98e7108dbf745f3b55f94f9cb5f3bee182c48f97a6d2f305a3437844cfe451a2

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Picture124.JPG_www.facebook.exe
Size

252KB
MD5

de14948b708cb89cef2f258801d95339
SHA1

b2608e58c71050ff7a900548b00c872c742d054e
SHA256

51eddc3cb75e2a6185dea9d4ccc8546889ec126bdb9e6b97ef54dd44cf07a01b
SHA512

e3f2673c4362082a48e06a01c6cd6d873073f1186cc8b5b521be5dd34c7bc1d1bf776c6ebfe0c340988218c819e229c3b34930dc1348291541af71b694a38a29
SSDEEP

6144:wF6X2lAV+75lQQQQQQQv2FIO8owLPGLLkXdy:w7q+75lQQQQQQQGNEuLM4

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 756 set thread context of 1468	756	Picture124.JPG_www.facebook.exe	18

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410939313"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5EBE6A81-AEAE-11EE-8951-5E4183A8FC47} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1468	Picture124.JPG_www.facebook.exe
1468	Picture124.JPG_www.facebook.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	Picture124.JPG_www.facebook.exe
Token: SeDebugPrivilege	1468	Picture124.JPG_www.facebook.exe
Token: SeDebugPrivilege	2604	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2880	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
756	Picture124.JPG_www.facebook.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE
2604	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 756 wrote to memory of 1468	756	Picture124.JPG_www.facebook.exe	18
PID 1468 wrote to memory of 2128	1468	Picture124.JPG_www.facebook.exe	32
PID 1468 wrote to memory of 2128	1468	Picture124.JPG_www.facebook.exe	32
PID 1468 wrote to memory of 2128	1468	Picture124.JPG_www.facebook.exe	32
PID 1468 wrote to memory of 2128	1468	Picture124.JPG_www.facebook.exe	32
PID 2128 wrote to memory of 2880	2128	iexplore.exe	31
PID 2128 wrote to memory of 2880	2128	iexplore.exe	31
PID 2128 wrote to memory of 2880	2128	iexplore.exe	31
PID 2128 wrote to memory of 2880	2128	iexplore.exe	31
PID 2880 wrote to memory of 2604	2880	IEXPLORE.EXE	30
PID 2880 wrote to memory of 2604	2880	IEXPLORE.EXE	30
PID 2880 wrote to memory of 2604	2880	IEXPLORE.EXE	30
PID 2880 wrote to memory of 2604	2880	IEXPLORE.EXE	30
PID 1468 wrote to memory of 2604	1468	Picture124.JPG_www.facebook.exe	30
PID 1468 wrote to memory of 2604	1468	Picture124.JPG_www.facebook.exe	30

C:\Users\Admin\AppData\Local\Temp\Picture124.JPG_www.facebook.exe
"C:\Users\Admin\AppData\Local\Temp\Picture124.JPG_www.facebook.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756
- C:\Users\Admin\AppData\Local\Temp\Picture124.JPG_www.facebook.exe
  C:\Users\Admin\AppData\Local\Temp\Picture124.JPG_www.facebook.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2128

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6a353f260c7cd96040d95fc5181da782

SHA1
a9c7491157f5a42e52a69b05a1d05ac9c14c14e0

SHA256
9b36add9d3174a4f3b152044ed61f0a524f97e8d33746f20f8775aca5eb07f8c

SHA512
699099a7c85a07f49737870b25af1dba1afbf9b3e77c12024dddff91a73d3420659bda84bdd288bb194d6be572c10d4dcff3c6b72050a430150aeded972979ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b690611ca0b2a4a35b62cfbd15668d7d

