Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d1eec7914a...ef.exe

windows7-x64

10

d1eec7914a...ef.exe

windows10-2004-x64

10

setup_installer.exe

windows7-x64

10

setup_installer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1eec7914a5ca2f3e3a0b4c3c4e557ef.exe

  • Size

    2.4MB

  • MD5

    d1eec7914a5ca2f3e3a0b4c3c4e557ef

  • SHA1

    f655fcf0e1ecf1a79a6c19d71fba9714611c1bef

  • SHA256

    56e45f6af87cf8505b1d88360f14bf00bca7be5108db4d4283fab4605fca2482

  • SHA512

    0f640a7649b2b3fadf2686f3fb0fb811bee25f6eeb7591909ba2671036ef933604166737dc74eb22c12851330c027124522a3deee5317f62873b77b7325f163d

  • SSDEEP

    49152:9gTtVRY265B7HhR5V12uJ63B2ZOS7u0dpTLvvt0pzxNCoFWBusIpY34NK+y:yTtVOBrvh9J63M9iiNLv1I2oFWBuNpGt

Score
10/10
cryptbotnullmixerprivateloaderredlinesectopratsmokeloadervidar706pub5test1aspackv2backdoordiscoverydropperinfostealerloaderratspywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.15:61506

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

nullmixer

C2

http://watira.xyz/

Extracted

Family

vidar

Version

40

Botnet

706

C2

https://lenak513.tumblr.com/

Attributes
  • profile_id

    706

Extracted

Family

cryptbot

C2

lysuht78.top

morisc07.top
Attributes
  • payload_url

    http://damysa10.top/download.php?file=lv.exe

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/
rc4.i32
rc4.i32

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • CryptBot payload 3 IoCs
  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar Stealer 3 IoCs
    stealer
  • ASPack v2.12-2.42 3 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 37 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 61 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1eec7914a5ca2f3e3a0b4c3c4e557ef.exe
    "C:\Users\Admin\AppData\Local\Temp\d1eec7914a5ca2f3e3a0b4c3c4e557ef.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4596
      • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\setup_install.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\setup_install.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1956
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3128
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2052
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun106578261967b7.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4104
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun106578261967b7.exe
            Sun106578261967b7.exe
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:2436
            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun106578261967b7.exe
              "C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun106578261967b7.exe" -a
              6⤵
              • Executes dropped EXE
              PID:2084
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun10b17602b7.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3796
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10b17602b7.exe
            Sun10b17602b7.exe
            5⤵
            • Executes dropped EXE
            • Checks SCSI registry key(s)
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            PID:1572
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 372
              6⤵
              • Program crash
              PID:3244
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun103e41e770cfe.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2344
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun103e41e770cfe.exe
            Sun103e41e770cfe.exe
            5⤵
            • Executes dropped EXE
            PID:2024
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun10489769067d.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4864
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10489769067d.exe
            Sun10489769067d.exe
            5⤵
            • Executes dropped EXE
            PID:852
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 824
              6⤵
              • Program crash
              PID:2820
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 832
              6⤵
              • Program crash
              PID:1300
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 856
              6⤵
              • Program crash
              PID:5036
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 864
              6⤵
              • Program crash
              PID:2296
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1040
              6⤵
              • Program crash
              PID:2488
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1072
              6⤵
              • Program crash
              PID:4516
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1516
              6⤵
              • Program crash
              PID:3260
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1524
              6⤵
              • Program crash
              PID:4616
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1788
              6⤵
              • Program crash
              PID:3620
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1576
              6⤵
              • Program crash
              PID:776
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1748
              6⤵
              • Program crash
              PID:2872
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1816
              6⤵
              • Program crash
              PID:4872
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1748
              6⤵
              • Program crash
              PID:3624
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1912
              6⤵
              • Program crash
              PID:1632
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1816
              6⤵
              • Program crash
              PID:3552
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 1028
              6⤵
              • Program crash
              PID:4980
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun1066b26185fd.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2312
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun1066b26185fd.exe
            Sun1066b26185fd.exe
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:1036
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun10d565f4df3.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2492
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10d565f4df3.exe
            Sun10d565f4df3.exe
            5⤵
            • Executes dropped EXE
            PID:4144
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun10523bfbc62f84b.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4576
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10523bfbc62f84b.exe
            Sun10523bfbc62f84b.exe
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:3324
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c Sun100b66839e961cc60.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3484
          • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun100b66839e961cc60.exe
            Sun100b66839e961cc60.exe
            5⤵
            • Executes dropped EXE
            • Checks processor information in registry
            • Suspicious use of FindShellTrayWindow
            PID:4676
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 612
              6⤵
              • Program crash
              PID:5012
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 696
              6⤵
              • Program crash
              PID:2504
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 796
              6⤵
              • Program crash
              PID:448
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 864
              6⤵
              • Program crash
              PID:1624
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 896
              6⤵
              • Program crash
              PID:4548
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 912
