Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Loader.exe

windows10-1703-x64

10

Resubmissions

07/10/2023, 18:50

231007-xhdn1aee5y 7

07/10/2023, 18:45

231007-xd334agh66 7

07/10/2023, 18:42

231007-xcf7yaed8z 7

07/10/2023, 18:38

231007-xaftdsgh34 7

07/10/2023, 18:30

231007-w5zdjsgg59 10

Analysis

  • max time kernel
    244s
  • max time network
    274s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/10/2023, 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loader.exe

  • Size

    133KB

  • MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

  • SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

  • SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

  • SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

  • SSDEEP

    1536:yxYnIibKxkGHHIy2MwxIQ+b/zvc5j6xOVHRvUF80XbpGQqmyVttdGFQeOPigE:aLRIHpx3+bb5OVHpUFNcQqmyBeT

Score
10/10
persistenceransomware

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 16 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: MapViewOfSection 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Loader.exe'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3100
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Loader.exe'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:512
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5076
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XWorm Auto Updater'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1908
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XWorm Auto Updater" /tr "C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater"
      2⤵
      • Creates scheduled task(s)
      PID:4724
  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    "C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater"
    1⤵
    • Executes dropped EXE
    PID:4196
  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    "C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater"
    1⤵
    • Executes dropped EXE
    PID:4752
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4260
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:592
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3688
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:360
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:2408
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:4068
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:4788
  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    "C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater"
    1⤵
    • Executes dropped EXE
    PID:5116
  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    "C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater"
    1⤵
    • Executes dropped EXE
    PID:1600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm Auto Updater.log
    Filesize

    654B

    MD5

    16c5fce5f7230eea11598ec11ed42862

    SHA1

    75392d4824706090f5e8907eee1059349c927600

    SHA256

    87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151

    SHA512

    153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
    Filesize

    3KB

    MD5

    ad5cd538ca58cb28ede39c108acb5785

    SHA1

    1ae910026f3dbe90ed025e9e96ead2b5399be877

    SHA256

    c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033

    SHA512

    c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DZDMTHDJ\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    1KB

    MD5

    3ccfb4e291a82c660e326c2a811a9d38

    SHA1

    635893c8cf43891f5e97fe5b1b78ba4a3eb33510

    SHA256

    e4166770868f6a30bc0190302a3abdce7c42aa053d2d15faf382771627ae0adb

    SHA512

    8aff80fc335561d856dcbb677037b22abd2626283eaef563b29ee9cbc810bc508d94046b18998e85c0bb65b72049f9dc2fe446446cef007c1ee13ffefadb2c43

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    1KB

    MD5

    0d27ecfae72115293fbdeed62375b3c4

    SHA1

    ffc142a084c3424832d1288e038961fadc26d1f7

    SHA256

    c25b976d3bd4d033bde3d27470417628908e0153eedd200c437d46d39f092e2a

    SHA512

    d1e7b65708ac30764a55612d7c251548725616510259aa02241799a5e9130382ccf7635cf1be5f6ec03c51e514948fb0a2c45e86dce41f87c581c292f3aa4b78

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    1KB

    MD5

    fc9c1d170089ec115d99cf6cd563ef2e

    SHA1

    08e1ec0454a12751d42b2e1ec3010e5a298e3774

    SHA256

    0e5cd56e2a6c2a9c95b758cc17dd165e98a97dc4a725e7ccb7049d88d5682305

    SHA512

    62a5a77c0526ae51762f6b5ea5058a9792da5e4c872faaa0b2c05acf10581b43a220e3b607b98626ca709fa3c16673fa6bb29136863ff697c08b3eba75528e4d

    Download Submit

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD823FABEA7145D62.TMP
    Filesize

    16KB

    MD5

    09343119b5767696e4687a438a18f4b3

    SHA1

    91cfaa5c039750ee6515f445b6c32e3248deeee0

    SHA256

    420689251e0c5a8bbf91549905122f35eb22fd17a1cb72324c02d8f957dba184

    SHA512

    f812212f87cebb60a97912912f7ee8f6e2ee5510e0d484bf466d2cfbae9462fa5ed284d6beb08a5439af4a58137c0a43ac31428bbbcc011c10d9482deb2e5200

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    Filesize

    133KB

    MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

    SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

    SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

    SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    Filesize

    133KB

    MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

    SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

    SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

    SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    Filesize

    133KB

    MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

    SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

    SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

    SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    Filesize

    133KB

    MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

    SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

    SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

    SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\XWorm Auto Updater
    Filesize

