05761fc011afdfc7bc76b9d1efa5bf158d96ee8a235adcfcefc8ba09c09c1182

Analysis

max time kernel
161s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

470e6b9f3c285d7e087c70714e842d5e.exe
Size

705KB
MD5

470e6b9f3c285d7e087c70714e842d5e
SHA1

6237bf7f4e7ec7f17c41a5ff144cbeb3d4901203
SHA256

05761fc011afdfc7bc76b9d1efa5bf158d96ee8a235adcfcefc8ba09c09c1182
SHA512

82fa46513c0f2e2edf11aa49656a8b0f3faf893204b2e4924c85dbb33976ea99a46f53829ed265b3ac0799a5416490f7da99de1dad88163a4a7dceeddde9ee23
SSDEEP

12288:KDJnJM4OpSpnO8kTplv3P3wsOgR1UlxlStQ6enrRGcNp+Ra6Jti5O6lv07xi9:iJnJM4OqTWnv3YYHaKBenrR/p+A6JM5z

Score

8^/10

discovery evasion trojan

Malware Config

Signatures

Disables taskbar notifications via registry modification
evasion

Executes dropped EXE 8 IoCs

pid	Process
3668	alg.exe
2004	DiagnosticsHub.StandardCollector.Service.exe
3400	fxssvc.exe
3432	elevation_service.exe
3908	elevation_service.exe
1196	maintenanceservice.exe
4596	msdtc.exe
1600	msiexec.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3073191680-435865314-2862784915-1000	alg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3073191680-435865314-2862784915-1000\EnableNotifications = "0"	alg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	alg.exe
File opened (read-only)	\??\S:	alg.exe
File opened (read-only)	\??\U:	alg.exe
File opened (read-only)	\??\W:	alg.exe
File opened (read-only)	\??\X:	alg.exe
File opened (read-only)	\??\I:	alg.exe
File opened (read-only)	\??\J:	alg.exe
File opened (read-only)	\??\M:	alg.exe
File opened (read-only)	\??\O:	alg.exe
File opened (read-only)	\??\T:	alg.exe
File opened (read-only)	\??\Z:	alg.exe
File opened (read-only)	\??\H:	alg.exe
File opened (read-only)	\??\K:	alg.exe
File opened (read-only)	\??\R:	alg.exe
File opened (read-only)	\??\E:	alg.exe
File opened (read-only)	\??\L:	alg.exe
File opened (read-only)	\??\N:	alg.exe
File opened (read-only)	\??\P:	alg.exe
File opened (read-only)	\??\V:	alg.exe
File opened (read-only)	\??\Y:	alg.exe
File opened (read-only)	\??\G:	alg.exe

Drops file in System32 directory 48 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system32\sgrmbroker.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\Appvclient.exe	alg.exe
File created	\??\c:\windows\system32\diagsvcs\floobajn.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe	alg.exe
File opened for modification	\??\c:\windows\system32\locator.exe	alg.exe
File opened for modification	\??\c:\windows\syswow64\perfhost.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\Agentservice.exe	alg.exe
File opened for modification	\??\c:\windows\system32\wbengine.exe	alg.exe
File created	\??\c:\windows\system32\iabplfpl.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\svchost.exe	alg.exe
File opened for modification	\??\c:\windows\system32\dllhost.exe	alg.exe
File opened for modification	\??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\snmptrap.exe	alg.exe
File opened for modification	\??\c:\windows\system32\openssh\ssh-agent.exe	alg.exe
File opened for modification	\??\c:\windows\system32\msiexec.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\locator.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\alg.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\fxssvc.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	\??\c:\windows\system32\obbeiplm.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\msdtc.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	\??\c:\windows\system32\npcqbngh.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\lsass.exe	alg.exe
File opened for modification	\??\c:\windows\system32\sgrmbroker.exe	alg.exe
File opened for modification	\??\c:\windows\system32\vds.exe	alg.exe
File opened for modification	\??\c:\windows\system32\vssvc.exe	alg.exe
File opened for modification	\??\c:\windows\system32\wbem\wmiApsrv.exe	alg.exe
File opened for modification	\??\c:\windows\system32\searchindexer.exe	alg.exe
File opened for modification	\??\c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	\??\c:\windows\system32\perceptionsimulation\bemojpai.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\sensordataservice.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File created	\??\c:\windows\system32\plbdjnop.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\Appvclient.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\msdtc.exe	alg.exe
File opened for modification	\??\c:\windows\system32\msiexec.exe	alg.exe
File opened for modification	\??\c:\windows\system32\sensordataservice.exe	alg.exe
File opened for modification	\??\c:\windows\system32\spectrum.exe	alg.exe
File opened for modification	\??\c:\windows\system32\tieringengineservice.exe	alg.exe
File created	\??\c:\windows\system32\pdkpifkp.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\dllhost.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\syswow64\perfhost.exe	alg.exe
File created	\??\c:\windows\syswow64\cpegndip.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe	alg.exe
File opened for modification	\??\c:\windows\system32\fxssvc.exe	alg.exe
File created	\??\c:\windows\system32\ofnppjin.tmp	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\system32\lsass.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	\??\c:\windows\system32\jofdlaff.tmp	470e6b9f3c285d7e087c70714e842d5e.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	\??\c:\program files (x86)\mozilla maintenance service\pjkmdemn.tmp	alg.exe
File created	\??\c:\program files\common files\microsoft shared\source engine\hkcqfbfb.tmp	alg.exe
File opened for modification	\??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	alg.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\source engine\ose.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	alg.exe
File created	\??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\kldhkkoh.tmp	alg.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File created	C:\Program Files\7-Zip\jgpijieg.tmp	alg.exe
File opened for modification	\??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\source engine\ose.exe	alg.exe
File created	\??\c:\program files\google\chrome\Application\106.0.5249.119\dlknkkle.tmp	alg.exe
File opened for modification	\??\c:\program files\windows media player\wmpnetwk.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	470e6b9f3c285d7e087c70714e842d5e.exe
File opened for modification	\??\c:\windows\servicing\trustedinstaller.exe	alg.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	alg.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe
3668	alg.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	112	470e6b9f3c285d7e087c70714e842d5e.exe
Token: SeTakeOwnershipPrivilege	3668	alg.exe
Token: SeAuditPrivilege	3400	fxssvc.exe
Token: SeSecurityPrivilege	1600	msiexec.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAHealth = "1"	alg.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer	alg.exe

