c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b49256c727936033ed81e85be64182ab.exe
Size

240KB
MD5

b49256c727936033ed81e85be64182ab
SHA1

2c7a17eb04492d3e84b76c92d01885dd725a1792
SHA256

c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5
SHA512

592d3426d7360e4b01ead6c5523d88eb6774c092e7ff2ca9fe3801b621852e39ff3cb417f13da37daa3c5cc7e858e35b4cbd493b39c55a7924512b8270b28d24
SSDEEP

3072:mh/xupFZLe8irTEKOFXQSbOqyWT+Ehr1j00aKjNupjKibhpLeOWQvqmV+S6qsQKf:DzfFXQgOrWimr1jdajhfeKq6s5M8//

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

B62B2F3AC20.exeB62B2F3AC20.exeXubFC90.exe

pid process

2788 B62B2F3AC20.exe
1496 B62B2F3AC20.exe
4036 XubFC90.exe

pid	process
2788	B62B2F3AC20.exe
1496	B62B2F3AC20.exe
4036	XubFC90.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3904-2-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-4-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-6-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-5-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-7-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-8-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-12-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/1496-30-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/3904-33-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/1496-34-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/1496-52-0x0000000000400000-0x0000000000460000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

XubFC90.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A8F7C3W5WPXOGOVH = "C:\\Recycle.bin\\B62B2F3AC20.exe"	XubFC90.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

b49256c727936033ed81e85be64182ab.exeB62B2F3AC20.exe

description	pid	process	target process
PID 2452 set thread context of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2788 set thread context of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs

Modify Registry

T1112

Processes:

XubFC90.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\PhishingFilter	XubFC90.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\EnabledV8 = "0"	XubFC90.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ShownServiceDownBalloon = "0"	XubFC90.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

XubFC90.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery	XubFC90.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\ClearBrowsingHistoryOnExit = "0"	XubFC90.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

b49256c727936033ed81e85be64182ab.exeB62B2F3AC20.exeXubFC90.exe

pid	process
3904	b49256c727936033ed81e85be64182ab.exe
3904	b49256c727936033ed81e85be64182ab.exe
3904	b49256c727936033ed81e85be64182ab.exe
3904	b49256c727936033ed81e85be64182ab.exe
1496	B62B2F3AC20.exe
1496	B62B2F3AC20.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe
4036	XubFC90.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

b49256c727936033ed81e85be64182ab.exeB62B2F3AC20.exeXubFC90.exe

description	pid	process
Token: SeDebugPrivilege	3904	b49256c727936033ed81e85be64182ab.exe
Token: SeDebugPrivilege	3904	b49256c727936033ed81e85be64182ab.exe
Token: SeDebugPrivilege	3904	b49256c727936033ed81e85be64182ab.exe
Token: SeDebugPrivilege	3904	b49256c727936033ed81e85be64182ab.exe
Token: SeDebugPrivilege	1496	B62B2F3AC20.exe
Token: SeDebugPrivilege	1496	B62B2F3AC20.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe
Token: SeDebugPrivilege	4036	XubFC90.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b49256c727936033ed81e85be64182ab.exeB62B2F3AC20.exe

pid process

2452 b49256c727936033ed81e85be64182ab.exe
2788 B62B2F3AC20.exe

pid	process
2452	b49256c727936033ed81e85be64182ab.exe
2788	B62B2F3AC20.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

b49256c727936033ed81e85be64182ab.exeb49256c727936033ed81e85be64182ab.exeB62B2F3AC20.exeB62B2F3AC20.exeXubFC90.exe

description	pid	process	target process
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 2452 wrote to memory of 3904	2452	b49256c727936033ed81e85be64182ab.exe	b49256c727936033ed81e85be64182ab.exe
PID 3904 wrote to memory of 2788	3904	b49256c727936033ed81e85be64182ab.exe	B62B2F3AC20.exe
PID 3904 wrote to memory of 2788	3904	b49256c727936033ed81e85be64182ab.exe	B62B2F3AC20.exe
PID 3904 wrote to memory of 2788	3904	b49256c727936033ed81e85be64182ab.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 2788 wrote to memory of 1496	2788	B62B2F3AC20.exe	B62B2F3AC20.exe
PID 1496 wrote to memory of 4036	1496	B62B2F3AC20.exe	XubFC90.exe
PID 1496 wrote to memory of 4036	1496	B62B2F3AC20.exe	XubFC90.exe
PID 1496 wrote to memory of 4036	1496	B62B2F3AC20.exe	XubFC90.exe
PID 1496 wrote to memory of 4036	1496	B62B2F3AC20.exe	XubFC90.exe
PID 1496 wrote to memory of 4036	1496	B62B2F3AC20.exe	XubFC90.exe
PID 4036 wrote to memory of 3904	4036	XubFC90.exe	b49256c727936033ed81e85be64182ab.exe
PID 4036 wrote to memory of 3904	4036	XubFC90.exe	b49256c727936033ed81e85be64182ab.exe
PID 4036 wrote to memory of 3904	4036	XubFC90.exe	b49256c727936033ed81e85be64182ab.exe
PID 4036 wrote to memory of 3904	4036	XubFC90.exe	b49256c727936033ed81e85be64182ab.exe

C:\Users\Admin\AppData\Local\Temp\b49256c727936033ed81e85be64182ab.exe
"C:\Users\Admin\AppData\Local\Temp\b49256c727936033ed81e85be64182ab.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppData\Local\Temp\b49256c727936033ed81e85be64182ab.exe
C:\Users\Admin\AppData\Local\Temp\b49256c727936033ed81e85be64182ab.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3904