SHA1
7f9b559a8aff0c01f1a610a780fc93dccc105c48

SHA256
595eec4900fa1809072bea4276790af6f681cbf7d713288a27c129faed0e809e

SHA512
f84857b1d905ca23a8ac216883d494918a0703511ff4bb95b87ae06c1a322c01b6157321bdc1fe976ca223503e81e452cbc2aebdf4d7e58ce21c03c6d9248b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab6c7c8054144d78ab466b194db9f90a

SHA1
f26be6e3c35ee38c1a008161dd8d8b79668aa6ac

SHA256
27903e3ccbc648ce792d1d26d851dc66e2705919b0f705cbd9f1a40d9c72549c

SHA512
6323dd8e31e05a737c42e0257ffca7dd6d165c8bdd2e230a2e66cb3d39445cfa297a3d00224d98a0da5793b9ea19d9a8eef2f87bc38b63175c055e42853bf4db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ec30daf7e47aa5ada5f464e05423b39

SHA1
c4191912d44ed05de3fceb19b3daa13b5a8c8502

SHA256
79b88c587b23c370341b256f1a33bdc67ab736551335f0c3b99c918cce83fd66

SHA512
2e9eba4eeafb9597c667be2a7c90d5ce227871332cf250ce3711c7f415c3dbe0a7a9a1e5f7628933e9152f8ec6e99f973011af4eaa53b92e483870fed8e2e9ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e15bc0e2cd21ec46adfa88ea23d0101

SHA1
3dc53d68ecc3beb0dd8b9a10c49fcdd8c4f7e39d

SHA256
a45fbbb5f3319f9f5ee103cc039fc9d0d69bbe5a6a466aaf58d02298319848c3

SHA512
c44eee2bc7af7cab9543fc4d6ecd081c4dc462948fc0bfcabc3fe38dc1579f93d8e3676a7d52e548bbba81f813a16bf90811137eb274d8767fedb89d901ef9c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47a3b0773f5cb3be41dc3dbb102a1682

SHA1
7db0e0bfe194835b280e801fb0dbaef5c92d309f

SHA256
5600697c0d3e95479c1b8fcde096916a1c6342ea97a35005763d9f200090d1ef

SHA512
f5d91c8a90a7213de70fd68979731de4dd6d095e9555feb7c13deca9752fd44c80b6163d77a39678b12aeb849e418a8809ae79ce171b575bae80c3e667094e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98b7a61188b1a668bca43f8aa85ed926

SHA1
9708ab3a7e47d2043bf341e315296fc70a0867d5

SHA256
648dcb1508e144e5d3986efe643cf8e7282ac96a3fe5ba1e9fdad9b20fd3266f

SHA512
606152f1819a9b280f7eeb80289643e9b40d2ed4e3b788bf04b422726e59a7a9f5d4629e3199221a9efb8dbbb25b964f16877d8ed97cc2451482e5029be2b8a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cf01b55b944e03eef39c2aa07572ed66

SHA1
b02f7b4bc3bb23d1b7e08a156878cd68f9457bc1

SHA256
f782ac5a692c652199028ecb977cd07238adca13d1f13dc923ef72917818fe3c

SHA512
f130df73028e27f7e73202ec9e11abb6f3df61c8dca45e48915342e1e4cf53204694ae27875a2f5f1c24236800848a40aaceb7d4641c4c6f83540ae5adef14bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BBD.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1468-66-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-44-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-23-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-28-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-30-0x0000000077E6F000-0x0000000077E70000-memory.dmp

Filesize
4KB

Download
memory/1468-54-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-52-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-50-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-68-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-91-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-90-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-2-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-64-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-62-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-60-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-58-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-56-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-48-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-46-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-17-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-42-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-40-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-38-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-36-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-34-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-4-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-6-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-8-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-10-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1468-13-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-16-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-15-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/1468-32-0x0000000077E6F000-0x0000000077E70000-memory.dmp

Filesize
4KB

Download
memory/1468-31-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-25-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-22-0x0000000000540000-0x000000000058E000-memory.dmp

Filesize
312KB

Download
memory/1468-18-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download