Overview

overview

8

Static

static

3

zh-cn.exe

windows7-x64

8

zh-cn.exe

windows10-1703-x64

7

zh-cn.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    24-09-2023 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zh-cn.exe

  • Size

    38.5MB

  • MD5

    755deb2968530a262c5b5bc220b593dc

  • SHA1

    5de68bf47828a4da1ccf3d40296266c13f1df22f

  • SHA256

    f7bd8bb72bf3c0d499f2d5e4b6dee8fd294c92ac3c6356a20727afd25b63dc11

  • SHA512

    2d9f8e01396ad25b471a5b8027dc4376c5af3cb9a13c6e6cdb9cdc3e3424078514e1ba748c53efc6d843f49706237032a8ab4261f65ccf0a400c24d59c18b885

  • SSDEEP

    786432:WYHm2mH6FUMRI5b+op6Oxg18AztN0a4TwmgWaIPTBYBIwQA9:WYHNFsAgxOzP0aBlWRTCB51

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\zh-cn.exe
    "C:\Users\Admin\AppData\Local\Temp\zh-cn.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Users\Admin\AppData\Local\Temp\is-3OKFN.tmp\zh-cn.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-3OKFN.tmp\zh-cn.tmp" /SL5="$30150,39440345,811008,C:\Users\Admin\AppData\Local\Temp\zh-cn.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
        "C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe"
        3⤵
        • Executes dropped EXE
        • Enumerates system info in registry
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2684
      • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe
        "C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2704
        • C:\ProgramData\325n.exe
          "C:\ProgramData\325n.exe" -o -P 38..Ca$4A C:\ProgramData/325.dat -d C:\ProgramData
          4⤵
          • Executes dropped EXE
          PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\325.dat
    Filesize

    205KB

    MD5

    8a59b2b3ea8ff84bf1a08dd215a9fcf3

    SHA1

    dd4801ace2efbf45f4db1cc9d5613cc7b27dcfa4

    SHA256

    632601eeb9b48373f15a573c00f5cb041c03dd1e1b86e0938638ce2a7f05d0de

    SHA512

    5da7e350fe500a16f9ca17f02c1f17c54d42c5b41dd3d92d8af1c650f581102f33b315c7f9e26b352c59bb4f3eee412e77d1d79c20658387299d69901e5ec822

    Download Submit

  • C:\ProgramData\325n.exe
    Filesize

    230KB

    MD5

    24a0b4ce68721f5e4a71dd8f3f62b426

    SHA1

    3d270f8888a55bf739e62e5561e207490feea145

    SHA256

    2d1d5496226066122f5208da48557b1d1cc5c35ade2d1eaf3037f27051c26920

    SHA512

    2e035c1b74d2c106debc1b9cc53eff42ae5d8e7728dce49e816993261d83091fe3ebd4cbb5929e1ce945149fe8104aa0655671b9d79fd09242005678aad9d185

    Download Submit

  • C:\ProgramData\325n.exe
    Filesize

    230KB

    MD5

    24a0b4ce68721f5e4a71dd8f3f62b426

    SHA1

    3d270f8888a55bf739e62e5561e207490feea145

    SHA256

    2d1d5496226066122f5208da48557b1d1cc5c35ade2d1eaf3037f27051c26920

    SHA512

    2e035c1b74d2c106debc1b9cc53eff42ae5d8e7728dce49e816993261d83091fe3ebd4cbb5929e1ce945149fe8104aa0655671b9d79fd09242005678aad9d185

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF7F8.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-3OKFN.tmp\zh-cn.tmp
    Filesize

    3.0MB

    MD5

    ed2781559c9e4dcecf2286a1bfde093d

    SHA1

    cdb08fbf76389238361556e3ff676a72722abaaa

    SHA256

    066a8e965583021073b58b6ff14308cfbc6acd7566ac4f0c86ff9161a05bbb0e

    SHA512

    20e8299e1b8b47ef08899bdad16bdb6a56ba2fce623864b8604e33e687fdec6437f4d608fc23338028d7f31bb74cd23ee08af835846b197f6cb30d6233d76fe9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-3OKFN.tmp\zh-cn.tmp
    Filesize

