Overview

overview

8

Static

static

3

1e6ce4afa0...97.exe

windows7-x64

1e6ce4afa0...97.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 22:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e6ce4afa0d06702bdaa4df79bb96397.exe

  • Size

    705KB

  • MD5

    1e6ce4afa0d06702bdaa4df79bb96397

  • SHA1

    6001049ba66bf194f181cd2f19b02cb5f7abc533

  • SHA256

    2cc733b37d6df45873d5420f76cd7521f17ab0ddc4d49bcea9b0e43ba46b8e81

  • SHA512

    8527830ec8a42a27dfa737b63b01e0e4d83ccd7a8570b175d318b2870f8621c7a457bd343ed15cc9f82ac2834f79f784371619937c3a9a3e2240933680fdf6c2

  • SSDEEP

    12288:ODJnJM4OpSpnO8kTalhrR41pC3blElJe3Y387WQWKmc7:mJnJM4OqTW8hC7CLu4rWD

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 6 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 29 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e6ce4afa0d06702bdaa4df79bb96397.exe
    "C:\Users\Admin\AppData\Local\Temp\1e6ce4afa0d06702bdaa4df79bb96397.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4112
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:1876
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3440
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3728
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3160
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:5048
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2032
    • C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\SearchIndexer.exe /Embedding
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3480
      • C:\Windows\system32\SearchProtocolHost.exe
        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
        2⤵
        • Modifies data under HKEY_USERS
        PID:3848
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 788
        2⤵
        • Modifies data under HKEY_USERS
        PID:2392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1023KB

      MD5

      8eb68de5a18219ba9dfaa540ab4b9091

      SHA1

      ed10c28627e4629c2b02e18f6667c69bffa9e0ac

      SHA256

      92eda7c7baaaa2020f946bf68d81c1da1657f73ec3bc64a50bd0c8e0f5a97456

      SHA512

      0ef7195c6a42276981761bcaa0295eec9b69f7fa0506fd6414faf78c827d605b2b9f658eaecd805db6763917cedd1fc0cadc7bda1906fb11e3a54f7645e6fdd3

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      940KB

      MD5

      eeca588797016153e44b994e740b7704

      SHA1

      98430e758c39ef033699ca023b238f03c7d44d63

      SHA256

      2e13b24a240fbaa533b01d61064f6dd3d0190357dfb3e1eae9b9c36ef2d9162b

      SHA512

      b5c0f1944a932bfe518940fe9f8e3bbccafbf1cee6a23cb3d5954259255bee5bd857d464869852450db9db0f3a117623f757c24846595bafe213ca307b01400f

      Download Submit

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      1.3MB

      MD5

      d9141128b7e5a18a6aa69f1c778a83ec

      SHA1

      38f9d547caa9cd338f16121879c95a956b01be0d

      SHA256

      069b7798f6be60b01dcc1c8a30ed9262f4cd1a0212db879ef406d2373c9b1e8d

      SHA512

      424a80aebbdf94486112008447f1ce03168e7767f3417a072b1376e69b0136ae9dd8fea79ee0e08461def4a9968229b0649ee5cdf762e1cb4f2af0eb8a58b5f7

      Download Submit

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      880KB

      MD5

      08b28cdb3fb5cad4a83d6999160cfff5

      SHA1

      f6f3691c3410bab1e31da9415cbf0a2407b16bd1

      SHA256

      78e69a7b80243b9fc3a34ed2827c244545338c7a0815f76810e7af9ee478f401

      SHA512

      99d9d91b481d561b6a79b5647b1328ecbe63d54855822d055d6fc8e264122b5e955a0a2bb8a97f6cb528d54fa15703cb131bcb9ea3abd99d08c9831259e8224f

      Download Submit

    • C:\Program Files\7-Zip\Uninstall.exe
      Filesize

      410KB

      MD5

      bebf7e64dc6744bf70cef7f3b1237e84

      SHA1

      16dee67059e580b6c95be876cce69743d5a5937f

      SHA256

      20d5677c75503e0ae7126a9da2094794f4418d5b310098735aa666c1cb4f3520

      SHA512

      b1027759937b0e3e35f69b75830614fcfb00db90821ab453ea7f78d741ba8207fc9e1c9c1bc171d998479c0f2cc9b80a3f49cad6af6f7faead27b44c30f6a581

