b3b830308f3c2f3212d528ea6622c19769f8469d34d23939cdbc9c3548661d95

Analysis

max time kernel
181s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a69308fc69a181472bba584c49bf276.exe
Size

185KB
MD5

3a69308fc69a181472bba584c49bf276
SHA1

70a4c032225b763ded2b241934a02059599bbee5
SHA256

b3b830308f3c2f3212d528ea6622c19769f8469d34d23939cdbc9c3548661d95
SHA512

2b71c67e442d9dbbc0dbec213a9681f5198a2b708853b8a7b216357a8cbeb6c80fb1485056b4fe7605cef056796c0391f3b51e549b78caef112920e04e55b432
SSDEEP

3072:T3YFRQ2tC/SGI2iF1F8uWLyTF0vPdN1tpt+AHW0qhPW8tI21EjLKREHci+siVv8T:r8RQ2t8S/x8ufR0vPdrtp9H3qoN21EjD

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2248	B6232F3A6BE.exe
4432	wAYFC71.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3100-1-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/2248-31-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/3100-57-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/2248-17-0x0000000000400000-0x0000000000469000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AXF7XWVXVLDCOYXX = "C:\\Recycle.Bin\\B6232F3A6BE.exe /q"	wAYFC71.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\PhishingFilter	wAYFC71.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 = "0"	wAYFC71.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ShownServiceDownBalloon = "0"	wAYFC71.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery	wAYFC71.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\ClearBrowsingHistoryOnExit = "0"	wAYFC71.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3100	3a69308fc69a181472bba584c49bf276.exe
3100	3a69308fc69a181472bba584c49bf276.exe
3100	3a69308fc69a181472bba584c49bf276.exe
3100	3a69308fc69a181472bba584c49bf276.exe
2248	B6232F3A6BE.exe
2248	B6232F3A6BE.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe
4432	wAYFC71.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3100	3a69308fc69a181472bba584c49bf276.exe
Token: SeDebugPrivilege	3100	3a69308fc69a181472bba584c49bf276.exe
Token: SeDebugPrivilege	3100	3a69308fc69a181472bba584c49bf276.exe
Token: SeDebugPrivilege	3100	3a69308fc69a181472bba584c49bf276.exe
Token: SeDebugPrivilege	2248	B6232F3A6BE.exe
Token: SeDebugPrivilege	2248	B6232F3A6BE.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe
Token: SeDebugPrivilege	4432	wAYFC71.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 2248	3100	3a69308fc69a181472bba584c49bf276.exe	93
PID 3100 wrote to memory of 2248	3100	3a69308fc69a181472bba584c49bf276.exe	93
PID 3100 wrote to memory of 2248	3100	3a69308fc69a181472bba584c49bf276.exe	93
PID 2248 wrote to memory of 4432	2248	B6232F3A6BE.exe	94
PID 2248 wrote to memory of 4432	2248	B6232F3A6BE.exe	94
PID 2248 wrote to memory of 4432	2248	B6232F3A6BE.exe	94
PID 2248 wrote to memory of 4432	2248	B6232F3A6BE.exe	94
PID 2248 wrote to memory of 4432	2248	B6232F3A6BE.exe	94
PID 4432 wrote to memory of 3100	4432	wAYFC71.exe	84
PID 4432 wrote to memory of 3100	4432	wAYFC71.exe	84
PID 4432 wrote to memory of 3100	4432	wAYFC71.exe	84
PID 4432 wrote to memory of 3100	4432	wAYFC71.exe	84

C:\Users\Admin\AppData\Local\Temp\3a69308fc69a181472bba584c49bf276.exe
"C:\Users\Admin\AppData\Local\Temp\3a69308fc69a181472bba584c49bf276.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Recycle.Bin\B6232F3A6BE.exe
  "C:\Recycle.Bin\B6232F3A6BE.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\wAYFC71.exe
    "C:\Users\Admin\AppData\Local\Temp\wAYFC71.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Modifies Internet Explorer Phishing Filter
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recycle.Bin\A158F3D9D23E309

Filesize
9KB

MD5
efee99fee2d880df003e55125e7c5976

SHA1
b4cb98328cf083ea87c5c9a4bd13a25bcb9da0eb

SHA256
c9c91857cdf7a4df750908a3dc7250454640030d0f1dfce0ca932708557a3693

SHA512
10457e17ae1650d7cc6500729d5ac201e499720becedf9d13322f3c9342186941cd9f804c962c365538babac4b4012ff5359bda86eadab868ff30f2c02d9db91

Download Submit
C:\Recycle.Bin\B6232F3A6BE.exe

Filesize
185KB

MD5
3a69308fc69a181472bba584c49bf276

SHA1
70a4c032225b763ded2b241934a02059599bbee5

SHA256
b3b830308f3c2f3212d528ea6622c19769f8469d34d23939cdbc9c3548661d95

SHA512
2b71c67e442d9dbbc0dbec213a9681f5198a2b708853b8a7b216357a8cbeb6c80fb1485056b4fe7605cef056796c0391f3b51e549b78caef112920e04e55b432

