05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
11/12/2023, 10:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe
Size

6.9MB
MD5

81df7e0f2ff4f1b3ea55dad10be6a532
SHA1

186f339bb68b185e281b98d787a041679fa94a96
SHA256

05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f
SHA512

75d1200e9741048d8a2e3a90ccb7b2345ca91683856543a91c949c39b42dd67d41c81ac7bf0bba299181951c474289fc8e7728a2f89ccba26761bb8c2e860ddf
SSDEEP

98304:VCtQAsI29jHcxWjRTp6azZzB8hi4ZoEiAmP+xhctqd60dVADjhSF1O8lw3kBL7l7:KstjRJ/4ZoSQQhtd6sWDlSrM0BLRrzj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
2384	wmaformat.exe
3948	wmaformat.exe

Loads dropped DLL 3 IoCs

pid	Process
876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	45.155.250.90

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-SOO2R.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-Q6LIA.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-5H5FU.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1BJRV.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-J0R3J.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-VHS75.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1VP7L.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-D4H51.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-8BFQJ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-NPTQ3.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-LUGJR.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-2M412.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-35V46.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-NU5LH.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0IHDS.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-CT1FA.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-BGD8E.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-EAH2S.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0UR32.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-V786S.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-CK1PI.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\lessmsi\is-5306J.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-NCORQ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-Q5JMM.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-QVS1M.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-D55C3.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-3NQFF.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-SOD3Q.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-9L7S3.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-3CP28.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\wmaformat.exe	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-Q7GJJ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-SP5QM.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\plugins\internal\is-4IPO6.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0ATT1.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-0FD9S.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-291D0.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0E263.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File opened for modification	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1C374.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\unins000.dat	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-OPK1C.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-O2HBP.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-BKG1P.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-DQ6QQ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-CMUCA.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-N1NU2.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-0J5FN.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-AR311.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-AQ5LM.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-H276R.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-DHOBV.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-4F3R2.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-ALIL0.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\stuff\is-O6A1H.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-H0FQQ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-RL0PQ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-K9PNH.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\is-L1GB5.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\uninstall\is-TLSKJ.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-6102R.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-1V9QB.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
File created	C:\Program Files (x86)\WMAFormat\bin\x86\is-567L9.tmp	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 876	4348	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe	86
PID 4348 wrote to memory of 876	4348	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe	86
PID 4348 wrote to memory of 876	4348	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe	86
PID 876 wrote to memory of 3528	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	89
PID 876 wrote to memory of 3528	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	89
PID 876 wrote to memory of 3528	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	89
PID 876 wrote to memory of 2384	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	91
PID 876 wrote to memory of 2384	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	91
PID 876 wrote to memory of 2384	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	91
PID 876 wrote to memory of 3048	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	94
PID 876 wrote to memory of 3048	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	94
PID 876 wrote to memory of 3048	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	94
PID 876 wrote to memory of 3948	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	93
PID 876 wrote to memory of 3948	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	93
PID 876 wrote to memory of 3948	876	05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp	93
PID 3048 wrote to memory of 3008	3048	net.exe	95
PID 3048 wrote to memory of 3008	3048	net.exe	95
PID 3048 wrote to memory of 3008	3048	net.exe	95

C:\Users\Admin\AppData\Local\Temp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe
"C:\Users\Admin\AppData\Local\Temp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Users\Admin\AppData\Local\Temp\is-N04CS.tmp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N04CS.tmp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp" /SL5="$A0064,6990075,68096,C:\Users\Admin\AppData\Local\Temp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /Query
    3⤵
    PID:3528
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -i
    3⤵
    - Executes dropped EXE
    PID:2384
- - C:\Program Files (x86)\WMAFormat\wmaformat.exe
    "C:\Program Files (x86)\WMAFormat\wmaformat.exe" -s
    3⤵
    - Executes dropped EXE
    PID:3948
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 11
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3048
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 11
      4⤵
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
1.2MB

MD5
c7e0260707b0f2b8019eb71b60898861

SHA1
af87c53909502c2ccc7d120dadfeaa5ebe8a0c68

SHA256
485fc10702989888cc62eac0f6c483ca7e68545b2e3eb000fc28bb9e4b44b2c0

SHA512
44834881d361f6b02b4ab9491c27f547513839139e1a830e6e1b41c96f612081c00092cf2fa548c2cec984c742dfef6546a86f19b041b5887dac137059de2fba

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
1.6MB

MD5
d8b7334b3bbf777351ac313d277349a0

SHA1
a57cd209485b07134343764494245228e7d6e908

SHA256
d73072ce9d51ad026da8979529389675785993d399157d256c82c2caec36e3e0

SHA512
700ac0b339fb832322021b29511b4b263c8902e11465e34af22d42ce69618153f8bbbdb1ebd4bae0df3aadaddf8ee35ba0c661e83be53b0a830236296bc02ff9

Download Submit
C:\Program Files (x86)\WMAFormat\wmaformat.exe

Filesize
1.4MB

MD5
1dc34b2f5a22ef07a5262f1b4a557177

SHA1
53cb2880ab108c41c483120dba657ef26af5029a

SHA256
d95d7d77681f6b01dd1d02539a2449ffa6933caff7b13256b203429ddde0eff1

SHA512
b07515bc6e44cc1bd3988cd862d4f39ca3223a83aa17904899f92f84a7d961464ae85a8f42587af2be97ce442bc43d3b0e3d510d8ce31d29b7ed847c624c9834

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2R4NS.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2R4NS.tmp\_isetup\_isdecmp.dll

Filesize
19KB

MD5
3adaa386b671c2df3bae5b39dc093008

SHA1
067cf95fbdb922d81db58432c46930f86d23dded

SHA256
71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

SHA512
bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N04CS.tmp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp

Filesize
44KB

MD5
bd9122e6046b16d2292f92a164c99c65

SHA1
fa5a53f8f6dc5ef7cb36b4ad069b4c3adee6ee1a

SHA256
e537c72d2a0f6aed30c65e40dd7bc7c0fa71fdd7487b536ab6a1d6164301b88a

SHA512
b476b46dc9a8ae1052bfeddfcff7ae696b0c5c9d130b6ca1b234a945258b07196371e1f7a63519ce3d7e82d576766004fe7dffa4d68063729eb11d5c27b32510

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N04CS.tmp\05edb3c05bd7576572a19ed55739986b205103c9475a4671e64432a55f95c93f.tmp

Filesize
8KB

MD5
763f6b288cb78ef1019a76967098be29

SHA1
834a5896bc38d143d2a8977b4900bc00186312e5

SHA256
42b9d061c5e8873ed460017625a486d6026e5682ebcd02ebfff7b89b587a68d1

SHA512
fb13923b8c96c98e3052d3a595d5e021242b1c3ed3f2f9694fa38f48c1278e8e8bacf72419b5a794d16aa174a1a43a38bbdbf985bc28393931cc6cd2a4e13843

Download Submit
memory/876-163-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/876-7-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/876-161-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2384-150-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2384-154-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/2384-152-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-176-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-170-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-208-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-205-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-162-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-202-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-166-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-180-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-179-0x00000000007D0000-0x000000000086E000-memory.dmp

Filesize
632KB

Download
memory/3948-173-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-159-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-157-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-167-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-183-0x00000000007D0000-0x000000000086E000-memory.dmp

Filesize
632KB

Download
memory/3948-186-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-189-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-190-0x00000000007D0000-0x000000000086E000-memory.dmp

Filesize
632KB

Download
memory/3948-193-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-196-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/3948-199-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4348-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4348-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4348-160-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download