              6⤵
              • Program crash
              PID:4972
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1152
              6⤵
              • Program crash
              PID:1400
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1276
              6⤵
              • Program crash
              PID:4428
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1284
              6⤵
              • Program crash
              PID:3076
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 700
              6⤵
              • Program crash
              PID:3912
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 784
              6⤵
              • Program crash
              PID:4176
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1004
              6⤵
              • Program crash
              PID:448
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 992
              6⤵
              • Program crash
              PID:5084
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1416
              6⤵
              • Program crash
              PID:3244
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1432
              6⤵
              • Program crash
              PID:4176
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1484
              6⤵
              • Program crash
              PID:3144
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1276
              6⤵
              • Program crash
              PID:4852
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1460
              6⤵
              • Program crash
              PID:3700
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 1464
              6⤵
              • Program crash
              PID:924
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 556
          4⤵
          • Program crash
          PID:3468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1956 -ip 1956
    1⤵
      PID:4456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 852 -ip 852
      1⤵
        PID:456
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4676 -ip 4676
        1⤵
          PID:5116
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 852 -ip 852
          1⤵
            PID:3200
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4676 -ip 4676
            1⤵
              PID:4584
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 852 -ip 852
              1⤵
                PID:4956
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4676 -ip 4676
                1⤵
                  PID:372
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 852 -ip 852
                  1⤵
                    PID:3156
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4676 -ip 4676
                    1⤵
                      PID:1832
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1572 -ip 1572
                      1⤵
                        PID:4428
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 852 -ip 852
                        1⤵
                          PID:4812
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4676 -ip 4676
                          1⤵
                            PID:2880
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 852 -ip 852
                            1⤵
                              PID:2504
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4676 -ip 4676
                              1⤵
                                PID:4344
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4676 -ip 4676
                                1⤵
                                  PID:2596
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4676 -ip 4676
                                  1⤵
                                    PID:4976
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4676 -ip 4676
                                    1⤵
                                      PID:2952
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 852 -ip 852
                                      1⤵
                                        PID:1388
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4676 -ip 4676
                                        1⤵
                                          PID:4372
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 852 -ip 852
                                          1⤵
                                            PID:1572
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4676 -ip 4676
                                            1⤵
                                              PID:3144
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 852 -ip 852
                                              1⤵
                                                PID:4348
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 852 -ip 852
                                                1⤵
                                                  PID:5108
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4676 -ip 4676
                                                  1⤵
                                                    PID:3212
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 852 -ip 852
                                                    1⤵
                                                      PID:4956
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4676 -ip 4676
                                                      1⤵
                                                        PID:1528
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 852 -ip 852
                                                        1⤵
                                                          PID:2208
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4676 -ip 4676
                                                          1⤵
                                                            PID:3252
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4676 -ip 4676
                                                            1⤵
                                                              PID:4104
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 852 -ip 852
                                                              1⤵
                                                                PID:396
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4676 -ip 4676
                                                                1⤵
                                                                  PID:2488
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 852 -ip 852
                                                                  1⤵
                                                                    PID:2508
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 4676 -ip 4676
                                                                    1⤵
                                                                      PID:2936
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 852 -ip 852
                                                                      1⤵
                                                                        PID:5004
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4676 -ip 4676
                                                                        1⤵
                                                                          PID:1528
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 4676 -ip 4676
                                                                          1⤵
                                                                            PID:4412
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 852 -ip 852
                                                                            1⤵
                                                                              PID:3076

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun100b66839e961cc60.exe
                                                                              Filesize