Download Submit
C:\Users\Admin\AppData\Local\Temp\wAYFC71.exe

Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
memory/2248-32-0x00000000023C0000-0x00000000024B0000-memory.dmp

Filesize
960KB

Download
memory/2248-20-0x00000000022C0000-0x00000000023B0000-memory.dmp

Filesize
960KB

Download
memory/2248-21-0x00000000022C0000-0x00000000023B0000-memory.dmp

Filesize
960KB

Download
memory/2248-19-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/2248-27-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/2248-18-0x00000000022C0000-0x00000000023B0000-memory.dmp

Filesize
960KB

Download
memory/2248-17-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2248-16-0x00000000021C0000-0x00000000022C0000-memory.dmp

Filesize
1024KB

Download
memory/2248-31-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3100-52-0x0000000002210000-0x0000000002310000-memory.dmp

Filesize
1024KB

Download
memory/3100-74-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-12-0x00000000005D0000-0x00000000005D2000-memory.dmp

Filesize
8KB

Download
memory/3100-7-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3100-6-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/3100-145-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-144-0x0000000000980000-0x0000000000985000-memory.dmp

Filesize
20KB

Download
memory/3100-5-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-138-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/3100-132-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/3100-4-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-3-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3100-2-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-1-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3100-110-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-59-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-63-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-57-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3100-60-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/3100-62-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3100-72-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-11-0x0000000077D52000-0x0000000077D54000-memory.dmp

Filesize
8KB

Download
memory/3100-64-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/3100-75-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-77-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-80-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-83-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-90-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-85-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-88-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-96-0x0000000002310000-0x0000000002410000-memory.dmp

Filesize
1024KB

Download
memory/3100-94-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-99-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-97-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-100-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-103-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-106-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-104-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-0-0x0000000002210000-0x0000000002310000-memory.dmp

Filesize
1024KB

Download
memory/3100-111-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/3100-108-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-130-0x0000000000590000-0x0000000000595000-memory.dmp

Filesize
20KB

Download
memory/4432-49-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-114-0x0000000003380000-0x00000000033E3000-memory.dmp

Filesize
396KB

Download
memory/4432-117-0x0000000077730000-0x0000000077793000-memory.dmp

Filesize
396KB

Download
memory/4432-123-0x0000000003380000-0x00000000033E3000-memory.dmp

Filesize
396KB

Download
memory/4432-128-0x0000000002760000-0x0000000002765000-memory.dmp

Filesize
20KB

Download
memory/4432-107-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-119-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-105-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-102-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-101-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/4432-92-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-98-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-95-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-91-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/4432-89-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-82-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-87-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-84-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-78-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-81-0x0000000077D52000-0x0000000077D54000-memory.dmp

Filesize
8KB

Download
memory/4432-79-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-76-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-73-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-71-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-69-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-66-0x0000000077D52000-0x0000000077D54000-memory.dmp

Filesize
8KB

Download
memory/4432-70-0x0000000077D54000-0x0000000077D56000-memory.dmp

Filesize
8KB

Download
memory/4432-51-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-65-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-61-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-54-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-58-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-56-0x0000000077D52000-0x0000000077D54000-memory.dmp

Filesize
8KB

Download
memory/4432-55-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-109-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-43-0x0000000000680000-0x0000000000686000-memory.dmp

Filesize
24KB

Download
memory/4432-42-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-34-0x0000000001000000-0x0000000001004000-memory.dmp

Filesize
16KB

Download
memory/4432-33-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-50-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-26-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-48-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-44-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-47-0x0000000000680000-0x0000000000686000-memory.dmp

Filesize
24KB

Download
memory/4432-40-0x0000000000590000-0x0000000000595000-memory.dmp

Filesize
20KB

Download
memory/4432-39-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-36-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-35-0x0000000000900000-0x000000000094E000-memory.dmp

Filesize
312KB

Download
memory/4432-146-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/4432-147-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-148-0x00000000756B0000-0x0000000075B00000-memory.dmp

Filesize
4.3MB

Download
memory/4432-149-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-151-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-150-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-152-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-153-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-154-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-155-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-156-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-157-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-159-0x0000000000680000-0x0000000000686000-memory.dmp

Filesize
24KB

Download
memory/4432-158-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-161-0x0000000002B60000-0x0000000002BC3000-memory.dmp

Filesize
396KB

Download
memory/4432-162-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4432-168-0x0000000077730000-0x0000000077793000-memory.dmp

Filesize
396KB

Download
memory/4432-173-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-174-0x0000000002B60000-0x0000000002FB0000-memory.dmp

Filesize
4.3MB

Download
memory/4432-175-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download