    3.0MB

    MD5

    ed2781559c9e4dcecf2286a1bfde093d

    SHA1

    cdb08fbf76389238361556e3ff676a72722abaaa

    SHA256

    066a8e965583021073b58b6ff14308cfbc6acd7566ac4f0c86ff9161a05bbb0e

    SHA512

    20e8299e1b8b47ef08899bdad16bdb6a56ba2fce623864b8604e33e687fdec6437f4d608fc23338028d7f31bb74cd23ee08af835846b197f6cb30d6233d76fe9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\7517DFA7E0C3774Ds
    Filesize

    140B

    MD5

    dacd883d532bc8ba8d7698f12bc9bca8

    SHA1

    5ea60f395a1746312794fac47354e359a52a705f

    SHA256

    3ff1e11e729cd21b81f3ebe5bcf24514754ad559e7048d5fad01b8575b5ada13

    SHA512

    02fa5f4b0872510e3385912677aacef3eea793046b6eeec1cb2008d9212cbc00a47b613e7f78d916364d2052594b7acc33e0c6aaf07b2bf64711b9f35cf70ef6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\99F8F64E02BD9548s
    Filesize

    442KB

    MD5

    b21a77f8bfa27bb7d190f2145f66b063

    SHA1

    88ca12861abd52abcfc5341db04b689b6ecab725

    SHA256

    8284d796464b47b02190aa469f4769a5b04d43644c871fc5c82aef82cd59e482

    SHA512

    398db19fa1b60c995dd3b04065bc7212f4b21f7c784ed245a31f3c05bb1e44190555314eaf06f2838cdadeedf662b06d17aea13a4f490ca77af2baa0bc6ffe72

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe
    Filesize

    2.5MB

    MD5

    62234d0042b32491536e15dc78b0e588

    SHA1

    ff1cd9d6b66ed260137ee8adbfe04e92b53a6f17

    SHA256

    ad790dd9ce0033df8e212b2776bfd28e1279299b5b75f70051d1b58410933228

    SHA512

    808d058533806b5d3160180e4e5c85f4a1bd1e97840ff07a191357408b9fcaf04a9562b5e474b9ac146e028531c8003e61c0f91f589a53414e343222a61e46ca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe
    Filesize

    2.5MB

    MD5

    62234d0042b32491536e15dc78b0e588

    SHA1

    ff1cd9d6b66ed260137ee8adbfe04e92b53a6f17

    SHA256

    ad790dd9ce0033df8e212b2776bfd28e1279299b5b75f70051d1b58410933228

    SHA512

    808d058533806b5d3160180e4e5c85f4a1bd1e97840ff07a191357408b9fcaf04a9562b5e474b9ac146e028531c8003e61c0f91f589a53414e343222a61e46ca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe
    Filesize

    2.5MB

    MD5

    62234d0042b32491536e15dc78b0e588

    SHA1

    ff1cd9d6b66ed260137ee8adbfe04e92b53a6f17

    SHA256

    ad790dd9ce0033df8e212b2776bfd28e1279299b5b75f70051d1b58410933228

    SHA512

    808d058533806b5d3160180e4e5c85f4a1bd1e97840ff07a191357408b9fcaf04a9562b5e474b9ac146e028531c8003e61c0f91f589a53414e343222a61e46ca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\countries
    Filesize

    20KB

    MD5

    56db96207472444836ca9968d78444aa

    SHA1

    35d004f126306c6cd3fa2e9aa6e0973141ed1a55

    SHA256

    8ff6f29185d067a820ea8b94644c61ddc8153a5aef97a87cecfca71b930255f9

    SHA512

    442d9d2636c57328af98cfdb8142a372a948c10e1714e30f4ec43d44e15e474e3cc05419a8448a7ef138350b9ddcd0b34ca45dd88003fbbf1b6d4ebae60e7973

