a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc

Analysis

max time kernel
146s
max time network
104s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22/04/2023, 07:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe
Size

965KB
MD5

414b0b8c7e6a23c76a9547224e9e8115
SHA1

be26eaca6c77f2830d68732c88297decc5cd59a9
SHA256

a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc
SHA512

9cf7a617fb7842d42daef5e53201faa17755a618a6e55c03550a7214956ab14559e80a7b9f31d56c3548cc511c37da119369f3cdda400fcdefc779f9b523dad6
SSDEEP

24576:6yScIkBD2JW+NN9HHpcV5C0rdicgOPdCKmyS5tF2:B9fd2Jdh4VFgOP4+c

Score

10^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	pr165891.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	pr165891.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	pr165891.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	pr165891.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	pr165891.exe

Executes dropped EXE 6 IoCs

pid	Process
4120	un619623.exe
3468	un044583.exe
4928	pr165891.exe
2980	qu437511.exe
3796	rk778506.exe
320	si687386.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	pr165891.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	pr165891.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	un044583.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un619623.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un619623.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un044583.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2872	320	WerFault.exe	72
3088	320	WerFault.exe	72
4072	320	WerFault.exe	72
2852	320	WerFault.exe	72
4928	320	WerFault.exe	72
2908	320	WerFault.exe	72
1304	320	WerFault.exe	72

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4928	pr165891.exe
4928	pr165891.exe
2980	qu437511.exe
2980	qu437511.exe
3796	rk778506.exe
3796	rk778506.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4928	pr165891.exe
Token: SeDebugPrivilege	2980	qu437511.exe
Token: SeDebugPrivilege	3796	rk778506.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4120	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	66
PID 3432 wrote to memory of 4120	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	66
PID 3432 wrote to memory of 4120	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	66
PID 4120 wrote to memory of 3468	4120	un619623.exe	67
PID 4120 wrote to memory of 3468	4120	un619623.exe	67
PID 4120 wrote to memory of 3468	4120	un619623.exe	67
PID 3468 wrote to memory of 4928	3468	un044583.exe	68
PID 3468 wrote to memory of 4928	3468	un044583.exe	68
PID 3468 wrote to memory of 4928	3468	un044583.exe	68
PID 3468 wrote to memory of 2980	3468	un044583.exe	69
PID 3468 wrote to memory of 2980	3468	un044583.exe	69
PID 3468 wrote to memory of 2980	3468	un044583.exe	69
PID 4120 wrote to memory of 3796	4120	un619623.exe	71
PID 4120 wrote to memory of 3796	4120	un619623.exe	71
PID 4120 wrote to memory of 3796	4120	un619623.exe	71
PID 3432 wrote to memory of 320	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	72
PID 3432 wrote to memory of 320	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	72
PID 3432 wrote to memory of 320	3432	a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe	72

C:\Users\Admin\AppData\Local\Temp\a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe
"C:\Users\Admin\AppData\Local\Temp\a6a2643bfbbf600b0a9b45e7a842b8618a7b0e41bf282103352012fde302c1dc.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un619623.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un619623.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un044583.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un044583.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr165891.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr165891.exe
      4⤵
      Modifies Windows Defender Real-time Protection settings
      Executes dropped EXE
      Windows security modification
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu437511.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu437511.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2980
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk778506.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk778506.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3796
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si687386.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si687386.exe
  2⤵
  - Executes dropped EXE
  PID:320
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 616
    3⤵
    - Program crash
    PID:2872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 696
    3⤵
    - Program crash
    PID:3088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 768
    3⤵
    - Program crash
    PID:4072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 884
    3⤵
    - Program crash
    PID:2852
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 848
    3⤵
    - Program crash
    PID:4928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 928
    3⤵
    - Program crash
    PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 1080
    3⤵
    - Program crash
    PID:1304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si687386.exe

Filesize
278KB

MD5
0f3d2771db3964b763efb6e16404d193

SHA1
1ada9a325d518cf867d2a4cdcd86b75d722efe32

SHA256
91465a34b013df154171ff8bf5572c8045b38854a36684d947fbb94d0b4b8ad2

SHA512
78498a2c775af0d4a249a16967ddc3d7ec5eb03febb0c51ef550556aeeedec5741d3eac837e858e4590adab100d8c69b71b608ff70ef998baf99ac923617114c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si687386.exe

Filesize
278KB

MD5
0f3d2771db3964b763efb6e16404d193

SHA1
1ada9a325d518cf867d2a4cdcd86b75d722efe32

SHA256
91465a34b013df154171ff8bf5572c8045b38854a36684d947fbb94d0b4b8ad2

SHA512
78498a2c775af0d4a249a16967ddc3d7ec5eb03febb0c51ef550556aeeedec5741d3eac837e858e4590adab100d8c69b71b608ff70ef998baf99ac923617114c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un619623.exe

