Overview

overview

10

Static

static

7

b9b9b2ae43...JC.exe

windows7-x64

10

b9b9b2ae43...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 11:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b9b9b2ae432c44b584d6919e552297d0_JC.exe

  • Size

    255KB

  • MD5

    b9b9b2ae432c44b584d6919e552297d0

  • SHA1

    9e64a5a6bccbff4900b071c51e2031f617a58986

  • SHA256

    1acc2f5ae7a25744f4df487293f29fea8877de9d129f928b5160df4aa3d9cc6d

  • SHA512

    30e89c0a267352b7d315b33e7f0cabdb0afe0d1207160a31ca4ebd274ce342d48a1c9e5c1d1528d126a239a01af5351c9afe65574e9fe0d4ef20be6a5a497068

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJw:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIN

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 59 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9b9b2ae432c44b584d6919e552297d0_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\b9b9b2ae432c44b584d6919e552297d0_JC.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\SysWOW64\bamoknphlb.exe
      bamoknphlb.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3812
      • C:\Windows\SysWOW64\lidfcqki.exe
        C:\Windows\system32\lidfcqki.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2480
    • C:\Windows\SysWOW64\buuqvskwqghjnhv.exe
      buuqvskwqghjnhv.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:440
    • C:\Windows\SysWOW64\ekdtvafaevxsq.exe
      ekdtvafaevxsq.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1808
    • C:\Windows\SysWOW64\lidfcqki.exe
      lidfcqki.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1032
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
          Filesize

          255KB

          MD5

          5dddb994dc2a5e5dcec2c48e3a1b862d

          SHA1

          8480eb0bc8f0b2dc198553745e33572a596a5f42

          SHA256

          5eccf6370a62e402160764e6b6cba78bdaf95925d4b103f7cb12ae83c4942bc5

          SHA512

          53634ca5826ea8f48500614d498c82cf444964404d6e35d6924acd746cab1d4821ab6ed933ecf9024ce30a52a8677153bd2d008765f40310f32c256f701e17db

          Download Submit

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
          Filesize

          255KB

          MD5

          0120b1ba4a0054ae7b4642ee24ff05be

          SHA1

          4cce0376fe9701585fdfe8e60322d421b5c474c0

          SHA256

          a36232d0d64253810fb5f91c14e49837e43845d7ff5786d7853a869df42d129a

          SHA512

          3474e281a7085917cd1011f3a9d6ec49a219f9a075ee279f4f6093425fd353cc2c01f41c967590c6ab58a17068a27526cc322527c991b86585400c359ff47fab

          Download Submit

        • C:\Users\Admin\AppData\Roaming\AssertRequest.doc.exe
          Filesize

          255KB

          MD5

          3ecdbad0066199917f8f5e464ac3a3b5

          SHA1

          82e580a549cec4479518411187dda070a7197a80

          SHA256

          68034b364670bf1341c4eea3317ddea5a891efdbd3223f1ed31380eab02d00de

          SHA512

          ffed9b0437976e51d941f7c93f0ef2b0a4a6fe103d723066d1246ca5a93d84095df5c5bfc212eb78af5311658fc4073997c43fe0b9ad87875acad9464ad2df0f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
          Filesize

          239B

          MD5

          49f74cc177ed54cfe3ef5b6f015ab77c

          SHA1

          69b1509d8bcc7dfe19224e0f66dcec720f458332

          SHA256

          675674eeb50c03efc58bd6165ef88f59408d56c7e7ddfa8d1a61bb264df26112

          SHA512

          40eba13830b310ab6345a0e5b713f5df8023b7c38058dda21f390b949134bfaecddef802ff0297d27f7f4da99cc872c6c5eaa15f7ed2d84bc54c653d888cc67f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          da009acb522f17a868a3e757e179da9a

          SHA1

          c28280f30878351c18e782d30e8461da2e3b12ee

          SHA256

          b2de3d14bebf07a6b2f0659a51c5488747d5a24011d762c4367bd1db4248cf3b

          SHA512

          ef16448f7af5481175daa1c6ff07611c2538ae7d05907c3faee0473f77cc2f206e255d2aa1a83422fddfde9d335580cc875af2684987ccc321bb6fa7bdf949e0

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          910c1c3e97c7b7b29b50a0d7ea01ac3d

          SHA1

          5ef691aa040498f8fd8b29c76c22bdce3cc1ee04

          SHA256

          d01968c0212f7d144b3e3bf54a59cf72801e2ea9bcc95098b561ea789a30ac3d

          SHA512

          f08ef7d13e5d1f71115e8ed358774f5fda1b24e5362291f1da9c775c770ca301e591d808c1674e799e9eb62637d7a7d0600b2cb165809b4c1261838368d530b3