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\key_datas
    Filesize

    388B

    MD5

    b132a17e853f29531160ff55f9988826

    SHA1

    3f3b22729d6e1f52e4b54b15ba1c38617e77923e

    SHA256

    f1b284b51bdf87dc748422ae698a8599a7acdd679624e2d3437c3b31f6d38611

    SHA512

    04f338ce5061510177c3b501889c562641fe2555feae60e468c6f63f2aa799297179e9c78c9dcf51dbdb76e19949a6c001472c3a4e7af602479ecf2487f6acdb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\prefix
    Filesize

    24B

    MD5

    3fb9de9c3edf4abc3a42deaf14dfa8d6

    SHA1

    d02d2382706bffb38831acfcce62e720a6d55733

    SHA256

    84af1d24b024a1e1670302510fc140e55eb009ed5ab8b8e89bb42fb7f184be28

    SHA512

    7e60951c5c5cff7f623808e1afa098faff020f000ee4a8fc9af5f848204b8c54fe13f9a32e10bfbc618e41b1be437bb08a775b4b2e10a19122c336b55d093692

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\settingss
    Filesize

    1KB

    MD5

    aa56bbd89a1a51683a0665653a4ca12d

    SHA1

    99d368b7e7ce38d77f2b4292bacc4385d74b0502

    SHA256

    bda563911e593a48f12ae89425fac2e0163e59cf42031b40c657dfc74490f908

    SHA512

    894f411b2831c9e370e383e9a30c0a0c008f0aabbd36e935d16b82d51b4f8abbfce0d3a9d81ff8d0010965a2b545ef24d50aef04df991cb20255f5f4cbe0fa9f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\shortcuts-custom.json
    Filesize

    404B

    MD5

    874b930b4c2fddc8043f59113c044a14

    SHA1

    75b14a96fe1194f27913a096e484283b172b1749

    SHA256

    f4f666f4b831e84710983b0e9e905e87342b669f61109fd693688d89c12309d8

    SHA512

    f4b0337fba5c5f4d7e7a02aa5d4538334edd38f5df179e4f1701fa2f1c4d3d856a074fa55ea724c4e2a6c5a1ac1dbfc7e9966c814475c7cd2c65cd44fca14621

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\shortcuts-default.json
    Filesize

    2KB

    MD5

    9659e451ac100713429a3116644250ce

    SHA1

    8825a66fef3c76f57aac29d9f3622037bc6ecadd

    SHA256

    b002b36119821299aaf94c7d1dcd112ab0fdd6008c3f23429a92b03aa79a3147

    SHA512

    12d4f9cc6e72d67e31aa94f81d67a1de353314617b25568d113c4484108f8a609c2ec26bd6146d31148556ea214f1587cded79bb51bbc5a26d88682786c46a7f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\tdata\usertag
    Filesize

    8B

    MD5

    36ea4b2c04e42167ffaa5a0d36ee2cd9

    SHA1

    60ee8fea8fbcdc259dc6c0641a8283d8ee8dcaf1

    SHA256

    0d5655d19406467696275deea8ae1d19b651fc70ada0c7d66af98db442c370fb

    SHA512

    0536684386296d5cf070c7ba07935a07e0efbf4b888586bdc65b0640cc0baa39119d3f68756d2301a8e7fff31fb1ff4675a6f53e471c1a352a87df001d945733

    Download Submit

  • \ProgramData\325n.exe
    Filesize

    230KB

    MD5

    24a0b4ce68721f5e4a71dd8f3f62b426

    SHA1

    3d270f8888a55bf739e62e5561e207490feea145

    SHA256

    2d1d5496226066122f5208da48557b1d1cc5c35ade2d1eaf3037f27051c26920

    SHA512

    2e035c1b74d2c106debc1b9cc53eff42ae5d8e7728dce49e816993261d83091fe3ebd4cbb5929e1ce945149fe8104aa0655671b9d79fd09242005678aad9d185