                                                                              533KB

                                                                              MD5

                                                                              ed88608322684a4465db204285fc83e7

                                                                              SHA1

                                                                              0cad791fef57dc56b193fbf3146e4f5328587e18

                                                                              SHA256

                                                                              6f37d97e388e1a4ecbe541dc1f0f17b1fe7171c8138f6c7a0bb8daa66432e211

                                                                              SHA512

                                                                              3cc9206d1c807cbebd4a05f4494bc40206a3a5f4b54ac52b0948e1dc6c0b5fabb11c6b109ac5f7b8d69aa80436d2825f2a8b07fe6fdc69eab74230be3bf33e73

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun103e41e770cfe.exe
                                                                              Filesize

                                                                              241KB

                                                                              MD5

                                                                              5866ab1fae31526ed81bfbdf95220190

                                                                              SHA1

                                                                              75a5e08b3b9ad2dff35dfbbb3ffe8d983c2be25f

                                                                              SHA256

                                                                              9e1a149370efe9814bf2cbd87acfcfa410d1769efd86a9722da4373d6716d22e

                                                                              SHA512

                                                                              8d99ab09e84e4ef309da34be94946cbfcffeb1c0ca49e2452deb738d801e551062ebb134f1b99a9baf03003a8e720d525521ce09aeac341d3cba3fcfbc618fb5

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10489769067d.exe
                                                                              Filesize

                                                                              527KB

                                                                              MD5

                                                                              b57e8374e7c87e69b88b00ee5cb0fa52

                                                                              SHA1

                                                                              973bbefb5cc0c10317b0721352c98ce8b8619e32

                                                                              SHA256

                                                                              ffc2ec2b0becb31a28f5f0916c67a17bbcd6d347951e098bcb80b2e330c2ff5c

                                                                              SHA512

                                                                              ba0029d128943761d784ca07b6e3726e6f4f59b528280211e9d9ff18bdb54612384111d0c0faaf9b35c71518c6d4ba5394e0dd281125337c8446bdf93931f5ee

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10523bfbc62f84b.exe
                                                                              Filesize

                                                                              177KB

                                                                              MD5

                                                                              c826ea172a675fd252e437eb13fb88b4

                                                                              SHA1

                                                                              2641aefc3b9bea8f3f2f75fcb1aa601dfbdf6cc7

                                                                              SHA256

                                                                              ea127b5ee9172e36b62106b044b8060032fd1dd68d411f3cfe64d4677f2b23f3

                                                                              SHA512

                                                                              5f8927bddac55f35566e68c46c9339b7ebc2fe80141c72fcfc46818993887de286307591b807433c8623be8bf78759c7af6ec041b8ff2369165ee8a334321d5c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun106578261967b7.exe
                                                                              Filesize

                                                                              56KB

                                                                              MD5

                                                                              c0d18a829910babf695b4fdaea21a047

                                                                              SHA1

                                                                              236a19746fe1a1063ebe077c8a0553566f92ef0f

                                                                              SHA256

                                                                              78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98

                                                                              SHA512

                                                                              cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun1066b26185fd.exe
                                                                              Filesize

                                                                              286KB

                                                                              MD5

                                                                              44d20cafd985ec515a6e38100f094790

                                                                              SHA1

                                                                              064639527a9387c301c291d666ee738d41dd3edd

                                                                              SHA256

                                                                              a949a824d86498f795871cbfc332df4b8c39fac1efcb01d93659c11d4bd7e829

                                                                              SHA512

                                                                              c0772aae6f9e585bc6408c0c3eb4b4f90d6a616c56e3d98a774f750d042596de8d1e6b4c0388736098c9a4f3078ac63e33fa0cec01049326dda14c013673c82c

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10b17602b7.exe
                                                                              Filesize

                                                                              159KB

                                                                              MD5

                                                                              9b1b9d123edeb08b2173a1ecbf22adf3

                                                                              SHA1

                                                                              348d425a37334535c0ef3881235193ed083a21f6

                                                                              SHA256

                                                                              bdc70ea0bc30ad4735ddbfb2316843e7e93d7f183955594af6f1aaaf615a00be

                                                                              SHA512

                                                                              bcd579677ee3ee18311bda81a4f73d37a9cda7eabc0a03018b242e446a79c6c40a403b74bfe068889103e8c9e2af2cc691734a9633b2ac0e50f911a1e8553525

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\Sun10d565f4df3.exe
                                                                              Filesize