C:\Users\Admin\AppData\Local\Temp\470e6b9f3c285d7e087c70714e842d5e.exe
"C:\Users\Admin\AppData\Local\Temp\470e6b9f3c285d7e087c70714e842d5e.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:112

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Windows security modification
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:3668

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2004

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2088

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3908

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1196

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:4596

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\106.0.5249.119\dlknkkle.tmp

Filesize
2.0MB

MD5
b9191f8e8f92d5650c48c1ba77bd208e

SHA1
9934ce55347dfc6c395d3dc0cf0a04e98227a946

SHA256
d0bd25e02804d701eb62a7e905413e523b681faf6653d51ae85e19144d11ed70

SHA512
66e70402155aeda936b0e7c413efb48a5ff55f8bdb4e07ac68e60ac36b96f3cc86d8c77e658cbd58167a94b1479a2477a3adcfe9b4aebe5e8d5acd6d9935abb3

Download Submit
C:\Users\Admin\AppData\Local\obbfiqcl\hngmabcg.tmp

Filesize
678KB

MD5
a14e40bde60ab2163086b0062dbda3fb

SHA1
fcef26e3586ee7e9f019c217bdb2b74b1f0f95e9

SHA256
e81b87c184adbfe1f1977e91d4793f32cdb2ffb1372d38d4886657d4ccfd28eb

SHA512
85412d6bb7b75793a04f2e0aa30e28ab185f3ec36bee7b61d331381d4f1aada8cade1fed9bd49a6db3dac2319e4c60145281ac4089932baadde19a0a74ba2872

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
487KB

MD5
aa4cab27e306fbbf782b9c2b0cc7aef0

SHA1
aa56066ec483ee8f8a105cad024f3f9c3de0ecbc

SHA256
afa0d8502d95aa2a242793765ea505ddb3a33f70ba3a39898ea93be8471730a4

SHA512
7a27a7ade108c90a9dbc69b2b456d5331679ec6fee9cf1778832219bec974f316f7bccb589571f6108223331be5a5cb7140da282004af40ab563fc98f2ee819e

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.0MB

MD5
1b92625b694eb83a6ec52c70465a6eef

SHA1
638d57586235287b2c54768aaff190c9e3225a17

SHA256
5ef89f72e384933c704fe1eeb6dd83d823881d54f04cedd62c85b66df5d2300a

SHA512
eae8177491c19b410fa6afe467a4488117a339a309e75521b93b7e3240dc33ce787a5eb0b201d079a38b6010b0e883c17b60736fa2b4e2ca389bae82487b1f76

Download Submit
C:\Windows\System32\alg.exe

Filesize
489KB

MD5
d2e4d5ab77f65c46aa9cda4716713046

SHA1
7cf155865e1307ccb7a0719f4265ff44df423318

SHA256
d71e4793e006c342a290d8625fb40003cfcc74caf70e8a5993b1c599dd3b1162

SHA512
470504cbb0977e27665c462aa2ad8209391c39a194162ec11643999dbe400530715b9b503874f2f12b7b47c7fe88eabde3ccc8aef683c08c83895410234ebeec

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
540KB

MD5
45ce9adecbe67e4eaf36a8a32885aec2

SHA1
4cfe8a9ea52373a5042ffa7b29649de9fa0cc390

SHA256
bc45e9fe554225782f59537b72f8a524cd998060e2f8f47789013ddbe3c73986

SHA512
bd7443407e0888ccaef47584e134474b3a799413150f41b9f60fc6da9b4e0c0a517092d26471601110b8dc0f1798575f583f525167557e56ad1eb4eb501944ec