    Download Submit

  • \ProgramData\325n.exe
    Filesize

    230KB

    MD5

    24a0b4ce68721f5e4a71dd8f3f62b426

    SHA1

    3d270f8888a55bf739e62e5561e207490feea145

    SHA256

    2d1d5496226066122f5208da48557b1d1cc5c35ade2d1eaf3037f27051c26920

    SHA512

    2e035c1b74d2c106debc1b9cc53eff42ae5d8e7728dce49e816993261d83091fe3ebd4cbb5929e1ce945149fe8104aa0655671b9d79fd09242005678aad9d185

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-3OKFN.tmp\zh-cn.tmp
    Filesize

    3.0MB

    MD5

    ed2781559c9e4dcecf2286a1bfde093d

    SHA1

    cdb08fbf76389238361556e3ff676a72722abaaa

    SHA256

    066a8e965583021073b58b6ff14308cfbc6acd7566ac4f0c86ff9161a05bbb0e

    SHA512

    20e8299e1b8b47ef08899bdad16bdb6a56ba2fce623864b8604e33e687fdec6437f4d608fc23338028d7f31bb74cd23ee08af835846b197f6cb30d6233d76fe9

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    124.4MB

    MD5

    2f75f8bbce26fdb4f10f4e7351b04dda

    SHA1

    53a8c3a363b3c8d036c8ebb8f5bed90835c4559a

    SHA256

    3d02ac50fef8c1f758c3438b37a9526019e903d3246d8e2929f9f3c9d5bb0c88

    SHA512

    493cc8e8d380f52944cb55f92b7028762bf607f095f3e451754ba762685f079319d7f1a7cc4182ddebc74f26938286e33429f04909853f22104c414cf02ef486

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\tdata\Z.T-GApp_xh.Gn.exe
    Filesize

    2.5MB

    MD5

    62234d0042b32491536e15dc78b0e588

    SHA1

    ff1cd9d6b66ed260137ee8adbfe04e92b53a6f17

    SHA256

    ad790dd9ce0033df8e212b2776bfd28e1279299b5b75f70051d1b58410933228

    SHA512

    808d058533806b5d3160180e4e5c85f4a1bd1e97840ff07a191357408b9fcaf04a9562b5e474b9ac146e028531c8003e61c0f91f589a53414e343222a61e46ca

    Download Submit

  • memory/1172-1-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/1172-10-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/1172-92-0x0000000000400000-0x00000000004D3000-memory.dmp

    Filesize

    844KB

    Download

  • memory/1580-249-0x0000000000400000-0x0000000000509000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2100-68-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2100-24-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2100-13-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2100-12-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2100-91-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2100-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-123-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-116-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-124-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-82-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2684-125-0x0000000000360000-0x000000000036A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-100-0x0000000000360000-0x000000000036A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-126-0x0000000000360000-0x000000000036A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-101-0x0000000000360000-0x000000000036A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-198-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-197-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-113-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2684-117-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-150-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2684-143-0x0000000000380000-0x000000000038A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2704-180-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-191-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-145-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-132-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-166-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-131-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-178-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-179-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-183-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-122-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-184-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-185-0x0000000002960000-0x0000000002992000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2704-186-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-188-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-190-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-189-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-128-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-118-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-130-0x00000000010E0000-0x0000000001112000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2704-129-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-201-0x0000000002B20000-0x0000000002B58000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-202-0x0000000000AD0000-0x0000000000AF3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-204-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-205-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-206-0x0000000010000000-0x00000000100AE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2704-210-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-211-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2704-115-0x0000000000A30000-0x0000000000AB1000-memory.dmp

    Filesize

    516KB

    Download

  • memory/2704-114-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-105-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-127-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-121-0x0000000000290000-0x00000000002B3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2704-120-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-253-0x0000000001170000-0x00000000011A8000-memory.dmp

    Filesize

    224KB

    Download