                                                                              631KB

                                                                              MD5

                                                                              94f06bfbb349287c89ccc92ac575123f

                                                                              SHA1

                                                                              34e36e640492423d55b80bd5ac3ddb77b6b9e87c

                                                                              SHA256

                                                                              d05cb3a734aaa9d090be20fbaeddf8069a829fa78c44dd8378a2350c1510e1fc

                                                                              SHA512

                                                                              c8a5362f9a35737ac04b6e0c48371aa60e64adf1157e16191691ac4dccb8dbaac261b516ebb89fc84ba741616ea1ca888a4a180ef2cf89ca04ebdc7768ea0fbb

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\libcurl.dll
                                                                              Filesize

                                                                              218KB

                                                                              MD5

                                                                              d09be1f47fd6b827c81a4812b4f7296f

                                                                              SHA1

                                                                              028ae3596c0790e6d7f9f2f3c8e9591527d267f7

                                                                              SHA256

                                                                              0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

                                                                              SHA512

                                                                              857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\libcurlpp.dll
                                                                              Filesize

                                                                              54KB

                                                                              MD5

                                                                              e6e578373c2e416289a8da55f1dc5e8e

                                                                              SHA1

                                                                              b601a229b66ec3d19c2369b36216c6f6eb1c063e

                                                                              SHA256

                                                                              43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

                                                                              SHA512

                                                                              9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\libgcc_s_dw2-1.dll
                                                                              Filesize

                                                                              113KB

                                                                              MD5

                                                                              9aec524b616618b0d3d00b27b6f51da1

                                                                              SHA1

                                                                              64264300801a353db324d11738ffed876550e1d3

                                                                              SHA256

                                                                              59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

                                                                              SHA512

                                                                              0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\libstdc++-6.dll
                                                                              Filesize

                                                                              647KB

                                                                              MD5

                                                                              5e279950775baae5fea04d2cc4526bcc

                                                                              SHA1

                                                                              8aef1e10031c3629512c43dd8b0b5d9060878453

                                                                              SHA256

                                                                              97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

                                                                              SHA512

                                                                              666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\libwinpthread-1.dll
                                                                              Filesize

                                                                              69KB

                                                                              MD5

                                                                              1e0d62c34ff2e649ebc5c372065732ee

                                                                              SHA1

                                                                              fcfaa36ba456159b26140a43e80fbd7e9d9af2de

                                                                              SHA256

                                                                              509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

                                                                              SHA512

                                                                              3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\7zS4F160D37\setup_install.exe
                                                                              Filesize

                                                                              2.1MB

                                                                              MD5

                                                                              81dbbd52f7054353eb1dc0fa899f805d

                                                                              SHA1

                                                                              9bf3511afad90b00aadf862bd45cebee03a7a021

                                                                              SHA256

                                                                              d8a8ad0a417f86f1511b81ede6dd98e6fe8bd4c848cdf92f464759aaac25c325

                                                                              SHA512

                                                                              773aebf2e69f2444f07b5ca8d8aca37ecbfaaa6f00ab66714e228cca44be41d5c078ce23198356c937e7eb2a65d95d113b36ca21a658c1d12e4f72b6b1cefb22

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\HktiV4Kqwulk\_Files\_Information.txt
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              839be2224b35651e51cf741f0f430cdc

                                                                              SHA1

                                                                              f1e252bedcee0eff282fac13c57c15ef78620897

                                                                              SHA256

                                                                              79423b5a430bf8494bdebbfe3a7568d87244d4264592266ae7e82b1a69a0c248

                                                                              SHA512

                                                                              72345103c8d4e13c7b051318eaf741ebd31424f02cd591aa6ec6f56d58cd4200d1e147ab5abebf129a647465fef3bce7e35b194095a33c7c292d9bc59dada386

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\HktiV4Kqwulk\_Files\_Screen_Desktop.jpeg
                                                                              Filesize

                                                                              45KB

                                                                              MD5

                                                                              7707d59937ce8c237c9c93da7ee2e21e

                                                                              SHA1

                                                                              e90f4da3ce92cb723dfde0e02823e4bb2784407d

                                                                              SHA256

                                                                              58a430c42da79f986cba7df723ace3f9286bd5ac577edfb21be34067c608d298

                                                                              SHA512

                                                                              b61fadfdd9b09b31609515a0016935afae73f672f482733391856da7d0a6a0e28c9f0efda104f26d8cdacd01783c221cadd91cc42918430b7b5ee7220876290d

