7e4fe0c30e8549d470865f2da2a5d176b1ef5d7db55e4c3e1c71135bf135e752

General

Target

417374b3c984aa8972074fb39692bf8d.exe
Size

104KB
MD5

417374b3c984aa8972074fb39692bf8d
SHA1

6a3a2a3c28687b0d9c3099ca9b308040d311080e
SHA256

7e4fe0c30e8549d470865f2da2a5d176b1ef5d7db55e4c3e1c71135bf135e752
SHA512

3fb7a34e5aac5e7043e7afabd703d217f7c85550b023033edc6b4483b11a923dbdf6b0b41f819fe63e2f1325b470e403815ee077d2e1357aecf27556f5d98b30
SSDEEP

3072:a15T3Ncy/RpISCs2EWFrphy2G5mZ5E+HIbZoutlf:a15T9cy/RpIvuWXhy2v5abZoSlf

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2952-3-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2952-9-0x0000000002700000-0x000000000273D000-memory.dmp	upx
behavioral1/memory/2952-11-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2636-12-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2952-39-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2636-50-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2952-161-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/memory/2952-221-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Zona\License_uk.rtf	417374b3c984aa8972074fb39692bf8d.exe
File created	C:\Program Files (x86)\Zona\License_en.rtf	417374b3c984aa8972074fb39692bf8d.exe
File created	C:\Program Files (x86)\Zona\utils.jar	417374b3c984aa8972074fb39692bf8d.exe
File created	C:\Program Files (x86)\Zona\License_ru.rtf	417374b3c984aa8972074fb39692bf8d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	417374b3c984aa8972074fb39692bf8d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	417374b3c984aa8972074fb39692bf8d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	417374b3c984aa8972074fb39692bf8d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	417374b3c984aa8972074fb39692bf8d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	417374b3c984aa8972074fb39692bf8d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	417374b3c984aa8972074fb39692bf8d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2636	2952	417374b3c984aa8972074fb39692bf8d.exe	29
PID 2952 wrote to memory of 2636	2952	417374b3c984aa8972074fb39692bf8d.exe	29
PID 2952 wrote to memory of 2636	2952	417374b3c984aa8972074fb39692bf8d.exe	29
PID 2952 wrote to memory of 2636	2952	417374b3c984aa8972074fb39692bf8d.exe	29
PID 2952 wrote to memory of 1704	2952	417374b3c984aa8972074fb39692bf8d.exe	30
PID 2952 wrote to memory of 1704	2952	417374b3c984aa8972074fb39692bf8d.exe	30
PID 2952 wrote to memory of 1704	2952	417374b3c984aa8972074fb39692bf8d.exe	30
PID 2952 wrote to memory of 1704	2952	417374b3c984aa8972074fb39692bf8d.exe	30

C:\Users\Admin\AppData\Local\Temp\417374b3c984aa8972074fb39692bf8d.exe
"C:\Users\Admin\AppData\Local\Temp\417374b3c984aa8972074fb39692bf8d.exe"
1⤵
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\417374b3c984aa8972074fb39692bf8d.exe
  "C:\Users\Admin\AppData\Local\Temp\417374b3c984aa8972074fb39692bf8d.exe" /asService
  2⤵
  - Drops file in Program Files directory
  PID:2636
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5bff7e4341732594c5820278c7735486

SHA1
6ab0d97df7d699dc9ce48cbb20120f4342ff164e

SHA256
174c4930c1a009a0d6387c3d8303e0c51047a0d5acb8b793dc9faade9ced125e

SHA512
97c6cf3744bd6b2b4c9f1fe86f3548b00cd1aeb9f6760f5753354260f963621acaf5b37e5e07cde2746d711df2027942eaf319996aba46bc848a738fd84bd79e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
744077f8db236d204f30f64c19d681a8

SHA1
059418b98e22dcce2e8a294da14bc90565620253

SHA256
dc509a82b073c57138aeefe3b057b411db6546e7e9da188670fef43a333438aa

SHA512
322ac4bba29982e69d87879bb3109d372d91b6828838ec827f6e4f2c687e00921d90e5ec1455db4eade6bc0b668d2664a4239caa7dc4a7cf890528da6f3b668c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF17.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF18.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
2KB

MD5
e1dac727c2637712172059349054e42c

SHA1
30906a6046a0cd9f80006f000164b3ad543a69e2

SHA256
3c4e81c8f50985b571e4b95e48e1241d0b8500418aea9152b6af0e7113419909

SHA512
8b199d5c5fdaf06302f7c7d8b2a68da267306d9c6c3501d74f150f488c7ca995d52152ea1f28f3e9556e14340ceed010beaa2728ba498cd41bb463d38f873ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log

Filesize
1KB

MD5
f279d73e7005020b57b00024d695ba6d

SHA1
f2ad132e563c1476bece6b3f263e08fa16e1c4fc

SHA256
631f1a4c4043ef47ee70bef13625d98273fe46a0c426033bbabc3707d710dc4f

SHA512
3d9278f3077b5080d333eb622dab2d728f3b5c3cd2b1d2b22a23d56119abac2d02f7b06c6f542ba7ce939fb4263292da78e48396423f06f369aba8026a0eb148

Download Submit
C:\Users\Admin\AppData\Local\Temp\hd.vbs

Filesize
245B

MD5
d8682d715a652f994dca50509fd09669

SHA1
bb03cf242964028b5d9183812ed8b04de9d55c6e

SHA256
4bd3521fb2b5c48fe318a874bf64c6b1f62f5212b8c88790006cafaf31d207ba

SHA512
eaa39d87002df1eea16b215c9f099731253b7af72e46b12f64423874dbcdd8f68a164d7641bafb3f854aa6ad8aa7269da59ed0b32cd41eccba5d6f296f9a52ca

Download Submit
C:\Users\Admin\AppData\Roaming\Zona\init.xml

Filesize
243B

MD5
19244dc9b7aebb0e79c3fd178211ff70

SHA1
fd8e1b78cdf1739c07bc9feafaff7e308b7a00fe

SHA256
a8dad644df570e90989163b2f24da9ff5db288e0285d7c64fe3605c446549361

SHA512
0905d4eb880fb35a2d4d292bc9a30423a545d1117db1be8c53dfe5d4fa15b95c9063ca05c2d52b33cd57c43fc5ff6d30bd482f33c003272ba7ab9a69b75c5ff3

Download Submit
memory/2636-50-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2636-12-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-11-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-39-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-10-0x0000000002700000-0x000000000273D000-memory.dmp

Filesize
244KB

Download
memory/2952-9-0x0000000002700000-0x000000000273D000-memory.dmp

Filesize
244KB

Download
memory/2952-153-0x0000000002700000-0x000000000273D000-memory.dmp

Filesize
244KB

Download
memory/2952-154-0x0000000002700000-0x000000000273D000-memory.dmp

Filesize
244KB

Download
memory/2952-3-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-161-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2952-221-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing