920841766c2da541592a0ae874c8528cdb6b3009b5f1873c4d19bacbb116ac40

Analysis

max time kernel
121s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2023, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DeadCodeLauncher.exe
Size

9.0MB
MD5

ac8388a792b0401fd6621e760f4c7794
SHA1

47c13ebdb00cbb8e0ec71c5b0a6070accc2293c0
SHA256

920841766c2da541592a0ae874c8528cdb6b3009b5f1873c4d19bacbb116ac40
SHA512

51596efeefd0a877d35783a68d389c7e498e26684c2e4bc49045a4a2644c3f7b8561a7593e030a750b86b1dc1c1a038c2a17080ffb1510afa25a78304c51f321
SSDEEP

196608:eewLDETe6rklPsowwaEAIrpOZOu83ifnZfBZQHwKP6pFbOpaC:92gxASg1h1Owu83iflBZSwKAFbO8C

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5052	DeadCodeLauncher.exe
5052	DeadCodeLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DeadCodeLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	DeadCodeLauncher.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5052	DeadCodeLauncher.exe
5052	DeadCodeLauncher.exe
5052	DeadCodeLauncher.exe
5052	DeadCodeLauncher.exe
1572	msedge.exe
1572	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5052	DeadCodeLauncher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3992	5052	DeadCodeLauncher.exe	91
PID 5052 wrote to memory of 3992	5052	DeadCodeLauncher.exe	91
PID 3992 wrote to memory of 2168	3992	msedge.exe	92
PID 3992 wrote to memory of 2168	3992	msedge.exe	92
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1016	3992	msedge.exe	94
PID 3992 wrote to memory of 1572	3992	msedge.exe	93
PID 3992 wrote to memory of 1572	3992	msedge.exe	93
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95
PID 3992 wrote to memory of 4636	3992	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\DeadCodeLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\DeadCodeLauncher.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vk.com/im?sel=-205559998
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8e62246f8,0x7ff8e6224708,0x7ff8e6224718
    3⤵
    PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1321154491561495222,13815201750870118786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1321154491561495222,13815201750870118786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1321154491561495222,13815201750870118786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1321154491561495222,13815201750870118786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
    3⤵
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1321154491561495222,13815201750870118786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
f6e0ead0f5f52bf0c29a65bbe3260642

SHA1
970ee59df78453f5683f215bd3fa9e847da8522b

SHA256
9d65be1095af5f4224ed0834e86c967c3f13e244cc0dff82ae3e0a6e7da75a3a

SHA512
3c9cccbafd474fff3e1cc078cca17169997f74f3c058b9b5db3e6bf8ef717cf729ca408aac4fcd94784377e2d62ef8c5abec1214ec8c25b7393f5ddf298d6725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
389B

MD5
1524406c7fd990d38250f6ba3ca66b98

SHA1
3c2e16adedc292e24f665aa4514320cb37852fad

SHA256
a63cdc4c2ef0febddaf18c229967a246df6e11841dee5a0f5e583926d69852fa

SHA512
43b688a4b6f3c388f09fcf0c41f840423dba9926ef079c7f014a18722cb81065fcae32d179f0416d7cfb8a6b55d006ade7a799a13ef968d7a7d705807ac66035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44e1431688c80b60d43d40a478f191db

SHA1
f7c54fa67f62268d6336bd172f8f900b32a3bf8f

SHA256
e8e61752d8d3495b833ffd121a3f138dd7ca417f0449ed450a16c24e7b09ed19

SHA512
5f4eccea8665e4385fc86273e410956a6db39061f14cd41a7823eea5fa52c9b6e2b2f840722aee5eba3068a382caee3f257d0406e3ee8d971a810e4847663dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95db0663bcbcf1eb6a509dfe8782223f

SHA1
f70578d042b045244f8143d62fa8a38215a65be8

SHA256
60ac7b2fbc66a6e729c28983fdb53381bec619c0cdf852437afae1ed681a3ad7

SHA512
82ab3e5884ef72bc83e61b3c8ddd1539ad9e599f8a1da09da97e187e00c9c252cbbd72d62b5714ffae59bd8440f036b63e351c2c0a9d6f519d9bff9b6da43623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bd1d429d3690980c841bc2dda0d4997a

SHA1
dfcbe420f2ddc5cb6cb60d6b3cc70042ac61c0e3

SHA256
e9baa252ea18f0709dd3798cb6c3396330dc053efde4db07622aa7f10f21b202

SHA512
5c3fa20392968400c1a3acd4ea2ffea0db7b435d6dcf318abdd81111c3abf1f94a254998fb4cad842104d3aba6ca9fcdc91cc85407e16193dfda1dc682001b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1212.TMP