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\HktiV4Kqwulk\files_\system_info.txt
                                                                              Filesize

                                                                              7KB

                                                                              MD5

                                                                              536b0f067e0d6ad9551b117f98ad9c34

                                                                              SHA1

                                                                              4231e4fd1f44554642d047a0223cc07b0bd05989

                                                                              SHA256

                                                                              dc58856271e01b0d98a90fb88c36aa2ace9770eb7e7be7e531a92153f5040800

                                                                              SHA512

                                                                              9b4fdba6f8f4650353fc355e2a18411dfa207cbb3047a952520c5eb118b5c364fab93b42b9a8ee46bc969765269365a210e981d3f534d5530460b92b3cb7d467

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z1km1wgc.35z.ps1
                                                                              Filesize

                                                                              60B

                                                                              MD5

                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                              SHA1

                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                              SHA256

                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                              SHA512

                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
                                                                              Filesize

                                                                              2.4MB

                                                                              MD5

                                                                              4f39071ae96bbe636085ff30b895d630

                                                                              SHA1

                                                                              e790358c6f84900a02e72ffc56158c29ace40619

                                                                              SHA256

                                                                              2990a3bec6a52f106787fbdcebd73ebe67bbb6d903ef9e7bfd3fa71f51988e1f

                                                                              SHA512

                                                                              f906bb6dc96dc53ccabc673d44e8ba1d5cffc092ec700958dc028b67aa1c37184895ac3bb8921c92a381dcc4d916d6e7b3ca41fce0ff9495e37cd4f9b1019716

                                                                              Download Submit

                                                                            • memory/852-290-0x0000000000400000-0x0000000002D13000-memory.dmp

                                                                              Filesize

                                                                              41.1MB

                                                                              Download

                                                                            • memory/852-103-0x00000000049B0000-0x0000000004A4D000-memory.dmp

                                                                              Filesize

                                                                              628KB

                                                                              Download

                                                                            • memory/852-130-0x0000000000400000-0x0000000002D13000-memory.dmp

                                                                              Filesize

                                                                              41.1MB

                                                                              Download

                                                                            • memory/852-144-0x0000000002F80000-0x0000000003080000-memory.dmp

                                                                              Filesize

                                                                              1024KB

                                                                              Download

                                                                            • memory/1036-112-0x0000000007330000-0x0000000007342000-memory.dmp

                                                                              Filesize

                                                                              72KB

                                                                              Download

                                                                            • memory/1036-135-0x0000000007410000-0x0000000007420000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/1036-399-0x0000000002E10000-0x0000000002F10000-memory.dmp

                                                                              Filesize

                                                                              1024KB

                                                                              Download

                                                                            • memory/1036-149-0x0000000007410000-0x0000000007420000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/1036-150-0x0000000007410000-0x0000000007420000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/1036-148-0x00000000733F0000-0x0000000073BA0000-memory.dmp

                                                                              Filesize

                                                                              7.7MB

                                                                              Download

                                                                            • memory/1036-139-0x0000000008120000-0x000000000822A000-memory.dmp

                                                                              Filesize

                                                                              1.0MB

                                                                              Download

                                                                            • memory/1036-133-0x0000000007410000-0x0000000007420000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/1036-128-0x00000000073B0000-0x00000000073FC000-memory.dmp

                                                                              Filesize

                                                                              304KB

                                                                              Download

                                                                            • memory/1036-110-0x00000000079D0000-0x0000000007FE8000-memory.dmp

                                                                              Filesize

                                                                              6.1MB

                                                                              Download

                                                                            • memory/1036-114-0x0000000007350000-0x000000000738C000-memory.dmp

                                                                              Filesize

                                                                              240KB

                                                                              Download

                                                                            • memory/1036-113-0x0000000000400000-0x0000000002CD5000-memory.dmp

                                                                              Filesize

                                                                              40.8MB

                                                                              Download

                                                                            • memory/1036-98-0x0000000002E10000-0x0000000002F10000-memory.dmp

                                                                              Filesize

                                                                              1024KB

                                                                              Download

                                                                            • memory/1036-99-0x00000000048F0000-0x000000000491F000-memory.dmp

                                                                              Filesize

                                                                              188KB

                                                                              Download

                                                                            • memory/1036-102-0x0000000004C40000-0x0000000004C62000-memory.dmp

                                                                              Filesize

                                                                              136KB

                                                                              Download

                                                                            • memory/1036-107-0x0000000007290000-0x00000000072B0000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/1036-105-0x0000000007420000-0x00000000079C4000-memory.dmp

