bitrat | 29ed1b4d59d13877c2543bcbf8fed3d360d39ec14e5b785a4fdf749c646a1fe1

Analysis

max time kernel
155s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Email Extractor 7.2.3.1_ cracked.exe
Size

141.5MB
MD5

987173e25c40794526c0209220e45c0b
SHA1

0671fd2d1262c186536beeed5900b777e04814ac
SHA256

0be090ccf16640b5a2aa4a7333dd10b68198fac8cc9e584b68055482cfe59719
SHA512

cbd2917f25c4a69724c52e6fb7443cf9ce7003c32cafa016e3f0043f7e102ec09144ed9ec1650290def3f64e0cb863e90592fc7241b19291a3c66062785d38ec
SSDEEP

3145728:YVOeRb7DSPN06pi+E0eza3QCUQP3drqOaCKvv3iwlOSrCZq9czaMe:YVOeVA06pszaDb/drqOaCKvv3iwsgCkL

Score

10^/10

bitrat persistence trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

rproxy.wefriendsright.xyz:8092

Attributes

communication_password
1e211f38968f4e2faae85d9096210761
install_dir
ms
install_file
dwm.exe
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Email Extractor 7.2.3.1_ cracked.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	Email Extractor 7.2.3.1_ cracked.exe

Executes dropped EXE 2 IoCs

Processes:

Program.exescvhost.exe

pid process

816 Program.exe
3136 scvhost.exe
Loads dropped DLL 1 IoCs

Processes:

Program.exe

pid process

816 Program.exe

pid	process
816	Program.exe
3136	scvhost.exe

pid	process
816	Program.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\scvhost.exe	upx
C:\Users\Admin\AppData\Local\Temp\scvhost.exe	upx
C:\Users\Admin\AppData\Local\Temp\scvhost.exe	upx
behavioral2/memory/3136-635-0x0000000000400000-0x00000000007E4000-memory.dmp	upx
behavioral2/memory/3136-695-0x0000000000400000-0x00000000007E4000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

scvhost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwm = "C:\\Users\\Admin\\AppData\\Local\\ms\\dwm.exe먀"	scvhost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwm = "C:\\Users\\Admin\\AppData\\Local\\ms\\dwm.exe"	scvhost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

Processes:

scvhost.exe

pid process

3136 scvhost.exe
3136 scvhost.exe
3136 scvhost.exe
3136 scvhost.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

scvhost.exeProgram.exe

description pid process

Token: SeShutdownPrivilege 3136 scvhost.exe
Token: SeDebugPrivilege 816 Program.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

scvhost.exe

pid process

3136 scvhost.exe
3136 scvhost.exe

pid	process
3136	scvhost.exe
3136	scvhost.exe
3136	scvhost.exe
3136	scvhost.exe

description	pid	process
Token: SeShutdownPrivilege	3136	scvhost.exe
Token: SeDebugPrivilege	816	Program.exe

pid	process
3136	scvhost.exe
3136	scvhost.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

Email Extractor 7.2.3.1_ cracked.exe

description	pid	process	target process
PID 1364 wrote to memory of 816	1364	Email Extractor 7.2.3.1_ cracked.exe	Program.exe
PID 1364 wrote to memory of 816	1364	Email Extractor 7.2.3.1_ cracked.exe	Program.exe
PID 1364 wrote to memory of 3136	1364	Email Extractor 7.2.3.1_ cracked.exe	scvhost.exe
PID 1364 wrote to memory of 3136	1364	Email Extractor 7.2.3.1_ cracked.exe	scvhost.exe
PID 1364 wrote to memory of 3136	1364	Email Extractor 7.2.3.1_ cracked.exe	scvhost.exe

C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1_ cracked.exe
"C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1_ cracked.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1364

C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe
"C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:816

C:\Users\Admin\AppData\Local\Temp\scvhost.exe
"C:\Users\Admin\AppData\Local\Temp\scvhost.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\DevExpress.Data.v15.2.dll

Filesize
5.0MB

MD5
44ad444d9dfd38b48ffb6c9414292a8c

SHA1
dd5ccf467e7a41cf341b9795460293fe61e357d4

SHA256
dac6396ef1591e4d06fe03c0acd07925d7348d4d3c07ab290cabadbed2925f9c

SHA512
09af41b01055c8c8b1c959158df3f91d2c010a61a5a3223b2344469f18c358b68f09be32beaef2eb9024d26a388e0cccfbe2bde79406f101f4430219665c8941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\DevExpress.Utils.v15.2.dll

