af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82

Analysis

max time kernel
140s
max time network
98s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20-04-2023 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe
Size

1.1MB
MD5

a8446fac67bc2374d99c3b4182e0734f
SHA1

ada9613d83468165293f94e8b63ffbfa273077a7
SHA256

af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82
SHA512

352d5942f98d0a96bdd91539fff0a35b9c1d0515569601e1f5e666a365a4d23923e1876b1c1187e5893829035f490ce240e7966d0c4323cc24ae7a6670786dd9
SSDEEP

24576:IyQEYta8sjh/1OI0tY8/p08uKcXku2c09GaHGD:P0ajhvwPuiu9sG

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pr883946.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pr883946.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pr883946.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pr883946.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pr883946.exe

Executes dropped EXE 6 IoCs

pid	Process
4120	un850785.exe
4144	un777697.exe
4544	pr883946.exe
1916	qu914349.exe
4044	rk944249.exe
3364	si809317.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pr883946.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pr883946.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un850785.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un850785.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un777697.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	un777697.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
400	3364	WerFault.exe	72
4436	3364	WerFault.exe	72
2596	3364	WerFault.exe	72
4700	3364	WerFault.exe	72
1004	3364	WerFault.exe	72
2232	3364	WerFault.exe	72
4676	3364	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4544	pr883946.exe
4544	pr883946.exe
1916	qu914349.exe
1916	qu914349.exe
4044	rk944249.exe
4044	rk944249.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4544	pr883946.exe
Token: SeDebugPrivilege	1916	qu914349.exe
Token: SeDebugPrivilege	4044	rk944249.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4120	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	66
PID 4036 wrote to memory of 4120	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	66
PID 4036 wrote to memory of 4120	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	66
PID 4120 wrote to memory of 4144	4120	un850785.exe	67
PID 4120 wrote to memory of 4144	4120	un850785.exe	67
PID 4120 wrote to memory of 4144	4120	un850785.exe	67
PID 4144 wrote to memory of 4544	4144	un777697.exe	68
PID 4144 wrote to memory of 4544	4144	un777697.exe	68
PID 4144 wrote to memory of 4544	4144	un777697.exe	68
PID 4144 wrote to memory of 1916	4144	un777697.exe	69
PID 4144 wrote to memory of 1916	4144	un777697.exe	69
PID 4144 wrote to memory of 1916	4144	un777697.exe	69
PID 4120 wrote to memory of 4044	4120	un850785.exe	71
PID 4120 wrote to memory of 4044	4120	un850785.exe	71
PID 4120 wrote to memory of 4044	4120	un850785.exe	71
PID 4036 wrote to memory of 3364	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	72
PID 4036 wrote to memory of 3364	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	72
PID 4036 wrote to memory of 3364	4036	af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe	72

C:\Users\Admin\AppData\Local\Temp\af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe
"C:\Users\Admin\AppData\Local\Temp\af109b789c55ae3c9c9998755948a22d547ac94765dedbdc976579af189b7a82.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un850785.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un850785.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un777697.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un777697.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr883946.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr883946.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu914349.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu914349.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1916
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk944249.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk944249.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4044
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si809317.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si809317.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 188
    3⤵
    - Program crash
    PID:400
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 696
    3⤵
    - Program crash
    PID:4436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 768
    3⤵
    - Program crash
    PID:2596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 844
    3⤵
    - Program crash
    PID:4700
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 880
    3⤵
    - Program crash
    PID:1004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 852
    3⤵
    - Program crash
    PID:2232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 1068
    3⤵
    - Program crash
    PID:4676

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si809317.exe

Filesize
378KB

MD5
1ebfe7f506205ed310cddfdacd7df16d

SHA1
a031c63cee43bb8fcf79ccf79c561bd6f32a661f

SHA256
2834f6f5b25cad1072be7ba024ddf2389d536150c138e8d5593f56df1102d27a

SHA512
e656a542b7fdbc2004e3792460ba638acdc18bf06d927356a896e92fa835d6b84a937f9ce195a912395d4046391d7b457556db2c2c4001aae4550101454da826

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si809317.exe

Filesize
378KB

MD5
1ebfe7f506205ed310cddfdacd7df16d

SHA1
a031c63cee43bb8fcf79ccf79c561bd6f32a661f

SHA256
2834f6f5b25cad1072be7ba024ddf2389d536150c138e8d5593f56df1102d27a

SHA512
e656a542b7fdbc2004e3792460ba638acdc18bf06d927356a896e92fa835d6b84a937f9ce195a912395d4046391d7b457556db2c2c4001aae4550101454da826

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un850785.exe

Filesize
763KB

MD5
6bb4aa704bcc67a94826ef40c9a5b183

SHA1
46caf9c46fa53d8b93ff31a36eb05fe8cf1753b5

SHA256
92e3918d05651e02574f69bce2dca8d2295b29446ddbb4efca1985b04a7ccabb

SHA512
93a6768445f53dcdaa8d402c7f7c6b3ee60b66f3475b11579c6adae62547559eef4215b59e495eca054e78970f685ff0eb92858811546b3f0d236f14d2c61dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un850785.exe

Filesize
763KB

MD5
6bb4aa704bcc67a94826ef40c9a5b183

SHA1
46caf9c46fa53d8b93ff31a36eb05fe8cf1753b5

SHA256
92e3918d05651e02574f69bce2dca8d2295b29446ddbb4efca1985b04a7ccabb

SHA512
93a6768445f53dcdaa8d402c7f7c6b3ee60b66f3475b11579c6adae62547559eef4215b59e495eca054e78970f685ff0eb92858811546b3f0d236f14d2c61dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk944249.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk944249.exe

Filesize
136KB

MD5
86810f340795831f3c2bd147981be929

SHA1
573345e2c322720fa43f74d761ff1d48028f36c9

SHA256
d122c80c89eb529d8edb82af16a9ffd8bb187f391758fe80ac2e25db159a9139

SHA512
c50b8b6a424fc20c6a3009560cffc277c8dd99792c97f72bfb57d924efdc07341e87a96cb2556e90955fbab6bd59df2a8fc23f89866096658dc7530499becd9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un777697.exe

Filesize
609KB

MD5
d158984b20e8575b87ebe750b30a5c8a

SHA1
ec2a0874e2e5426e679d03c6169fab4e501a785e

SHA256
0f6898c696118581004e6cdf90a223ef50a66c6923b610375e5ff8cc3f529b60

SHA512
80d4119f9a789fd5d6f2d9579d9f7b26000188325cae50396609d046ccf95b210b1e2de5304bb5d7e22935f92108790cb59f429fc7f0ee8f35c61dcd86bccf17

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un777697.exe

Filesize
609KB

MD5
d158984b20e8575b87ebe750b30a5c8a

SHA1
ec2a0874e2e5426e679d03c6169fab4e501a785e

SHA256
0f6898c696118581004e6cdf90a223ef50a66c6923b610375e5ff8cc3f529b60

SHA512
80d4119f9a789fd5d6f2d9579d9f7b26000188325cae50396609d046ccf95b210b1e2de5304bb5d7e22935f92108790cb59f429fc7f0ee8f35c61dcd86bccf17

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr883946.exe

Filesize
403KB

MD5
26dcde02cfe6e97812df69d3cc7a4204

SHA1
9ff9b03aa577e4181dfce4b73e1b288385d6dffd

SHA256
dad3d9766bfa4df49426f13440eeca4d63667d6ae441081c012ff91676d04af2

SHA512
c25ef5bfe97f7df6b1d886980d6394a2435abc4061e73ee8f02a35b1f9a3e24c7e8035f8322964de5f8f238b52c2258ebc7e82d9c7e209ff6d8240a98d62e310

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr883946.exe

Filesize
403KB

MD5
26dcde02cfe6e97812df69d3cc7a4204

SHA1
9ff9b03aa577e4181dfce4b73e1b288385d6dffd

SHA256
dad3d9766bfa4df49426f13440eeca4d63667d6ae441081c012ff91676d04af2

SHA512
c25ef5bfe97f7df6b1d886980d6394a2435abc4061e73ee8f02a35b1f9a3e24c7e8035f8322964de5f8f238b52c2258ebc7e82d9c7e209ff6d8240a98d62e310

