e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e

Analysis

max time kernel
144s
max time network
147s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22/04/2023, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe
Size

965KB
MD5

b452e476191695c240d3dd1dffbdc331
SHA1

089b7d590f9a9d2b1ec71b4ba703f4c3242ce377
SHA256

e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e
SHA512

02d7b4d8efe2f24fb7f781899d6e71671951ced009649625294c46b24c5e5742871b0af36159682c0e58ac88d20e3e131d50f52ddd02aee5477b3a1dec23846d
SSDEEP

24576:YysGmcD7W0EHh/ZDD+t3sbSUchCFX++wwr:fsbcD7tEB/Zg3wSUBFu+w

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pr769834.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pr769834.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pr769834.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pr769834.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pr769834.exe

Executes dropped EXE 6 IoCs

pid	Process
3620	un675665.exe
3564	un887109.exe
2984	pr769834.exe
4960	qu611288.exe
4904	rk209050.exe
2680	si584551.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pr769834.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pr769834.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un675665.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un675665.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un887109.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	un887109.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4956	2680	WerFault.exe	72
1100	2680	WerFault.exe	72
4220	2680	WerFault.exe	72
4276	2680	WerFault.exe	72
3080	2680	WerFault.exe	72
4992	2680	WerFault.exe	72
4028	2680	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2984	pr769834.exe
2984	pr769834.exe
4960	qu611288.exe
4960	qu611288.exe
4904	rk209050.exe
4904	rk209050.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2984	pr769834.exe
Token: SeDebugPrivilege	4960	qu611288.exe
Token: SeDebugPrivilege	4904	rk209050.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 3620	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	66
PID 3452 wrote to memory of 3620	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	66
PID 3452 wrote to memory of 3620	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	66
PID 3620 wrote to memory of 3564	3620	un675665.exe	67
PID 3620 wrote to memory of 3564	3620	un675665.exe	67
PID 3620 wrote to memory of 3564	3620	un675665.exe	67
PID 3564 wrote to memory of 2984	3564	un887109.exe	68
PID 3564 wrote to memory of 2984	3564	un887109.exe	68
PID 3564 wrote to memory of 2984	3564	un887109.exe	68
PID 3564 wrote to memory of 4960	3564	un887109.exe	69
PID 3564 wrote to memory of 4960	3564	un887109.exe	69
PID 3564 wrote to memory of 4960	3564	un887109.exe	69
PID 3620 wrote to memory of 4904	3620	un675665.exe	71
PID 3620 wrote to memory of 4904	3620	un675665.exe	71
PID 3620 wrote to memory of 4904	3620	un675665.exe	71
PID 3452 wrote to memory of 2680	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	72
PID 3452 wrote to memory of 2680	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	72
PID 3452 wrote to memory of 2680	3452	e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe	72

C:\Users\Admin\AppData\Local\Temp\e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe
"C:\Users\Admin\AppData\Local\Temp\e6faf01992aea1470a6d90c7446f1624b74cc5a1840ab54da91953d06cc2780e.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un675665.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un675665.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3620
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un887109.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un887109.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr769834.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr769834.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu611288.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu611288.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4960
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk209050.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk209050.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4904
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si584551.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si584551.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 616
    3⤵
    - Program crash
    PID:4956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 696
    3⤵
    - Program crash
    PID:1100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 836
    3⤵
    - Program crash
    PID:4220
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 848
    3⤵
    - Program crash
    PID:4276
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 872
    3⤵
    - Program crash
    PID:3080
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 892
    3⤵
    - Program crash
    PID:4992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 1080
    3⤵
    - Program crash
    PID:4028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si584551.exe

Filesize
277KB

MD5
b575bb5a62a62ef0e42269da84b46f5a

SHA1
3679064685ab28bb6ff0a9276c353a2f71925e0f

SHA256
40d50cfa52b338751eb9e1c025fe62778350eee30daa3b005cbccf2c48dfce4e

SHA512
676a5cfdf713f174c60623fa2eb3eb0b35298cc62ee27ce5d346635b3173e34edde7de075def9a8c35fff9d56837f268b28201ac2d963bdb975cc29df6fbac5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si584551.exe

Filesize
277KB

MD5
b575bb5a62a62ef0e42269da84b46f5a

SHA1
3679064685ab28bb6ff0a9276c353a2f71925e0f

SHA256
40d50cfa52b338751eb9e1c025fe62778350eee30daa3b005cbccf2c48dfce4e

SHA512
676a5cfdf713f174c60623fa2eb3eb0b35298cc62ee27ce5d346635b3173e34edde7de075def9a8c35fff9d56837f268b28201ac2d963bdb975cc29df6fbac5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un675665.exe

