044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe
Size

877KB
MD5

7ffe957687666de3d0ed0aeed2722cc2
SHA1

eead68152bf9544524a83d0b40463e581e4e3f2f
SHA256

044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e
SHA512

9f60dbde591e57c85be58f31f2267ab80938a69a6b155be875b2d40a98a3780d730b1253985602a8334f5eee2e831257d2031472e05ff648a881e3580a8ed12d
SSDEEP

12288:mruudkUc/MhT2e7aG8RoKXerYUwBCo+DiT9GquOtON0bI1CYf3HJ1jGSE:2uekUXRj7S8Nwko+DiBGU3bI1Cg51/E

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1592	launch.exe
4636	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Loads dropped DLL 1 IoCs

pid	Process
3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\enterprisesec.config.cch.new	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\config\security.config.cch.new	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0008000000023201-52.dat	nsis_installer_1
behavioral2/files/0x0008000000023201-52.dat	nsis_installer_2

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	launch.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 5c00000001000000040000000008000019000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877604000000010000001000000091de0625abdafd32170cbb25172a846720000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	launch.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	launch.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4636	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe
4636	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1592	3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe	91
PID 3624 wrote to memory of 1592	3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe	91
PID 3624 wrote to memory of 1592	3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe	91
PID 3624 wrote to memory of 4636	3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe	92
PID 3624 wrote to memory of 4636	3624	044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe	92

C:\Users\Admin\AppData\Local\Temp\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe
"C:\Users\Admin\AppData\Local\Temp\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\launch.exe
  C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\launch.exe "e044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe" "044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe" "91c3bb31cb834d7492aeba4ecfac1936" dec
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  PID:1592
- C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe
  C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe /path="C:\Users\Admin\AppData\Local\Temp\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\46DE64130271B61D13A0FAFD9465377C_D8840AF2A28227DC3600C6CA04024DE2

Filesize
2KB

MD5
a07e9bcfdacf6e400b63b32896965e7f

SHA1
9dcdc9487bfa44fd37d6cae4c613af05ef5dcbea

SHA256
3dbe7f46e612341e2d8191160a03b9d85130f20016f124df8aa660eaa534bfda

SHA512
40e58a2c63e58bf9647bee4e224d6fbd569d04bf69783bd324cfe590262406e654c5eeb33b4c32f1c4b201c6c69761a17fdca0d33f707a3179fb14bddd06221f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF

Filesize
1KB

MD5
a3d632788333cf672e11f1312a45f282

SHA1
3bdeae99e04464a16603152e80ba399cd50b79ff

SHA256
083f457d9c54e13c7acc2c05d8815d7035b42446bc57623c56d4d5645775c09f

SHA512
903c1f76318c479734d3dee54a567a3fe0f69ce529bdcb1a3d348b95778894ccdca59add8c84ff395cf5f94c60028b736ff771f4ee1fb3ceccbb348666d6f03d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\46DE64130271B61D13A0FAFD9465377C_D8840AF2A28227DC3600C6CA04024DE2

Filesize
466B

MD5
80fac45500e99e95f1aa0edcb9ab30f5

SHA1
4050c124b1f8c36b4b63e207b0652641cd2181bd

SHA256
27102541a7f3999b2d2e8fd767d5dee4dbf92309382911574b9c6e4fd7623e57

SHA512
37e891008d6fbc5047fb07394463d62caf6c487fb454ca3de89e4c3ac674aa2b2433740eebebf7f7d534d460b3a447954eab826a8eb1f2d848a9dc66614eb3a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BBB768C456D9E2DCD3EF595C400D483D_64C05B9EB32FC3D0CE6CB126561EEBFF

Filesize
444B

MD5
baadb2f38dc6d9bebcbd4ccb05a5a0a0

SHA1
2bbb7f30ad59f9ba3d03cf9d3ed86917bff520f9

SHA256
7a5ef0253562c25e930867d2d86a74ba987865d7a5630dc21a6894bbe2e13327

SHA512
bf9bd5c0148311585980c3d9cc6753c703f569dfb07eeec45432e866b1dbd0d0eee47228ad4c47ec61b191bd9647204338e8b20815079f4adac96d53b4343999

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Filesize
395KB

MD5
2b7da5a05085e2a5f06fcda5d6be6d89

SHA1
aa3a4df3cc44130b3838595393164bc57cd56822

SHA256
c61369b5bfa5e0da72743e464072e295221b0f6103ab35298c03ee940ea1a906

SHA512
7e5b13e8bb58eb9845b03b3ea83ae2fbca2b8e3fc79dbdbe5b44dc3959a7659eb98e7c887201a0af67447c292bc9dc3d3ab1b3e587402c58355b75ab85df224c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe.config