          Download Submit

        • C:\Windows\SysWOW64\bamoknphlb.exe
          Filesize

          255KB

          MD5

          741bc1345b6ffcc415c357f1770f4da3

          SHA1

          3bc464a94c1bc828c3b7f286cd7e9255b0c7bf57

          SHA256

          cef0b19ce9fb65d58fc3ec571511e47c2e362a3fecc00f367dc1d0ebc33549ba

          SHA512

          5f2b706ea5e2e873383f6c2d2ec4e1c9b95ca0e135fc2c48a8bc8135c176c19120b99d9705b62bc05199921368a1fce67f790f8af21d944680c22dd18ce32455

          Download Submit

        • C:\Windows\SysWOW64\bamoknphlb.exe
          Filesize

          255KB

          MD5

          741bc1345b6ffcc415c357f1770f4da3

          SHA1

          3bc464a94c1bc828c3b7f286cd7e9255b0c7bf57

          SHA256

          cef0b19ce9fb65d58fc3ec571511e47c2e362a3fecc00f367dc1d0ebc33549ba

          SHA512

          5f2b706ea5e2e873383f6c2d2ec4e1c9b95ca0e135fc2c48a8bc8135c176c19120b99d9705b62bc05199921368a1fce67f790f8af21d944680c22dd18ce32455

          Download Submit

        • C:\Windows\SysWOW64\buuqvskwqghjnhv.exe
          Filesize

          255KB

          MD5

          b972e59e05259514d0a091cc2fcbd1d2

          SHA1

          ab012eba18612b25eba25524515b02cee13c8c52

          SHA256

          2b3e5a99a5d667e854905a8741fe3e5aadf25ba64ba0602519992bea0d2bfeba

          SHA512

          5b7ce7daa8ebd6b46a4d705915fde1fdb452cd9cec82a05fdc04c6772fd3e781b6fe9afaf10d33e4fa95f0b555defe94385cec722ac0f6e7bec6e0dd330a947c

          Download Submit

        • C:\Windows\SysWOW64\buuqvskwqghjnhv.exe
          Filesize

          255KB

          MD5

          b972e59e05259514d0a091cc2fcbd1d2

          SHA1

          ab012eba18612b25eba25524515b02cee13c8c52

          SHA256

          2b3e5a99a5d667e854905a8741fe3e5aadf25ba64ba0602519992bea0d2bfeba

          SHA512

          5b7ce7daa8ebd6b46a4d705915fde1fdb452cd9cec82a05fdc04c6772fd3e781b6fe9afaf10d33e4fa95f0b555defe94385cec722ac0f6e7bec6e0dd330a947c

          Download Submit

        • C:\Windows\SysWOW64\buuqvskwqghjnhv.exe
          Filesize

          255KB

          MD5

          b972e59e05259514d0a091cc2fcbd1d2

          SHA1

          ab012eba18612b25eba25524515b02cee13c8c52

          SHA256

          2b3e5a99a5d667e854905a8741fe3e5aadf25ba64ba0602519992bea0d2bfeba

          SHA512

          5b7ce7daa8ebd6b46a4d705915fde1fdb452cd9cec82a05fdc04c6772fd3e781b6fe9afaf10d33e4fa95f0b555defe94385cec722ac0f6e7bec6e0dd330a947c

          Download Submit

        • C:\Windows\SysWOW64\ekdtvafaevxsq.exe
          Filesize

          255KB

          MD5

          3d888a04a4a4852ee3e7f675b448fc5a

          SHA1

          47e20aa37f13081ebfed0efc5b776f49e1c3a3d0

          SHA256

          d3f6f58b13611a56dff462103091890273938cf30a333433b07784b9fd48d029

          SHA512

          a3415c49036552a9510dbc73c8c3c632162c3e9ca30026a294996ad7f419e9a7af078f7a4daed65032756a79e88c31477c4ba397539c35cb31f641bfab5a1396

          Download Submit

        • C:\Windows\SysWOW64\ekdtvafaevxsq.exe
          Filesize

          255KB

          MD5

          3d888a04a4a4852ee3e7f675b448fc5a

          SHA1

          47e20aa37f13081ebfed0efc5b776f49e1c3a3d0

          SHA256

          d3f6f58b13611a56dff462103091890273938cf30a333433b07784b9fd48d029

          SHA512

          a3415c49036552a9510dbc73c8c3c632162c3e9ca30026a294996ad7f419e9a7af078f7a4daed65032756a79e88c31477c4ba397539c35cb31f641bfab5a1396