Filesize
706KB

MD5
314f16b23f2589de432816331328e0ac

SHA1
655e8bba9cbca622bfa6e88348a5d1e190e8aaa4

SHA256
6939840dc07619fc3208a9bfa29ac45edc037283742c95741ccfdd663844cebb

SHA512
c3d6c74ffc0aee423bc451b100d08e0da6fb094036ac8868483346e08199998b26697acf7d528d5fd2c607de269f1954cc56accd7d793a96bf167ab2dc51383c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un675665.exe

Filesize
706KB

MD5
314f16b23f2589de432816331328e0ac

SHA1
655e8bba9cbca622bfa6e88348a5d1e190e8aaa4

SHA256
6939840dc07619fc3208a9bfa29ac45edc037283742c95741ccfdd663844cebb

SHA512
c3d6c74ffc0aee423bc451b100d08e0da6fb094036ac8868483346e08199998b26697acf7d528d5fd2c607de269f1954cc56accd7d793a96bf167ab2dc51383c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk209050.exe

Filesize
136KB

MD5
9c75a048f066d01b19ed80dc6e7a7101

SHA1
7d37c8ef50e8b83fcdd44032fb082f226ab3d8c3

SHA256
c816d0c862e5001569f4454d0a12c7ee85a7d5afbf3abd896546bba1816d1625

SHA512
b70e03a3fcfd29276b36d42ae1b2fedda5de020f0279d798f9fbd1d7f4ac1f10e60cf623e173a55dc42f87d99a83fe9a8db8f6b02a349257d8a2665f84f99e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk209050.exe

Filesize
136KB

MD5
9c75a048f066d01b19ed80dc6e7a7101

SHA1
7d37c8ef50e8b83fcdd44032fb082f226ab3d8c3

SHA256
c816d0c862e5001569f4454d0a12c7ee85a7d5afbf3abd896546bba1816d1625

SHA512
b70e03a3fcfd29276b36d42ae1b2fedda5de020f0279d798f9fbd1d7f4ac1f10e60cf623e173a55dc42f87d99a83fe9a8db8f6b02a349257d8a2665f84f99e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un887109.exe

Filesize
552KB

MD5
bc8bd6a5a4fc585f09e4d25955a31b56

SHA1
d257a6d093aca77b9c183ca7b2fa045b101f1eec

SHA256
c4bece139f96b6dd91b49497610d73d97f672f47a75abf989bcf31d4e5de9346

SHA512
1ec659f72d1841a155e6f64254563a66d5a3d0c6b533ba0f79ade3607572456e1560f7f9897ef3c8ce05809b0888eebe9f446fb708ac6c8aad4cf74f2ff8a6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un887109.exe

Filesize
552KB

MD5
bc8bd6a5a4fc585f09e4d25955a31b56

SHA1
d257a6d093aca77b9c183ca7b2fa045b101f1eec

SHA256
c4bece139f96b6dd91b49497610d73d97f672f47a75abf989bcf31d4e5de9346

SHA512
1ec659f72d1841a155e6f64254563a66d5a3d0c6b533ba0f79ade3607572456e1560f7f9897ef3c8ce05809b0888eebe9f446fb708ac6c8aad4cf74f2ff8a6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr769834.exe

Filesize
299KB

MD5
6a351c8df3d8734cce1b96fcc2d871e3

SHA1
bf5f1b981c5ec3378c9859c20cf02d93e6a20c8f

SHA256
29794c297bf2b167b6041e90f928a5b68b3b1423cbfcf0f685a0b9e8862de686

SHA512
ebf1c9892898e2c96bd9bd84b8ed2c84f42742ed597a74669f8d20d6c9b73b698d04b885674bffbc7142092ff8dbc36664b810b655567c6baf3c53c9e1546c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr769834.exe

Filesize
299KB

MD5
6a351c8df3d8734cce1b96fcc2d871e3

SHA1
bf5f1b981c5ec3378c9859c20cf02d93e6a20c8f

SHA256
29794c297bf2b167b6041e90f928a5b68b3b1423cbfcf0f685a0b9e8862de686

SHA512
ebf1c9892898e2c96bd9bd84b8ed2c84f42742ed597a74669f8d20d6c9b73b698d04b885674bffbc7142092ff8dbc36664b810b655567c6baf3c53c9e1546c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu611288.exe

Filesize
381KB

MD5
0286f9199f5c5e54d4ad9a055c215a15

SHA1
91a6df9cb9d7a7b1fb7684bcfc26ee6e43dc8d37

SHA256
ea20018ab8f32dc9a09f7b90f9ef942f6ed4f1c83f704fbadf0d3bf9793d43fb

SHA512
d000202cc7fa938a42bc5fda45a3aabff1526f18f708dbe60d456c1604b8260e56dce15ef646e1ad2e4f5400638384600e98f78cc1a66a82563519586cd89ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu611288.exe

