b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953

Analysis

max time kernel
147s
max time network
148s
platform
windows10-1703_x64
resource
win10-20231129-en
resource tags

arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
submitted
11-12-2023 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe
Size

6.9MB
MD5

a3ef92d89d78fa675d7e149661fec2cc
SHA1

ae2bd2264a45cd3bde1efc05822a47dedcd9ff97
SHA256

b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953
SHA512

5f8cd2be180d0348d9297bc3077389fa5a920edfe6c574defc149c8733acba10a5c3eb3a6d97fefc0082c7d95fef272b9ec605f0a79ebf08d76b186030a24dcf
SSDEEP

196608:eH/2cOhoGEpX+jRFRvz29jgM7+3Utny3r/mvZO0agzj:bcOhoGE1ArRvqlgM7xtAT0Hzj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
3996	wmaformat.exe
2264	wmaformat.exe

Loads dropped DLL 3 IoCs

pid	Process
1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	81.31.197.38

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-UUP72.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\wmaformat.exe	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-BU8FV.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-9MK7C.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MQCSI.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-IHTJ7.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-3C32J.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-Q78IM.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-PEIH9.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2JILN.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-NR1JI.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-D5BJO.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2ENV5.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-8J7KA.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-AQBB0.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-FBEPB.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-PU89I.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1LGGR.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-E3774.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-9SGQ9.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-3QRAS.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-N92SQ.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-CQACK.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-A52BR.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0M3EJ.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-9I1FH.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-D5RE2.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-S1LUP.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-PB92S.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-O5N5U.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-H7BCC.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MR67O.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\lessmsi\is-VDKC6.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-QV6MH.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VMMU7.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MEP64.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MEU06.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\is-P3DSM.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\is-UN0RK.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-QLI7I.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-7U576.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-G1RRN.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-ELFKS.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-50HVS.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2G00V.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-KGFA0.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-U7MB5.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-EVGET.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-41574.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-J3HAE.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-979ES.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-OA896.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-JE3L2.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-63G50.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-DF8LJ.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-OAM1A.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-D1KOG.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-7VURO.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-4ECDS.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2D8L9.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-KUHHJ.tmp	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 1592	5016	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe	74
PID 5016 wrote to memory of 1592	5016	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe	74
PID 5016 wrote to memory of 1592	5016	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe	74
PID 1592 wrote to memory of 3324	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	75
PID 1592 wrote to memory of 3324	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	75
PID 1592 wrote to memory of 3324	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	75
PID 1592 wrote to memory of 3996	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	77
PID 1592 wrote to memory of 3996	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	77
PID 1592 wrote to memory of 3996	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	77
PID 1592 wrote to memory of 2528	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	80
PID 1592 wrote to memory of 2528	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	80
PID 1592 wrote to memory of 2528	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	80
PID 1592 wrote to memory of 2264	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	78
PID 1592 wrote to memory of 2264	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	78
PID 1592 wrote to memory of 2264	1592	b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp	78
PID 2528 wrote to memory of 1220	2528	net.exe	81
PID 2528 wrote to memory of 1220	2528	net.exe	81
PID 2528 wrote to memory of 1220	2528	net.exe	81

C:\Users\Admin\AppData\Local\Temp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe
"C:\Users\Admin\AppData\Local\Temp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Users\Admin\AppData\Local\Temp\is-RU32J.tmp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RU32J.tmp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp" /SL5="$6022A,6982471,68096,C:\Users\Admin\AppData\Local\Temp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Query
    3⤵
    PID:3324
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -i
    3⤵
    - Executes dropped EXE
    PID:3996
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -s
    3⤵
    - Executes dropped EXE
    PID:2264
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 11
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 11
      4⤵
      PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
1.8MB

MD5
c343c906aaa2e2ac5b3ae9ab154c80a4

SHA1
b1ed930436a743821a403f3c185a222f41a2af44

SHA256
ea6a69b2b6f3893ac9963afcb168abc24e5c879ea1c600f6c54723564bfbe135

SHA512
df1ebb33e8675a5decd77cc66ba0befb7dad77442b5447009301123e868332a520dca4177b7db2fa9e39846b916daa2e77b172e238a251b80a40990931a94eb6

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
779KB

MD5
e0fe942431d40de5f2393a7916d766e0

SHA1
618fe58ee52aecc5fcffd3f4de18d56629767d2c

SHA256
ad79770fe65874a5781d7d1c86776529587ebe653405d1d3c0fbaf8fc49e1b3d

SHA512
17b8f624f14fc2e74a8c8f75c28ba08d2f5c97a3f55ace36ba5d2982b8b32d036746123f4ad8a465631839878533446ac062dda72fa39bd767b63ab994d9226c

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
999KB

MD5
be9c5eb02bb9bbe688cf95469ce8f374

SHA1
df662ca533d6fa2b400a09c4a2ad7e42e1ad15e8

SHA256
10bd6b50c581fc21ada1e84b31e297a6c9e0da78b5ba56239e6f539811c8f893

SHA512
f170c09050a167d7da0d90146269d80be54571142459c1919e542afaed241d24c443e100c27fcd66f59f951ed506b4bedc96405d7c7f865f17d6a4861b81e224

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RU32J.tmp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp

Filesize
487KB

MD5
a20cc9a2625015f7f12696443c5d9798

SHA1
a779769a7f1bb75f766ff57b49b3463eb45b95bf

SHA256
ec529d685b7568592a52c3cf79553acdd4fe4ead8446e6109b84312ee31a0ac8

SHA512
ca5ec3a467746de5f634eaafbe790abbc98f5eaab86b13ab176cd389ea3103775582b7614118384f1c4e7eff6f21270c1458cd42f2df806e8cbd8e16cdf23cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RU32J.tmp\b0bca4d446cf360af30a126021049f2eeeba7722d2b4404621511bd3a9f66953.tmp

Filesize
256KB

MD5
9c45ecddc88af97bb03f0c8435ddb19c

SHA1
bbcd0f75a2987ab2e77cd4468cd0a36647396da6

SHA256
53692a8e54d67b6d007fc81a2dc85ea37406ff1cd2cfc5922367487002d6df3e

SHA512
b9265babeba45dd0a4347525f1836e95df232c4876178d757cbcc59f1abc892b0a8720194a91bef2d1ab1054803016f5fb6271f64a6ec19eb11487737482606d

Download Submit
\Users\Admin\AppData\Local\Temp\is-9CJ60.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
\Users\Admin\AppData\Local\Temp\is-9CJ60.tmp\_isetup\_isdecmp.dll

Filesize
19KB

MD5
3adaa386b671c2df3bae5b39dc093008

SHA1
067cf95fbdb922d81db58432c46930f86d23dded

SHA256
71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

SHA512
bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

Download Submit
memory/1592-163-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1592-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1592-161-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2264-183-0x00000000007B0000-0x000000000084E000-memory.dmp

Filesize
632KB

Download
memory/2264-189-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-209-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-206-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-157-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-159-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-203-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-199-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-162-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-196-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-166-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-167-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-170-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-173-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-176-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-178-0x00000000007B0000-0x000000000084E000-memory.dmp

Filesize
632KB

Download
memory/2264-182-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-193-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-186-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2264-190-0x00000000007B0000-0x000000000084E000-memory.dmp

Filesize
632KB

Download
memory/3996-154-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3996-151-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3996-152-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3996-155-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/5016-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5016-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5016-160-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download