Filesize
690B

MD5
bca0ea75b6940aa86960d7b9098a5998

SHA1
3d57f82158ac72c7eb2e72ba19a80485d8103130

SHA256
5a494295936d2170433864b449257bbac7b976413811a0b6339e37f83a891f8d

SHA512
260a05c509d874239a27798421ee75ac7e2bbc0d2a0485122740e8b8adcd8f43f98f7633cef278d9f7f4a132633b4b1cdf4b641e2233e891dce2d6eb6e75c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\e044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe

Filesize
395KB

MD5
fa85757013568cfda7767a41aba7cd5d

SHA1
6a1c847987e035b7494990e51727fd39f43d7421

SHA256
da8a65bae8562b8aeb6d87d34ded8e9296d046d292673377c27a74b989ee6a0d

SHA512
e8f8dcd050536468713dcf064e5002ba2faa72fce7b2cfeffcaf19bf49d46c2bb0efa5e48b3bbb33c7ffa676e364bc6b9aaa3a61d2d507f5391b275b8b7441bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\installer.exe

Filesize
877KB

MD5
7ffe957687666de3d0ed0aeed2722cc2

SHA1
eead68152bf9544524a83d0b40463e581e4e3f2f

SHA256
044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e

SHA512
9f60dbde591e57c85be58f31f2267ab80938a69a6b155be875b2d40a98a3780d730b1253985602a8334f5eee2e831257d2031472e05ff648a881e3580a8ed12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\launch.exe

Filesize
26KB

MD5
e2579df6879217499f05eef4725b3106

SHA1
905ab8f071c22be7a4fc78073d36121d17299464

SHA256
860372841f7d35c9e92f9b3d7c65c64a3904b02cbc41a5cd1318e571c27d9102

SHA512
40203c0cf7342894d05a7f4224add02206fb6d727e2e69d474d141778e556c0c3cfc3ce2a09d10c03c020fb5362904bac99890f0c3f316ce81c469fd59018645

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\044dafae6af805ef60c900cd7e35f2b7252246ab7ffb7e3b65dca3236904c43e.exe\5c53fac6821a43ff83b7aa6e5183dfad\launch.exe.config

Filesize
359B

MD5
05a59e8e79546860cf1e351e32e69404

SHA1
aef4ad7bcbd79f99feb7100f05938721f12f7dce

SHA256
a368ee85ee624c5adaad674a9b5986f17de7020206e93755c0d086714fcc9430

SHA512
6ec6d988e5c4736ca56118926fef22f952991688bee8408b782273622f2a1f5d8c57850bdb1992f70c23df42366bec56527ad1395484aa5916d84e1249d159fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr6469.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
memory/1592-29-0x00000000730B0000-0x0000000073661000-memory.dmp

Filesize
5.7MB

Download
memory/1592-17-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

Filesize
64KB

Download
memory/1592-16-0x00000000730B0000-0x0000000073661000-memory.dmp

Filesize
5.7MB

Download
memory/1592-15-0x00000000730B0000-0x0000000073661000-memory.dmp

Filesize
5.7MB

Download
memory/4636-43-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-51-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-44-0x000000001B630000-0x000000001B63E000-memory.dmp

Filesize
56KB

Download
memory/4636-45-0x000000001BEA0000-0x000000001C36E000-memory.dmp

Filesize
4.8MB

Download
memory/4636-46-0x000000001C410000-0x000000001C4AC000-memory.dmp

Filesize
624KB

Download
memory/4636-47-0x000000001B5E0000-0x000000001B5E8000-memory.dmp

Filesize
32KB

Download
memory/4636-48-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-49-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-50-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-42-0x00007FFCE52E0000-0x00007FFCE5C81000-memory.dmp

Filesize
9.6MB

Download
memory/4636-37-0x00007FFCE52E0000-0x00007FFCE5C81000-memory.dmp

Filesize
9.6MB

Download
memory/4636-54-0x0000000020000000-0x0000000020062000-memory.dmp

Filesize
392KB

Download
memory/4636-56-0x00007FFCE52E0000-0x00007FFCE5C81000-memory.dmp

Filesize
9.6MB

Download
memory/4636-57-0x00007FFCE52E0000-0x00007FFCE5C81000-memory.dmp

Filesize
9.6MB

Download
memory/4636-58-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-59-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-60-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-61-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-62-0x0000000000C60000-0x0000000000C70000-memory.dmp

Filesize
64KB

Download
memory/4636-69-0x00007FFCE52E0000-0x00007FFCE5C81000-memory.dmp

Filesize
9.6MB

Download