a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe
Size

1.3MB
MD5

acd76df109da634b19792adbae6d87ed
SHA1

192715a95afc4dd84f5227c4f2345062db60e6f0
SHA256

a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369
SHA512

572855c30002ef7358cc025bec66f856e0e77b418c5da9dd6756557317d66ab67eb7dd772e83948347e9302bd45e41d6495508b3fa4024f202daadef3e6e8a5a
SSDEEP

24576:4WmAFubSRUqxeOlXDQjLStrHvNZSEy4eZls3VaZy/le2VjUiN9J:U26qxewXDYLSt5UExeZSIZse2VjUi3J

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3560	Engine.exe
1568	Morgan.exe.pif
4816	Morgan.exe.pif

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3560-18-0x0000000000400000-0x0000000000557000-memory.dmp	upx
behavioral1/files/0x0005000000022762-17.dat	upx
behavioral1/files/0x0005000000022762-16.dat	upx
behavioral1/memory/3560-97-0x0000000000400000-0x0000000000557000-memory.dmp	upx
behavioral1/memory/3560-98-0x0000000000400000-0x0000000000557000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1568 set thread context of 4816	1568	Morgan.exe.pif	113

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{8B57450C-49CF-49A5-BB73-76567587467B}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{E7953A02-A00F-4F7D-B33A-13A3B96A8285}	svchost.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4504	PING.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe
4836	powershell.exe
4804	powershell.exe
4804	powershell.exe
4804	powershell.exe
4804	powershell.exe
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4836	powershell.exe
Token: SeDebugPrivilege	4804	powershell.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1568	Morgan.exe.pif
1568	Morgan.exe.pif
1568	Morgan.exe.pif

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4396	OpenWith.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3560	1280	a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe	93
PID 1280 wrote to memory of 3560	1280	a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe	93
PID 1280 wrote to memory of 3560	1280	a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe	93
PID 3560 wrote to memory of 5036	3560	Engine.exe	96
PID 3560 wrote to memory of 5036	3560	Engine.exe	96
PID 3560 wrote to memory of 5036	3560	Engine.exe	96
PID 5036 wrote to memory of 3152	5036	CmD.exe	98
PID 5036 wrote to memory of 3152	5036	CmD.exe	98
PID 5036 wrote to memory of 3152	5036	CmD.exe	98
PID 3152 wrote to memory of 4836	3152	cmd.exe	99
PID 3152 wrote to memory of 4836	3152	cmd.exe	99
PID 3152 wrote to memory of 4836	3152	cmd.exe	99
PID 3152 wrote to memory of 4804	3152	cmd.exe	104
PID 3152 wrote to memory of 4804	3152	cmd.exe	104
PID 3152 wrote to memory of 4804	3152	cmd.exe	104
PID 3152 wrote to memory of 4348	3152	cmd.exe	105
PID 3152 wrote to memory of 4348	3152	cmd.exe	105
PID 3152 wrote to memory of 4348	3152	cmd.exe	105
PID 3152 wrote to memory of 1568	3152	cmd.exe	106
PID 3152 wrote to memory of 1568	3152	cmd.exe	106
PID 3152 wrote to memory of 1568	3152	cmd.exe	106
PID 3152 wrote to memory of 4504	3152	cmd.exe	107
PID 3152 wrote to memory of 4504	3152	cmd.exe	107
PID 3152 wrote to memory of 4504	3152	cmd.exe	107
PID 1568 wrote to memory of 4816	1568	Morgan.exe.pif	113
PID 1568 wrote to memory of 4816	1568	Morgan.exe.pif	113
PID 1568 wrote to memory of 4816	1568	Morgan.exe.pif	113
PID 1568 wrote to memory of 4816	1568	Morgan.exe.pif	113
PID 1568 wrote to memory of 4816	1568	Morgan.exe.pif	113

C:\Users\Admin\AppData\Local\Temp\a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe
"C:\Users\Admin\AppData\Local\Temp\a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Engine.exe
  C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Engine.exe /TH_ID=_3264 /OriginExe="C:\Users\Admin\AppData\Local\Temp\a84eb505e211dbee4dbf7c7f7137f6bb06adfcf62e52545a0db1d381fa19d369.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3560
- - C:\Windows\SysWOW64\CmD.exe
    C:\Windows\system32\CmD.exe /c cmd < Stay
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5036
  - - C:\Windows\SysWOW64\cmd.exe
      cmd
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3152
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell get-process avastui
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4836
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell get-process avgui
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4804
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr /V /R "^SUBSTANCESCREENSAVERSSPRINGSINFORMATIONIRC$" Lambda
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\20092\Morgan.exe.pif
        