C:\Recycle.bin\B62B2F3AC20.exe
"C:\Recycle.bin\B62B2F3AC20.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788

C:\Recycle.bin\B62B2F3AC20.exe
C:\Recycle.bin\B62B2F3AC20.exe
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1496

C:\Users\Admin\AppData\Local\Temp\XubFC90.exe
"C:\Users\Admin\AppData\Local\Temp\XubFC90.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3796 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:1384

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Recycle.bin\8D5C7CA97BDCDC4
Filesize
5KB

MD5
e9da3ca3f072cfac701756dd941e0b36

SHA1
70f1d76280c91fc5bb46160abf5d5acb1c89f285

SHA256
9293b89b825069002bf66974a977350f360a6c58777e171e2eaa7632ae808a5d

SHA512
f20810286617d2b485b9c2b8b68ec30875ddc0587f30de3cc86280e4ebd1df15c09a0953ed2723dc812622faa2485b8e4798900ae7a68a8b34c8c6ca10e02355

Download Submit
C:\Recycle.bin\B62B2F3AC20.exe
Filesize
240KB

MD5
b49256c727936033ed81e85be64182ab

SHA1
2c7a17eb04492d3e84b76c92d01885dd725a1792

SHA256
c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5

SHA512
592d3426d7360e4b01ead6c5523d88eb6774c092e7ff2ca9fe3801b621852e39ff3cb417f13da37daa3c5cc7e858e35b4cbd493b39c55a7924512b8270b28d24

Download Submit
C:\Users\Admin\AppData\Local\Temp\XubFC90.exe
Filesize
3KB

MD5
29090b6b4d6605a97ac760d06436ac2d

SHA1
d929d3389642e52bae5ad8512293c9c4d3e4fab5

SHA256
98a24f0caf5b578e230e6f1103a5fba6aecb28a9128cad5520fcde546d643272

SHA512
9121ec42fa66e14a4fc3932c8dbcc8fb1a93ab9de00da57a82e176faa70b73f6992f8c5e2ab52c02fc28c8f0c59aee73b6fbbd39107db7d15105054f4390e9be

Download Submit
memory/1496-45-0x00000000022B0000-0x00000000023A0000-memory.dmp

Filesize
960KB

Download
memory/1496-30-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1496-34-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1496-52-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1496-41-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/1496-37-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1496-36-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/1496-35-0x00000000008C0000-0x00000000009B0000-memory.dmp

Filesize
960KB

Download
memory/3904-9-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-40-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-17-0x0000000077952000-0x0000000077954000-memory.dmp

Filesize
8KB

Download
memory/3904-18-0x00000000004A0000-0x00000000004A2000-memory.dmp

Filesize
8KB

Download
memory/3904-5-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-14-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/3904-69-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-7-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-11-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-13-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-12-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-15-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/3904-10-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/3904-67-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/3904-6-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-49-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/3904-4-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-51-0x0000000000960000-0x0000000000A50000-memory.dmp

Filesize
960KB

Download
memory/3904-2-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-72-0x00000000004C0000-0x00000000004C1000-memory.dmp

Filesize
4KB

Download
memory/3904-8-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/3904-33-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/4036-91-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-112-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-63-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4036-61-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-59-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-65-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-57-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-56-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-50-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-76-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-75-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-70-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-77-0x0000000077952000-0x0000000077954000-memory.dmp

Filesize
8KB

Download
memory/4036-80-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-82-0x0000000077952000-0x0000000077954000-memory.dmp

Filesize
8KB

Download
memory/4036-85-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-87-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-53-0x0000000001000000-0x0000000001004000-memory.dmp

Filesize
16KB

Download
memory/4036-92-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-94-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-96-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-98-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-99-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-100-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-102-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-104-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-106-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-108-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-109-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-105-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-111-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-107-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-103-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-60-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4036-113-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-101-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-97-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-95-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-114-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-115-0x0000000077750000-0x00000000777B3000-memory.dmp

Filesize
396KB

Download
memory/4036-93-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-90-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-89-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-86-0x0000000077952000-0x0000000077954000-memory.dmp

Filesize
8KB

Download
memory/4036-116-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-117-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-118-0x00000000031E0000-0x0000000003243000-memory.dmp

Filesize
396KB

Download
memory/4036-119-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-84-0x0000000077954000-0x0000000077956000-memory.dmp

Filesize
8KB

Download
memory/4036-68-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-44-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-55-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-120-0x00000000752B0000-0x0000000075700000-memory.dmp

Filesize
4.3MB

Download
memory/4036-121-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-122-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-123-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-124-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-125-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-126-0x00000000008C0000-0x000000000090E000-memory.dmp

Filesize
312KB

Download
memory/4036-127-0x00000000004D0000-0x00000000004D6000-memory.dmp

Filesize
24KB

Download
memory/4036-128-0x0000000077750000-0x00000000777B3000-memory.dmp

Filesize
396KB

Download
memory/4036-129-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-130-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-131-0x00000000027A0000-0x0000000002803000-memory.dmp

Filesize
396KB

Download
memory/4036-132-0x000000000BAD0000-0x000000000BB1E000-memory.dmp

Filesize
312KB

Download
memory/4036-133-0x0000000002860000-0x0000000002CB0000-memory.dmp

Filesize
4.3MB

Download
memory/4036-138-0x00000000027A0000-0x0000000002803000-memory.dmp

Filesize
396KB

Download