77a164b6f3112876b7b2b2c8a7b9ee57997ddde6f4e6cd5235f41c1cd5478621

Analysis

max time kernel
152s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe
Size

394KB
MD5

92117db6e028061b49507c9538a19a79
SHA1

82e2a0ae177ea236133f9c20843d686a9844fb44
SHA256

07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b
SHA512

47a9beffae3da3173d3f7faa61965cb3128a7b8643d5cb32ff8251c8e1d3d88874814f906770008d7df14036d0865bbd09422d1fb8d42a17bc042764595c0f17
SSDEEP

6144:8dKBBpxQSZrRe1pWmYTCZvCeatD5+BLjVWA2oN+zffGvmH9fr334YaC7I20PY:8dKBHw8mYmtw5+5jX2oNwGvYj334YaC7

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Executes dropped EXE 3 IoCs

pid	Process
1740	dez.exe
3404	goupdate.exe
4772	winupdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\WideTile.scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLargeTile.scale-100.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-100.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-200.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\153.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreWideTile.scale-100.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-100.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vreg\onenotemui.msi.16.en-us.vreg.dat	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosWideTile.scale-100.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\LargeTile.scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-200_contrast-white.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png	goupdate.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku.txt	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-black.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-white_scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-64_altform-unplated_contrast-black.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-125_contrast-white.png	goupdate.exe
File opened for modification	\??\c:\Program Files\EditSwitch.wmv	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-125_contrast-white.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\6px.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\82.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-125.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\MSFT.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-100.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-white_scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-white_scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\204.png	goupdate.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\vreg\proofing.msi.16.en-us.vreg.dat	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-100_contrast-black.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LargeTile.scale-125_contrast-black.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-black_scale-200.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\9.jpg	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\rsod\proof.en-us.msi.16.en-us.boot.tree.dat	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\9.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-black_scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-24.png	goupdate.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\co.txt	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.contrast-black_scale-100.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	goupdate.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-125.png	goupdate.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-100_contrast-black.png	goupdate.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	goupdate.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	goupdate.exe
File created	\??\c:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt	goupdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 1740	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	91
PID 4116 wrote to memory of 1740	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	91
PID 4116 wrote to memory of 1740	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	91
PID 4116 wrote to memory of 3404	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	92
PID 4116 wrote to memory of 3404	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	92
PID 4116 wrote to memory of 3404	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	92
PID 4116 wrote to memory of 4772	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	93
PID 4116 wrote to memory of 4772	4116	07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe	93
PID 1740 wrote to memory of 620	1740	dez.exe	95
PID 1740 wrote to memory of 620	1740	dez.exe	95
PID 1740 wrote to memory of 620	1740	dez.exe	95
PID 620 wrote to memory of 4992	620	cmd.exe	96
PID 620 wrote to memory of 4992	620	cmd.exe	96
PID 620 wrote to memory of 4992	620	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe
"C:\Users\Admin\AppData\Local\Temp\07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Users\Public\dez.exe
  "C:\Users\Public\dez.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8964.tmp\Desativar Gerenciador de Tarefas.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:620
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f
      4⤵
      PID:4992
- C:\Users\Admin\AppData\Roaming\Local\Gogle\update\goupdate.exe
  "C:\Users\Admin\AppData\Roaming\Local\Gogle\update\goupdate.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:3404
- C:\Users\Admin\AppData\Roaming\Local\Gogle\update\winupdate.exe
  "C:\Users\Admin\AppData\Roaming\Local\Gogle\update\winupdate.exe"
  2⤵
  - Executes dropped EXE
  PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
629ff8f9eb9236dd4b295bd345e576e3

SHA1
06fe374759069a5b2720e753bf7918a27254fdbe

SHA256
16d32ebdf19663e509906249243c7aa8621dc1f9b3b748363407cbdc311f2473

SHA512
3540b7cb0a5d65aaf10ae5950a62dbdb76f7ee291f2d8907f8bd18c0bd148fc30131edc5f20d446fe5ca08120f6fa56dd6a5525f8cccbdbd48b8e25ffc6ca6e6

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
5a24d554628b02753abd2408dfbbf5f2

SHA1
340b61e45be0137f6f743ca51f576b8f904b5eb2

SHA256
c3ce81b7c615dbf3e730e14869ffd86750ceb6b16e6bd1aaadb1ff6f428ed117

SHA512
fe9a93e443794e61d89d0d4d3058d8757c70075dfdfaf16e7442e75ec039ec257eecc84b9e2a242c1c1afe872fc0d365ddd4e98d98ba32cfd573b31395ddc7d0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
48B

MD5
3ebc4be50e46329120d8cbe37bbaf7d2

SHA1
27564b7bb466148f2fda9f770c8d00794e8dc2fb

SHA256
307e234769167f7a9b264e16b1b1e2a8162aebab0f96cb74c0afbe9912736677

SHA512
9d8292fab5f0218823c72f322028e7e900d16d53364a689bf4433cdd581bda2f8b4626c89757c028d8cf6f7e104c7e7210dedb34be61917e79575b7912fcbddc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi

Filesize
3.0MB

MD5
a1c04e4e4860950df247bfb53be6a209

SHA1
7357a6aa3ca24213788d792eccfc7c6efdaaf823

SHA256
331f262a22d1042edc8ab152b3aa351bec2497cd7911a89d3106d991e988fc8b

SHA512
194d5e017278091cbb97ce9d5be61fce8711e6485f5566fc0c7993a7fbe1d86b050d2c8b29174eaf2fd86a012df5c557addbbd3b68d0f8fc52d18153c69ec535