        20092\\Morgan.exe.pif 20092\\w
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\20092\Morgan.exe.pif
        
        C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\20092\Morgan.exe.pif
        6⤵
        Executes dropped EXE
        
        PID:4816
    - - C:\Windows\SysWOW64\PING.EXE
        
        ping localhost -n 8
        5⤵
        Runs ping.exe
        
        PID:4504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
407b26d1da5b001355adbc2b21afbdb8

SHA1
e598f4c32593b304ad147a5f26cffee3d5c49a96

SHA256
737e959cb3a9844cc699801b4d50ef6d602e2d491c18085df6b7701a66f2ea26

SHA512
3a0e94eb64d83ff7d9853178326ed845bd25bc47fc13ad502d5bc592794622304dbbc1f43c46cb473a6e29d816ff979ba51c21ce0b7a2f82477e27fe19c75bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00000#Able

Filesize
35KB

MD5
a4eec359cf2ad94b207393837e2d868b

SHA1
d2aba15535534c985e6b057af1b0b529461e4edf

SHA256
57e4df38b6b8f21dbfe82d28e777b4533b73999ec6bfdb54bc9c876c76765ff0

SHA512
f553b26bdfe1fe6ee7239302307ab765d0886d441be5862688ae29574724fe4eda491a9f4e189ffb8f7b7727a26d6311f50edd6f1767e2523f9e99e7f74b7e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00001#Bass

Filesize
1KB

MD5
0238e36abf78dcd005adc0c1cdc51180

SHA1
679608f3ac0620d8e5101d82b1e8c59a023907af

SHA256
44b7e60bb90f5f359ea7d63ba7b1ce3eab23b2ece05561b13df2e2a2359ed9f5

SHA512
8b4b89cd527c0a80d79942263e7bb6f95166b7453999398327fdcb032c207204f29020d2b768deda0488e58f998c8262e850d82d651363b3bac9c881464bec4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00002#Brandon

Filesize
52KB

MD5
7d464ebc775b776a3e74dad3b9d8d3b8

SHA1
22d5aaba17a021a53424ef43e568933e3192be77

SHA256
6019e783401d971f6bfdef951d56f73ba6b2e4de6883f8f967f2ceb66214332b

SHA512
b6cdbbc5cb5184ddbb6afd1af91dfbc74785e003a043018b6eed347d4b771a2a3461198acbda3bd4537247a0c680bd4b20db75f49bc42e563733bda1b8141f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00003#Camera

Filesize
5KB

MD5
6a97ea48aa33081c855a803e194794b8

SHA1
33f8a67e37ffe4e7e424c98aded3e18faab5c620

SHA256
67f011f0545eb20ab81ca08fc632f2a9e126ebc0912dea6adbe11efe07956069

SHA512
573e816200f46e44df78d013586d236851d44f0c9b028253a1550541393ba96e580ec42998ab6544f6dfb44945f0760ae38bf25d775555d9c6151e0d5fd24ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00004#Destroyed

Filesize
9KB

MD5
ff4afc87ab927c078f2db85edc8ff5e8

SHA1
db91f5180bf0466a9de8e59e5e382be62e27c02f

SHA256
3d19e09f130c600b0f01f220319386755a8550583b1ff1584382f551d459a3b4

SHA512
e2222c0f39a0c200f2c633fc9677add9fad0b11fa801609925190cda64a78efb1b1fed3de16b2b9719e7ddd379e668dc38c3492bf79ddb73da5250613ee2bc8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00005#Disorder

Filesize
16KB

MD5
e35ca825c2d877117bb9eed000d33785

SHA1
525c32e893a8e0790524fb1bbe1c231ce97c6263

SHA256
caaa87b74bb152ca20b7e33d53a4fbf6e44aa1df3cb7ca2e4cd258bd528cfa47

SHA512
28b2a437d3e4826a2c0b347ff60f80548a476ad09b1b555ab0b77d48de607a26ec1bd9730ee5aa1283c4ba6788165399838c56eda0c8acd762d717c4446a8589

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00006#Initiatives

Filesize
59KB

MD5
be6082c7dc6b4f44e4a801a41a7fc3a2

SHA1
4564ad69ee8e9f2d0963f021bcefd4970e746d68

SHA256
a6f610d0accc62c66d88c541d3e66d754cead157d9aa13e4fe1372c138525d9e

SHA512
ecb152ad658801f811b8afe25f640fc71eef9fb717b225303f58fc73e8ad799b86e757126f2e19b03c8d4aea507900cfb3ddca32071524a89debb2f0f2f13596