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
      Filesize

      672KB

      MD5

      da9a389f1c8d9df64ab8d56e6243ae59

      SHA1

      680899c5418165011068b5e936a8efc431479b0b

      SHA256

      9242ec03f2359ab383530833634c08f31f0f579186b7b844391492ff3b73f53d

      SHA512

      c5655e102872962b69cd0bf9210d6e59b9839a6d5028b0c769640975ab7654b31d9935b4ad97ce014bc24d7a9081547576f2f732c98a742fd1c8f9641ba4b7dd

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      Filesize

      1.6MB

      MD5

      b7a2c91f270ad9c64e21e455a9a7c795

      SHA1

      192530475367582e91029cbb29e6ac2ded229110

      SHA256

      03e85cdc8194182d255592b6f3d0b5b7fbd6c38b57a623b33a1d8013ee5ed307

      SHA512

      d678c1456583672271b66a22edfbf5244e875f47503433b91e280518e074a4c9194a20f5c54ee9cd4d13e6bf44c191a5673830f24a8fd5a64c7c6a37b931e6ae

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
      Filesize

      270KB

      MD5

      e218f3793bcbc96ff840281b93098d4b

      SHA1

      960b3cc4f520f0d5618735a5604cc9183f53b2c6

      SHA256

      28e9ca7ad212fcc7b6107fad0999ae42191e3ce3e81de7ebb3666b765859d03b

      SHA512

      4edcb5ddfc459df3fdf469404c679580364f05cbe36b1d35da4a615ae008256ab1253129fd029639200fe8a2201a5b7df21e53bf54644d6b26b1a322f1acc258

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      Filesize

      3.3MB

      MD5

      14c0a1f11cfdbad3042f708504cfd33a

      SHA1

      0006739c5eae12005f1c2b3b22d0d48aa3f87ec6

      SHA256

      adebe97fb0e149fddeec3c0631860fd94e85cf4406719bc4aa55bd531c73a5e4

      SHA512

      44f4215dcec7c44be06f874cd46e6fe7ad0a42badcc746a23082cd70bd12c8818089939c79573fbda38da24dc998829f3c3614f7c743fa0bfd536df20eef650e

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
      Filesize

      2.5MB

      MD5

      c05b48b9c37394d27bfdd8771394737f

      SHA1

      92f2ecfc29020033e5f977f34243d67dc1c0a872

      SHA256

      8723d9105b00a829527c4e78cd9ad9eb52298e34942757fb46c7b79a1f4d4afd

      SHA512

      15633da08722ee5a5bf7f7b5f66488fa29fc1ef371821c79cec7bb2489d00f5aa24b47820ffd27b4340e8a71f88335ddda32d6b81ada68ae8b3d232754e1ce98

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\ffqnqkhn.tmp
      Filesize

      637KB

      MD5

      6d58b2616adc4f3acaa689b28bfdedac

      SHA1

      67f6883c9e87ea36ae196d7f8fda7f08afed8239

      SHA256

      49930e483b154263f1d120c50e7b72b3ab0b950844809892f371f3ebd6171469

      SHA512

      88c499a081f1bec07fcb5e1f6c5e24675294b92641dc492099c09cb724841e9a43fc3b6866e704f5e6ca6081ba019d174fb9ab60e95337f49d413b6250b6a53e

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      11KB

      MD5

      72e2e300aee09ecf837c699a5afeeacb

      SHA1

      2c5f34e616b71ca10b6c58bd0efa84f25a7a8618

      SHA256

      e2cf666902f685ce16d691d648536f969515599bd34fdaaeef30e538f3b73cd5

      SHA512

      efc1a47fc628c63c209946d52f1fd7f47309b0d03a0bee50189fa74a15885276012ae56ef1a16607b1769dc3298a892e82ad6df9a9c69d03a3899403d3fd66d4

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.0MB

      MD5

      7fba28ad82595a788398f960cf6f7649

      SHA1

      a9909d1015ddb2c542e911c166d910f7a79a954c

      SHA256

      811afd7caa0e5f71b541fc02b0f79d37665d42f7390d0d6bb12744c756d428e3

      SHA512

      75be00951affebbf04d10d5dbafcfd6e30226e56f7fb86a7249790059799ec9127bde9c1a6eed4b3b58be08239ad4226a22c1ace87ad9abe4a516826231b1ef4