Filesize
8.0MB

MD5
0306dbc7d0ee1d0c36c9c6f33245858e

SHA1
5edcd2fe1a6a94f6e774bc13bb257302a96f561a

SHA256
3d68d545adf69366ae06b23b098b021db155582b43b97b3af24bb3d0e1fc0daf

SHA512
3640d73e05ed573a7c8fefb80cea0800c002f1716576fcbba8ca75a7822db2ebae752fb2698770cf80026714cee4346fbd21ca2eca5912fe1ebb9dda268cf2d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\DevExpress.XtraBars.v15.2.dll

Filesize
5.3MB

MD5
2628d0c734e0cb265c539098b4e81e80

SHA1
98cea86ec02418dc4abe027633d4ff3762f143cf

SHA256
494897b52256e5cbbc919c109d26e52e67900a6035827a66bd0a6b7ab5cb52ae

SHA512
ece57ed7099c46aefe80d1b7f1188cc55cebaee36e821af0de715bbb907fe7cd47173d066bd3b0213774e19b1fbe248de8ab616df461cc364692daee912b79d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\DevExpress.XtraEditors.v15.2.dll

Filesize
4.6MB

MD5
5feaeea68748ac64eb889246faf7343e

SHA1
f350f7bff49faf1de789383ea88f43571e1638c0

SHA256
e78e0dcdc4f8551f4958b30a96999ea4a97b62db593a1dd7d63f6b0a42281db8

SHA512
d4b9175f5c2e42844ec5e073d7aa186144987873619547684353db1ee76ef6df3023a0a1a4031b29e850f0f34755d2c7974adb3e1bf59db50f00f494d22b5dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Microsoft.AppCenter.Analytics.dll

Filesize
21KB

MD5
53636029897a679f66a572d270eabee7

SHA1
a6efdd281774b346912040d353821c63e2a563bb

SHA256
0f8b2365e3990ddbb214b6d54e7ac95ef6f7e03c93dc29fa1105eb696e25fafb

SHA512
1de91828c5ea647a93c2760a1fd8fa7687d5868880d8ea55319a1cc6f62a7df73ce6e9974c099710b76661f0f2e7fe17fc283528a5abc45ebf4a3db0f451bda2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Microsoft.AppCenter.Crashes.dll

Filesize
50KB

MD5
b83cf2ff224c6437f458a7f2a07c0b31

SHA1
27e50114cde04f5a9283ca7c89f5bc1eb8b5f157

SHA256
d4708e394363d5c45325131bd33c120752b01984864daf1099f641f41b2133c5

SHA512
4a2991b94c3c6643e12275c67face3feb1b388c2754dbe725b5a0f131723da0f0292dccc836ea3493cd130dd92934e0896e6c6adfad9098f3d3713e14d837527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Microsoft.AppCenter.dll

Filesize
140KB

MD5
bd62b8f0a97324fa75940b553d55165a

SHA1
470dad688f6de3c7b8980193f24f6155c81c3ce5

SHA256
1d3c4c625d8b385e8014547d01265cb593ed244b6f8bd527f8d5d8d2e123c69f

SHA512
2e5892fed48a2ac9bb154f7a065d9a48e7588253c3bbfbc9087ff62ab2b02cb75d52e5c1fa3c5df59294725c166c291cf8558dad4b287c302e266194e2e32316

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Newtonsoft.Json.dll

Filesize
685KB

MD5
081d9558bbb7adce142da153b2d5577a

SHA1
7d0ad03fbda1c24f883116b940717e596073ae96

SHA256
b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

SHA512
2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\PhoneNumbers.dll

Filesize
13.4MB

MD5
014ca84b46adb64f299f98bbb37559ce

SHA1
20fadcc38eda6b7657e8167093552f87329e4aac

SHA256
84aa7a1f3a76b6da58a25c93cc48802bbbe8d919398bb949e020fe20cbb2444e

SHA512
da328ce6171f49c098ea90966a939d721d3bdd6231344da53c32ebea7698affa532a9cbc8ffc9dd769eb176728b6dc66bcbf2918429cadd47faee6745ba71c39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe

