f0729e62c4bc3633797eea6c70969503993eebfce3fb8a852a029c0ea81c43f6

Analysis

max time kernel
40s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsProxy_2.0.9.0.exe
Size

62.4MB
MD5

6790611f5b8913cdd10f4c284af8da08
SHA1

93c081a1a6b3656fcb66beead69587878d392d99
SHA256

f0729e62c4bc3633797eea6c70969503993eebfce3fb8a852a029c0ea81c43f6
SHA512

3e7eafd3c1bfe782676e702474565d546c1e2f6cfa7feff351f915eb0d12a25050edfb07635b1bab5963afe2302ad9502595005291fe1b9e8f83c2449c51bee4
SSDEEP

1572864:5ypH6HJ6XKAZJy9oxpwAlroxZXWjqyE1rTR9Et5nubC4:YYQK0y9oYA4XWNEWnubC4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3564	windowsProxy_2.0.9.0.tmp

Loads dropped DLL 2 IoCs

pid	Process
3564	windowsProxy_2.0.9.0.tmp
3564	windowsProxy_2.0.9.0.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-TGEII.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-QEESL.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\bin\is-EID08.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-QDTJN.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-JT76U.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-Q7NDJ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\login\is-K6FDN.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\node\is-4B430.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-ME7ER.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-NLV6Q.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\fluttertoast\assets\is-EEKJT.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\is-CG722.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-GO7OA.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-QOIMC.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-3IGJH.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\node\is-QBF2C.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-HIJE6.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-MN011.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-TU2MQ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-N9U3L.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-UBKQF.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\is-BPDDH.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-G1ASJ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-JG67P.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-4P0NQ.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-BKO0J.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-2P363.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-SUTDH.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\is-0IMO3.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\dep\is-NSCD6.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\logo\is-TMF9K.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\fluttertoast\assets\is-FE6HL.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-3NPS5.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-922B9.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\radio\is-I651H.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-QOL9S.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-Q2IME.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-1SLBU.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-ONAO3.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-9KJ0U.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-G58T7.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\screen_retriever_plugin.dll	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\url_launcher_windows_plugin.dll	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-LT0IM.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-N336M.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-53SP7.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\radio\is-U6BFR.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-GRKQS.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-QLNP0.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-A0TDT.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-I7NTF.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-BN823.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-EKD10.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-3DRCI.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\is-EI86S.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\is-5Q4L3.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\images\main\is-2HMMV.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\icons\is-3KC1N.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-HU1TP.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-E1OLN.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-JH962.tmp	windowsProxy_2.0.9.0.tmp
File opened for modification	C:\Program Files (x86)\winproxy2.0\wl_base_help_plugin.dll	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\is-NGGSR.tmp	windowsProxy_2.0.9.0.tmp
File created	C:\Program Files (x86)\winproxy2.0\data\flutter_assets\assets\dep\is-M3O08.tmp	windowsProxy_2.0.9.0.tmp

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3564	windowsProxy_2.0.9.0.tmp
3564	windowsProxy_2.0.9.0.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3564	windowsProxy_2.0.9.0.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 3564	1764	windowsProxy_2.0.9.0.exe	43
PID 1764 wrote to memory of 3564	1764	windowsProxy_2.0.9.0.exe	43
PID 1764 wrote to memory of 3564	1764	windowsProxy_2.0.9.0.exe	43

C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe
"C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\is-K1FQC.tmp\windowsProxy_2.0.9.0.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K1FQC.tmp\windowsProxy_2.0.9.0.tmp" /SL5="$D00EC,64583684,1047040,C:\Users\Admin\AppData\Local\Temp\windowsProxy_2.0.9.0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:3564
- - C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe
    "C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe"
    3⤵
    PID:1520
  - - C:\Windows\Temp\{E622BA84-BD52-458D-81D1-6C11424B0DC8}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{E622BA84-BD52-458D-81D1-6C11424B0DC8}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe" -burn.filehandle.attached=688 -burn.filehandle.self=692
      4⤵
      PID:4436
- - C:\Program Files (x86)\winproxy2.0\naiyouwl.EXE
    "C:\Program Files (x86)\winproxy2.0\naiyouwl.EXE"
    3⤵
    PID:4860
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\winproxy2.0\ppt.TXT
    3⤵
    PID:3712

