a55e2ef0c2bdf1a967e9728185baa8b02097379a8269363d60031be31b41a9f7

Analysis

max time kernel
145s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 14:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BardMusicPlayer2.exe
Size

19KB
MD5

0f8cf7977a8ac756069d729faf3223a7
SHA1

a5a60d41f0700cc10c4de0ed89a8859f31c97b02
SHA256

a55e2ef0c2bdf1a967e9728185baa8b02097379a8269363d60031be31b41a9f7
SHA512

7054de9185157a5c2b0a5187d4eed23504cb145e67b21c847b9eb4d2ef27dd10672fb1f473646286a20fea5cd52a1b0dd6e16ee714b5a83703018c9987087a84
SSDEEP

384:SrxKlkTfZGjiqvB8YNJ2fIgMuP82OmGZGc4/cptYcFtVc03K:SrxKGQjjCMeOmqGckotYcFtVc6K

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2972	netsh.exe
268	netsh.exe

Executes dropped EXE 2 IoCs

pid	Process
2864	BardMusicPlayer.exe
1272	Process not Found

Loads dropped DLL 1 IoCs

pid	Process
1852	BardMusicPlayer2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BardMusicPlayer2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BardMusicPlayer2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	BardMusicPlayer2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	BardMusicPlayer2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	BardMusicPlayer2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	BardMusicPlayer2.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe
2864	BardMusicPlayer.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1852	BardMusicPlayer2.exe
Token: SeDebugPrivilege	2864	BardMusicPlayer.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2864	1852	BardMusicPlayer2.exe	28
PID 1852 wrote to memory of 2864	1852	BardMusicPlayer2.exe	28
PID 1852 wrote to memory of 2864	1852	BardMusicPlayer2.exe	28
PID 1852 wrote to memory of 2864	1852	BardMusicPlayer2.exe	28
PID 2864 wrote to memory of 268	2864	BardMusicPlayer.exe	29
PID 2864 wrote to memory of 268	2864	BardMusicPlayer.exe	29
PID 2864 wrote to memory of 268	2864	BardMusicPlayer.exe	29
PID 2864 wrote to memory of 2972	2864	BardMusicPlayer.exe	31
PID 2864 wrote to memory of 2972	2864	BardMusicPlayer.exe	31
PID 2864 wrote to memory of 2972	2864	BardMusicPlayer.exe	31

C:\Users\Admin\AppData\Local\Temp\BardMusicPlayer2.exe
"C:\Users\Admin\AppData\Local\Temp\BardMusicPlayer2.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe
  "C:\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall delete rule name="BardMusicPlayer"
    3⤵
    - Modifies Windows Firewall
    PID:268
- - C:\Windows\system32\netsh.exe
    "netsh" advfirewall firewall add rule name="BardMusicPlayer" dir=in action=allow profile=any program="C:\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe"
    3⤵
    - Modifies Windows Firewall
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4fc73313f5369b8de40e5105630c7c8

SHA1
50d0ecd34bddf207f5bf27a2e7fcdabc98cc9b31

SHA256
2803ad83226689f3639ae769f17657826dd82aa1257da157230e73bc9c43e71a

SHA512
6d5677e518a9d296a672ab9d322277bc16a49e4c725095cd320e8ae15b7ba524a8597bbb57520aede12ffd1f2c714dd7bfa6b11c16e340ee205e8d091f6b180b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53AE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar545C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe

Filesize
5.1MB

MD5
dd9bfdc96a528ecac42918088707d540

SHA1
0061c22eb84ecf0c4049ce8a43355045e75d18e5

SHA256
6238d994acba9be452e86dc9e4687546f856d0db4fd557a393180d751b108ac9

SHA512
e93cb52223d94ab0eb3d5053795e1f46a33f33f18d44119509f1bc00d29c80515d623b1b75b2fa035d735363627ddc19b7738a628c9ead23fe545872685499b0

Download Submit
\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe

Filesize
10.5MB

MD5
a3a27bc56f7b43439b0fde55865672e8

SHA1
6a09b51db43dcc4ae532840556fa6ef929c2f318

SHA256
d746d20921e3af4a8ded58c28d96398564dfd97ab30809d7667f954b6c344ceb

SHA512
97b7f07c6cb03fe9294f5046996adc0cf59f987b2e2738095abcefec12073e0963fd5f48af116fe10104bd3bf48aa58214f4facf4257362e7787b67e20c0eab8

Download Submit
\Users\Admin\AppData\Roaming\BardMusicPlayer\bmp2\BardMusicPlayer.exe

Filesize
1.8MB

MD5
63e967766e6797854afa33010c7fd510

SHA1
c949c1af8bfe8750ebe476049ba203d5ac6513d1

SHA256
e760fdf44f06da607e01c6784f0edd9d93d721f07c1da513bc9c97a65c6a4d4e

SHA512
de581da8ad5738b2a1dd0bb826e620ac06802013ac6d5b2b9e340c7e9090d6d44df033c369138fbea4ab70393d89ccaa0ebc0fe99dfe60e5a20d7139826d615e

