b049069128d503e94574efd91491572e5429104a79f75b95c5f1c24ed286a37d

Analysis

max time kernel
184s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7910a51995ccac8c82b515a614200218.exe
Size

113KB
MD5

7910a51995ccac8c82b515a614200218
SHA1

cbd29fbcd7db531d31b4b3ff057663c96c393abd
SHA256

b049069128d503e94574efd91491572e5429104a79f75b95c5f1c24ed286a37d
SHA512

ab1603d089e7c3b5239491f1204768f62da5bcf8a668ca64173b7e33ab60abf3976b930f8b0f9407d99fb64ae89c62cbaf308e8082515f93862c84c97b3cff24
SSDEEP

3072:SxlvhU3Z8tWSy6I10qD2GvMmOOtWc7eAhlq:SxlZUJ8tBC1zahp6jeMo

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 7 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/1184-0-0x0000000000400000-0x000000000048A000-memory.dmp	aspack_v212_v242
behavioral2/files/0x000b0000000231ff-9.dat	aspack_v212_v242
behavioral2/memory/2244-20-0x0000000000400000-0x000000000048A000-memory.dmp	aspack_v212_v242
behavioral2/memory/2152-47-0x0000000000400000-0x000000000048A000-memory.dmp	aspack_v212_v242
behavioral2/files/0x000b0000000231ff-51.dat	aspack_v212_v242
behavioral2/memory/2332-100-0x0000000000400000-0x000000000048A000-memory.dmp	aspack_v212_v242
behavioral2/files/0x000b0000000231ff-157.dat	aspack_v212_v242

Executes dropped EXE 52 IoCs

pid	Process
4056	algose32.exe
2244	algose32.exe
4828	algose32.exe
4088	algose32.exe
2152	algose32.exe
1856	algose32.exe
944	algose32.exe
2800	algose32.exe
3920	algose32.exe
5020	algose32.exe
2332	algose32.exe
3652	algose32.exe
2632	algose32.exe
808	algose32.exe
4768	algose32.exe
2600	algose32.exe
4080	algose32.exe
1732	algose32.exe
2780	algose32.exe
4516	algose32.exe
4552	algose32.exe
916	algose32.exe
3232	algose32.exe
2564	algose32.exe
3876	algose32.exe
4472	algose32.exe
676	algose32.exe
8	algose32.exe
2528	algose32.exe
2780	algose32.exe
2112	algose32.exe
4304	algose32.exe
4308	algose32.exe
2884	algose32.exe
3904	algose32.exe
1856	algose32.exe
2788	algose32.exe
3392	algose32.exe
2956	algose32.exe
312	algose32.exe
1492	algose32.exe
4388	algose32.exe
4980	algose32.exe
2564	algose32.exe
2328	algose32.exe
3852	algose32.exe
4916	algose32.exe
3584	algose32.exe
312	algose32.exe
2196	algose32.exe
1336	algose32.exe
232	algose32.exe

Drops file in System32 directory 53 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	7910a51995ccac8c82b515a614200218.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File opened for modification	C:\Windows\SysWOW64\algose32.exe	7910a51995ccac8c82b515a614200218.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe
File created	C:\Windows\SysWOW64\algose32.exe	algose32.exe

Program crash 53 IoCs

pid	pid_target	Process	procid_target
2608	1184	WerFault.exe	88
4352	4056	WerFault.exe	95
2508	2244	WerFault.exe
4052	4828	WerFault.exe
3200	4088	WerFault.exe	110
3116	2152	WerFault.exe	114
3020	1856	WerFault.exe
3584	944	WerFault.exe
1016	2800	WerFault.exe
1992	3920	WerFault.exe	96
4892	5020	WerFault.exe
5104	2332	WerFault.exe	132
1572	3652	WerFault.exe
3688	2632	WerFault.exe
4404	808	WerFault.exe	142
3308	4768	WerFault.exe	145
3696	2600	WerFault.exe	149
4468	4080	WerFault.exe
1840	1732	WerFault.exe	156
3116	2780	WerFault.exe	159
3700	4516	WerFault.exe
1968	4552	WerFault.exe	165
5028	916	WerFault.exe	168
516	3232	WerFault.exe	172
4864	2564	WerFault.exe	174
4512	3876	WerFault.exe	177
1344	4472	WerFault.exe	180
1656	676	WerFault.exe	183
1732	8	WerFault.exe	187
3392	2528	WerFault.exe	189
1724	2780	WerFault.exe	192
808	2112	WerFault.exe	195
2020	4304	WerFault.exe	199
4980	4308	WerFault.exe	202
4348	2884	WerFault.exe	205
2816	3904	WerFault.exe	208
1656	1856	WerFault.exe	211
1304	2788	WerFault.exe	214
3084	3392	WerFault.exe	217
3036	2956	WerFault.exe	220
3992	312	WerFault.exe	223
3632	1492	WerFault.exe	226
3208	4388	WerFault.exe	229
4308	4980	WerFault.exe	232
4752	2564	WerFault.exe	236
4792	2328	WerFault.exe	242
3080	3852	WerFault.exe	245
3152	4916	WerFault.exe	250
2620	3584	WerFault.exe	253
3192	312	WerFault.exe	256
4732	2196	WerFault.exe	259
5112	1336	WerFault.exe	262
4624	232	WerFault.exe	265