Filesize
381KB

MD5
0286f9199f5c5e54d4ad9a055c215a15

SHA1
91a6df9cb9d7a7b1fb7684bcfc26ee6e43dc8d37

SHA256
ea20018ab8f32dc9a09f7b90f9ef942f6ed4f1c83f704fbadf0d3bf9793d43fb

SHA512
d000202cc7fa938a42bc5fda45a3aabff1526f18f708dbe60d456c1604b8260e56dce15ef646e1ad2e4f5400638384600e98f78cc1a66a82563519586cd89ad6

Download Submit
memory/2680-1011-0x0000000002C80000-0x0000000002CB5000-memory.dmp

Filesize
212KB

Download
memory/2984-158-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-178-0x0000000000400000-0x0000000002BB4000-memory.dmp

Filesize
39.7MB

Download
memory/2984-148-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-150-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-152-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-154-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-156-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-143-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download
memory/2984-160-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-162-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-164-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-166-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-168-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-170-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-172-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-174-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-175-0x00000000046C0000-0x00000000046D0000-memory.dmp

Filesize
64KB

Download
memory/2984-176-0x00000000046C0000-0x00000000046D0000-memory.dmp

Filesize
64KB

Download
memory/2984-177-0x00000000046C0000-0x00000000046D0000-memory.dmp

Filesize
64KB

Download
memory/2984-147-0x0000000004C70000-0x0000000004C82000-memory.dmp

Filesize
72KB

Download
memory/2984-180-0x00000000046C0000-0x00000000046D0000-memory.dmp

Filesize
64KB

Download
memory/2984-181-0x0000000000400000-0x0000000002BB4000-memory.dmp

Filesize
39.7MB

Download
memory/2984-144-0x00000000046A0000-0x00000000046BA000-memory.dmp

Filesize
104KB

Download
memory/2984-146-0x0000000004C70000-0x0000000004C88000-memory.dmp

Filesize
96KB

Download
memory/2984-145-0x00000000070F0000-0x00000000075EE000-memory.dmp

Filesize
5.0MB

Download
memory/4904-1003-0x0000000000A50000-0x0000000000A78000-memory.dmp

Filesize
160KB

Download
memory/4904-1004-0x00000000077D0000-0x000000000781B000-memory.dmp

Filesize
300KB

Download
memory/4904-1005-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

Filesize
64KB

Download
memory/4960-188-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-196-0x0000000002BD0000-0x0000000002C16000-memory.dmp

Filesize
280KB

Download
memory/4960-197-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4960-199-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4960-200-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-201-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4960-195-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-203-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-205-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-207-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-209-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-211-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-213-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-215-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-217-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-219-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-221-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-223-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-225-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-984-0x0000000009B70000-0x000000000A176000-memory.dmp

Filesize
6.0MB

Download
memory/4960-985-0x000000000A210000-0x000000000A222000-memory.dmp

Filesize
72KB

Download
memory/4960-986-0x000000000A240000-0x000000000A34A000-memory.dmp

Filesize
1.0MB

Download
memory/4960-987-0x000000000A360000-0x000000000A39E000-memory.dmp

Filesize
248KB

Download
memory/4960-988-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/4960-989-0x000000000A4E0000-0x000000000A52B000-memory.dmp

Filesize
300KB

Download
memory/4960-990-0x000000000A670000-0x000000000A6D6000-memory.dmp

Filesize
408KB

Download
memory/4960-991-0x000000000AD20000-0x000000000ADB2000-memory.dmp

Filesize
584KB

Download
memory/4960-992-0x000000000ADD0000-0x000000000AE46000-memory.dmp

Filesize
472KB

Download
memory/4960-994-0x000000000AE80000-0x000000000AE9E000-memory.dmp

Filesize
120KB

Download
memory/4960-193-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-191-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-189-0x0000000007640000-0x0000000007675000-memory.dmp

Filesize
212KB

Download
memory/4960-187-0x0000000007640000-0x000000000767A000-memory.dmp

Filesize
232KB

Download
memory/4960-186-0x00000000070A0000-0x00000000070DC000-memory.dmp

Filesize
240KB

Download
memory/4960-995-0x000000000AF60000-0x000000000B122000-memory.dmp

Filesize
1.8MB

Download
memory/4960-996-0x000000000B130000-0x000000000B65C000-memory.dmp

Filesize
5.2MB

Download
memory/4960-997-0x0000000006BE0000-0x0000000006C30000-memory.dmp

Filesize
320KB

Download