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
1⤵
PID:2096

C:\Windows\SYSTEM32\net.exe
net session
1⤵
PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\winproxy2.0\connectivity_plus_windows_plugin.dll

Filesize
86KB

MD5
53b89f65cc347a79da33cb2f0276ab91

SHA1
27913c1aca3af640e0a6116e5e3f67255ebe0933

SHA256
9165e8b26855d1c86c1901abe9856cc84ed48b1b7684a0a56551c9509d40e5be

SHA512
d6d62717fb3186cc93ea5ac1e5d28e14452127fbc14e688295f1d891ba3ad8b7b8345cd7d869daf7f72717c430ef898a02ec31fa9696cc1d68baa1dec4d77e7b

Download Submit
C:\Program Files (x86)\winproxy2.0\data\flutter_assets\packages\bruno\assets\images\is-2UJQN.tmp

Filesize
1KB

MD5
0aa3617b3ef4fd6ab38b469c1063f944

SHA1
4914e93add79be7ceb9dd03d3fe8ce25d112bf0b

SHA256
3edab6fd14846db990192b0fa7ebc78941cc872036b1ba3fd8be881aab91f41b

SHA512
ff6af58e624d86d92e467b277690821e51416beb28ef7730974ff099ea79cb17f8c109faec6345075bf9daa5b44e16e1f22e37bfd47533aaf86aa8dab1794b26

Download Submit
C:\Program Files (x86)\winproxy2.0\file_selector_windows_plugin.dll

Filesize
101KB

MD5
50a51b3fe7fdb4897436eafe58f58a47

SHA1
1ff1dc0858db9ea7d48f804099a06592a6c7967b

SHA256
f835c9dfb53e1bfb55c0a2212ce5993618f44550171414ac75f68b4a0f9dc50a

SHA512
0b56d67da4e7ec2216064654ad03500081a94037488eca25d02e0634782a32594400c5236cf277d17a05a6c23be7e41728dcc3a801153a6a4ced704560cbe107

Download Submit
C:\Program Files (x86)\winproxy2.0\flutter_secure_storage_windows_plugin.dll

Filesize
85KB

MD5
48a189ebbe3efcf0d149d2bf79d651ca

SHA1
589a7c877b004d17e5d54175e717d1a331e84a6a

SHA256
16e3d68805974265868997ffe13a95bd35fd2ac02c6e5b99834c1414bfbfafbb

SHA512
859e9b33b0a64b5974c472d1cd697bd98de60e620f818cd4a135f704cad49eed400addb8725da9689db88eeb3a787a64a8781ea8c3c441601f9652fa0ff12052

Download Submit
C:\Program Files (x86)\winproxy2.0\naiyouwl.exe

Filesize
71KB

MD5
57ef7050657dc0893162cfa6c91b9231

SHA1
946134410cfe9f2a56faaa3c9941161d3e9296c2

SHA256
778c2bc1d8b08366e9f7c8f8e4a8610bcbec3edc7b7e4deffd0e05c9157c4c25

SHA512
3f63f7ce8d0d9a89bfa9000a2f8a887df89653e3d06b9064711217248aa7ac9eb4da6db48e7e5240320d81b8bb834b46aa699c2cc23160d753daae28896da0c7

Download Submit
C:\Program Files (x86)\winproxy2.0\permission_handler_windows_plugin.dll

Filesize
110KB

MD5
63b7b44ab33179a5d1a4e1ff6f51b730

SHA1
0dd47157c76b882ae125a97ee21e1ecb7f2adcac

SHA256
3cb127a5a2970e95af3cab7a0eb989e9c4dad5a33332d85f3a964692cd31b13d

SHA512
cf1f9d587575a05fda672510d560248930871257e41b7870242e922230b7d75e96974fbc66e8dd207a7eac1ac494dd19d5073bf424578f47df14445576d930b0

Download Submit
C:\Program Files (x86)\winproxy2.0\permission_handler_windows_plugin.dll

