Overview

overview

7

Static

static

1

TLauncher-....3.exe

windows10-1703-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-09-2023 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.885-Installer-1.1.3.exe

  • Size

    22.6MB

  • MD5

    bd3eefe3f5a4bb0c948251a5d05727e7

  • SHA1

    b18722304d297aa384a024444aadd4e5f54a115e

  • SHA256

    f1b132f7ecf06d2aa1dd007fc7736166af3ee7c177c91587ae43930c65e531e0

  • SHA512

    d7df966eeda90bf074249ba983aac4ba32a7f09fe4bb6d95811951df08f24e55e01c790ffebc3bc50ce7b1c501ff562f0de5e01ca340c8596881f69f8fed932d

  • SSDEEP

    393216:KXGWOLBh2NPfs/dQETVlOBbpFEjdGphRqV56HpkoaH3D8P2Q6YS6x9DOc:K2/BhSHExi73qqHpu34kYbzOc

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 50 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.885-Installer-1.1.3.exe" "__IRCT:3" "__IRTSS:23661420" "__IRSID:S-1-5-21-844837608-3875958368-2945961404-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2960
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\FormatWait.xlsb"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3076
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RemoveOpen.mhtml
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4752
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ReadComplete.rm"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4660
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UnblockUpdate.dll
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:4464
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4420 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3444
  • C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnblockSend.mpg"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{15222CC5-53AE-11EE-855F-7E84DCF5EFA4}.dat
    Filesize

    5KB

    MD5

    ca48d46bd4cb142df1f4877c9e8f1f1f

    SHA1

    4b79f6e0aee1d7ced4d206b0179baaf3e5dd74bd

    SHA256

    2de6393b87527688fe7ae4fee91388cd59b6083bd4bf35ca504e45f9a7de596f

    SHA512

    b8a4b80ce28f2a885278f97ce24cfa7b23ac506ab969655350d1987bfe90852a155d82a089de1a0be5758d6488199dc4cbcffce09a1e88901385ecc078aad06b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{7BAA351D-599E-11EE-8566-6E0EE6976593}.dat
    Filesize

    4KB

    MD5

    8e68f2dc3e89329047a69ab2f3ec4cf7

    SHA1

    875228f1462c5c88c450aa37e964c256d2ae65c8

    SHA256

    b29c5e0f1c22ce5d230b646266e7f3b3d0cbef53750d15dbc3b5f8c239008c0c

    SHA512

    0183b3385fe94ec60e7523f5119b382870bcaef2433356de1f68ca0e749d62bd70def9a1ba3bd0add2b0c5def536cf9bc5503065d3f0766dc41d22215248451b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
    Filesize

    15KB

    MD5

    1a545d0052b581fbb2ab4c52133846bc

    SHA1

    62f3266a9b9925cd6d98658b92adec673cbe3dd3

    SHA256

    557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

    SHA512

    bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
    Filesize

    116KB

    MD5

    e043a9cb014d641a56f50f9d9ac9a1b9

    SHA1

    61dc6aed3d0d1f3b8afe3d161410848c565247ed

    SHA256

    9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

    SHA512

    4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
    Filesize

    1.8MB

    MD5

    cb50d496ae05fa1c8bfbcb3b7f910bfe

    SHA1

    3ec4d77b73c4d7e9858b11224314e99d082497a8

    SHA256

    7616c72f6659a3a2439d0452190459cd4ceb83fab2307e3e47c9604fa29d9f34

    SHA512

    22051de06c7e52a37ad36250aa095a8ccc0b0e1cdbfa2e9073c146e77e278cbdbe89bdb078dcfd8babf48baec1902b303ac39cc9db4114ce1516b06552dc924d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    1.7MB

    MD5

    1bbf5dd0b6ca80e4c7c77495c3f33083

    SHA1

    e0520037e60eb641ec04d1e814394c9da0a6a862

    SHA256

    bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

    SHA512

    97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
    Filesize

    97KB

    MD5

    da1d0cd400e0b6ad6415fd4d90f69666

    SHA1

    de9083d2902906cacf57259cf581b1466400b799

    SHA256

    7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

    SHA512

    f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    a70accbc1f1001cbf1c4a139e4e5d7af

    SHA1

    138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

    SHA256

    b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

    SHA512

    46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    a70accbc1f1001cbf1c4a139e4e5d7af

    SHA1

    138de36067af0c8f98e1f7bc4c6bea1d73bc53ab

    SHA256

    b000fef41ce0267255701aacc76c02159d207212c4595437077e7904b7968ca6

    SHA512

    46fde27847dfab38d2f6fefca31677a0d5a5ac775951fc19f1fc0b4ec56969622f0c4f036ecacc05b33854871f03232a4944f3e93a747280cac622503f5c4f04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF2E00B93878C1EC60.TMP
    Filesize

    16KB

    MD5

    e0d704fb1613b47a7edf508f594ab082

    SHA1

    0e0af8b453799abd7c313e89118c15513d3996df

    SHA256

    172d7d7e31db1bf9f6ea939a1af7817631a753d1e90b921ea03b5574aaa931b1

    SHA512

    c4bb28d352f3f6e0f15e729b54d4b27aba6abf677d3507fd1dd0ebc4ae3ce05ad73be561e89129edc2089e543d2c0b5368f4afc63587d92023462fa83ee59fd4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
    Filesize

