a15b0ee8d72594b4037c9b6ff1d766e2ebb3d2ca5b96c4898956d7977a396d1e

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5ba5cb09697a8ba54c7444dcbcc3153.exe
Size

141KB
MD5

d5ba5cb09697a8ba54c7444dcbcc3153
SHA1

977e1a973ecd010319290b8cc91fe856911f2503
SHA256

a15b0ee8d72594b4037c9b6ff1d766e2ebb3d2ca5b96c4898956d7977a396d1e
SHA512

a1f2bd4122c9baac4357d41db4ad1a875b44c4243b29bd0343fbfc2e23cee3b97738a19085928f5c98030cd947c205cdb6657de65a9dfc3954b0515e13b442ab
SSDEEP

3072:hbBNtO8GAlO2qyG8bH3gKjBb3AWOpOEpBMkNrAPEB68ErsP/24lcqj:FBNtJtHqX0gi6WAOgBMpEBLErsP/24lH

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2308	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2636	wyiz.exe

Loads dropped DLL 2 IoCs

pid	Process
2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe
2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Windows\CurrentVersion\Run\{81C51406-4F72-EB4F-171D-F312EB121E52} = "C:\\Users\\Admin\\AppData\\Roaming\\Yxip\\wyiz.exe"	wyiz.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2616 set thread context of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Privacy	d5ba5cb09697a8ba54c7444dcbcc3153.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	d5ba5cb09697a8ba54c7444dcbcc3153.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\03284154-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe
2636	wyiz.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe
Token: SeSecurityPrivilege	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe
Token: SeSecurityPrivilege	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe
Token: SeManageVolumePrivilege	1376	WinMail.exe
Token: SeSecurityPrivilege	2308	cmd.exe
Token: SeManageVolumePrivilege	2840	WinMail.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1376	WinMail.exe
2840	WinMail.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1376	WinMail.exe
2840	WinMail.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1376	WinMail.exe
2840	WinMail.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2636	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	28
PID 2616 wrote to memory of 2636	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	28
PID 2616 wrote to memory of 2636	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	28
PID 2616 wrote to memory of 2636	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	28
PID 2636 wrote to memory of 1100	2636	wyiz.exe	19
PID 2636 wrote to memory of 1100	2636	wyiz.exe	19
PID 2636 wrote to memory of 1100	2636	wyiz.exe	19
PID 2636 wrote to memory of 1100	2636	wyiz.exe	19
PID 2636 wrote to memory of 1100	2636	wyiz.exe	19
PID 2636 wrote to memory of 1160	2636	wyiz.exe	20
PID 2636 wrote to memory of 1160	2636	wyiz.exe	20
PID 2636 wrote to memory of 1160	2636	wyiz.exe	20
PID 2636 wrote to memory of 1160	2636	wyiz.exe	20
PID 2636 wrote to memory of 1160	2636	wyiz.exe	20
PID 2636 wrote to memory of 1200	2636	wyiz.exe	21
PID 2636 wrote to memory of 1200	2636	wyiz.exe	21
PID 2636 wrote to memory of 1200	2636	wyiz.exe	21
PID 2636 wrote to memory of 1200	2636	wyiz.exe	21
PID 2636 wrote to memory of 1200	2636	wyiz.exe	21
PID 2636 wrote to memory of 1760	2636	wyiz.exe	23
PID 2636 wrote to memory of 1760	2636	wyiz.exe	23
PID 2636 wrote to memory of 1760	2636	wyiz.exe	23
PID 2636 wrote to memory of 1760	2636	wyiz.exe	23
PID 2636 wrote to memory of 1760	2636	wyiz.exe	23
PID 2636 wrote to memory of 2616	2636	wyiz.exe	27
PID 2636 wrote to memory of 2616	2636	wyiz.exe	27
PID 2636 wrote to memory of 2616	2636	wyiz.exe	27
PID 2636 wrote to memory of 2616	2636	wyiz.exe	27
PID 2636 wrote to memory of 2616	2636	wyiz.exe	27
PID 2636 wrote to memory of 1376	2636	wyiz.exe	29
PID 2636 wrote to memory of 1376	2636	wyiz.exe	29
PID 2636 wrote to memory of 1376	2636	wyiz.exe	29
PID 2636 wrote to memory of 1376	2636	wyiz.exe	29
PID 2636 wrote to memory of 1376	2636	wyiz.exe	29
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2616 wrote to memory of 2308	2616	d5ba5cb09697a8ba54c7444dcbcc3153.exe	30
PID 2636 wrote to memory of 1924	2636	wyiz.exe	32
PID 2636 wrote to memory of 1924	2636	wyiz.exe	32
PID 2636 wrote to memory of 1924	2636	wyiz.exe	32
PID 2636 wrote to memory of 1924	2636	wyiz.exe	32
PID 2636 wrote to memory of 1924	2636	wyiz.exe	32
PID 2636 wrote to memory of 3048	2636	wyiz.exe	34
PID 2636 wrote to memory of 3048	2636	wyiz.exe	34
PID 2636 wrote to memory of 3048	2636	wyiz.exe	34
PID 2636 wrote to memory of 3048	2636	wyiz.exe	34
PID 2636 wrote to memory of 3048	2636	wyiz.exe	34
PID 2636 wrote to memory of 2856	2636	wyiz.exe	35
PID 2636 wrote to memory of 2856	2636	wyiz.exe	35
PID 2636 wrote to memory of 2856	2636	wyiz.exe	35
PID 2636 wrote to memory of 2856	2636	wyiz.exe	35
PID 2636 wrote to memory of 2856	2636	wyiz.exe	35

