1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c

Analysis

max time kernel
122s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe
Size

6.9MB
MD5

9ae278078c8cde673ce79e591a0b439d
SHA1

967e04499dd986627fea2a0e559bd2c51a7a50ae
SHA256

1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c
SHA512

cd6c03b13458c85279902d6146c1c561d812ca797b8f15ef5500c06a290f151edea2a7a4f12611e784fcf323b36bbac2f0ed7800d9d6526998cbd245a32541ae
SSDEEP

196608:QH/2cOhoGEpX+jRFRvz29jgM7+3Utny3r/mvZO0agzj:FcOhoGE1ArRvqlgM7xtAT0Hzj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
3060	wmaformat.exe
4428	wmaformat.exe

Loads dropped DLL 3 IoCs

pid	Process
3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	141.98.234.31

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VCTMB.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\lessmsi\is-DKSUS.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\is-U7V2S.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-6F713.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MJTAU.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-K6C8F.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-L0MVA.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-MGDBJ.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-TAFN6.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-65231.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-K0ULH.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-CI8QJ.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VFQED.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VHIVH.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-LE0T3.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-2TJQN.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-GR98P.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-Q66O7.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-G1GNK.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-11N8O.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-HOFJS.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VQ2KO.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-JTP13.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-E3P0B.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-4GIHU.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-ODTO4.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-NRLCU.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-BPD2G.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-ITKNT.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-S6K30.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-P5NHV.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-PBTS6.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-76I6Q.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2NTB2.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\wmaformat.exe	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-A1RLN.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-AGMRR.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-DEQTC.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-T1S9B.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-R28RC.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-EE2OH.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-7236F.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-7GBMV.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-E6FNG.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-H32CK.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-798BA.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1287D.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-AK3DF.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-T0DUV.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-GGG42.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\is-F1EHA.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-5K7OK.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-Q0TLV.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-RO09S.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-72CBU.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0GDKV.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0G2G8.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2F0L8.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-BBAUB.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-82J8S.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-TUF1H.tmp	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3920	1832	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe	23
PID 1832 wrote to memory of 3920	1832	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe	23
PID 1832 wrote to memory of 3920	1832	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe	23
PID 3920 wrote to memory of 2496	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	46
PID 3920 wrote to memory of 2496	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	46
PID 3920 wrote to memory of 2496	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	46
PID 3920 wrote to memory of 3060	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	45
PID 3920 wrote to memory of 3060	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	45
PID 3920 wrote to memory of 3060	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	45
PID 3920 wrote to memory of 4852	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	41
PID 3920 wrote to memory of 4852	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	41
PID 3920 wrote to memory of 4852	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	41
PID 3920 wrote to memory of 4428	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	40
PID 3920 wrote to memory of 4428	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	40
PID 3920 wrote to memory of 4428	3920	1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp	40
PID 4852 wrote to memory of 4820	4852	net.exe	39
PID 4852 wrote to memory of 4820	4852	net.exe	39
PID 4852 wrote to memory of 4820	4852	net.exe	39

C:\Users\Admin\AppData\Local\Temp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe
"C:\Users\Admin\AppData\Local\Temp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\is-FBVRT.tmp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-FBVRT.tmp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp" /SL5="$4020E,6982471,68096,C:\Users\Admin\AppData\Local\Temp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3920
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -s
    3⤵
    - Executes dropped EXE
    PID:4428
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 11
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4852
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -i
    3⤵
    - Executes dropped EXE
    PID:3060
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Query
    3⤵
    PID:2496

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 11
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
79KB

MD5
f28d048ebef312a591dae650776ee926

SHA1
2da8cf2c5505741f7395407e03e7306151d24b99

SHA256
cb4ca89f320dc53a04491ebee8378f909dd1b67b60605ffa31d1e2a50ce2fbf4

SHA512
52964cb3878f4eb3e68bf804d52052c7b90950f475cd54b8fb3000b4f2b0aa8e3e1b7a6e47acf0b8ba022b210285ba4e4af05c2bd48f5bd791619cfed9ae179d

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
61KB

MD5
98d343d1ad6ae58b7e18f6c788ed9755

SHA1
6a94bccc08907fc7d7e6ff9edd8e4b29a3f4dc05

SHA256
681a9e58e27bf3a772771165c2c4e498003a6302f649443312d7da57dd563779

SHA512
40f56f0437a1afe1be081d35a0c56cf6946ec0a6598b6362fabc63438dc9fe9a452f3db112c8f3a9b3f9df5d69e9c02a70fb64cab0e1f44556092e9466af50c1

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
35KB

MD5
01e506612f141d9dda67183420e54376

SHA1
1a1bfd5731eea3ebecf19216aaa7421a85496f21

SHA256
fe9f396501ffb3d1ff4733c16d7b5c661bad94a8b5495b77d878ebf7722078e9

SHA512
41095525547ae5412dfa72b889670a2a9d1801b6de8553baca92d70cc0f816df7bd035b87d49c2ad89008555b9fc52d81005c5ed1469e48060b06ea2c841fa9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FBVRT.tmp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp

Filesize
149KB

MD5
dfe451f832e84558eb81c75c3e54f491

SHA1
d77c7e2198e7d57e928920b5fb7ae11ab23de8ed

SHA256
2923b317dfe81489e50f85eee44627439d2a88ccc484090efbffd2af8a8d7823

SHA512
2c38ea07df25cc37750d35bdf6507b9f3e9fb973991a6793c555c2b6de7520e2c604b35c52c9198e8687b985e40fea959e93901ca78d7f29a4d001df10e81335

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FBVRT.tmp\1df28f1053d2707721114eb417762c0d51840f948803e6a36abaf288324fab8c.tmp

Filesize
119KB

MD5
0f02000343ff2d99f94165c90c77b859

SHA1
5fffe7c808947ac670af3e9d3c79799851e13f3e

SHA256
7cc6004ca522c18a1717fedde271da49bf3cbe228c2223eb209a77f180ad6e55

SHA512
f24c5603d4f9d953df673e04b43b368c2c15e8da6ee81f5172acafb717574e57f0ed8ff36e635324b03a07fda2132088a508b09f270f0287a70e15c074d56430

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TQK7H.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TQK7H.tmp\_isetup\_isdecmp.dll

Filesize
19KB

MD5
3adaa386b671c2df3bae5b39dc093008

SHA1
067cf95fbdb922d81db58432c46930f86d23dded

SHA256
71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

SHA512
bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

Download Submit
memory/1832-159-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1832-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1832-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3060-155-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3060-154-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3060-152-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3060-150-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3920-162-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/3920-160-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3920-10-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/4428-165-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-184-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-166-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-158-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-169-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-172-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-175-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-179-0x00000000025F0000-0x000000000268E000-memory.dmp

Filesize
632KB

Download
memory/4428-178-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-161-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-187-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-188-0x00000000025F0000-0x000000000268E000-memory.dmp

Filesize
632KB

Download
memory/4428-191-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-194-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-197-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-201-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-204-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4428-207-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download