Filesize
706KB

MD5
0d9b51e140ac7e29dfa792fcd69836f1

SHA1
c7a3bfe5d6733129acad0dcd3befea32bc0557fb

SHA256
7fdf0bc7d9c1ae711dc76eff6c24b3e1edb2d09442e9f135088f2cfe3f777577

SHA512
2535d43aff5a0c9df4bf437c315285ee986037a0fa5ac372b2ab8150fd4a3252613f574956f4374828607559ab14c6450f4999bac266d153ee403a60656f22a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un619623.exe

Filesize
706KB

MD5
0d9b51e140ac7e29dfa792fcd69836f1

SHA1
c7a3bfe5d6733129acad0dcd3befea32bc0557fb

SHA256
7fdf0bc7d9c1ae711dc76eff6c24b3e1edb2d09442e9f135088f2cfe3f777577

SHA512
2535d43aff5a0c9df4bf437c315285ee986037a0fa5ac372b2ab8150fd4a3252613f574956f4374828607559ab14c6450f4999bac266d153ee403a60656f22a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk778506.exe

Filesize
136KB

MD5
9c75a048f066d01b19ed80dc6e7a7101

SHA1
7d37c8ef50e8b83fcdd44032fb082f226ab3d8c3

SHA256
c816d0c862e5001569f4454d0a12c7ee85a7d5afbf3abd896546bba1816d1625

SHA512
b70e03a3fcfd29276b36d42ae1b2fedda5de020f0279d798f9fbd1d7f4ac1f10e60cf623e173a55dc42f87d99a83fe9a8db8f6b02a349257d8a2665f84f99e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk778506.exe

Filesize
136KB

MD5
9c75a048f066d01b19ed80dc6e7a7101

SHA1
7d37c8ef50e8b83fcdd44032fb082f226ab3d8c3

SHA256
c816d0c862e5001569f4454d0a12c7ee85a7d5afbf3abd896546bba1816d1625

SHA512
b70e03a3fcfd29276b36d42ae1b2fedda5de020f0279d798f9fbd1d7f4ac1f10e60cf623e173a55dc42f87d99a83fe9a8db8f6b02a349257d8a2665f84f99e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un044583.exe

Filesize
552KB

MD5
555ced4322a7bb04d17c525c638f655f

SHA1
7c803323a3a794c728f70536cbd116d5bdaba091

SHA256
e5179a9b12dd7371287425b09fbafe24c3771ff95afe45a087ff7a5648928846

SHA512
d89066106638a9c768bfec70cd9e5eef44647833a8e69ab1997ca7a9cfde55ac8a46080a10761327b162d32f87cb420eb0165ca4285a8cedbf2f2a1ae7035231

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un044583.exe

Filesize
552KB

MD5
555ced4322a7bb04d17c525c638f655f

SHA1
7c803323a3a794c728f70536cbd116d5bdaba091

SHA256
e5179a9b12dd7371287425b09fbafe24c3771ff95afe45a087ff7a5648928846

SHA512
d89066106638a9c768bfec70cd9e5eef44647833a8e69ab1997ca7a9cfde55ac8a46080a10761327b162d32f87cb420eb0165ca4285a8cedbf2f2a1ae7035231

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr165891.exe

Filesize
299KB

MD5
d15afebffbbdecab3234290048dcf7cb

SHA1
f1d8e96b06bac1e9db1b7c2268e9e1736c1737ea

SHA256
79279f2f24b72eeb464a2e42f680fd5c9fe07a025520a40e56f2d90b1da47e26

SHA512
5138d35ee349236ac09e75abea4373ed1878c19d05e974bdb3dbc08aacfed9ad8d4c51234d70aa2a880659ac42d077b4b9703c414effa82dbd69f63ce5d34bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr165891.exe

Filesize
299KB

MD5
d15afebffbbdecab3234290048dcf7cb

SHA1
f1d8e96b06bac1e9db1b7c2268e9e1736c1737ea

SHA256
79279f2f24b72eeb464a2e42f680fd5c9fe07a025520a40e56f2d90b1da47e26

SHA512
5138d35ee349236ac09e75abea4373ed1878c19d05e974bdb3dbc08aacfed9ad8d4c51234d70aa2a880659ac42d077b4b9703c414effa82dbd69f63ce5d34bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu437511.exe

Filesize
382KB

MD5
0e5ac149dcd84fba63422a16ac34a953

SHA1
b47324a0e94fa1fe98c8bf551d92a98e9d4622a0

SHA256
7b033fc4dd77301db942e8d5ab71019aa4ad33317710fbc4934c9c27d0ff9280

SHA512
6de14547487685aef13fc45f0887685332027d94b92818eb810c5de3aa58c840da9c98c38538d9d4854eeae32806b66e94b434d497dc320e6105206c82e1bedd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu437511.exe