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1100

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1160

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\d5ba5cb09697a8ba54c7444dcbcc3153.exe
  "C:\Users\Admin\AppData\Local\Temp\d5ba5cb09697a8ba54c7444dcbcc3153.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Roaming\Yxip\wyiz.exe
    "C:\Users\Admin\AppData\Roaming\Yxip\wyiz.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2636
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp7675ea06.bat"
    3⤵
    - Deletes itself
    - Suspicious use of AdjustPrivilegeToken
    PID:2308

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1760

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1924

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:3048

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials in Registry

T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
558B

MD5
3cc0012f96f8f44164c18d7de05023d9

SHA1
c8feb560d751fe720c8bdb53f5e78aa92abb9a9e

SHA256
2654c273c211ae1afc60a7736153a853142e3db028417206948576d1d57bf5d5

SHA512
626746176663e2460b18f1eb245306107060c172c4e65ad710dd75ec0b348d8f000342c0dd2f7ea3bb2e0796f61e1ddd2cd77c312d6a177ff2e70a10b68cc6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5509ac92bb8e69e6dfd82cc7a2732cb6

SHA1
89651975bc6c8bcd7311d73b77d892244e57890a

SHA256
4f2871ac413fb0c697edd74a6cd7868849e10892a991b972df7c5372537ea406

SHA512
597248fdfeebc5e7ad0e56bc5d756a271bbdcbb49efa792e38a354b6173a83a0d345e8f955ca071f6316f88e8acd7d6a49efdbe491f3942c3889be7a61d7b554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
232B

MD5
1193a4368fc363bc9cd709aa3795029e

SHA1
ba983a62ea937ac8f2a4b0d8c9c14f44b36a7edd

SHA256
e9f07b6485a796aa5b4c3956e87b8033f54f7f2e596c79795dcf932316728c39

SHA512
bfa73225fa0b79ff9a3431a0f2b575f20496511a756c08bf053e6952f46edded9e344646dc12f0c8c2f3b12c0b6e7d24d51047299eccf1b7de643e21a68bb64f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

Filesize
2.0MB

MD5
f0558a700769ef92cf6fe4190924be70

SHA1
ae5224403588cf0dd833490012261a4b1d537e08

SHA256
f6ad27945536ef67fb025d508a9019cece322b6fd236ce01ead467075a55835a

SHA512
edd69fe395a682f7958ff2c783271d9c1ab593946481a3c0c4a69fac83992429a82dd0c6cecd9e3d4be9e51c13a478607ddbd535b1eab4cd279e1c331e1edd7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.chk

Filesize
8KB

MD5
b40d6577147e083cd6270b7c330cb993

SHA1
b69d848620ee72bf0d6f0c4690dfdae5fd8b3e5c

SHA256
5cc258767264984c1aae3807cca9d3421e6aa8bb7b222c9dda364c14425045c8

SHA512
6347283198a4b4074ece4b244dbefa9ac680b9a48ada2a2e06e3a6fa91014ca29d6501822127c0f6908906b20dccb4d29939dc68bbefa94ba4e6a8167cd9b2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
50d32ab0a593c4b221dd46599d8411b9

SHA1
2d15e278245455046eb6b7e401036fb9dbd1ebe7

SHA256
ac9d952ecdc5448ffce8ff1d8613d0adf1e56b43a166eaff4e969cac4511bda8

SHA512
442be56b9156473fa24ebf703023895ad090da6240298aab077cba86d3db3f9b563c03406587e016762662c5fb5f6fa380bcca8174482cf043e85aade5af0f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
8bf18b77a95dec1f3c317e171d9430c6

SHA1
6a1b0bd4a69c3dedc3efcb559ef87e5144ea253e

SHA256
516849eb2d05e9d763bbe4667c62ef8e1dcd5afdad03b33cf65c3bfbc65769e8

SHA512
7e7ab9274eb31fd8384dcc0736b74e3449375b8c3f40fe7e10de003c7a660ad9773780e3a8eb653780d284e98bee2af8d49dff375b1d21f66ef012a993c733bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab451B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7675ea06.bat