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 4056	1184	7910a51995ccac8c82b515a614200218.exe	95
PID 1184 wrote to memory of 4056	1184	7910a51995ccac8c82b515a614200218.exe	95
PID 1184 wrote to memory of 4056	1184	7910a51995ccac8c82b515a614200218.exe	95
PID 4056 wrote to memory of 2244	4056	algose32.exe	104
PID 4056 wrote to memory of 2244	4056	algose32.exe	104
PID 4056 wrote to memory of 2244	4056	algose32.exe	104
PID 2244 wrote to memory of 4828	2244	algose32.exe	107
PID 2244 wrote to memory of 4828	2244	algose32.exe	107
PID 2244 wrote to memory of 4828	2244	algose32.exe	107
PID 4828 wrote to memory of 4088	4828	algose32.exe	110
PID 4828 wrote to memory of 4088	4828	algose32.exe	110
PID 4828 wrote to memory of 4088	4828	algose32.exe	110
PID 4088 wrote to memory of 2152	4088	algose32.exe	114
PID 4088 wrote to memory of 2152	4088	algose32.exe	114
PID 4088 wrote to memory of 2152	4088	algose32.exe	114
PID 2152 wrote to memory of 1856	2152	algose32.exe	118
PID 2152 wrote to memory of 1856	2152	algose32.exe	118
PID 2152 wrote to memory of 1856	2152	algose32.exe	118
PID 1856 wrote to memory of 944	1856	algose32.exe	121
PID 1856 wrote to memory of 944	1856	algose32.exe	121
PID 1856 wrote to memory of 944	1856	algose32.exe	121
PID 944 wrote to memory of 2800	944	algose32.exe	124
PID 944 wrote to memory of 2800	944	algose32.exe	124
PID 944 wrote to memory of 2800	944	algose32.exe	124
PID 2800 wrote to memory of 3920	2800	algose32.exe	127
PID 2800 wrote to memory of 3920	2800	algose32.exe	127
PID 2800 wrote to memory of 3920	2800	algose32.exe	127
PID 3920 wrote to memory of 5020	3920	algose32.exe	130
PID 3920 wrote to memory of 5020	3920	algose32.exe	130
PID 3920 wrote to memory of 5020	3920	algose32.exe	130
PID 5020 wrote to memory of 2332	5020	algose32.exe	132
PID 5020 wrote to memory of 2332	5020	algose32.exe	132
PID 5020 wrote to memory of 2332	5020	algose32.exe	132
PID 2332 wrote to memory of 3652	2332	algose32.exe	137
PID 2332 wrote to memory of 3652	2332	algose32.exe	137
PID 2332 wrote to memory of 3652	2332	algose32.exe	137
PID 3652 wrote to memory of 2632	3652	algose32.exe	140
PID 3652 wrote to memory of 2632	3652	algose32.exe	140
PID 3652 wrote to memory of 2632	3652	algose32.exe	140
PID 2632 wrote to memory of 808	2632	algose32.exe	142
PID 2632 wrote to memory of 808	2632	algose32.exe	142
PID 2632 wrote to memory of 808	2632	algose32.exe	142
PID 808 wrote to memory of 4768	808	algose32.exe	145
PID 808 wrote to memory of 4768	808	algose32.exe	145
PID 808 wrote to memory of 4768	808	algose32.exe	145
PID 4768 wrote to memory of 2600	4768	algose32.exe	149
PID 4768 wrote to memory of 2600	4768	algose32.exe	149
PID 4768 wrote to memory of 2600	4768	algose32.exe	149
PID 2600 wrote to memory of 4080	2600	algose32.exe	155
PID 2600 wrote to memory of 4080	2600	algose32.exe	155
PID 2600 wrote to memory of 4080	2600	algose32.exe	155
PID 4080 wrote to memory of 1732	4080	algose32.exe	156
PID 4080 wrote to memory of 1732	4080	algose32.exe	156
PID 4080 wrote to memory of 1732	4080	algose32.exe	156
PID 1732 wrote to memory of 2780	1732	algose32.exe	159
PID 1732 wrote to memory of 2780	1732	algose32.exe	159
PID 1732 wrote to memory of 2780	1732	algose32.exe	159
PID 2780 wrote to memory of 4516	2780	algose32.exe	164
PID 2780 wrote to memory of 4516	2780	algose32.exe	164
PID 2780 wrote to memory of 4516	2780	algose32.exe	164
PID 4516 wrote to memory of 4552	4516	algose32.exe	165
PID 4516 wrote to memory of 4552	4516	algose32.exe	165
PID 4516 wrote to memory of 4552	4516	algose32.exe	165
PID 4552 wrote to memory of 916	4552	algose32.exe	168