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00007#Receipt

Filesize
28KB

MD5
d7ffe44f2dc53a1fb32dbe57439cdc6b

SHA1
164085c8f8815e67c8c90859d85c696579750556

SHA256
aaab37bd56d318c7edefeebaf817de029c79cfa7cd37f31f5ec8d9349dc4f375

SHA512
17b6a24b40e45e0ffbbb1a1acd8d55be71c4b2f90664181ca42afcd10ab92a194b2f7cf32084421fa66f6f7b38ff2149388159cc66d1c6e21658897cfb8aee2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00008#Shoppers

Filesize
31KB

MD5
23ac9ccb1a08111978fb84165967d7ae

SHA1
b7cb2a5c705e1f32ce0a97573690bcc780557b99

SHA256
b05a5ee2cd84d19353efb0e7121b9b6cbcffde7f981bed477cac7970e1c1e94b

SHA512
3cd902f6cf00616bbc012d203500eaf8961f7f2e07ccc0dcb8340c5f39b07cd9bc49f567073ac9cc70d4bfb55cd674ef1348f1ecdfce45d2f8fcca609869b85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\00009#Stay

Filesize
14KB

MD5
2a25f39ca7eeb79786257709a5179bbc

SHA1
895e58ece430d5651e01225f9abf8455b2a663d3

SHA256
9be44b1b8d610916ed942b7e12d780b9810135fcb6679db39991053ec46ffb0d

SHA512
cfbbe8a9aa2025c525a4f63b099ea99d63dde6b17ab8381e74049fe9b54360ea21e748b7deb3c921242e5d2a63c5e61b76d2eb8ed630fbf6e07019a606b26f7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Engine.exe

Filesize
47KB

MD5
6330fd7374fbaf95132bf241030a135e

SHA1
172a0e5438f8a5cc807717526c2cb28139328ee3

SHA256
f3defc1c1dcd479515b049e5e191462e1734a1e27ed1de49fbc9517fc348053f

SHA512
3f2660429b7545fcad99c3c0b71c5d168237469358a2a1de6975dab1228636b4b04bde24d75c6d1ef303ff42df10df51682086d091160d2be7fd18beb4b44288

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Engine.exe

Filesize
51KB

MD5
1fc291d9b0e8037e263b15093f2d45f6

SHA1
686aa83b227150ae994144e935474320d5fa0194

SHA256
a3b62ac45f88d818710ef9e4f129561e013220095289fef0d1598e928b015459

SHA512
104392615d1faeaaed2e248965520df60b3795f79b0f9a8f37e71cd960658fb40ef49e5acca7a231bc54be5db3b840230ee7bfcf65050ec132426ee9e935974b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Modern_Icon.bmp

Filesize
7KB

MD5
1dd88f67f029710d5c5858a6293a93f1

SHA1
3e5ef66613415fe9467b2a24ccc27d8f997e7df6

SHA256
b5dad33ceb6eb1ac2a05fbda76e29a73038403939218a88367925c3a20c05532

SHA512
7071fd64038e0058c8c586c63c62677c0ca403768100f90323cf9c0bc7b7fcb538391e6f3606bd7970b8769445606ada47adcdcfc1e991e25caf272a13e10c94

Download Submit
C:\Users\Admin\AppData\Local\Temp\SETUP_31896\Setup.txt

Filesize
2KB

MD5
0a24ae65cac43414bea2cdd1dcb7d089

SHA1
8e3de808a62dc2b7b5157c2d962360dbd73986ce

SHA256
55bc43b473ae6f9f056ba11004d42a43700ebf8a293db199a636e643972013fb

SHA512
feaa6a074f7eaab2bb366ffc0de3a60b7f499c90a5799b8556b1f94755c1d9a6280e5fb32ac51c51fd75158df4fbd8f44bb18c5a9dd237b82026fd04a931a291

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c4piobiv.2aa.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\20092\Morgan.exe.pif

Filesize
92KB

MD5
676907b355bc8e4c8aec994e1ff331e1

SHA1
01ab7c16bb872cc34ebae8e6259e14978d5443ca

SHA256
9cdd724fb8a12ed0fb787d58dd27ad173e09a387e3413b2d745aa8492437c0df

SHA512
f394c30316c4d81d5b1f1111ab3221b2d90fa243bf77329ada9a5cb1ffcfaa01445a52acb525da4c59759aa3d1e1278924b7a2d1c79af15478736b94f6ec162a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\20092\Morgan.exe.pif