Download Submit
memory/1852-1-0x0000000074870000-0x0000000074F5E000-memory.dmp

Filesize
6.9MB

Download
memory/1852-2-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1852-3-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1852-77-0x0000000074870000-0x0000000074F5E000-memory.dmp

Filesize
6.9MB

Download
memory/1852-89-0x0000000074870000-0x0000000074F5E000-memory.dmp

Filesize
6.9MB

Download
memory/1852-90-0x0000000004C20000-0x0000000004C60000-memory.dmp

Filesize
256KB

Download
memory/1852-0-0x0000000000C50000-0x0000000000C5C000-memory.dmp

Filesize
48KB

Download
memory/2864-108-0x0000000000E30000-0x0000000000E42000-memory.dmp

Filesize
72KB

Download
memory/2864-116-0x000000001C720000-0x000000001C72A000-memory.dmp

Filesize
40KB

Download
memory/2864-94-0x000000001D670000-0x000000001DFB0000-memory.dmp

Filesize
9.2MB

Download
memory/2864-95-0x0000000000CD0000-0x0000000000D22000-memory.dmp

Filesize
328KB

Download
memory/2864-96-0x0000000000560000-0x000000000056A000-memory.dmp

Filesize
40KB

Download
memory/2864-97-0x0000000000770000-0x000000000077A000-memory.dmp

Filesize
40KB

Download
memory/2864-98-0x0000000000870000-0x000000000089A000-memory.dmp

Filesize
168KB

Download
memory/2864-99-0x0000000000DA0000-0x0000000000DB6000-memory.dmp

Filesize
88KB

Download
memory/2864-100-0x0000000000DC0000-0x0000000000DCA000-memory.dmp

Filesize
40KB

Download
memory/2864-101-0x0000000000DD0000-0x0000000000DDA000-memory.dmp

Filesize
40KB

Download
memory/2864-102-0x000000001E1B0000-0x000000001F2BE000-memory.dmp

Filesize
17.1MB

Download
memory/2864-103-0x0000000000DE0000-0x0000000000E12000-memory.dmp

Filesize
200KB

Download
memory/2864-104-0x0000000000E10000-0x0000000000E2A000-memory.dmp

Filesize
104KB

Download
memory/2864-105-0x00000000010E0000-0x0000000001192000-memory.dmp

Filesize
712KB

Download
memory/2864-107-0x0000000003910000-0x000000000397E000-memory.dmp

Filesize
440KB

Download
memory/2864-92-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-109-0x000000001C140000-0x000000001C1BE000-memory.dmp

Filesize
504KB

Download
memory/2864-110-0x000000001C240000-0x000000001C2F2000-memory.dmp

Filesize
712KB

Download
memory/2864-111-0x0000000003980000-0x00000000039B6000-memory.dmp

Filesize
216KB

Download
memory/2864-112-0x0000000001190000-0x00000000011BA000-memory.dmp

Filesize
168KB

Download
memory/2864-113-0x000000001C710000-0x000000001C718000-memory.dmp

Filesize
32KB

Download
memory/2864-114-0x000000001C6F0000-0x000000001C6FA000-memory.dmp

Filesize
40KB

Download
memory/2864-115-0x000000001C780000-0x000000001C79E000-memory.dmp

Filesize
120KB

Download
memory/2864-93-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-117-0x0000000000E60000-0x0000000000E6A000-memory.dmp

Filesize
40KB

Download
memory/2864-118-0x000000001C730000-0x000000001C73C000-memory.dmp

Filesize
48KB

Download
memory/2864-119-0x000000001C700000-0x000000001C708000-memory.dmp

Filesize
32KB

Download
memory/2864-120-0x000000001F3D0000-0x000000001F404000-memory.dmp

Filesize
208KB

Download
memory/2864-121-0x000000001C740000-0x000000001C748000-memory.dmp

Filesize
32KB

Download
memory/2864-123-0x000000001F8B0000-0x000000001F8BA000-memory.dmp

Filesize
40KB

Download
memory/2864-122-0x000000001F8B0000-0x000000001F8BA000-memory.dmp

Filesize
40KB

Download
memory/2864-127-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-128-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-91-0x0000000001240000-0x0000000002404000-memory.dmp

Filesize
17.8MB

Download
memory/2864-131-0x000000001F3A0000-0x000000001F3A1000-memory.dmp

Filesize
4KB

Download
memory/2864-130-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-132-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-133-0x000007FEF5DA0000-0x000007FEF678C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-134-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-135-0x000000001F8B0000-0x000000001F8BA000-memory.dmp

Filesize
40KB

Download
memory/2864-136-0x000000001F8B0000-0x000000001F8BA000-memory.dmp

Filesize
40KB

Download
memory/2864-137-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-138-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-139-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download
memory/2864-140-0x000000001C1C0000-0x000000001C240000-memory.dmp

Filesize
512KB

Download