Download Submit
C:\Users\Admin\AppData\Local\Temp\8964.tmp\Desativar Gerenciador de Tarefas.bat

Filesize
143B

MD5
957cc733dc4b598cc6c46a853edc1f09

SHA1
3bca6a4b7813d80edb21b398703f892266361ec0

SHA256
6783af457832da1f302f28a506ca89fc34a33e698ca6d0060db1117f195fa31a

SHA512
d937f5f2b13c71139e683a290474d6f431f7fc3a0e680ce3c7468b91e400354ccb0c2f35864d04480d02829ac01657be6504102ba24fd99fb4da2fc83ceb952f

Download Submit
C:\Users\Admin\AppData\Roaming\### DECRYPT MY FILES ###11.$$A

Filesize
38KB

MD5
c1a0b66678bf454bd5f898cd8cbd61c0

SHA1
e6b02a25dbd7fb7d16753553f0cd8098ee31e82b

SHA256
93f234714729fae7d3fc30c27244d7ca071d7afca88cf0ce8b0c2a6005d68a22

SHA512
7d5c36724b532a7edff594ff7a5731672769a6ef04cb69fba20ab691ffac6d24e2a4432f4585da1413efee6d3c4d604ad06e78dfe04618a5b43cc44c7c5106cf

Download Submit
C:\Users\Admin\AppData\Roaming\Local\Gogle\update\goupdate.exe

Filesize
36KB

MD5
a4046a44b24f172d662e01bd05ac046b

SHA1
40b6be7ca7716c6a107880c255cc580d66e9aa1e

SHA256
84dbac99652bff87ee745517847be494db142ee37d9ea9a75af7d0f24f134d88

SHA512
fc3ab78e175a355461423f8b8c721f737cbac80e9f0217cebee8718ee5e30a101013d1b7414f6ad88e602b923a3deeeacd847226e50b6bb6394c3ff02d096728

Download Submit
C:\Users\Admin\AppData\Roaming\Local\Gogle\update\winupdate.exe

Filesize
36KB

MD5
1fe057e3e833bced7feb0164e6302751

SHA1
e13881478c59a46b81c3a7819e5d48ebb584c9fb

SHA256
653511eacc5465aa720eb9c303caa3b37133a05407d0d41517cc1412258e59eb

SHA512
a278886f9b39958526b45afcc95c71d53a281446608e3839db4c7fedb05717372ab5223e3e1dd3d824651d1eb0320b963208e1d6859976b8f8cba0de76a01132

Download Submit
C:\Users\Public\dez.exe

Filesize
25KB

MD5
4deb15ef2bceff8aa06607fb1437da82

SHA1
43e9393398f176f90653b7c1f812c358bac58804

SHA256
4a4b5b52f64a8dd059c74b56335b0023d1a731c6436d4b5e2d46613f30662859

SHA512
e54066f24acb5837d1289ab731b0c631fe54068f170cd03023f99ba6ede1d9e31a54944e1ecd47dca4b3a441866f086353652f9c05cc4651ce7c5f428f1028bf

Download Submit
memory/1740-55-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1740-50-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1740-45-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/3404-54-0x0000000000DE0000-0x0000000000DEE000-memory.dmp

Filesize
56KB

Download
memory/3404-60-0x0000000005750000-0x00000000057E2000-memory.dmp

Filesize
584KB

Download
memory/3404-56-0x0000000074530000-0x0000000074CE0000-memory.dmp

Filesize
7.7MB

Download
memory/3404-305-0x0000000074530000-0x0000000074CE0000-memory.dmp

Filesize
7.7MB

Download
memory/3404-59-0x0000000005C60000-0x0000000006204000-memory.dmp

Filesize
5.6MB

Download
memory/3404-64-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/3404-65-0x00000000056B0000-0x00000000056BA000-memory.dmp

Filesize
40KB

Download
memory/3404-310-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/4772-63-0x000000001C8A0000-0x000000001C93C000-memory.dmp

Filesize
624KB

Download
memory/4772-68-0x0000000001550000-0x0000000001560000-memory.dmp

Filesize
64KB

Download
memory/4772-67-0x000000001CA00000-0x000000001CA4C000-memory.dmp

Filesize
304KB

Download
memory/4772-306-0x0000000001550000-0x0000000001560000-memory.dmp

Filesize
64KB

Download
memory/4772-307-0x00007FFC85E80000-0x00007FFC86821000-memory.dmp

Filesize
9.6MB

Download
memory/4772-66-0x000000001BDA0000-0x000000001BDA8000-memory.dmp

Filesize
32KB

Download
memory/4772-311-0x0000000001550000-0x0000000001560000-memory.dmp

Filesize
64KB

Download
memory/4772-62-0x000000001C280000-0x000000001C74E000-memory.dmp

Filesize
4.8MB

Download
memory/4772-61-0x00007FFC85E80000-0x00007FFC86821000-memory.dmp

Filesize
9.6MB

Download
memory/4772-352-0x0000000001550000-0x0000000001560000-memory.dmp

Filesize
64KB

Download
memory/4772-58-0x0000000001550000-0x0000000001560000-memory.dmp

Filesize
64KB

Download
memory/4772-57-0x000000001BCD0000-0x000000001BD76000-memory.dmp

Filesize
664KB

Download