    133KB

    MD5

    fc3378c4e8cd002ba1e8a05b37f09d24

    SHA1

    6b3620287c4f94d2f515c1a8577fffcc02331b0c

    SHA256

    2b03faa10419218a0214b4ef415ecc41d9c78a8031deaf89d9d836b8fcd54089

    SHA512

    c1ac224a9aad0dde67f5ec4b4ae9f4921cb7718bf1a27755d32de6ea04f8aaf09864228c0d576492bbd1742209333b988429a3e277b1f4d19ea068b1e548fe69

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_npixjmfe.l42.ps1
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • C:\Users\Admin\Desktop\How To Decrypt My Files.html
    Filesize

    638B

    MD5

    728461685559160f196b0ed481d3e906

    SHA1

    56f4c6576f1e4c509a7fffa6480a76bf9bc0f41d

    SHA256

    add4a94eef33a4f29728da65bf2e1a698e389b54b8048f14b0c6db63cf389cec

    SHA512

    8c92611c772cd16dc55b7253ee48462ac5aff5dcf529f6fbe9d5b2c7f94058ee7f38918df6038253c222f49618b70a7344de29d7adabfad149d8ae76abe173f3

    Download Submit

  • C:\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.ENC
    Filesize

    16B

    MD5

    202c5020baec57ba5121eb9e3ac835c5

    SHA1

    137d68e01e37083d3aaf9d199fdee21d3bfa5d68

    SHA256

    5f91145bb3ad2cc709cea5aa3eb74e5f69ce395ab52a6cfd91833621bca538cb

    SHA512

    76e478140041401b5dfd7dc79d6c54ea22cc93fdc4161b6a1bf8eda1bf2b785fefa7eb4cec9e6a3a87f7c43d348f67b27a3fa060f185ff50e871d8f8db42bc39

    Download Submit

  • memory/512-58-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/512-59-0x0000025E71D30000-0x0000025E71D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/512-61-0x0000025E71D30000-0x0000025E71D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/512-77-0x0000025E71D30000-0x0000025E71D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/512-100-0x0000025E71D30000-0x0000025E71D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/512-103-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1600-1020-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1600-1021-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1908-198-0x00000115DCAA0000-0x00000115DCAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1908-200-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1908-155-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1908-157-0x00000115DCAA0000-0x00000115DCAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1908-159-0x00000115DCAA0000-0x00000115DCAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1908-175-0x00000115DCAA0000-0x00000115DCAB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2408-456-0x00000280FE660000-0x00000280FE662000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2408-454-0x00000280FE640000-0x00000280FE642000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2408-452-0x00000280FDBF0000-0x00000280FDBF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2408-449-0x00000280FDBC0000-0x00000280FDBC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3100-12-0x0000021225CC0000-0x0000021225D36000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3100-52-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3100-25-0x000002120D450000-0x000002120D460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3100-7-0x000002120D450000-0x000002120D460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3100-5-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3100-9-0x0000021225B10000-0x0000021225B32000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3100-48-0x000002120D450000-0x000002120D460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3100-8-0x000002120D450000-0x000002120D460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3784-1017-0x0000000002EB0000-0x0000000002EBC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3784-53-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3784-215-0x0000000001350000-0x000000000135C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/3784-1018-0x0000000002EE0000-0x0000000002EEE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3784-1-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3784-204-0x000000001BC00000-0x000000001BC10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3784-205-0x000000001BC00000-0x000000001BC10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3784-0-0x0000000000C40000-0x0000000000C68000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4196-210-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4196-208-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4260-1005-0x00000214F05C0000-0x00000214F05C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4260-411-0x00000214F0A00000-0x00000214F0A10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4260-395-0x00000214F0900000-0x00000214F0910000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4260-1012-0x00000214EFFF0000-0x00000214EFFF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4260-1008-0x00000214F0510000-0x00000214F0511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4260-430-0x00000214F02F0000-0x00000214F02F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4752-372-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/4752-214-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5076-110-0x000001C12F360000-0x000001C12F370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-126-0x000001C12F360000-0x000001C12F370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-152-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5076-149-0x000001C12F360000-0x000001C12F370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-106-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5076-108-0x000001C12F360000-0x000001C12F370000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5116-971-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5116-474-0x00007FFF56760000-0x00007FFF5714C000-memory.dmp

    Filesize

    9.9MB

    Download