Filesize
243B

MD5
e700f6e0a4bea301ee355b1b617d5e93

SHA1
114068411452754fa4ee4cc773df5b30f1e04143

SHA256
e23c7d567e2b36e17318d3f540b11cd749c793171eb3b587313cc885cee61337

SHA512
b39f8e806c4dc44c8e6c2153bb2ae7fcffa8d7d3e4f8f5e42011cea94f808387ee4e8e72e9e04fbeebf9fe4c47c2721adfbd802523c700af6648fe6be2c91a50

Download Submit
C:\Users\Admin\AppData\Roaming\Exozu\fenuo.qyo

Filesize
366B

MD5
806a84b248a6a6560206168435a54fdc

SHA1
5a9b150ce446122b1ad9acad94d7ab52af988cba

SHA256
ae2ee9953449e48de2cb3694f0b35f9e18c627cddbc0d6f1182b17b2b95184fc

SHA512
a3f871c19993c6ef5a2dfa277de28abcea61d5eb42aec9ccfe14c8a51f9fe34c2188ffdd535b2ad53d8d02ecadef1646d6f676ed7b4ad90ab7fc6bd0f5d6273a

Download Submit
\Users\Admin\AppData\Roaming\Yxip\wyiz.exe

Filesize
141KB

MD5
813a52d58bc13e00ece168ccc8c35dbe

SHA1
979099d320c65f29d87df5f387fd4a014661a99f

SHA256
ec1dfedf0116d6f235bbb66067b6c244a76baa04a651a6539c05e7bc9f1f33ee

SHA512
1bc85b9c2adc7bdc37c0d29eba416d9939e4cba8aa8f83e2e18c58da88fe834cdce37c0cabe19a8c7ccd262053b5f32999ea159322be316d086686c6eb5523af

Download Submit
memory/1100-34-0x0000000001FF0000-0x0000000002017000-memory.dmp

Filesize
156KB

Download
memory/1100-32-0x0000000001FF0000-0x0000000002017000-memory.dmp

Filesize
156KB

Download
memory/1100-30-0x0000000001FF0000-0x0000000002017000-memory.dmp

Filesize
156KB

Download
memory/1100-26-0x0000000001FF0000-0x0000000002017000-memory.dmp

Filesize
156KB

Download
memory/1100-28-0x0000000001FF0000-0x0000000002017000-memory.dmp

Filesize
156KB

Download
memory/1160-44-0x0000000001F40000-0x0000000001F67000-memory.dmp

Filesize
156KB

Download
memory/1160-42-0x0000000001F40000-0x0000000001F67000-memory.dmp

Filesize
156KB

Download
memory/1160-38-0x0000000001F40000-0x0000000001F67000-memory.dmp

Filesize
156KB

Download
memory/1160-40-0x0000000001F40000-0x0000000001F67000-memory.dmp

Filesize
156KB

Download
memory/1200-49-0x00000000024D0000-0x00000000024F7000-memory.dmp

Filesize
156KB

Download
memory/1200-47-0x00000000024D0000-0x00000000024F7000-memory.dmp

Filesize
156KB

Download
memory/1200-48-0x00000000024D0000-0x00000000024F7000-memory.dmp

Filesize
156KB

Download
memory/1200-50-0x00000000024D0000-0x00000000024F7000-memory.dmp

Filesize
156KB

Download
memory/1760-52-0x0000000000350000-0x0000000000377000-memory.dmp

Filesize
156KB

Download
memory/1760-53-0x0000000000350000-0x0000000000377000-memory.dmp

Filesize
156KB

Download
memory/1760-55-0x0000000000350000-0x0000000000377000-memory.dmp

Filesize
156KB

Download
memory/1760-54-0x0000000000350000-0x0000000000377000-memory.dmp

Filesize
156KB

Download
memory/2308-222-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/2308-228-0x0000000077950000-0x0000000077951000-memory.dmp

Filesize
4KB

Download
memory/2308-447-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/2308-316-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2616-61-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-155-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-60-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-62-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-58-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-64-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-66-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-68-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-67-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-70-0x0000000077950000-0x0000000077951000-memory.dmp

Filesize
4KB

Download
memory/2616-71-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-73-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-75-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-77-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-79-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-81-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-83-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-85-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-87-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-89-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-91-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2616-59-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-57-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-220-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-221-0x0000000000370000-0x0000000000397000-memory.dmp

Filesize
156KB

Download
memory/2616-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-2-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-3-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-4-0x0000000000220000-0x000000000026F000-memory.dmp

Filesize
316KB

Download
memory/2616-5-0x000000000022C000-0x000000000022D000-memory.dmp

Filesize
4KB

Download
memory/2616-6-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2616-18-0x0000000000370000-0x00000000003BF000-memory.dmp

Filesize
316KB

Download
memory/2616-16-0x0000000000370000-0x00000000003BF000-memory.dmp

Filesize
316KB

Download
memory/2636-19-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-226-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-223-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-25-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-23-0x0000000000220000-0x000000000026F000-memory.dmp

Filesize
316KB

Download
memory/2636-22-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-20-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2636-21-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download