      Download Submit

    • C:\Users\Admin\AppData\Local\jelaqdqk\jqkhjdph.tmp
      Filesize

      184KB

      MD5

      18ed58b8d34a878cf22a01d570cb84eb

      SHA1

      3821fcc06c3f73b7f5ef163c08f373b30101e42f

      SHA256

      896285a3a60122336d16a678cdb30da3fbcba7f2dbf62089b5447a7dbad21c74

      SHA512

      8ec220ba0abf3a41f57004e05564d3f082313d94771727489002396a484dc7235c3da3f148efc641f6c12e74ce460db200d1bb4ff1322625c55050ed86efd88b

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      211KB

      MD5

      3c965fa39598a12ac174d495e4c5522d

      SHA1

      fd03c8e324e3fac81601a36e538f00d49e0b3e50

      SHA256

      3511abdd4bbf0d09d3fc3303d0b974a7ab77c7a4061ef0958e4e7d652e3fda78

      SHA512

      36a9b976cf585f6d1751ce19a71eacd8fa175819bb4966b56ef6cbe1c31c9e7ea260fe8174a42ba5e1a6e2180e63f9bfb4a2b0d3193ffc8b309e0e4fe2309573

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      249KB

      MD5

      18d99d3f616acf388ae6062dbdd49c4f

      SHA1

      887cf25cd27b0dbf8f159e38c92e32cb29e8eaaf

      SHA256

      e87bfbd14bd5a12aa7fa4855bac08ba475fc207f37cf4340dc6e2d60316f05af

      SHA512

      88042f868870cae3d4247f3b80c889ee8a8d110ad5c4c8dc10176a1ea558551d76b03f6d43a4255522713a10a8dd33ab2dcd9137af17a1420dc546a77462d282

      Download Submit

    • C:\Windows\System32\SearchIndexer.exe
      Filesize

      1.3MB

      MD5

      0ba8f50bd82c7d96cac5ded5f86ae54e

      SHA1

      49272d71c71d84d7dff597fc0612255d94eefd6f

      SHA256

      6386ab86431f021450e14d5a5fec9b973591accd0345cdbd161649abbe929690

      SHA512

      5feab6548c4e8a008fbd69cedfce5635aa0c33f9a4b2f96e47a90717832aa7cce85197bf6067a6b2a35715f95bbaa8cb4cf94593d45f78b5d33ed83aa15c59b6

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      389KB

      MD5

      3a9563c00d23e0e43d8a615fba5985d5

      SHA1

      3c5e920a346dc3520d1c9a5da9584747426fb0b8

      SHA256

      32aef692d8bed1bef2e68126f7bb9ce13daa3c63115ddcf1845340decb0cf052

      SHA512

      f09b9afe66b4be1119c05d4922beb142444a591ab9f7193548d2f1c1b37934d6cd1cd9f016934ff48a90ee330b356f9a4a116d1073e4e92c43f69fb796f4c77b

      Download Submit

    • C:\Windows\system32\windowspowershell\v1.0\powershell.exe
      Filesize

      839KB

      MD5

      c192c67c64b7f8727afb1a4de73954ee

      SHA1

      96b8bd33455fab721abdeafcfd3d02f56f33660d

      SHA256

      20c3c740593353213dc6cb2375ac46ae0ca43c38d4914af19643003ef62d7c17

      SHA512

      12e4eecde490c10355dbc731a42d3c9835e68b585d229207bab89afc09ff01e2e80ebc4445f72fbcb46a22ea7db23cebad1d1403042761a7c69c76e35808cf1d

      Download Submit

    • \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      274KB

      MD5

      286eb389b1ed51744700be5615783c5f

      SHA1

      c15f59325622163ef2edb1e6783b37415f9aae00

      SHA256

      4327886d669ba99a67421fec0ce6dd084078ed33020d1984d46132ff61e264ae

      SHA512

      4ca53413e62993243c452390ad4f1cff9dcece25a909f32114d6acac766292df44244bb42e5d91183e231f12e43bb17f520c2e2adb1e0e0b7f9f210fddd5edc0

      Download Submit

    • \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
      Filesize

      143KB

      MD5

      9c0d0dcc205ee7c22c69693fa63e1e81

      SHA1

      6e86187b83c4fa7a75f28d2f853ff75a2118d190

      SHA256

      792f9d232f8be2abc6e52ac99ca833c4050967d606e2818d2f675c2104786322

      SHA512

      12431c7830a69abfa4ba9d2fd1523b45b73fe1a9bffb8187e438fe7423c1cd8754898687eff40c8f881915fab1abe02d02639e0b5e288696b7268eef8b3275ac

