e054ceee8c38f4400f22cbe518fb4bf621cc0f945ae3f6fe333050c41205d434

Analysis

max time kernel
268s
max time network
309s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bed4bbed303c91e2169b2f32db46acb.exe
Size

204KB
MD5

2bed4bbed303c91e2169b2f32db46acb
SHA1

d55d2a47006dd5cf0077feec4a0bcc9c54ffad8c
SHA256

e054ceee8c38f4400f22cbe518fb4bf621cc0f945ae3f6fe333050c41205d434
SHA512

6d24fe96363606d11bd8d7cae8ae5aeeb932de5d804e546c51cd9fb864d0e08c6d97313fb54da9f53f2d58212b74f243e809826c05e94c6d93886bc39326162c
SSDEEP

6144:poOtHeu2kQ3Jc9OgmMrvH2w7KYBgJOljOl0fK6:preu2kQO9cMLHzRBgJOlSwK6

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1556	YouMeetWeWo.exe
2596	cYGF4C.exe

Loads dropped DLL 4 IoCs

pid	Process
2932	2bed4bbed303c91e2169b2f32db46acb.exe
2932	2bed4bbed303c91e2169b2f32db46acb.exe
1556	YouMeetWeWo.exe
1556	YouMeetWeWo.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/2932-2-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/2932-8-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/files/0x001000000000b1f5-13.dat	upx
behavioral1/memory/2932-15-0x0000000000650000-0x00000000006F8000-memory.dmp	upx
behavioral1/files/0x001000000000b1f5-18.dat	upx
behavioral1/memory/1556-24-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1556-23-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1556-25-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/memory/1556-33-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral1/files/0x001000000000b1f5-61.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Windows\CurrentVersion\Run\3EFB0E1E7E2F52CE = "C:\\YouMeetWeWo\\YouMeetWeWo.exe"	cYGF4C.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PhishingFilter	cYGF4C.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 = "0"	cYGF4C.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ShownServiceDownBalloon = "0"	cYGF4C.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery	cYGF4C.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\ClearBrowsingHistoryOnExit = "0"	cYGF4C.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2932	2bed4bbed303c91e2169b2f32db46acb.exe
2932	2bed4bbed303c91e2169b2f32db46acb.exe
1556	YouMeetWeWo.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe
2596	cYGF4C.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2932	2bed4bbed303c91e2169b2f32db46acb.exe
Token: SeDebugPrivilege	2932	2bed4bbed303c91e2169b2f32db46acb.exe
Token: SeDebugPrivilege	2932	2bed4bbed303c91e2169b2f32db46acb.exe
Token: SeDebugPrivilege	2932	2bed4bbed303c91e2169b2f32db46acb.exe
Token: SeDebugPrivilege	1556	YouMeetWeWo.exe
Token: SeDebugPrivilege	1556	YouMeetWeWo.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe
Token: SeDebugPrivilege	2596	cYGF4C.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1556	2932	2bed4bbed303c91e2169b2f32db46acb.exe	26
PID 2932 wrote to memory of 1556	2932	2bed4bbed303c91e2169b2f32db46acb.exe	26
PID 2932 wrote to memory of 1556	2932	2bed4bbed303c91e2169b2f32db46acb.exe	26
PID 2932 wrote to memory of 1556	2932	2bed4bbed303c91e2169b2f32db46acb.exe	26
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28
PID 1556 wrote to memory of 2596	1556	YouMeetWeWo.exe	28

C:\Users\Admin\AppData\Local\Temp\2bed4bbed303c91e2169b2f32db46acb.exe
"C:\Users\Admin\AppData\Local\Temp\2bed4bbed303c91e2169b2f32db46acb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2932
- C:\YouMeetWeWo\YouMeetWeWo.exe
  "C:\YouMeetWeWo\YouMeetWeWo.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\cYGF4C.exe
    "C:\Users\Admin\AppData\Local\Temp\cYGF4C.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies Internet Explorer Phishing Filter
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cYGF4C.exe

Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
C:\YouMeetWeWo\YouMeetWeWo.exe

Filesize
182KB

MD5
39508b4b805c7272c3337cb3313484d8

SHA1
cd7f6a53156db8cf95b9e8bbaa58f2843e85e3bb

SHA256
f18c166c40b65372bfa2a78cd1b8cf4a82d0e19bac7ac2d5f5506b0268fe91e9

SHA512
e8be2f4bed3fbfff9cf999a7c6bfb38c1aa6d205e75b4ec9afecd8ffaa74d2acbc893b9ccfbb05344692867ef4324613124da91162cb11f5c3103230873a7152