          Download Submit

        • C:\Windows\SysWOW64\lidfcqki.exe
          Filesize

          255KB

          MD5

          ff8ecc4b0da22a7b6acded8afa5f0961

          SHA1

          5383565d05361b3d7d7a9a3e576470f206141916

          SHA256

          6f3c96a2e711882a8c5d2bac6aee85403cc052e2ddf49e5d04458b44d8eff22b

          SHA512

          bea9a37c2890a4d752097aff098ced4f28e3da05b493e0d7ec3e9afc7c725e34bfdbd2c998f17adaab8c9cfdcc75159a0edb3884ffb7488f86bf38a447ab08c6

          Download Submit

        • C:\Windows\SysWOW64\lidfcqki.exe
          Filesize

          255KB

          MD5

          ff8ecc4b0da22a7b6acded8afa5f0961

          SHA1

          5383565d05361b3d7d7a9a3e576470f206141916

          SHA256

          6f3c96a2e711882a8c5d2bac6aee85403cc052e2ddf49e5d04458b44d8eff22b

          SHA512

          bea9a37c2890a4d752097aff098ced4f28e3da05b493e0d7ec3e9afc7c725e34bfdbd2c998f17adaab8c9cfdcc75159a0edb3884ffb7488f86bf38a447ab08c6

          Download Submit

        • C:\Windows\SysWOW64\lidfcqki.exe
          Filesize

          255KB

          MD5

          ff8ecc4b0da22a7b6acded8afa5f0961

          SHA1

          5383565d05361b3d7d7a9a3e576470f206141916

          SHA256

          6f3c96a2e711882a8c5d2bac6aee85403cc052e2ddf49e5d04458b44d8eff22b

          SHA512

          bea9a37c2890a4d752097aff098ced4f28e3da05b493e0d7ec3e9afc7c725e34bfdbd2c998f17adaab8c9cfdcc75159a0edb3884ffb7488f86bf38a447ab08c6

          Download Submit

        • C:\Windows\mydoc.rtf
          Filesize

          223B

          MD5

          06604e5941c126e2e7be02c5cd9f62ec

          SHA1

          4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

          SHA256

          85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

          SHA512

          803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          255KB

          MD5

          77821bf03dc91f9f05973a938cde11e9

          SHA1

          2c2bfeb2e8106c779d4bc012752462141aed5fe2

          SHA256

          5a19c832ab7c83f3ba39b5731a452e72fab93601fac97299c9856ee3c461584e

          SHA512

          19615264ad8a81770253d21f2e14e880ef46759380612ec96e89c919427dc9f43e22a68b8721262c36a33f300806d3dc4121d84d58cc3967bbd2fbf266a56992

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          255KB

          MD5

          5de72daf3a08dbbd333b03519bf80556

          SHA1

          cd2c4d7398a39ea96e385069ad2530b970feb89d

          SHA256

          5d78054e5fde1b5a545e090030ec91e98809a60fcfd6b7a5c38c12563a3a870b

          SHA512

          fa306c8816f4ac6739b0a0d21878fe189e27862ee65b95a308cdc8c1f9e264de04ce2295dae21720c4b59984bbf5a95a6508df23b2871c6db1ee0b55d2f3469b

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          255KB

          MD5

          5de72daf3a08dbbd333b03519bf80556

          SHA1

          cd2c4d7398a39ea96e385069ad2530b970feb89d

          SHA256

          5d78054e5fde1b5a545e090030ec91e98809a60fcfd6b7a5c38c12563a3a870b

          SHA512

          fa306c8816f4ac6739b0a0d21878fe189e27862ee65b95a308cdc8c1f9e264de04ce2295dae21720c4b59984bbf5a95a6508df23b2871c6db1ee0b55d2f3469b

          Download Submit

        • memory/440-166-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-107-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-150-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-117-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-143-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-112-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-125-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-160-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-155-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-77-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-135-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/440-73-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-118-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-75-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-108-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-156-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-78-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-151-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-136-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-161-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-113-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1032-126-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-79-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-162-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-127-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-30-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-168-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-74-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-157-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-109-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-119-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-152-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-137-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-145-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1808-114-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-110-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-128-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-115-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-163-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-158-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-120-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-153-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-148-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-141-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-80-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2480-82-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2732-39-0x00007FFE24250000-0x00007FFE24260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-34-0x00007FFE24250000-0x00007FFE24260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-83-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-192-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-191-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-190-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-46-0x00007FFE21B90000-0x00007FFE21BA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-84-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-188-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-45-0x00007FFE21B90000-0x00007FFE21BA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-44-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-81-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-36-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-40-0x00007FFE24250000-0x00007FFE24260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-43-0x00007FFE24250000-0x00007FFE24260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-42-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-38-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2732-37-0x00007FFE24250000-0x00007FFE24260000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2732-41-0x00007FFE641D0000-0x00007FFE643C5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3812-124-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-21-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-134-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-159-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-116-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-149-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-106-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-165-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-154-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-76-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-111-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-142-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3812-51-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/5080-35-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/5080-0-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download