C:\Users\Admin\AppData\Local\Temp\7910a51995ccac8c82b515a614200218.exe
"C:\Users\Admin\AppData\Local\Temp\7910a51995ccac8c82b515a614200218.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 400
  2⤵
  - Program crash
  PID:2608
- C:\Windows\SysWOW64\algose32.exe
  "C:\Windows\system32\algose32.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 388
    3⤵
    - Program crash
    PID:4352
- - C:\Windows\SysWOW64\algose32.exe
    "C:\Windows\system32\algose32.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Windows\SysWOW64\algose32.exe
      "C:\Windows\system32\algose32.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:4828
    - - C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 356
        6⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 356
        7⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1856
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:944
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2800
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3920
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:5020
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 356
        13⤵
        Program crash
        
        PID:5104
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3652
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 356
        16⤵
        Program crash
        
        PID:4404
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 356
        17⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 356
        18⤵
        Program crash
        
        PID:3696
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4080
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 356
        20⤵
        Program crash
        
        PID:1840
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 356
        21⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4516
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 356
        23⤵
        Program crash
        
        PID:1968
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 360
        24⤵
        Program crash
        
        PID:5028
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 356
        25⤵
        Program crash
        
        PID:516
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 356
        26⤵
        Program crash
        
        PID:4864
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 356
        27⤵
        Program crash
        
        PID:4512
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 356
        28⤵
        Program crash
        
        PID:1344
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 356
        29⤵
        Program crash
        
        PID:1656
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:8
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 356
        30⤵
        Program crash
        
        PID:1732
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 356
        31⤵
        Program crash
        
        PID:3392
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 364
        32⤵
        Program crash
        
        PID:1724
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 356
        33⤵
        Program crash
        
        PID:808
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 356
        34⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 356
        35⤵
        Program crash
        
        PID:4980
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 356
        36⤵
        Program crash
        
        PID:4348
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 364
        37⤵
        Program crash
        
        PID:2816
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 356
        38⤵
        Program crash
        
        PID:1656
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 364
        39⤵
        Program crash
        
        PID:1304
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 356
        40⤵
        Program crash
        
        PID:3084
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 360
        41⤵
        Program crash
        
        PID:3036
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 356
        42⤵
        Program crash
        
        PID:3992
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 356
        43⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 356
        44⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 360
        45⤵
        Program crash
        
        PID:4308
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 356
        46⤵
        Program crash
        
        PID:4752
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 356
        47⤵
        Program crash
        
        PID:4792
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 356
        48⤵
        Program crash
        
        PID:3080
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 356
        49⤵
        Program crash
        
        PID:3152
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 356
        50⤵
        Program crash
        
        PID:2620
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 356
        51⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 360
        52⤵
        Program crash
        
        PID:4732
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 356
        53⤵
        Program crash
        
        PID:5112
        
        C:\Windows\SysWOW64\algose32.exe
        
        "C:\Windows\system32\algose32.exe"
        53⤵
        Executes dropped EXE
        
        PID:232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 356
        54⤵
        Program crash
        
        PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1184 -ip 1184
1⤵
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4056 -ip 4056
1⤵
PID:3920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 356
  2⤵
  - Program crash
  PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2244 -ip 2244
1⤵
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 356
1⤵
- Program crash
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 356
1⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4828 -ip 4828
1⤵
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4088 -ip 4088
1⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2152 -ip 2152
1⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 356
1⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1856 -ip 1856
1⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 944 -ip 944
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 356
1⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 356
1⤵
- Program crash
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2800 -ip 2800
1⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3920 -ip 3920
1⤵
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 360
1⤵
- Program crash
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5020 -ip 5020
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2332 -ip 2332
1⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3652 -ip 3652
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 356
1⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2632 -ip 2632
1⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 356
1⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 808 -ip 808
1⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4768 -ip 4768
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2600 -ip 2600
1⤵
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4080 -ip 4080
1⤵
PID:392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 356
1⤵
- Program crash
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1732 -ip 1732
1⤵
PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2780 -ip 2780
1⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 4516 -ip 4516
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 356
1⤵
- Program crash
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4552 -ip 4552
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 916 -ip 916
1⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3232 -ip 3232
1⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2564 -ip 2564
1⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 3876 -ip 3876
1⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4472 -ip 4472
1⤵
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 676 -ip 676
1⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 8 -ip 8
1⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2528 -ip 2528
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2780 -ip 2780
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2112 -ip 2112
1⤵
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 4304 -ip 4304
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4308 -ip 4308
1⤵
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 2884 -ip 2884
1⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3904 -ip 3904
1⤵
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1856 -ip 1856
1⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2788 -ip 2788
1⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3392 -ip 3392
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2956 -ip 2956
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 312 -ip 312
1⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 1492 -ip 1492
1⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4388 -ip 4388
1⤵
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 4980 -ip 4980
1⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2564 -ip 2564
1⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2328 -ip 2328
1⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3852 -ip 3852
1⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4916 -ip 4916
1⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3584 -ip 3584
1⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 312 -ip 312
1⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2196 -ip 2196
1⤵
PID:1932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1336 -ip 1336
1⤵
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 232 -ip 232
1⤵
PID:3924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\algose32.exe

Filesize
64KB

MD5
ce6403c4ea6f2f0b692313f6185c714d

SHA1
f824c4f65cb44ff173eeb1b78f8e975437cb57a5

SHA256
445fb2074bb16b9e79774fb2e339fc1ff8d28a81d2a5652b3da03f987cc02c17

SHA512
298912bb013c5144501cbbbfdfb05123ee160eb9c27a5421c9e22112116db7b20e128f9b5a218a0fb3c648ee7f45f99b7e9d99471b25aad4485d1014e4b6a294

Download Submit
C:\Windows\SysWOW64\algose32.exe

Filesize
91KB

MD5
aeb93e69206cb73835f9ec80d4121aa0

SHA1
35eaa009ef355e1c6baf102d88c2a66bb2cdc5b3

SHA256
f5b96344a2cf7d4528ccaca5ce33fd7b133f2cba16cfeba80899da55a8a2ee50

SHA512
6706a24fcfae907456544f28819d450e45ebabfd2dac957074a8e691f34a9d4b6d6b93ed1bb2fd990b6ff02c7c4e9ed9812f85b8af0e5297d37d028a9945a26b

Download Submit
C:\Windows\SysWOW64\algose32.exe

Filesize
113KB

MD5
7910a51995ccac8c82b515a614200218

SHA1
cbd29fbcd7db531d31b4b3ff057663c96c393abd

SHA256
b049069128d503e94574efd91491572e5429104a79f75b95c5f1c24ed286a37d

SHA512
ab1603d089e7c3b5239491f1204768f62da5bcf8a668ca64173b7e33ab60abf3976b930f8b0f9407d99fb64ae89c62cbaf308e8082515f93862c84c97b3cff24

Download Submit
memory/8-254-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/8-256-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/676-245-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/676-249-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/808-132-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/808-130-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/916-200-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/916-202-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/944-68-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/944-73-0x00000000004E0000-0x0000000000520000-memory.dmp

Filesize
256KB

Download
memory/944-71-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/944-72-0x0000000000540000-0x0000000000542000-memory.dmp

Filesize
8KB

Download
memory/944-74-0x0000000002000000-0x0000000002013000-memory.dmp

Filesize
76KB

Download
memory/944-66-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/944-67-0x00000000004E0000-0x0000000000520000-memory.dmp

