hxxp://www[.]rw-designer[.]com/cursor-downloadset[.]php?id=dim-by-biueguy

Analysis

max time kernel
1729s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.rw-designer.com/cursor-downloadset.php?id=dim-by-biueguy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
2776	msedge.exe
2776	msedge.exe
3944	identity_helper.exe
3944	identity_helper.exe
4916	msedge.exe
4916	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2560	svchost.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2352	2776	msedge.exe	88
PID 2776 wrote to memory of 2352	2776	msedge.exe	88
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 3248	2776	msedge.exe	89
PID 2776 wrote to memory of 4920	2776	msedge.exe	90
PID 2776 wrote to memory of 4920	2776	msedge.exe	90
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91
PID 2776 wrote to memory of 1996	2776	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.rw-designer.com/cursor-downloadset.php?id=dim-by-biueguy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb2a746f8,0x7ffcb2a74708,0x7ffcb2a74718
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4224 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7954900294778022335,12629541688904779825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2012

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
a0cc87360c7fe27e13a274fc4a2763f6

SHA1
d81225cdc82dcdb37e19979e8231e7fbdbbe728c

SHA256
70c07d71fdec5c5f8ca69d9734db81ea3602b3fed1615345d868ddbb4c299d34

SHA512
1d2dd6a4fa4b515b68bd6fee2571499d47613d5c0c994ea769438a5c5a59c782ed44845ca2b8160abc793ba5640374590411b82fd0cc04055bed80bcaccf3522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2eb5b3a0-8bd5-48c4-8d5f-f614837fbff2.tmp

Filesize
11KB

MD5
ae156eb194912fc32e04ec75c15378e6

SHA1
3ce112ac638f2bdabb9a4e0e090b7a34d5b37726

SHA256
70164d1ba6f2b3123fe24e5129875c0e589b7f82769e47829595bbc7ef39b685

SHA512
79f07b06e9f7feceddd3ccf7112c4585ce102f8cff32a284d250612e66b1819abd30f4cb77e31b060b73c67fec9b21d6f4e773909e366509b3a15e84f0546e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\88a0b4c9-ebab-458f-b2fd-94e7e8fe56bd.tmp

Filesize
6KB

MD5
500943ad0be0daee82d55644d70b476a

SHA1
e4ba65b1d43201a832a1f75e1e5e9ef19c9c11f1

SHA256
72b77411580aacfd36627eda0252b86270d5edd029906827663ba5542501385a

SHA512
6bd93251d6c83417cb836942c39b8afd79eb4e9b86c335c23c64c27ca6cd6bdbf256971b4dd4a64bf4f4367d43b124895154ff0d9bb4e7658200b57a383804f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f856965c9efed80fed4dd9deb406f81d

SHA1
c5b54811203e7acbb08b8a1ee6e8adc0b775e1ef

SHA256
8d2bc16810acb2376b345baf5fe62ad3933277981994b72552bd15e31bb1ccf2

SHA512
d3a9f8db261279837abfc6bc3cae6203c4555468a468950bb03500cb14d8d29993fa924dea4cde8f1a909249d54568cf748d8241b0a7ec24c863b700fcc5af16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\Downloads\dim-by-biueguy.zip

Filesize
444KB

MD5
626b2a7325cf0cdf81ecdb3f69f1fd7b

SHA1
57122b93038f38ecd947bfc1021f8fa86f919d24

SHA256
efa9b25ba5520dc30c108a0d06bdba48164c1a20c85497b5e0aa0c7bee21a336

SHA512
dacc6feae61146c12adb4ed4908a81e01250fb0556cf55312ce68a4a306d520123c6d1c5e138a0d77632aac97ee3afbecee1331c2f68c7badf271ca80139ec26

Download Submit
memory/2560-148-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-154-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-145-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-146-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-147-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-128-0x000001F89F540000-0x000001F89F550000-memory.dmp

Filesize
64KB

Download
memory/2560-149-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-150-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-151-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-152-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-153-0x000001F8A7B00000-0x000001F8A7B01000-memory.dmp

Filesize
4KB

Download
memory/2560-144-0x000001F8A7AD0000-0x000001F8A7AD1000-memory.dmp

Filesize
4KB

Download
memory/2560-155-0x000001F8A7720000-0x000001F8A7721000-memory.dmp

Filesize
4KB

Download
memory/2560-156-0x000001F8A7710000-0x000001F8A7711000-memory.dmp

Filesize
4KB

Download
memory/2560-158-0x000001F8A7720000-0x000001F8A7721000-memory.dmp

Filesize
4KB

Download
memory/2560-161-0x000001F8A7710000-0x000001F8A7711000-memory.dmp

Filesize
4KB

Download
memory/2560-164-0x000001F8A7650000-0x000001F8A7651000-memory.dmp

Filesize
4KB

Download
memory/2560-112-0x000001F89F440000-0x000001F89F450000-memory.dmp

Filesize
64KB

Download
memory/2560-176-0x000001F8A7850000-0x000001F8A7851000-memory.dmp

Filesize
4KB

Download
memory/2560-178-0x000001F8A7860000-0x000001F8A7861000-memory.dmp

Filesize
4KB

Download
memory/2560-179-0x000001F8A7860000-0x000001F8A7861000-memory.dmp

Filesize
4KB

Download
memory/2560-180-0x000001F8A7970000-0x000001F8A7971000-memory.dmp

Filesize
4KB

Download