8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 16:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
Size

2.9MB
MD5

4d4bbbcc3fdb84081a1bac5a53f988fb
SHA1

8c12786f829b5df824dea33e5a3da2e3959ba6a6
SHA256

8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c
SHA512

1470f1227124bae4c059422f70487d0722a8657d793f47d88fa84da130ea71aa4e767ad2c76f312048e8e1de157c7de2d5de1ff5bb9074b75e3f026c86644876
SSDEEP

49152:2kLIH+4JFrANzszGGl5BPc0CTlYT3eaFU154C4NSmkylc1if5xj/HZpFk8:zNEFrAzszZ5tCTST3eV1z4N44Vbz5pFB

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1160	x64.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4676-13076-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13077-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13078-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13079-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13081-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13083-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13085-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13089-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13087-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13091-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13093-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13095-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13097-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13100-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13104-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13102-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13106-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13108-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13110-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13112-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13114-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13116-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13118-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13120-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4676-13121-0x00000000028D0000-0x00000000028DB000-memory.dmp	upx
behavioral2/memory/4676-13122-0x00000000028D0000-0x00000000028DB000-memory.dmp	upx
behavioral2/memory/4676-13130-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26208-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26213-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26217-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26221-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26224-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26227-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26230-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26233-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26239-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26241-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26246-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26249-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26253-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26256-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26260-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26264-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26269-0x0000000002790000-0x000000000279B000-memory.dmp	upx
behavioral2/memory/4532-26274-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26275-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4532-26277-0x0000000002790000-0x000000000279B000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 32 IoCs

pid	Process
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\DrawDib	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\DrawDib\ 1280x720x32(BGR 0) = "31,31,31,31"	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
1160	x64.exe
1160	x64.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
4532	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 1160	4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe	90
PID 4676 wrote to memory of 1160	4676	8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe	90
PID 1160 wrote to memory of 632	1160	x64.exe	79
PID 1160 wrote to memory of 632	1160	x64.exe	79
PID 1160 wrote to memory of 632	1160	x64.exe	79
PID 1160 wrote to memory of 632	1160	x64.exe	79
PID 632 wrote to memory of 4532	632	winlogon.exe	92
PID 632 wrote to memory of 4532	632	winlogon.exe	92
PID 632 wrote to memory of 4532	632	winlogon.exe	92

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:632
- C:\Users\Admin\AppData\Local\Temp\8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
  C:\Users\Admin\AppData\Local\Temp\8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4532

C:\Users\Admin\AppData\Local\Temp\8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe
"C:\Users\Admin\AppData\Local\Temp\8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Users\Admin\AppData\Local\Temp\x64.exe
  C:\Users\Admin\AppData\Local\Temp\x64.exe "C:\Users\Admin\AppData\Local\Temp\8444d56bcf1461f71379c9bddff0a78018a4eb5aa993c574f8b033a5fd74bb1c.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\x64.exe

Filesize
16KB

MD5
2c938bf20d360971bae15b57e27d86d8

SHA1
772398deb3d1b2df3e435cc09096a076fefbc75a

SHA256
12aff77ff794ebc5c0d4de2db60c5196ff9c833be7ae28cb71d10713eaf0ae57

SHA512
d74550d4915900c3438cb7d5fe161237647638350f961fca23d812eededbb5fc2bb91543bd680c2af8c074ff64fc8015eed49c5774eb520cfcdca5a5303ea629

Download Submit
C:\Users\Admin\AppData\Local\Temp\x64.exe

Filesize
16KB

MD5
2c938bf20d360971bae15b57e27d86d8

SHA1
772398deb3d1b2df3e435cc09096a076fefbc75a

SHA256
12aff77ff794ebc5c0d4de2db60c5196ff9c833be7ae28cb71d10713eaf0ae57

SHA512
d74550d4915900c3438cb7d5fe161237647638350f961fca23d812eededbb5fc2bb91543bd680c2af8c074ff64fc8015eed49c5774eb520cfcdca5a5303ea629

Download Submit
memory/632-13129-0x00000252076F0000-0x00000252076F1000-memory.dmp

Filesize
4KB

Download
memory/4532-26230-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26221-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26269-0x0000000002790000-0x000000000279B000-memory.dmp

Filesize
44KB

Download
memory/4532-26264-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26260-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26256-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26253-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26249-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26246-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26241-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26239-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26237-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26233-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26275-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26274-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26227-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26213-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26217-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26224-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26208-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4532-26207-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26204-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26203-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26202-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26201-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-19016-0x00000000765E0000-0x000000007665A000-memory.dmp

Filesize
488KB

Download
memory/4532-17007-0x0000000076EA0000-0x0000000077040000-memory.dmp

Filesize
1.6MB

Download
memory/4532-13133-0x00000000761F0000-0x0000000076405000-memory.dmp

Filesize
2.1MB

Download
memory/4532-13132-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4532-26277-0x0000000002790000-0x000000000279B000-memory.dmp

Filesize
44KB

Download
memory/4532-26281-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13087-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13093-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13122-0x00000000028D0000-0x00000000028DB000-memory.dmp

Filesize
44KB

Download
memory/4676-13120-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13127-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13118-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13116-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13130-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13114-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13112-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13110-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13108-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13106-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13104-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13098-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13097-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13095-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13121-0x00000000028D0000-0x00000000028DB000-memory.dmp

Filesize
44KB

Download
memory/4676-13091-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-0-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13089-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13085-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13083-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13081-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13079-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13078-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13077-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13076-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4676-13075-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13074-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13072-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13071-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13070-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-13069-0x0000000000400000-0x0000000000954000-memory.dmp

Filesize
5.3MB

Download
memory/4676-5884-0x00000000765E0000-0x000000007665A000-memory.dmp

Filesize
488KB

Download
memory/4676-3875-0x0000000076EA0000-0x0000000077040000-memory.dmp

Filesize
1.6MB

Download
memory/4676-1-0x00000000761F0000-0x0000000076405000-memory.dmp

Filesize
2.1MB

Download