Download Submit
C:\Windows\System32\msiexec.exe

Filesize
463KB

MD5
871c9199593e55424f215f3d097a64aa

SHA1
85221e33bd9ac2476e5561a6b75075405fbeb2ab

SHA256
2a951465cddf2494ac222aed42b0f53114a3ac792a22f651249ce784e205dec0

SHA512
dc24a1551fc0e07f596e9686035a47a1cfb6034d0a8f0c5e128373551bd4e16a45170c324a5457a4f27df9fccebc39d9bb0447a778d7344265a9b044cc1cf024

Download Submit
\??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe

Filesize
1.9MB

MD5
5eaca68604dbf201bc3ee87b1d0c47de

SHA1
975437f7712918b6694d15f0233833ea02e02599

SHA256
d6b2d02737c8bbb4ab9344e072bf0df05c151f015b069fc81b27f05ea9ab8e01

SHA512
b578a186a7f4fad3732b299b07511b0356a3578ed4a02d144c2b5a3aa3fe78d013310fb2269a62377acefae775161fc91e250710e1167754c148164841788e5f

Download Submit
\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe

Filesize
613KB

MD5
cbb9500ad107ac29d8029deae773ea6a

SHA1
9498f0b70f50e3a08f2a8d83649edfaf79306d78

SHA256
d9a44a711aa6fc69455c6ae6c7f1c9b787a2652b3a2a368e30b417be071153b5

SHA512
72026a321e4ab26c21c52ccb7fe4b5debd2eac84cc8d421e24a8e9cdf5c00d843319af3f3d8bb0ef9c46b1eb0dcc3a59046a4068a8d1401e622963830d65741e

Download Submit
\??\c:\program files\common files\microsoft shared\source engine\ose.exe

Filesize
637KB

MD5
2844ecf6d2640d038dac0f1106a88648

SHA1
048c5b6a30fdb706ee973a97806e1765f118bfe8

SHA256
0ed3d21007b05dd224e8b428c423298e97fdaf6c5af47d9233e78a8fdb618420

SHA512
483f50e949d5da4609ae385aff6bc7c74116477d9d751633101612593e0810ded736981279ff6af910f4419a443aad8feb383f6d53d7fa67befb0800e36396d1

Download Submit
memory/112-11-0x00007FF66F580000-0x00007FF66F689000-memory.dmp

Filesize
1.0MB

Download
memory/112-2-0x00007FF66F580000-0x00007FF66F689000-memory.dmp

Filesize
1.0MB

Download
memory/112-0-0x00007FF66F580000-0x00007FF66F689000-memory.dmp

Filesize
1.0MB

Download
memory/1196-70-0x00007FF6A1E20000-0x00007FF6A1F14000-memory.dmp

Filesize
976KB

Download
memory/1196-72-0x00007FF6A1E20000-0x00007FF6A1F14000-memory.dmp

Filesize
976KB

Download
memory/1600-98-0x00007FF7301A0000-0x00007FF73026E000-memory.dmp

Filesize
824KB

Download
memory/2004-31-0x00007FF649E50000-0x00007FF649F22000-memory.dmp

Filesize
840KB

Download
memory/2004-73-0x00007FF649E50000-0x00007FF649F22000-memory.dmp

Filesize
840KB

Download
memory/3400-49-0x00007FF69DE10000-0x00007FF69DF6F000-memory.dmp

Filesize
1.4MB

Download
memory/3400-51-0x00007FF69DE10000-0x00007FF69DF6F000-memory.dmp

Filesize
1.4MB

Download
memory/3432-58-0x00007FF7922A0000-0x00007FF792501000-memory.dmp

Filesize
2.4MB

Download
memory/3432-89-0x00007FF7922A0000-0x00007FF792501000-memory.dmp

Filesize
2.4MB

Download
memory/3668-61-0x00007FF697D70000-0x00007FF697E43000-memory.dmp

Filesize
844KB

Download
memory/3668-19-0x00007FF697D70000-0x00007FF697E43000-memory.dmp

Filesize
844KB

Download
memory/3668-18-0x00007FF697D70000-0x00007FF697E43000-memory.dmp

Filesize
844KB

Download
memory/3908-62-0x00007FF652420000-0x00007FF652675000-memory.dmp

Filesize
2.3MB

Download
memory/3908-97-0x00007FF652420000-0x00007FF652675000-memory.dmp

Filesize
2.3MB

Download
memory/4596-80-0x00007FF6D5FB0000-0x00007FF6D6092000-memory.dmp

Filesize
904KB

Download
memory/4596-105-0x00007FF6D5FB0000-0x00007FF6D6092000-memory.dmp

Filesize
904KB

Download