Download Submit
C:\YouMeetWeWo\config.bin

Filesize
4KB

MD5
275cc028d033bc8223d9355aec162693

SHA1
e1e06588afd0c9d90b2eef505ccf03e9374500ea

SHA256
ab36d9ebeba8e628efe64de441286f2be13edc6a0a9447ff0d05d483d2e06985

SHA512
01c929c9e49409b2c7c2b68ab4ee0e2953dfafd970b24031bd69a2c4194f6d7e85ddb63969f92145847776e2b55a932c4f81c5efbe8d535beba6d4f803cedd7c

Download Submit
\YouMeetWeWo\YouMeetWeWo.exe

Filesize
204KB

MD5
2bed4bbed303c91e2169b2f32db46acb

SHA1
d55d2a47006dd5cf0077feec4a0bcc9c54ffad8c

SHA256
e054ceee8c38f4400f22cbe518fb4bf621cc0f945ae3f6fe333050c41205d434

SHA512
6d24fe96363606d11bd8d7cae8ae5aeeb932de5d804e546c51cd9fb864d0e08c6d97313fb54da9f53f2d58212b74f243e809826c05e94c6d93886bc39326162c

Download Submit
\YouMeetWeWo\YouMeetWeWo.exe

Filesize
128KB

MD5
c340e6e9220c93bbbaafcc2f8b2468b7

SHA1
c543ca758672717ebf8108e6ecea03b17c0469b9

SHA256
a77e480f3c7b24f9a65a3486e4f330111cd6545515ea50afc2f7e2a68d59eba1

SHA512
72fafec537f4bd9e5b63043cbe3a6aa6d5e7329ee73e391acbc039224bc889ce97588c049a1e45ecb404582aeeb947d15c7a3c745e9ab04a9986ce500dd08371

Download Submit
memory/1556-25-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1556-33-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1556-26-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/1556-27-0x00000000003A0000-0x00000000003A8000-memory.dmp

Filesize
32KB

Download
memory/1556-28-0x00000000003A0000-0x00000000003A8000-memory.dmp

Filesize
32KB

Download
memory/1556-35-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/1556-23-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/1556-24-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/2596-91-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-100-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-116-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-115-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-114-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-113-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-112-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-111-0x0000000077580000-0x00000000775B5000-memory.dmp

Filesize
212KB

Download
memory/2596-109-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-110-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-42-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-48-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-51-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-49-0x0000000001000000-0x0000000001004000-memory.dmp

Filesize
16KB

Download
memory/2596-54-0x00000000002E0000-0x00000000002E5000-memory.dmp

Filesize
20KB

Download
memory/2596-56-0x00000000002E0000-0x00000000002E5000-memory.dmp

Filesize
20KB

Download
memory/2596-58-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-65-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-68-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-72-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-73-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-75-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-74-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-76-0x0000000002410000-0x00000000025D4000-memory.dmp

Filesize
1.8MB

Download
memory/2596-79-0x0000000077DE1000-0x0000000077DE3000-memory.dmp

Filesize
8KB

Download
memory/2596-81-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-85-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-87-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-89-0x0000000077750000-0x0000000077850000-memory.dmp

Filesize
1024KB

Download
memory/2596-108-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-93-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-95-0x0000000077580000-0x00000000775B5000-memory.dmp

Filesize
212KB

Download
memory/2596-99-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-98-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-97-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-107-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-101-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-103-0x0000000002BB0000-0x0000000002BE5000-memory.dmp

Filesize
212KB

Download
memory/2596-102-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-105-0x0000000000DA0000-0x0000000000DD5000-memory.dmp

Filesize
212KB

Download
memory/2596-96-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-94-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-92-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-90-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-88-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-84-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-83-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-78-0x0000000077DDF000-0x0000000077DE1000-memory.dmp

Filesize
8KB

Download
memory/2596-77-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-71-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-70-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-69-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-67-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-66-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-64-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-63-0x000000000BAD0000-0x000000000BB1C000-memory.dmp

Filesize
304KB

Download
memory/2596-62-0x00000000002E0000-0x00000000002E5000-memory.dmp

Filesize
20KB

Download
memory/2596-106-0x0000000076EB0000-0x0000000077074000-memory.dmp

Filesize
1.8MB

Download
memory/2596-55-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2596-53-0x00000000003B0000-0x00000000003FC000-memory.dmp

Filesize
304KB

Download
memory/2932-1-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2932-2-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/2932-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2932-0-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/2932-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2932-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2932-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2932-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2932-8-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/2932-9-0x0000000077DDF000-0x0000000077DE1000-memory.dmp

Filesize
8KB

Download
memory/2932-10-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2932-15-0x0000000000650000-0x00000000006F8000-memory.dmp

Filesize
672KB

Download