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu914349.exe

Filesize
485KB

MD5
0f8dddec069c8c2dc6b434822463df83

SHA1
220c2cfbfce3007412b82c09da3740c1e560a245

SHA256
3058e2754cd146742418e2dd01d05225ef82fd5a144c3d8a5d738ca85972b6f3

SHA512
2d5bca82427febae6af756946eb5a251f3a9b4b5c9239f28406ac3fb19cad2d65931bcda18584b70ac0becabff59a3127db76b44699ae24d17098c5bead535d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu914349.exe

Filesize
485KB

MD5
0f8dddec069c8c2dc6b434822463df83

SHA1
220c2cfbfce3007412b82c09da3740c1e560a245

SHA256
3058e2754cd146742418e2dd01d05225ef82fd5a144c3d8a5d738ca85972b6f3

SHA512
2d5bca82427febae6af756946eb5a251f3a9b4b5c9239f28406ac3fb19cad2d65931bcda18584b70ac0becabff59a3127db76b44699ae24d17098c5bead535d0

Download Submit
memory/1916-984-0x0000000007E90000-0x0000000007F9A000-memory.dmp

Filesize
1.0MB

Download
memory/1916-986-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1916-995-0x0000000002790000-0x00000000027E0000-memory.dmp

Filesize
320KB

Download
memory/1916-993-0x0000000008E90000-0x00000000093BC000-memory.dmp

Filesize
5.2MB

Download
memory/1916-992-0x0000000008CC0000-0x0000000008E82000-memory.dmp

Filesize
1.8MB

Download
memory/1916-991-0x0000000008BE0000-0x0000000008BFE000-memory.dmp

Filesize
120KB

Download
memory/1916-990-0x0000000008B20000-0x0000000008B96000-memory.dmp

Filesize
472KB

Download
memory/1916-989-0x0000000008980000-0x0000000008A12000-memory.dmp

Filesize
584KB

Download
memory/1916-988-0x00000000082C0000-0x0000000008326000-memory.dmp

Filesize
408KB

Download
memory/1916-987-0x0000000008130000-0x000000000817B000-memory.dmp

Filesize
300KB

Download
memory/1916-985-0x0000000007FB0000-0x0000000007FEE000-memory.dmp

Filesize
248KB

Download
memory/1916-983-0x0000000007E60000-0x0000000007E72000-memory.dmp

Filesize
72KB

Download
memory/1916-982-0x00000000077C0000-0x0000000007DC6000-memory.dmp

Filesize
6.0MB

Download
memory/1916-223-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-221-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-219-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-217-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-215-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-213-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-184-0x0000000002500000-0x000000000253C000-memory.dmp

Filesize
240KB

Download
memory/1916-185-0x00000000052C0000-0x00000000052FA000-memory.dmp

Filesize
232KB

Download
memory/1916-186-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-189-0x0000000000900000-0x0000000000946000-memory.dmp

Filesize
280KB

Download
memory/1916-187-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-190-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1916-191-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-194-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1916-192-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1916-195-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-197-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-199-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-201-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-203-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-205-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-207-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-209-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/1916-211-0x00000000052C0000-0x00000000052F5000-memory.dmp

Filesize
212KB

Download
memory/3364-1009-0x0000000000810000-0x0000000000845000-memory.dmp

Filesize
212KB

Download
memory/4044-1001-0x0000000000C70000-0x0000000000C98000-memory.dmp

Filesize
160KB

Download
memory/4044-1003-0x0000000007D10000-0x0000000007D20000-memory.dmp

Filesize
64KB

Download
memory/4044-1002-0x00000000079F0000-0x0000000007A3B000-memory.dmp

Filesize
300KB

Download
memory/4544-164-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-158-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-172-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-170-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-147-0x0000000004D40000-0x000000000523E000-memory.dmp

Filesize
5.0MB

Download
memory/4544-168-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-150-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-166-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-148-0x0000000005240000-0x0000000005258000-memory.dmp

Filesize
96KB

Download
memory/4544-162-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-160-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-174-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-156-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-154-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-152-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-146-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/4544-145-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/4544-176-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/4544-177-0x0000000000400000-0x000000000080A000-memory.dmp

Filesize
4.0MB

Download
memory/4544-179-0x0000000000400000-0x000000000080A000-memory.dmp

Filesize
4.0MB

Download
memory/4544-144-0x0000000002680000-0x000000000269A000-memory.dmp

Filesize
104KB

Download
memory/4544-143-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/4544-149-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download