    77B

    MD5

    734dd4009cc9f8bc95866494ed797e71

    SHA1

    8d3b698727a81328f1ff7630d763faeffcc05bb3

    SHA256

    c6205d344a5d2beac508b02cef2babf1e3b819b7329dbcf30a42e31c870778d9

    SHA512

    68a0c54d0770c20d7390bf1c527bcbe1bdbb580f2cf5b4b2f5bab9dad988daaada746759bf82edeec801758dc560da0337d516fdba58037c91a0a5c4ca327e30

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
    Filesize

    1.7MB

    MD5

    1bbf5dd0b6ca80e4c7c77495c3f33083

    SHA1

    e0520037e60eb641ec04d1e814394c9da0a6a862

    SHA256

    bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

    SHA512

    97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
    Filesize

    97KB

    MD5

    da1d0cd400e0b6ad6415fd4d90f69666

    SHA1

    de9083d2902906cacf57259cf581b1466400b799

    SHA256

    7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

    SHA512

    f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    326KB

    MD5

    80d93d38badecdd2b134fe4699721223

    SHA1

    e829e58091bae93bc64e0c6f9f0bac999cfda23d

    SHA256

    c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

    SHA512

    9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

    Download Submit

  • memory/2960-297-0x00000000067D0000-0x00000000067D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2960-322-0x00000000011D0000-0x00000000015B8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2960-324-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2960-478-0x00000000011D0000-0x00000000015B8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2960-295-0x0000000010000000-0x0000000010051000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2960-8-0x00000000011D0000-0x00000000015B8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/2960-511-0x00000000011D0000-0x00000000015B8000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/3076-555-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-335-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-337-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-338-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-336-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-339-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-341-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-340-0x00007FFC141D0000-0x00007FFC141E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-342-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-343-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-344-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-345-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-346-0x00007FFC141D0000-0x00007FFC141E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-333-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-502-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-330-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-548-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-547-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-549-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-551-0x00007FFC54FF0000-0x00007FFC5509E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3076-553-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-552-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-550-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-556-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-331-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-554-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-326-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-325-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-327-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3076-328-0x00007FFC56ED0000-0x00007FFC570AB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3076-329-0x00007FFC16F60000-0x00007FFC16F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4660-586-0x00007FFC4A6F0000-0x00007FFC4A707000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4660-608-0x00007FFC492E0000-0x00007FFC49308000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4660-591-0x00007FFC4A140000-0x00007FFC4A151000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-590-0x00007FFC4A370000-0x00007FFC4A38D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/4660-587-0x00007FFC4A600000-0x00007FFC4A611000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-592-0x00007FFC3AD90000-0x00007FFC3AF90000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4660-593-0x00007FFC4A100000-0x00007FFC4A13F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4660-594-0x00007FFC39CE0000-0x00007FFC3AD8B000-memory.dmp

    Filesize

    16.7MB

    Download

  • memory/4660-595-0x00007FFC49FC0000-0x00007FFC49FE1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4660-596-0x00007FFC49D50000-0x00007FFC49D68000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4660-597-0x00007FFC497E0000-0x00007FFC497F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-599-0x00007FFC497A0000-0x00007FFC497B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-598-0x00007FFC497C0000-0x00007FFC497D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-600-0x00007FFC49780000-0x00007FFC4979B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/4660-601-0x00007FFC49760000-0x00007FFC49771000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-602-0x00007FFC49740000-0x00007FFC49758000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4660-603-0x00007FFC49710000-0x00007FFC49740000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4660-604-0x00007FFC48660000-0x00007FFC486C7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4660-605-0x00007FFC39C70000-0x00007FFC39CDF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4660-606-0x00007FFC496F0000-0x00007FFC49701000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-607-0x00007FFC39C10000-0x00007FFC39C66000-memory.dmp

    Filesize

    344KB

    Download

  • memory/4660-589-0x00007FFC4A5C0000-0x00007FFC4A5D1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-609-0x00007FFC48630000-0x00007FFC48654000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4660-611-0x00007FFC45EE0000-0x00007FFC45F03000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4660-610-0x00007FFC496D0000-0x00007FFC496E7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4660-612-0x00007FFC45A40000-0x00007FFC45A51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-613-0x00007FFC45A20000-0x00007FFC45A32000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4660-614-0x00007FFC459C0000-0x00007FFC459E1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/4660-615-0x00007FFC39BF0000-0x00007FFC39C03000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4660-616-0x00007FFC39BD0000-0x00007FFC39BE2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4660-617-0x00007FFC39A90000-0x00007FFC39BCB000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4660-618-0x00007FFC39A60000-0x00007FFC39A8C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4660-619-0x00007FFC398A0000-0x00007FFC39A52000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4660-620-0x00007FFC39840000-0x00007FFC3989C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4660-621-0x00007FFC39820000-0x00007FFC39831000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4660-622-0x00007FFC39780000-0x00007FFC39817000-memory.dmp

    Filesize

    604KB

    Download

  • memory/4660-588-0x00007FFC4A5E0000-0x00007FFC4A5F7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/4660-585-0x00007FFC4ABC0000-0x00007FFC4ABD8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4660-584-0x00007FFC3BD90000-0x00007FFC3C044000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4660-579-0x00007FFC4A770000-0x00007FFC4A7A4000-memory.dmp

    Filesize

    208KB

    Download

  • memory/4660-578-0x00007FF7E1AA0000-0x00007FF7E1B98000-memory.dmp

    Filesize

    992KB

    Download