Filesize
382KB

MD5
0e5ac149dcd84fba63422a16ac34a953

SHA1
b47324a0e94fa1fe98c8bf551d92a98e9d4622a0

SHA256
7b033fc4dd77301db942e8d5ab71019aa4ad33317710fbc4934c9c27d0ff9280

SHA512
6de14547487685aef13fc45f0887685332027d94b92818eb810c5de3aa58c840da9c98c38538d9d4854eeae32806b66e94b434d497dc320e6105206c82e1bedd

Download Submit
memory/320-1011-0x0000000002BB0000-0x0000000002BE5000-memory.dmp

Filesize
212KB

Download
memory/2980-984-0x0000000009CF0000-0x000000000A2F6000-memory.dmp

Filesize
6.0MB

Download
memory/2980-989-0x000000000A410000-0x000000000A45B000-memory.dmp

Filesize
300KB

Download
memory/2980-997-0x0000000004B70000-0x0000000004BC0000-memory.dmp

Filesize
320KB

Download
memory/2980-996-0x000000000B6F0000-0x000000000B70E000-memory.dmp

Filesize
120KB

Download
memory/2980-995-0x000000000B090000-0x000000000B5BC000-memory.dmp

Filesize
5.2MB

Download
memory/2980-994-0x000000000AEB0000-0x000000000B072000-memory.dmp

Filesize
1.8MB

Download
memory/2980-993-0x000000000ADF0000-0x000000000AE66000-memory.dmp

Filesize
472KB

Download
memory/2980-991-0x000000000AD20000-0x000000000ADB2000-memory.dmp

Filesize
584KB

Download
memory/2980-990-0x000000000A670000-0x000000000A6D6000-memory.dmp

Filesize
408KB

Download
memory/2980-988-0x0000000007360000-0x0000000007370000-memory.dmp

Filesize
64KB

Download
memory/2980-987-0x00000000072B0000-0x00000000072EE000-memory.dmp

Filesize
248KB

Download
memory/2980-986-0x000000000A300000-0x000000000A40A000-memory.dmp

Filesize
1.0MB

Download
memory/2980-985-0x0000000007280000-0x0000000007292000-memory.dmp

Filesize
72KB

Download
memory/2980-225-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-223-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-221-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-219-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-217-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-215-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-213-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-186-0x0000000004880000-0x00000000048BC000-memory.dmp

Filesize
240KB

Download
memory/2980-187-0x0000000004C00000-0x0000000004C3A000-memory.dmp

Filesize
232KB

Download
memory/2980-188-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-189-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-191-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-193-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-195-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-197-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-200-0x0000000002CA0000-0x0000000002CE6000-memory.dmp

Filesize
280KB

Download
memory/2980-199-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-202-0x0000000007360000-0x0000000007370000-memory.dmp

Filesize
64KB

Download
memory/2980-203-0x0000000007360000-0x0000000007370000-memory.dmp

Filesize
64KB

Download
memory/2980-207-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-204-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-206-0x0000000007360000-0x0000000007370000-memory.dmp

Filesize
64KB

Download
memory/2980-209-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/2980-211-0x0000000004C00000-0x0000000004C35000-memory.dmp

Filesize
212KB

Download
memory/3796-1003-0x0000000000010000-0x0000000000038000-memory.dmp

Filesize
160KB

Download
memory/3796-1005-0x0000000006E10000-0x0000000006E20000-memory.dmp

Filesize
64KB

Download
memory/3796-1004-0x0000000006D90000-0x0000000006DDB000-memory.dmp

Filesize
300KB

Download
memory/4928-163-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-159-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-177-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-175-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-148-0x0000000007140000-0x0000000007150000-memory.dmp

Filesize
64KB

Download
memory/4928-173-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-171-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-169-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-167-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-151-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-165-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-149-0x0000000007140000-0x0000000007150000-memory.dmp

Filesize
64KB

Download
memory/4928-161-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-178-0x0000000000400000-0x0000000002BB5000-memory.dmp

Filesize
39.7MB

Download
memory/4928-157-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-155-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-153-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-147-0x0000000007140000-0x0000000007150000-memory.dmp

Filesize
64KB

Download
memory/4928-146-0x00000000070F0000-0x0000000007108000-memory.dmp

Filesize
96KB

Download
memory/4928-179-0x0000000007140000-0x0000000007150000-memory.dmp

Filesize
64KB

Download
memory/4928-181-0x0000000000400000-0x0000000002BB5000-memory.dmp

Filesize
39.7MB

Download
memory/4928-150-0x00000000070F0000-0x0000000007102000-memory.dmp

Filesize
72KB

Download
memory/4928-145-0x0000000007150000-0x000000000764E000-memory.dmp

Filesize
5.0MB

Download
memory/4928-144-0x0000000004750000-0x000000000476A000-memory.dmp

Filesize
104KB

Download
memory/4928-143-0x00000000001D0000-0x00000000001FD000-memory.dmp

Filesize
180KB

Download