Filesize
256KB

Download
memory/1184-3-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1184-0-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1184-2-0x0000000000490000-0x00000000004D0000-memory.dmp

Filesize
256KB

Download
memory/1184-6-0x00000000028E0000-0x00000000028F3000-memory.dmp

Filesize
76KB

Download
memory/1184-4-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download
memory/1184-11-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1184-12-0x0000000000490000-0x00000000004D0000-memory.dmp

Filesize
256KB

Download
memory/1732-165-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1732-167-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1856-58-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/1856-57-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1856-62-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1856-59-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/1856-65-0x0000000002270000-0x0000000002283000-memory.dmp

Filesize
76KB

Download
memory/1856-64-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/1856-61-0x0000000000690000-0x0000000000692000-memory.dmp

Filesize
8KB

Download
memory/2112-280-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2112-283-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2152-55-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2152-52-0x0000000000750000-0x0000000000752000-memory.dmp

Filesize
8KB

Download
memory/2152-53-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2152-50-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2152-47-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2152-49-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2152-56-0x0000000000760000-0x0000000000773000-memory.dmp

Filesize
76KB

Download
memory/2244-26-0x0000000000690000-0x0000000000692000-memory.dmp

Filesize
8KB

Download
memory/2244-22-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2244-28-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2244-31-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2244-27-0x00000000006A0000-0x00000000006B3000-memory.dmp

Filesize
76KB

Download
memory/2244-23-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2244-20-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2332-100-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2332-110-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2332-102-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2332-106-0x0000000000690000-0x0000000000692000-memory.dmp

Filesize
8KB

Download
memory/2332-108-0x00000000020A0000-0x00000000020B3000-memory.dmp

Filesize
76KB

Download
memory/2332-103-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2332-107-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2528-262-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2528-265-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2564-218-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2564-220-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2600-147-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2600-150-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2632-121-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2632-119-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2632-126-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2780-273-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2780-270-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2780-175-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2780-173-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2800-82-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2800-84-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2800-80-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/2800-81-0x00000000021C0000-0x00000000021D3000-memory.dmp

Filesize
76KB

Download
memory/2800-75-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2800-76-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/2800-77-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3232-209-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3232-211-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3652-109-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3652-116-0x0000000000580000-0x0000000000582000-memory.dmp

Filesize
8KB

Download
memory/3652-111-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/3652-115-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3652-118-0x0000000002000000-0x0000000002013000-memory.dmp

Filesize
76KB

Download
memory/3652-117-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/3652-112-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3876-232-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3876-227-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3920-89-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3920-83-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3920-85-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/3920-86-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3920-92-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/3920-87-0x0000000002030000-0x0000000002032000-memory.dmp

Filesize
8KB

Download
memory/3920-88-0x00000000020B0000-0x00000000020C3000-memory.dmp

Filesize
76KB

Download
memory/4056-19-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4056-21-0x00000000006F0000-0x0000000000730000-memory.dmp

Filesize
256KB

Download
memory/4056-15-0x00000000004F0000-0x00000000004F2000-memory.dmp

Filesize
8KB

Download
memory/4056-14-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4056-16-0x0000000002050000-0x0000000002063000-memory.dmp

Filesize
76KB

Download
memory/4056-13-0x00000000006F0000-0x0000000000730000-memory.dmp

Filesize
256KB

Download
memory/4080-161-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4080-156-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4088-48-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/4088-41-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4088-40-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/4088-39-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4088-46-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4088-43-0x0000000002280000-0x0000000002293000-memory.dmp

Filesize
76KB

Download
memory/4088-42-0x00000000021B0000-0x00000000021B2000-memory.dmp

Filesize
8KB

Download
memory/4472-240-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4472-236-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4516-185-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4516-182-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4552-191-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4552-195-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4768-138-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4768-142-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4828-35-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4828-36-0x0000000002030000-0x0000000002032000-memory.dmp

Filesize
8KB

Download
memory/4828-38-0x00000000020A0000-0x00000000020B3000-memory.dmp

Filesize
76KB

Download
memory/4828-37-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/4828-32-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4828-29-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/4828-30-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/5020-101-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download
memory/5020-99-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/5020-97-0x00000000026E0000-0x00000000026F3000-memory.dmp

Filesize
76KB

Download
memory/5020-95-0x00000000022B0000-0x00000000022B2000-memory.dmp

Filesize
8KB

Download
memory/5020-94-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/5020-93-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download