Filesize
102KB

MD5
de0c45c553aa850fe0fc8fe0359cabd3

SHA1
cf81531c74af316817bd2e0c28893d3798821982

SHA256
30e035dfbad2cca922ae7674cf4724d0d0ddabb85a4d7583f7e949fca2a88fe6

SHA512
e9980f8e40d7fe474ece296b25ca7be166bc028ec0426bf26266c990db03c56d01e437812bb23c008a81ea0f73ba2991b7bd2b55e0630b9c6d0dbadff76df430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe

Filesize
102KB

MD5
de0c45c553aa850fe0fc8fe0359cabd3

SHA1
cf81531c74af316817bd2e0c28893d3798821982

SHA256
30e035dfbad2cca922ae7674cf4724d0d0ddabb85a4d7583f7e949fca2a88fe6

SHA512
e9980f8e40d7fe474ece296b25ca7be166bc028ec0426bf26266c990db03c56d01e437812bb23c008a81ea0f73ba2991b7bd2b55e0630b9c6d0dbadff76df430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe

Filesize
102KB

MD5
de0c45c553aa850fe0fc8fe0359cabd3

SHA1
cf81531c74af316817bd2e0c28893d3798821982

SHA256
30e035dfbad2cca922ae7674cf4724d0d0ddabb85a4d7583f7e949fca2a88fe6

SHA512
e9980f8e40d7fe474ece296b25ca7be166bc028ec0426bf26266c990db03c56d01e437812bb23c008a81ea0f73ba2991b7bd2b55e0630b9c6d0dbadff76df430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Program.exe.config

Filesize
19KB

MD5
d31f58433bcde6566df5fb226d3c0b6a

SHA1
48ac4752f9a9919c5ec902afb27dc8e5072bf3d0

SHA256
23b718faa4272973c96d9bfef7f8c00083f32bf0bca0f33712f40183a5dd891e

SHA512
2304d40b777a402ea817e5d1ab0c9b445f9fee87e4bd43328cbdac4f63890b0ba28772a702b8d99f4d2b9344a74aa76962d371fb2825b4a1de8659cc71d93fae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\Registration.dll

Filesize
3.3MB

MD5
1161ca219c0d88b14ad5909458e65570

SHA1
ad7258b9cd9684cbe7b440055a9b941cebc2f91b

SHA256
f2bb9db9a9f613b354c2f7466d027bcb7ebd61edd814b8d35005b270eaa32180

SHA512
689588659cb0413e4186bcf22518ee664d6698a1a194935d9702694c533b7f631d1c0d950d8ab28b211a3674ef70aa555aa3243804ba6cc8d792088bcce9697c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\SQLitePCLRaw.batteries_v2.dll

Filesize
6KB

MD5
5472974544d9b966d92c20e6bb35e748

SHA1
988661536adbc821526e75e387c918ee1029e80d

SHA256
09f5bd61219fba79cb81d1fa406f23c1acdaa5a39b4545eaf3b9cfb3b386dac5

SHA512
d05f481ca81ce7db23d59ac1d514af7b61269795270a582d2e690d97e4b82a7c62341053711e29bb85bc49d65b60191560a17c36631337e42749d0d96042950e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\SQLitePCLRaw.core.dll

Filesize
45KB

MD5
0a36ed8e992eb5ebff31d42f92eb95d5

SHA1
5c8f15105ffafab9ec07543bf2f95d107290c087

SHA256
c917324fa6ea1f0386cc140ad91fcfab90e2385d0c70b6226c1834fed10b9732

SHA512
4899095932dc23acc03329905179a889546d7305a31f56e4588c231028a73c9e1c550f2e16e16abb89b759604d1ca240f96edbe9dd2d1dab1424f7dc2a22c72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\SQLitePCLRaw.nativelibrary.dll

Filesize
9KB

MD5
363667a0e1e23d77a5fe80b489943d6e

SHA1
79d5587e02dd69a1221c0d553a868df1b33ead48

SHA256
b93008ee922811deccb95e4743cc4ecaf411b9e7c7312b8737d91b1c077afbf6

SHA512
bc8755cc8cb21b558c26689d3b62af9036d0865471db8da337e158feb602f7306a7d26ba26698d6ca3c1d7b8695732cad0424f3654b3fa373d9d886590ab01ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\SQLitePCLRaw.provider.dynamic_cdecl.dll

