24

Download Submit
memory/1072-979-0x0000000009BF0000-0x0000000009C02000-memory.dmp

Filesize
72KB

Download
memory/1072-983-0x0000000009DC0000-0x0000000009E0B000-memory.dmp

Filesize
300KB

Download
memory/1072-990-0x000000000B270000-0x000000000B79C000-memory.dmp

Filesize
5.2MB

Download
memory/1072-989-0x000000000B090000-0x000000000B252000-memory.dmp

Filesize
1.8MB

Download
memory/1072-988-0x000000000AFD0000-0x000000000AFEE000-memory.dmp

Filesize
120KB

Download
memory/1072-987-0x000000000AE30000-0x000000000AEA6000-memory.dmp

Filesize
472KB

Download
memory/1072-986-0x000000000ADC0000-0x000000000AE10000-memory.dmp

Filesize
320KB

Download
memory/1072-985-0x000000000AD10000-0x000000000ADA2000-memory.dmp

Filesize
584KB

Download
memory/1072-984-0x000000000A050000-0x000000000A0B6000-memory.dmp

Filesize
408KB

Download
memory/1072-982-0x0000000009D40000-0x0000000009D7E000-memory.dmp

Filesize
248KB

Download
memory/1072-981-0x0000000007120000-0x0000000007130000-memory.dmp

Filesize
64KB

Download
memory/1072-980-0x0000000009C20000-0x0000000009D2A000-memory.dmp

Filesize
1.0MB

Download
memory/1072-978-0x000000000A180000-0x000000000A786000-memory.dmp

Filesize
6.0MB

Download
memory/1072-219-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-217-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-215-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-213-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-211-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-209-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-207-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-180-0x0000000004A90000-0x0000000004ACC000-memory.dmp

Filesize
240KB

Download
memory/1072-181-0x0000000007670000-0x00000000076AA000-memory.dmp

Filesize
232KB

Download
memory/1072-183-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-185-0x0000000002CF0000-0x0000000002D36000-memory.dmp

Filesize
280KB

Download
memory/1072-182-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-186-0x0000000007120000-0x0000000007130000-memory.dmp

Filesize
64KB

Download
memory/1072-187-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-191-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-188-0x0000000007120000-0x0000000007130000-memory.dmp

Filesize
64KB

Download
memory/1072-190-0x0000000007120000-0x0000000007130000-memory.dmp

Filesize
64KB

Download
memory/1072-193-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-195-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-197-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-199-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-201-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-203-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/1072-205-0x0000000007670000-0x00000000076A5000-memory.dmp

Filesize
212KB

Download
memory/3996-1004-0x0000000002C70000-0x0000000002CA5000-memory.dmp

Filesize
212KB

Download
memory/4408-157-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-139-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/4408-173-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4408-172-0x0000000000400000-0x0000000002B9F000-memory.dmp

Filesize
39.6MB

Download
memory/4408-171-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-169-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-167-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-141-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4408-165-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-163-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-161-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-155-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-175-0x0000000000400000-0x0000000002B9F000-memory.dmp

Filesize
39.6MB

Download
memory/4408-159-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-145-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-153-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-151-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-149-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-147-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-142-0x0000000007100000-0x00000000075FE000-memory.dmp

Filesize
5.0MB

Download
memory/4408-140-0x0000000004D60000-0x0000000004D70000-memory.dmp

Filesize
64KB

Download
memory/4408-144-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/4408-138-0x00000000047E0000-0x00000000047FA000-memory.dmp

Filesize
104KB

Download
memory/4408-143-0x0000000004D80000-0x0000000004D98000-memory.dmp

Filesize
96KB

Download
memory/4988-998-0x0000000006E20000-0x0000000006E30000-memory.dmp

Filesize
64KB

Download
memory/4988-997-0x0000000006E30000-0x0000000006E7B000-memory.dmp

Filesize
300KB

Download
memory/4988-996-0x00000000000A0000-0x00000000000C8000-memory.dmp

Filesize
160KB

Download