                                                                              Filesize

                                                                              5.6MB

                                                                              Download

                                                                            • memory/1572-173-0x0000000000400000-0x0000000002CB7000-memory.dmp

                                                                              Filesize

                                                                              40.7MB

                                                                              Download

                                                                            • memory/1572-146-0x0000000000400000-0x0000000002CB7000-memory.dmp

                                                                              Filesize

                                                                              40.7MB

                                                                              Download

                                                                            • memory/1572-126-0x00000000047C0000-0x00000000047C9000-memory.dmp

                                                                              Filesize

                                                                              36KB

                                                                              Download

                                                                            • memory/1572-125-0x0000000002EB0000-0x0000000002FB0000-memory.dmp

                                                                              Filesize

                                                                              1024KB

                                                                              Download

                                                                            • memory/1956-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-68-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-59-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/1956-52-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                              Filesize

                                                                              152KB

                                                                              Download

                                                                            • memory/1956-62-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/1956-69-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-61-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/1956-64-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                              Filesize

                                                                              100KB

                                                                              Download

                                                                            • memory/1956-136-0x000000006EB40000-0x000000006EB63000-memory.dmp

                                                                              Filesize

                                                                              140KB

                                                                              Download

                                                                            • memory/1956-63-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/1956-70-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                              Filesize

                                                                              152KB

                                                                              Download

                                                                            • memory/1956-129-0x0000000000400000-0x000000000051B000-memory.dmp

                                                                              Filesize

                                                                              1.1MB

                                                                              Download

                                                                            • memory/1956-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-66-0x0000000000760000-0x00000000007EF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/1956-131-0x0000000064940000-0x0000000064959000-memory.dmp

                                                                              Filesize

                                                                              100KB

                                                                              Download

                                                                            • memory/1956-132-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                              Filesize

                                                                              152KB

                                                                              Download

                                                                            • memory/1956-138-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                                              Filesize

                                                                              1.5MB

                                                                              Download

                                                                            • memory/1956-71-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                                              Filesize

                                                                              152KB

                                                                              Download

                                                                            • memory/1956-134-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                                              Filesize

                                                                              572KB

                                                                              Download

                                                                            • memory/2052-167-0x0000000006D20000-0x0000000006D3A000-memory.dmp

                                                                              Filesize

                                                                              104KB

                                                                              Download

                                                                            • memory/2052-163-0x0000000002450000-0x0000000002460000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2052-108-0x0000000004A50000-0x0000000004A72000-memory.dmp

                                                                              Filesize

                                                                              136KB

                                                                              Download

                                                                            • memory/2052-93-0x0000000002450000-0x0000000002460000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2052-101-0x0000000004B90000-0x00000000051B8000-memory.dmp

                                                                              Filesize

                                                                              6.2MB

                                                                              Download

                                                                            • memory/2052-111-0x00000000053A0000-0x0000000005406000-memory.dmp

                                                                              Filesize

                                                                              408KB

                                                                              Download

                                                                            • memory/2052-142-0x00000000059E0000-0x00000000059FE000-memory.dmp

                                                                              Filesize

                                                                              120KB

                                                                              Download

                                                                            • memory/2052-181-0x00000000733F0000-0x0000000073BA0000-memory.dmp

                                                                              Filesize

                                                                              7.7MB

                                                                              Download

                                                                            • memory/2052-178-0x0000000007040000-0x0000000007048000-memory.dmp

                                                                              Filesize

                                                                              32KB

                                                                              Download

                                                                            • memory/2052-177-0x0000000007050000-0x000000000706A000-memory.dmp

                                                                              Filesize

                                                                              104KB

                                                                              Download

                                                                            • memory/2052-109-0x0000000005330000-0x0000000005396000-memory.dmp

                                                                              Filesize

                                                                              408KB

                                                                              Download

                                                                            • memory/2052-127-0x0000000002450000-0x0000000002460000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2052-94-0x0000000002410000-0x0000000002446000-memory.dmp