Filesize
93KB

MD5
e97a9faa75eee327214186428dd72eb6

SHA1
dfcdf47b2377a1f08ba09360ac99586ee319beb9

SHA256
fc1655ded54825ae89df35eae40ae9dfad98bc21623e35a787a78cb9588bf911

SHA512
58c0876ccf3d69a799faa011ca70fdf028d14d1f20d9e03a06ad6c571c977031b3d1a4f02d3eff31539bd3615aff8bbaedde91b571584476e703357da8afd34a

Download Submit
C:\Program Files (x86)\winproxy2.0\vc_redist.x64.exe

Filesize
894KB

MD5
7df554e81b1a1fbd2017e1f2ad2433c1

SHA1
10a20a9731def0916f79eb1862dd94146ca6ca79

SHA256
1ee3dfec848d6ef335c0511d7b8bf5ccf0c1587c5b6e55d9fc1c0a7f76ae94d7

SHA512
a20e23dfea80cd67793becaf4d03990c38333c4b3478c28726ae078506cc2cf5673f988a45f5eb1a837f65127f56c351d832bc97fdb089f8f4e352ea56669322

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-60BVU.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K1FQC.tmp\windowsProxy_2.0.9.0.tmp

Filesize
1.9MB

MD5
14b240c3435eb8dd4f781f151d69fd83

SHA1
3d733bf3b7ccd176f3195477fbc078f1aec5ea44

SHA256
5ba51ef6bbe2a0c48c8e7641c6ea1cb27b11b2ac1e095e05d7e39998f6126ae7

SHA512
a09f7ca4f7588dab856da574392516dd6b1a45c8e71250f23dadfdcbe710da0d1dcbe2ff034a0e3fa09909e9429f49476d615067494fe7406bb6ce0c7a0c293a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K1FQC.tmp\windowsProxy_2.0.9.0.tmp

Filesize
57KB

MD5
7188ed57e619c5bfeb79f6755f0ca785

SHA1
581273c2617360f45409dc91745d5d2d2bba85ac

SHA256
8e128951ef3a397a77e4ce65f8b379eee35f9d389598aa35054b92c873287cb9

SHA512
ab518a2973c04c29c87508746187b7b4b9921c1d5687e67ca7edeca1c90028ac984d5113343a80c4acbfb3e86280a45e5fbe5fedfd0ad59edcce1578fdc77bea

Download Submit
C:\Windows\Temp\{3E4D27F2-2D7E-440E-8E4F-6A394CB30978}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{E622BA84-BD52-458D-81D1-6C11424B0DC8}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
b26ea60ea4341cd87c2a67e061e34439

SHA1
48f80f1defda08c555e99d55f9914c9674fa8ac9

SHA256
f4f22e86366343d12d68a925ad3cfd3aa5986a26708f26b5cc5ebbbb7d7ea461

SHA512
89f1e978c351cf01d570be1adee11f412840bb255d2b53c12d7e2c524153def7a0e618c0b35b4479d79633cc5e51d990f0ef60419d879a9729926f969ea07330

Download Submit
C:\Windows\Temp\{E622BA84-BD52-458D-81D1-6C11424B0DC8}\.cr\vc_redist.x64.exe

Filesize
381KB

MD5
8f61a477a3f5681fa28c7655fb4fe246

SHA1
00b46e829634139a2b7efb2863b8f705d56e79ab

SHA256
96324820670b60419eff227e4f84298bed49604b5ce064777cca264912beda65

SHA512
b72cc133bfceb8968ad82632648e2ea1b1dc67069c305a445f0d3eb113c088eed428233ebde50605254ecacaf5f68ded4ca6890816bc04b6c2273707466e4134

Download Submit
memory/1764-592-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1764-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/1764-12-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/3564-559-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/3564-591-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/3564-557-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/3564-16-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/3564-13-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/3564-519-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/3564-5-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/4860-594-0x000001F23B650000-0x000001F23B651000-memory.dmp

Filesize
4KB

Download
memory/4860-595-0x000001F23B840000-0x000001F23BF41000-memory.dmp

Filesize
7.0MB

Download
memory/4860-598-0x000001F23B660000-0x000001F23B661000-memory.dmp

Filesize
4KB

Download
memory/4860-597-0x000001F23B840000-0x000001F23BF41000-memory.dmp

Filesize
7.0MB

Download
memory/4860-596-0x000001F23B840000-0x000001F23BF41000-memory.dmp

Filesize
7.0MB

Download