Filesize
56KB

MD5
0ac6718a06b661ee8d5d41f84c4aa9ba

SHA1
719d2cf0a67a61252fb354a34199c2281fac2ec7

SHA256
465284c0e1e9c4955539f7a9577d4b5332e2748101743f8934c698fa62609911

SHA512
866c2f6ae9491de1d7412477902b32a5a2b62751c588dfe0947e3dc75540daa2a574c349dccf8aa7dda03998224072e21e20e32dc6d701503395768bf797b94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\System.Memory.dll

Filesize
137KB

MD5
6fb95a357a3f7e88ade5c1629e2801f8

SHA1
19bf79600b716523b5317b9a7b68760ae5d55741

SHA256
8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

SHA512
293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\System.Net.Http.dll

Filesize
193KB

MD5
665e355cbed5fe5f7bebc3cb23e68649

SHA1
1c2cefafba48ba7aaab746f660debd34f2f4b14c

SHA256
b5d20736f84f335ef4c918a5ba41c3a0d7189397c71b166ccc6c342427a94ece

SHA512
5300d39365e84a67010ae4c282d7e05172563119afb84dc1b0610217683c7d110803aef02945034a939262f6a7ecf629b52c0e93c1cd63d52ca7a3b3e607bb7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\System.Runtime.CompilerServices.Unsafe.dll

Filesize
16KB

MD5
9a341540899dcc5630886f2d921be78f

SHA1
bab44612721c3dc91ac3d9dfca7c961a3a511508

SHA256
3cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5

SHA512
066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\System.Runtime.InteropServices.RuntimeInformation.dll

Filesize
27KB

MD5
05af54a1c6450b98ad0fb0e857b6a523

SHA1
15349e541122743a5d355946e48380ac1811b52f

SHA256
76432f414458e93b54ceb02fc348e652a84744108102f3a83792d8a804040eb8

SHA512
c763fe0e16079e431cfa13c63706b58637e3bb6e395f3c874f7ec8b1d5d5c16849d30a088e69e4ba798afaaf7066763daffff6a2880fb6c8ab838d9d721f000d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\runtimes\win-x64\native\e_sqlite3.dll

Filesize
1.5MB

MD5
b429904f765f9ec975a15e8ab8ceb569

SHA1
45d073854924b924c50b27363d37531673cbcc81

SHA256
f1c53f43819798c577eb9f4ac83bb3fab38fa21aaf565defe8573b2fca768230

SHA512
76aa50e3b6fc4d2c8c3f468ab061f0809399f8c723b1359e291011ee288ac75ea8170d357f9be20ef94d121140b7ff53bb05e29f96ebe041032357ed7334a279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Email Extractor 7.2.3.1\runtimes\win-x64\native\e_sqlite3.dll

Filesize
1.5MB

MD5
b429904f765f9ec975a15e8ab8ceb569

SHA1
45d073854924b924c50b27363d37531673cbcc81

SHA256
f1c53f43819798c577eb9f4ac83bb3fab38fa21aaf565defe8573b2fca768230

SHA512
76aa50e3b6fc4d2c8c3f468ab061f0809399f8c723b1359e291011ee288ac75ea8170d357f9be20ef94d121140b7ff53bb05e29f96ebe041032357ed7334a279

Download Submit
C:\Users\Admin\AppData\Local\Temp\scvhost.exe

Filesize
1.4MB

MD5
cde9771417cacaa354b509c1133abea3

SHA1
07d5a4ec44654410422b41d9074f3212641a370a

SHA256
124f780754a2a3f53097c41805e2989f529093908a9d8f467217534e9bf15d5f

SHA512
bb6e0d4f2e318c10e0373fded0244dd4005eecd903bdfac4d3b69401ef5de6e5e160613047d8a9958c7b573bf097bda39cf1c9e54d46578d8d8c1c01a9c767ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scvhost.exe

Filesize
1.4MB

MD5
cde9771417cacaa354b509c1133abea3

SHA1
07d5a4ec44654410422b41d9074f3212641a370a

SHA256
124f780754a2a3f53097c41805e2989f529093908a9d8f467217534e9bf15d5f

SHA512
bb6e0d4f2e318c10e0373fded0244dd4005eecd903bdfac4d3b69401ef5de6e5e160613047d8a9958c7b573bf097bda39cf1c9e54d46578d8d8c1c01a9c767ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\scvhost.exe