                                                                              Filesize

                                                                              216KB

                                                                              Download

                                                                            • memory/2052-97-0x00000000733F0000-0x0000000073BA0000-memory.dmp

                                                                              Filesize

                                                                              7.7MB

                                                                              Download

                                                                            • memory/2052-151-0x0000000006960000-0x0000000006992000-memory.dmp

                                                                              Filesize

                                                                              200KB

                                                                              Download

                                                                            • memory/2052-152-0x00000000740F0000-0x000000007413C000-memory.dmp

                                                                              Filesize

                                                                              304KB

                                                                              Download

                                                                            • memory/2052-162-0x00000000069A0000-0x00000000069BE000-memory.dmp

                                                                              Filesize

                                                                              120KB

                                                                              Download

                                                                            • memory/2052-164-0x00000000069D0000-0x0000000006A73000-memory.dmp

                                                                              Filesize

                                                                              652KB

                                                                              Download

                                                                            • memory/2052-165-0x0000000002450000-0x0000000002460000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/2052-176-0x0000000006F60000-0x0000000006F74000-memory.dmp

                                                                              Filesize

                                                                              80KB

                                                                              Download

                                                                            • memory/2052-166-0x0000000007360000-0x00000000079DA000-memory.dmp

                                                                              Filesize

                                                                              6.5MB

                                                                              Download

                                                                            • memory/2052-124-0x0000000005410000-0x0000000005764000-memory.dmp

                                                                              Filesize

                                                                              3.3MB

                                                                              Download

                                                                            • memory/2052-175-0x0000000006F50000-0x0000000006F5E000-memory.dmp

                                                                              Filesize

                                                                              56KB

                                                                              Download

                                                                            • memory/2052-171-0x0000000006DA0000-0x0000000006DAA000-memory.dmp

                                                                              Filesize

                                                                              40KB

                                                                              Download

                                                                            • memory/2052-172-0x0000000006F90000-0x0000000007026000-memory.dmp

                                                                              Filesize

                                                                              600KB

                                                                              Download

                                                                            • memory/2052-174-0x0000000006F20000-0x0000000006F31000-memory.dmp

                                                                              Filesize

                                                                              68KB

                                                                              Download

                                                                            • memory/3324-96-0x0000000001160000-0x0000000001166000-memory.dmp

                                                                              Filesize

                                                                              24KB

                                                                              Download

                                                                            • memory/3324-137-0x000000001B5B0000-0x000000001B5C0000-memory.dmp

                                                                              Filesize

                                                                              64KB

                                                                              Download

                                                                            • memory/3324-147-0x00007FFDB5B40000-0x00007FFDB6601000-memory.dmp

                                                                              Filesize

                                                                              10.8MB

                                                                              Download

                                                                            • memory/3324-92-0x0000000000970000-0x00000000009A2000-memory.dmp

                                                                              Filesize

                                                                              200KB

                                                                              Download

                                                                            • memory/3324-100-0x0000000001170000-0x0000000001194000-memory.dmp

                                                                              Filesize

                                                                              144KB

                                                                              Download

                                                                            • memory/3324-104-0x0000000001190000-0x0000000001196000-memory.dmp

                                                                              Filesize

                                                                              24KB

                                                                              Download

                                                                            • memory/3324-90-0x00007FFDB5B40000-0x00007FFDB6601000-memory.dmp

                                                                              Filesize

                                                                              10.8MB

                                                                              Download

                                                                            • memory/3508-168-0x0000000002410000-0x0000000002426000-memory.dmp

                                                                              Filesize

                                                                              88KB

                                                                              Download

                                                                            • memory/4676-143-0x0000000000400000-0x0000000002D13000-memory.dmp

                                                                              Filesize

                                                                              41.1MB

                                                                              Download

                                                                            • memory/4676-140-0x0000000002F60000-0x0000000003060000-memory.dmp

                                                                              Filesize

                                                                              1024KB

                                                                              Download

                                                                            • memory/4676-141-0x00000000049F0000-0x0000000004A90000-memory.dmp

                                                                              Filesize

                                                                              640KB

                                                                              Download

                                                                            • memory/4676-292-0x0000000000400000-0x0000000002D13000-memory.dmp

                                                                              Filesize

                                                                              41.1MB

                                                                              Download