Filesize
70KB

MD5
46a52e627673775cb1fa207c24a497b8

SHA1
c508bc4894bda8b8f9e27d481671253392fb3f67

SHA256
e1f404b21873adf60d79a78643031f1fb119cb7882428829122e0173124a012d

SHA512
edd0621a22d706743c9d0de4ffdcb1266aedb6c26181f739b0e33ce1d292d702e43f7a3f9ee8bffbd6e75aff7687efeffcff05d7bc3756362e9fc76e2fdde460

Download Submit
C:\Users\Admin\AppData\Local\Temp\mfrjepi4.njb\Lambda

Filesize
136KB

MD5
29c8d00602ad7ce997d476e9ae398e0c

SHA1
0b33c4060f07c97c831c160769c34613ca086c9b

SHA256
e72f9c125e62d27afec041aed52b63d3e6470270bd4afe05752e624326418aa5

SHA512
2d1ea17e945ecca8ec8d0f4b5e86a282af1714c0e0a2887440ebb73c916f9a1a5c87398aec5bddfbd611b897c8d025c3114903c0de30339330fcbbf850b4261c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1280-101-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1280-96-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1568-102-0x0000000000F70000-0x0000000000F71000-memory.dmp

Filesize
4KB

Download
memory/3560-98-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/3560-97-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/3560-18-0x0000000000400000-0x0000000000557000-memory.dmp

Filesize
1.3MB

Download
memory/3560-20-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/4804-74-0x0000000073200000-0x00000000739B0000-memory.dmp

Filesize
7.7MB

Download
memory/4804-89-0x0000000073200000-0x00000000739B0000-memory.dmp

Filesize
7.7MB

Download
memory/4804-76-0x00000000046E0000-0x00000000046F0000-memory.dmp

Filesize
64KB

Download
memory/4804-82-0x00000000054E0000-0x0000000005834000-memory.dmp

Filesize
3.3MB

Download
memory/4804-75-0x00000000046E0000-0x00000000046F0000-memory.dmp

Filesize
64KB

Download
memory/4816-110-0x0000000000C00000-0x0000000000E28000-memory.dmp

Filesize
2.2MB

Download
memory/4816-108-0x0000000000C00000-0x0000000000E28000-memory.dmp

Filesize
2.2MB

Download
memory/4816-109-0x0000000000C00000-0x0000000000E28000-memory.dmp

Filesize
2.2MB

Download
memory/4816-104-0x0000000000C00000-0x0000000000E28000-memory.dmp

Filesize
2.2MB

Download
memory/4836-51-0x0000000005340000-0x0000000005362000-memory.dmp

Filesize
136KB

Download
memory/4836-63-0x0000000005E90000-0x00000000061E4000-memory.dmp

Filesize
3.3MB

Download
memory/4836-72-0x0000000073200000-0x00000000739B0000-memory.dmp

Filesize
7.7MB

Download
memory/4836-47-0x0000000073200000-0x00000000739B0000-memory.dmp

Filesize
7.7MB

Download
memory/4836-69-0x0000000007980000-0x0000000007F24000-memory.dmp

Filesize
5.6MB

Download
memory/4836-64-0x0000000006360000-0x000000000637E000-memory.dmp

Filesize
120KB

Download
memory/4836-52-0x0000000005C30000-0x0000000005C96000-memory.dmp

Filesize
408KB

Download
memory/4836-65-0x00000000063A0000-0x00000000063EC000-memory.dmp

Filesize
304KB

Download
memory/4836-53-0x0000000005CA0000-0x0000000005D06000-memory.dmp

Filesize
408KB

Download
memory/4836-50-0x0000000005510000-0x0000000005B38000-memory.dmp

Filesize
6.2MB

Download
memory/4836-49-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/4836-46-0x00000000029F0000-0x0000000002A26000-memory.dmp

Filesize
216KB

Download
memory/4836-48-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

Filesize
64KB

Download
memory/4836-66-0x0000000007330000-0x00000000073C6000-memory.dmp

Filesize
600KB

Download
memory/4836-67-0x0000000006870000-0x000000000688A000-memory.dmp

Filesize
104KB

Download
memory/4836-68-0x00000000068C0000-0x00000000068E2000-memory.dmp

Filesize
136KB

Download