      Download Submit

    • \??\c:\windows\system32\Appvclient.exe
      Filesize

      539KB

      MD5

      af67df9d5e2e86c451320533663720a1

      SHA1

      ef58cbf0f0177f78f7fbaa02ec7079d18f55f435

      SHA256

      21d7465a271db0a30fe7a330c8f31bd3165a87707d17f1e9b972f7bca0028bfd

      SHA512

      35a6d93179dc513fbb33cab331357184a9782465d9d9f44075fdccf6f2773cec6a005a0a22c6a0db695bfb6a59187747cbc1e175eb5e541a26de54e0c43eb74f

      Download Submit

    • \??\c:\windows\system32\fxssvc.exe
      Filesize

      163KB

      MD5

      2e1304ee00613441940cd94d980d37a3

      SHA1

      8a987f48027bfff54b92bc3bfb1bd1108e125fff

      SHA256

      3d5668c173289785e0fb9daf9e844bc8135ff913630e2bfeed290ff89c8bdedf

      SHA512

      8143e3f412427bdc77e1b3da5c18e21ed6e46d1a836328e43e9947d482533c29561d84aedf142ba96d1a42715031ec625dda5e260cffbe97c65584c3d571f903

      Download Submit

    • memory/1876-155-0x00007FF746070000-0x00007FF746143000-memory.dmp

      Filesize

      844KB

      Download

    • memory/1876-45-0x00007FF746070000-0x00007FF746143000-memory.dmp

      Filesize

      844KB

      Download

    • memory/1876-17-0x00007FF746070000-0x00007FF746143000-memory.dmp

      Filesize

      844KB

      Download

    • memory/2032-53-0x00007FF74B200000-0x00007FF74B455000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2032-193-0x00007FF74B200000-0x00007FF74B455000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/2392-405-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-358-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-365-0x0000022A83810000-0x0000022A83811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2392-380-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-391-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-286-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-287-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-285-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-288-0x0000022A83800000-0x0000022A83810000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-289-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-292-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-291-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-290-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-293-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-294-0x0000022A83810000-0x0000022A83811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2392-305-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-306-0x0000022A83930000-0x0000022A83940000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-304-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-303-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-302-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-301-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-300-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-299-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-298-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-297-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-296-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-295-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-398-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-314-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-315-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-316-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-317-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-318-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-319-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-320-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-321-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-322-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-323-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-325-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-324-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-327-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-329-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-328-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-326-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-334-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-335-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-401-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-337-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-413-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-357-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-349-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-348-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-346-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-367-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-368-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-366-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-379-0x0000022A83930000-0x0000022A83940000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-381-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-386-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-385-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-384-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-406-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-414-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-404-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-427-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-435-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-450-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-449-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-448-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-447-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-460-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-459-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-458-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-415-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-457-0x0000022A83F90000-0x0000022A83FA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-446-0x0000022A837F0000-0x0000022A83800000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-434-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2392-426-0x0000022A83D90000-0x0000022A83DA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3160-36-0x00007FF7EF8D0000-0x00007FF7EFA2F000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3160-37-0x00007FF7EF8D0000-0x00007FF7EFA2F000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3440-166-0x00007FF705460000-0x00007FF705532000-memory.dmp

      Filesize

      840KB

      Download

    • memory/3440-29-0x00007FF705460000-0x00007FF705532000-memory.dmp

      Filesize

      840KB

      Download

    • memory/3480-255-0x00000198F55B0000-0x00000198F55C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3480-271-0x00000198F9AA0000-0x00000198F9AA8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3480-237-0x00007FF7D8AF0000-0x00007FF7D8C93000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-307-0x00000198FB6A0000-0x00000198FB6A8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3480-336-0x00007FF7D8AF0000-0x00007FF7D8C93000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-238-0x00000198F54B0000-0x00000198F54C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4112-94-0x00007FF79CEB0000-0x00007FF79CFB9000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4112-0-0x00007FF79CEB0000-0x00007FF79CFB9000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4112-2-0x00007FF79CEB0000-0x00007FF79CFB9000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/5048-187-0x00007FF789FD0000-0x00007FF78A231000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/5048-44-0x00007FF789FD0000-0x00007FF78A231000-memory.dmp

      Filesize

      2.4MB

      Download