0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b

Resubmissions

30-10-2023 17:34

231030-v5qwqsgc33 7

30-10-2023 17:29

231030-v2swxsec7w 7

30-10-2023 17:08

231030-vnjfbsgb35 7

Analysis

max time kernel
220s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2023 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Size

8.3MB
MD5

91b53026267ba8f38c21f8ab856648b4
SHA1

ef13b28585a20e55bba284695e392e03362882d9
SHA256

0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b
SHA512

d674938a2e93f3cfd9b35ad4a4685c943eb3078aa76ffe69b3e539bcd0923a1abbac1077b4e9e9af79ef3a8f43acf1f08363232a9506b3142d08180777b16c3a
SSDEEP

196608:YqmEUkBfeZZwBj8r8DNIzhd61D+zHFclftIf55vUW1xona8ceoMVb8U:Yq9UaFBqzh8D+zliftIfMaxoa8ci2U

Score

7^/10

evasion spyware stealer trojan upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Loads dropped DLL 14 IoCs

pid	Process
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1056-42-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-47-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-46-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-48-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-49-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-50-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-288-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-292-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-294-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-296-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-297-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-302-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-312-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-311-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-314-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-319-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-321-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-324-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-326-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-327-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx
behavioral1/memory/1056-354-0x0000000005C80000-0x0000000005E26000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\0E57EBB8.log	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
Token: SeCreatePagefilePrivilege	1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
1056	0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe

C:\Users\Admin\AppData\Local\Temp\0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe
"C:\Users\Admin\AppData\Local\Temp\0d21084ba66020906561367b7fd3fc204065bcfdb56678e1396cb4d32df92b9b.exe"
1⤵
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\20ac61d3ad264f62823eb9b437e5ca07 /t 3672 /p 1056
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\Fusion.dll

Filesize
976KB

MD5
a8b102ddcf25af2c5bdb541b34ef8da6

SHA1
fafe243d0aee6ad2654002f2d902826251c90473

SHA256
11446e839464efb0acc862e50dc24ae025811bd2d46f119e32c577e6cebb2c81

SHA512
6d6207264e3415a75f499d57eb3bbf085052d3a2b0c3ada2bc69ed99c7935d94365237f23df5c35d5f8d1e1dc325223d25af57c4653c7e2590b4e36745b91a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\Fusion.dll

Filesize
976KB

MD5
a8b102ddcf25af2c5bdb541b34ef8da6

SHA1
fafe243d0aee6ad2654002f2d902826251c90473

SHA256
11446e839464efb0acc862e50dc24ae025811bd2d46f119e32c577e6cebb2c81

SHA512
6d6207264e3415a75f499d57eb3bbf085052d3a2b0c3ada2bc69ed99c7935d94365237f23df5c35d5f8d1e1dc325223d25af57c4653c7e2590b4e36745b91a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\StartMenu.dll

Filesize
7KB

MD5
8a8cf094137e9c56386d5cf84f936fd0

SHA1
60a0cc212e5a1ce303a028f8ddafe0989c202b8d

SHA256
2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

SHA512
d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\StartMenu.dll

Filesize
7KB

MD5
8a8cf094137e9c56386d5cf84f936fd0

SHA1
60a0cc212e5a1ce303a028f8ddafe0989c202b8d

SHA256
2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

SHA512
d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaB99D.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24063906233236\bootstrap_24757.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24063906233236\css\main.css

Filesize
6KB

MD5
9b27e2a266fe15a3aabfe635c29e8923

SHA1
403afe68c7ee99698c0e8873ce1cd424b503c4c8

SHA256
166aa42bc5216c5791388847ae114ec0671a0d97b9952d14f29419b8be3fb23f

SHA512
4b07c11db91ce5750d81959c7b2c278ed41bb64c1d1aa29da87344c5177b8eb82d7d710b426f401b069fd05062395655d985ca031489544cdf9b72fe533afa61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24063906233236\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
memory/1056-292-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-311-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-50-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-288-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-48-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-293-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/1056-294-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-296-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-297-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-302-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-46-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-47-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-312-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-49-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-314-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-316-0x00000000035A0000-0x0000000003698000-memory.dmp

Filesize
992KB

Download
memory/1056-42-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-319-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-321-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-322-0x0000000005840000-0x000000000590A000-memory.dmp

Filesize
808KB

Download
memory/1056-324-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-326-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-327-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download
memory/1056-328-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/1056-41-0x0000000005840000-0x000000000590A000-memory.dmp

Filesize
808KB

Download
memory/1056-39-0x00000000035A0000-0x0000000003698000-memory.dmp

Filesize
992KB

Download
memory/1056-354-0x0000000005C80000-0x0000000005E26000-memory.dmp

Filesize
1.6MB

Download