Filesize
48B

MD5
7dede717084f78541d2f46f0bc875fe4

SHA1
79764200ad41079bd7bc700ad22a57cf68b820dc

SHA256
e0a6fd6f18c76cac4a70193ec55b8e401b718f54758d36436d592333d40a737e

SHA512
77dde5d11bfe585f13056875dbf293d05d4a8d6b2e259418502f527d27d3332477a748ac862dc05f2c8d5853ede2e7f4cbef31a40b90a9638de7a95d27df14f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca4a9818-3ae6-4af3-801c-2c3772daafd1.tmp

Filesize
24KB

MD5
1df9e6cd741c4046893bb3885c06debc

SHA1
dbbad127c0b5d146a26712154ebc21b36c1cd2ef

SHA256
8fcefa91b4e2988814d84652f6e31722fd37cf3f7acaf3e45ecfb5e6bcc710b7

SHA512
89538188d6458c45b9f238f02d7aad5070f19d983be9edf93a99f3eb1e543a0d96976b0148ce2c2024b152366d6379594d0cbd7e7da3df1188c95172fde6eea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
824d55f3174a92b398feb9e230498fdc

SHA1
717b48ccb02086c39f7e3cbbb061f9c7d2097960

SHA256
a921393b9765e3f2b80fa2e024a123577c66bddaadf7e8ba981a549fb7bb516e

SHA512
341c909d89d5c3f7eee6f03d045ade5c9477d1cbf6ef13c6b8bea0e4319d7a2c3647a31d70f017b12de83eac38e54060f854abb9417b4f5e96cf6aac7e05d81f

Download Submit
memory/5052-28-0x00007FF8FA990000-0x00007FF8FA992000-memory.dmp

Filesize
8KB

Download
memory/5052-35-0x00000000021F0000-0x0000000002453000-memory.dmp

Filesize
2.4MB

Download
memory/5052-10-0x00007FF8FA890000-0x00007FF8FA892000-memory.dmp

Filesize
8KB

Download
memory/5052-11-0x00007FF8FA8A0000-0x00007FF8FA8A2000-memory.dmp

Filesize
8KB

Download
memory/5052-12-0x00007FF8FA8B0000-0x00007FF8FA8B2000-memory.dmp

Filesize
8KB

Download
memory/5052-13-0x00007FF8FA8C0000-0x00007FF8FA8C2000-memory.dmp

Filesize
8KB

Download
memory/5052-14-0x00007FF8FA8D0000-0x00007FF8FA8D2000-memory.dmp

Filesize
8KB

Download
memory/5052-16-0x00007FF8FA8E0000-0x00007FF8FA8E2000-memory.dmp

Filesize
8KB

Download
memory/5052-17-0x00007FF8FA8F0000-0x00007FF8FA8F2000-memory.dmp

Filesize
8KB

Download
memory/5052-15-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-18-0x00007FF8FA900000-0x00007FF8FA902000-memory.dmp

Filesize
8KB

Download
memory/5052-20-0x00007FF8FA920000-0x00007FF8FA922000-memory.dmp

Filesize
8KB

Download
memory/5052-19-0x00007FF8FA910000-0x00007FF8FA912000-memory.dmp

Filesize
8KB

Download
memory/5052-22-0x00007FF8FA940000-0x00007FF8FA942000-memory.dmp

Filesize
8KB

Download
memory/5052-24-0x00007FF8FA950000-0x00007FF8FA952000-memory.dmp

Filesize
8KB

Download
memory/5052-25-0x00007FF8FA960000-0x00007FF8FA962000-memory.dmp

Filesize
8KB

Download
memory/5052-26-0x00007FF8FA970000-0x00007FF8FA972000-memory.dmp

Filesize
8KB

Download
memory/5052-23-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-5-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-27-0x00007FF8FA980000-0x00007FF8FA982000-memory.dmp

Filesize
8KB

Download
memory/5052-30-0x00000000021F0000-0x0000000002453000-memory.dmp

Filesize
2.4MB

Download
memory/5052-29-0x00007FF8FA9A0000-0x00007FF8FA9A2000-memory.dmp

Filesize
8KB

Download
memory/5052-21-0x00007FF8FA930000-0x00007FF8FA932000-memory.dmp

Filesize
8KB

Download
memory/5052-6-0x0000000002000000-0x000000000204E000-memory.dmp

Filesize
312KB

Download
memory/5052-36-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-40-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-41-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-42-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-43-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-44-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-45-0x0000000002000000-0x000000000204E000-memory.dmp

Filesize
312KB

Download
memory/5052-46-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-53-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-54-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-55-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-56-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-57-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-58-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-59-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-60-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-4-0x0000000002000000-0x000000000204E000-memory.dmp

Filesize
312KB

Download
memory/5052-2-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-3-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-0-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-1-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-61-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download
memory/5052-150-0x0000000140000000-0x0000000141A31000-memory.dmp

Filesize
26.2MB

Download