Filesize
1.4MB

MD5
cde9771417cacaa354b509c1133abea3

SHA1
07d5a4ec44654410422b41d9074f3212641a370a

SHA256
124f780754a2a3f53097c41805e2989f529093908a9d8f467217534e9bf15d5f

SHA512
bb6e0d4f2e318c10e0373fded0244dd4005eecd903bdfac4d3b69401ef5de6e5e160613047d8a9958c7b573bf097bda39cf1c9e54d46578d8d8c1c01a9c767ba

Download Submit
memory/816-657-0x0000024356D60000-0x0000024356E10000-memory.dmp

Filesize
704KB

Download
memory/816-666-0x0000024354EF0000-0x0000024354F04000-memory.dmp

Filesize
80KB

Download
memory/816-653-0x000002433BE90000-0x000002433BE9A000-memory.dmp

Filesize
40KB

Download
memory/816-713-0x0000024354750000-0x0000024354760000-memory.dmp

Filesize
64KB

Download
memory/816-655-0x0000024354720000-0x0000024354730000-memory.dmp

Filesize
64KB

Download
memory/816-699-0x0000024354750000-0x0000024354760000-memory.dmp

Filesize
64KB

Download
memory/816-647-0x0000024357710000-0x0000024357C22000-memory.dmp

Filesize
5.1MB

Download
memory/816-698-0x00000243592C0000-0x00000243592F2000-memory.dmp

Filesize
200KB

Download
memory/816-661-0x00000243548A0000-0x00000243548A8000-memory.dmp

Filesize
32KB

Download
memory/816-645-0x00000243566F0000-0x0000024356B90000-memory.dmp

Filesize
4.6MB

Download
memory/816-662-0x0000024354EB0000-0x0000024354ECA000-memory.dmp

Filesize
104KB

Download
memory/816-664-0x0000024354ED0000-0x0000024354EE2000-memory.dmp

Filesize
72KB

Download
memory/816-643-0x0000024356F00000-0x000002435770C000-memory.dmp

Filesize
8.0MB

Download
memory/816-688-0x0000024356E80000-0x0000024356E9E000-memory.dmp

Filesize
120KB

Download
memory/816-641-0x0000024355170000-0x00000243556CC000-memory.dmp

Filesize
5.4MB

Download
memory/816-668-0x00000243558B0000-0x00000243558D6000-memory.dmp

Filesize
152KB

Download
memory/816-639-0x0000024355980000-0x00000243566F0000-memory.dmp

Filesize
13.4MB

Download
memory/816-670-0x00000243548B0000-0x00000243548B8000-memory.dmp

Filesize
32KB

Download
memory/816-638-0x0000024354750000-0x0000024354760000-memory.dmp

Filesize
64KB

Download
memory/816-672-0x0000024354D00000-0x0000024354D0A000-memory.dmp

Filesize
40KB

Download
memory/816-651-0x0000024354860000-0x0000024354888000-memory.dmp

Filesize
160KB

Download
memory/816-696-0x0000024354750000-0x0000024354760000-memory.dmp

Filesize
64KB

Download
memory/816-633-0x00000243548C0000-0x0000024354C10000-memory.dmp

Filesize
3.3MB

Download
memory/816-631-0x000002433A140000-0x000002433A160000-memory.dmp

Filesize
128KB

Download
memory/816-676-0x0000024354F20000-0x0000024354F28000-memory.dmp

Filesize
32KB

Download
memory/816-679-0x0000024354750000-0x0000024354760000-memory.dmp

Filesize
64KB

Download
memory/816-680-0x0000024359310000-0x0000024359496000-memory.dmp

Filesize
1.5MB

Download
memory/816-681-0x0000024356E10000-0x0000024356E32000-memory.dmp

Filesize
136KB

Download
memory/1364-527-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/1364-636-0x0000000000400000-0x0000000000702000-memory.dmp

Filesize
3.0MB

Download
memory/1364-139-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3136-635-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/3136-695-0x0000000000400000-0x00000000007E4000-memory.dmp

Filesize
3.9MB

Download
memory/3136-648-0x0000000074560000-0x0000000074599000-memory.dmp

Filesize
228KB

Download
memory/3136-649-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download
memory/3136-714-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download
memory/3136-715-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download
memory/3136-716-0x0000000074560000-0x0000000074599000-memory.dmp

Filesize
228KB

Download
memory/3136-717-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download
memory/3136-718-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download
memory/3136-719-0x0000000074220000-0x0000000074259000-memory.dmp

Filesize
228KB

Download